Observations Outside of the Audit Scope

Ninja

Looking for Reality
Staff member
Super Moderator
#31
I'll join the chorus that this is a great discussion, teetering between what should be in theory and what plays out in the real relationships us humans have between people and organizations.

Several questions have been asked, and not answered directly. Let me throw my two cents in in the form of direct answers, followed by some questions on the practical side:

Should this have been written up as a NC?: Yes, if boundaries were not set up beforehand. No if boundaries were established and the NC was outside the boundaries.

Should it have been "Major"?: That is decided solely by the customer. There is no rule defining major and minor for a customer audit unless the customer defines them or the above mentioned boundaries exist.

Should it have been broadcast around the customer before you got a chance to respond or discuss?: N/A. It was going to be anyway, whether you discussed it or not during the audit. The person was going to go home and be asked, "what did you see?"

So back into practical stuff:
Aren't you glad it was sent to you? It could have been sent around your customer without your knowledge...and then you'd be scratching your head wondering why the customer didn't come back. Now at least you have learned to prepare for a customer audit thoroughly...and you know about the opportunity for damage control.

Beyond that, audits are a real pain from the auditee side. I don't know the auditor side, but I figure they aren't a thrilling way to spend the day there either. So the real question is...what is YOUR purpose for an audit.
- It could be to land a customer
- It could be to maintain your "ticket to play"
- Or it could be a way to build the best, most profitable company you can (which includes the last two).
If it's about doing a great job (i.e. increasing ongoing profit), you would desire your customer to point out deficiencies. You would desire the same from your CB auditors, interanl auditors, employees and janitors. You'll never fix it if you don't know it's broke. This is an opportunity to improve...the rest is words in an email.

This whole thread is a debate over the words in an email, and many people suggesting to get past the words in the email and build a better company...firstly by mending your customer relationship...then by revisiting your company's prioritization of conformance since it obviously can affect your customer relationship.
It's a great discussion...don't get hung up on the appropriateness of the NC wording, or the NC's existence...build a better system. Your customer pointed out a way you can improve...run with it.

K' that was about four cents...return the change if you want.
 
Elsmar Forum Sponsor

Solinas

Involved In Discussions
#32
So how far out of scope should the auditor be allowed to go? If the audit was against ISO 9001 and the auditor saw a breech of environmental systems e.g. improper disposal of waste material, should the auditor raise that as an NC (major?)?
If the scope was ISO 9000, and the violation was not an ISO issue, then the auditor should not write up the non-ISO issue.

This is different. The violations were violations of an ISO compliant quality system.

If the audit host knows there are multiple levels of quality systems running side by side (for example - engineering flows, engineering testers, etc), this should have been made clear to the auditor in advance, and the scope narrowed. The time to raise these issues is not after the auditor has come across them - at that stage, it looks a lot like making excuses.

I've worked in places that ran multiple grades of product - commercial, military drawing, military compliant, etc. Each had their own requirements and levels of control. The auditors understood when we explained the differences.

Now - I have to say - even the lowest grade ran pretty clean. If it didn't - I would not have been surprised if the auditor told the folks at home "They handle our stuff OK, but the rest looked pretty bad. I think they do the minimum they can get away with."


Mike Solinas
 

sagai

Quite Involved in Discussions
#33
I was not reading all the posts in this thread, only one note I would give as an example from life.
We also have customer audits, and actually the case is that at the time of the closing of the audit, it is not really clear the findings are really nonconformities or not non conformities.
The way we do is we open a CAPA for each of them and in the investigation case if it is clearly not a non - non conformity, we simple declare this fact with a proof and explanation, than we close the CAPA which is actually not a CAPA at all.
I would also note, these findings, or potential findings do have a benefit and worst to investigate, they definitely can be a source for preventive actions!
br
Sz.
 
Last edited:

Colin

Quite Involved in Discussions
#34
If the scope was ISO 9000, and the violation was not an ISO issue, then the auditor should not write up the non-ISO issue.

This is different. The violations were violations of an ISO compliant quality system.

If the audit host knows there are multiple levels of quality systems running side by side (for example - engineering flows, engineering testers, etc), this should have been made clear to the auditor in advance, and the scope narrowed. The time to raise these issues is not after the auditor has come across them - at that stage, it looks a lot like making excuses.

I've worked in places that ran multiple grades of product - commercial, military drawing, military compliant, etc. Each had their own requirements and levels of control. The auditors understood when we explained the differences.

Now - I have to say - even the lowest grade ran pretty clean. If it didn't - I would not have been surprised if the auditor told the folks at home "They handle our stuff OK, but the rest looked pretty bad. I think they do the minimum they can get away with."


Mike Solinas
Fair point Mike, I was just pushing the boundaries to see how far people think an auditor can go.

I think we all recognise, as Mick stated earlier, that the root cause of the problem probably lay in the preparation i.e. not setting and agreeing a clear scope for the audit. This is then compounded by the fact that it is a 2nd party audit and as we know, the customer can pretty much make the rules, as Andy put so eloquently!
 
I

Illuminatus

#35
Thank you all for your responses.

What's going to happen is that we're going to respond to the audit report with meaningful actions since it benefits us in the end anyway...

But I'm also going to start training department heads to steer customer auditors away from equipment and processes that are not used for their product and when I get a request for an audit I will certainly ask for a written audit scope before finalizing the audit date.
 
#36
Thank you all for your responses.

What's going to happen is that we're going to respond to the audit report with meaningful actions since it benefits us in the end anyway...

But I'm also going to start training department heads to steer customer auditors away from equipment and processes that are not used for their product and when I get a request for an audit I will certainly ask for a written audit scope before finalizing the audit date.
Why put efforts into that type of "training"? Why not invest the effort in having a robust system, where the customer (or any auditor) can wander without finding such issues? You run the risk of giving management the impression this is a game...(you won't win)
 
I

Illuminatus

#37
Why put efforts into that type of "training"? Why not invest the effort in having a robust system, where the customer (or any auditor) can wander without finding such issues? You run the risk of giving management the impression this is a game...(you won't win)
Simple.
Resources.
Already asked for resources to do what you suggest in a timely manner.
It's not happening.
 

Ninja

Looking for Reality
Staff member
Super Moderator
#38
Why not invest the effort in having a robust system, where the customer (or any auditor) can wander without finding such issues?
Simple.
Resources.
Already asked for resources to do what you suggest in a timely manner.
It's not happening.
:mg:
There's a big "OUCH!" coming... CYA.
When you are responsible for producing the fruits of a functioning system but not given what is needed to make the system work, you aren't standing on solid ground. Again...CYA

I was hoping your response would be "protecting customer proprietary information" or the like. Steering a customer away from other processes makes sense in that light. But steering a customer in order to hide NC's that aren't being actioned means that there exist NC's that the company is aware of and someone CHOSE to not address them. If this is solely due to resources, it makes me question the system as a whole.

So #1) what can you do to lower the resource requirements needed to address the NC's, and #2) what resources can you justify based on the latest customer Major?
(and how can you CYA)

As you follow through with this, try to connect your definition of "timely manner" and upper mgmt's view of "timely manner" and the CB's view of "timely manner"...make sure you aren't the odd man out. QMS doesn't run the company...it just checks to make sure someone is.
 
Thread starter Similar threads Forum Replies Date
L ISO 13485:2016 Clause 8.4 - Analysis of Audit Observations ISO 13485:2016 - Medical Device Quality Management Systems 8
Marc Jennifer's "Some observations about the upgrades" from June 2018 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
Q Stage 1 audit observations - documented report? General Auditing Discussions 5
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
P Secretly Auditing - Writing an audit report with observations based on my experiences Internal Auditing 12
Ronen E Online resource for USA cities historical weather observations Coffee Break and Water Cooler Discussions 2
S Do I need to answer Audit Observations? General Auditing Discussions 33
V Classification of Audit Observations - Regulatory References US Food and Drug Administration (FDA) 1
S FDA 483 Listing Observations - Mostly Corrective Action and Root Causes? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
D Need to follow-up Internal Audit 'Observations' ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
C Comparing Two Independent Group Observations - 95% Confidence Intervals Overlap Statistical Analysis Tools, Techniques and SPC 3
A Can Internal Audit Observations be kept confidential from State FDA inspections ? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
A Quality Objectives 5.4.1 - KPI SOP - ISO 13485 Audit Observations EU Medical Device Regulations 6
V Most Common Internal/External Audit Observations on Risk Management ISO 14971 - Medical Device Risk Management 4
A Observations - Is Correction / Corrective Action a Must ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Is it necessary to classify nonconformance as minor, major, observations in an IQA? Internal Auditing 18
C Closure of CARs (Corrective Action Requests) and Audit Observations Internal Auditing 25
Q Other observations During the CAPA process. 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 12
C Is approval needed for adopting observations made during audit? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
ScottK Observations on recent interviewees... Career and Occupation Discussions 8
W TS 16949 Audit - Examples of Major & Minor NC's and Observations for Stage 1&2 audit. IATF 16949 - Automotive Quality Systems Standard 11
B Responding to ISO9001 Audit NCR?s/Observations - ?Top Management? ? Clause 5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
M Linkage of Internal Audit Observations to Business Risk ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A Deep Observations on Life Funny Stuff - Jokes and Humour 1
B Responding to ISO9001 or TS16949 Audit NCR?s/Observations. Nonconformance and Corrective Action 5
M Observations vs. Preventive Actions discovered during Audits General Auditing Discussions 18
T ISO 9001:2000 Clause 7.6 - Chemical company? Controls are Visual Observations ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
Marc Audit Observations - Is there a requirement to Respond to Observations? Registrars and Notified Bodies 14
A No More Observations? Findings vs. Observations Registrars and Notified Bodies 38
K Quality Agreement MDR - The manufacturer is outside of EU Other Medical Device Related Standards 4
B AS9100D 7.1.5.2 Calibration or Verification Method using outside cal lab AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
E Responsibilities opening new markets outside EU Medical Device and FDA Regulations and Standards News 0
A Outside micrometer anvils parallelism General Measurement Device and Calibration Topics 3
D Rules for Paper Forms outside of an eQMS - 3 Questions (ISO 13485) Document Control Systems, Procedures, Forms and Templates 9
S Laboratory Environmental Conditions Outside of limits ISO 17025 related Discussions 4
A Large outside micrometers calibrations General Measurement Device and Calibration Topics 2
C Material from outside CER evaluation period CE Marking (Conformité Européene) / CB Scheme 8
L In house calibration - Our CMM's are outside certified can I use them to certify our standards General Measurement Device and Calibration Topics 4
E How do you identify what standards a country recognizes outside of FDA, EU, Health Canada Other Medical Device Related Standards 1
J AS9100 - Working Outside of Scope of Certification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
B FDA Philippines has no check or balance outside the health department Supplier Quality Assurance and other Supplier Issues 3
I Certificate of Exportability - Contract manufacturer located outside the US 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Gamula Biocompatibility GLP conform tests outside China China Medical Device Regulations 1
GStough Nonconformance Found Outside the Audit Scope - Supplier Audit General Auditing Discussions 16
O Cleaning API Rotary Shoulder Connections Working Mates exposed to Outside Weather General Measurement Device and Calibration Topics 1
C TS 16949 Exclusions outside of clause 7.3 IATF 16949 - Automotive Quality Systems Standard 6
M Taking on a job outside of our ISO Scope ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B WEEE requirements if I sell devices outside the EU RoHS, REACH, ELV, IMDS and Restricted Substances 3
T Does your Quality Dept Control Procedures Outside the Scope of ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T What to do if parameters are found to be Outside of Control Limits Document Control Systems, Procedures, Forms and Templates 5

Similar threads

Top Bottom