SBS - The best value in QMS software

Procedure Non-Conformance=Corrective Action?

M

markro

#1
When our third party auditor recently did an internal audit, he only went through our procedures and marked them up rather than actually auditing our processes. Some of Non-Conformances are also potential problems in our processes and I will be able to do a root-cause analysis, corrective action, etc. Another, for instance, need to be more clear or change the wording. Another, addressed a document with an old revision. Would these latter problems need an 8-D, root cause analysis, etc. from your perspective?
 
Elsmar Forum Sponsor
R

Reg Morrison

#2
When our third party auditor recently did an internal audit,
Before going any further, this can't be right. A 3rd party auditor can not be doing an internal (1st party) audit.

So, what was it? A 3rd party (registrar) audit? Or an internal audit?
 

mihzago

Trusted Information Resource
#4
It's actually not unusual for a 3-rd party auditors to do Internal Audits.
Most small companies don't have enough employees or independent groups/departments to be able to perform an internal audit by just using internal associates and must hire a consultant or some other external party to do it.
 

Jim Wynne

Staff member
Admin
#5
It's actually not unusual for a 3-rd party auditors to do Internal Audits.
Most small companies don't have enough employees or independent groups/departments to be able to perform an internal audit by just using internal associates and must hire a consultant or some other external party to do it.
That's not a third-party audit. A third-party audit is one performed by a registrar or accreditation body.

First Party--Internal audit done by a company employee or contractor
Second Party--Audit done by or on behalf of a specific customer
Third Party--Audit done by a CB or AB.
 
M

markro

#6
Our third party (registrar) auditor wanted someone certified in doing TS 16949 internal audits, and we do not currently have such a person. We questioned the necessary certification and he relented, but I still wanted someone here that had more experience in doing TS 16949 internal auditing than I have, so we hired an outside auditor. He actually works for our registrar, and had audited us is in the past, and has a very good grasp on TS 16949, so he was able to go line by line through our procedures and make sure they complied with what TS is asking. Where we are not complying, I can understand changing the procedure and doing a corrective action. On others, where it appears a much smaller change needs to be done, I would just like to make the necessary change and document what we did.
 
R

Reg Morrison

#8
It's actually not unusual for a 3-rd party auditors to do Internal Audits.
Most small companies don't have enough employees or independent groups/departments to be able to perform an internal audit by just using internal associates and must hire a consultant or some other external party to do it.
There is nothing wrong for an organization to outsource the internal audit process to competent people, such as certified lead auditors who happen to work for a registrar. However, the original post stated when OUR 3rd-party auditor.... There can be NO conflict of interest and the external 3rd party auditor can NOT be an internal auditor. ISO 17021 prohibits that conflict of interest.

Our third party (registrar) auditor wanted someone certified in doing TS 16949 internal audits, and we do not currently have such a person. We questioned the necessary certification and he relented, but I still wanted someone here that had more experience in doing TS 16949 internal auditing than I have, so we hired an outside auditor. He actually works for our registrar, and had audited us is in the past, and has a very good grasp on TS 16949, so he was able to go line by line through our procedures and make sure they complied with what TS is asking.
I strongly believe that you have been victim of a scam. I will assume the two auditors in question are not full time employees of the registrar that certifies you for TS 16949. Despite the fact that they might be subcontract auditors, the insistence that you had to be internally audited by someone with 16949 qualifications, leads me to believe that you have been taken for a ride that, which, despite being common practice, is not well known.

Contract auditors working for registrars establish relationships among them. As many of them are also "consultants", when they work as an auditor, they find problems that, the other one, working as a consultant, can help the organization with, just like in your case. It is like a perpetual scam where unscrupulous auditants (consultants working as auditors) create work for their colleagues. The expectation is, obviously, the other consultant would reciprocate the favor, later on.

The practice you described is prohibited by ISO 17021, even though is very hard to be policed. If I were you, I would denounce this scam to the IAOB/IATF and let them deal with the auditors in question. Lack of ethics is a big problem in this business.
 

mihzago

Trusted Information Resource
#9
do you pay your 3rd party auditors?
I don't know of any Notified or Certification Bodies that audit for free; so in a strict sense they are not independent. You hire them in almost the same sense as you would hire a consultant to do an internal audit for you. Obviously CBs have more oversight.
 
M

markro

#10
Thanks for your concern, Reg, but this happened as a result of a non-conformance. We were not having proper internal audits. I looked into training for myself and could not get it approved. A certified auditor was recommended by our current 1st party internal auditor, but once my bosses said they would not agree to his terms, we were stuck without a knowledgeable auditor and a limited time to address this non-conformance. He said he would do them to get us out of a pinch. I still wake up in cold-sweats just thinking about the whole deal. Anyway, thanks, but onto my question... :)
 
Thread starter Similar threads Forum Replies Date
B Procedure packs with non-medical devices EU Medical Device Regulations 1
S Magnetic Particle Inspection Non-Destructive Testing Procedure Inspection, Prints (Drawings), Testing, Sampling and Related Topics 9
H Combined Procedure - Control of Non-conforming Product, Corrective and Preventive Document Control Systems, Procedures, Forms and Templates 14
C NCM (Non-Conforming Materials) Procedure questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
J Is a Procedure required for Corrective, Preventive, and Non Conformities ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
D Calibration & Test Laboratory Non-Conformance Procedure Example wanted General Measurement Device and Calibration Topics 3
K Link between Control of Documents, CPAR & Control of Non-Conforming Product Procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C AS9100 8.3 Procedure for Non-Conforming Parts - When should an NCR be filled out? Nonconformance and Corrective Action 5
J Feedback on NCP (Non-Conforming Product) Procedure Nonconformance and Corrective Action 2
J Kindly Review my Control of Non-Conforming Product Procedure Nonconformance and Corrective Action 8
M Generic "Compliant Procedure" and "Non-conformance" forms needed Document Control Systems, Procedures, Forms and Templates 1
M Non-Conformance Procedure FlowChart for a Medical Device company Document Control Systems, Procedures, Forms and Templates 3
M "Non-traditional" Corrective Action Procedure Nonconformance and Corrective Action 11
G Changing Non-Critical Component Suppliers - Convenience kits (FDA) Procedure packs Other Medical Device and Orthopedic Related Topics 2
J OHSMS Non-conformance Procedure - Occupational Health and Safety Management System Occupational Health & Safety Management Standards 2
I Non-conforming product procedure - For a Service Company Document Control Systems, Procedures, Forms and Templates 8
V Control of Non Conforming Product procedure explaining the process for approval Nonconformance and Corrective Action 3
A Control of Non Conforming Service Procedure to Review Service Industry Specific Topics 10
T Implementing Defect Logs into my existing Non-conformance procedure Nonconformance and Corrective Action 4
P Control of Non Conforming Process Procedure Document Control Systems, Procedures, Forms and Templates 10
M Nonconforming Services - Procedure for Control of Non Conforming Products Document Control Systems, Procedures, Forms and Templates 14
S Control of Non Conforming Product Procedure Document Control Systems, Procedures, Forms and Templates 1
S Control of Non-conforming product procedure in a R&D company Document Control Systems, Procedures, Forms and Templates 3
samer Oracle computer records - Special procedure for dealing with non-paper Records? Records and Data - Quality, Legal and Other Evidence 2
A What do you think about Continuous Improvement of Non-Conformance Procedure? Document Control Systems, Procedures, Forms and Templates 8
D Non-sector specific requirements: Do I need to write a physical procedure IATF 16949 - Automotive Quality Systems Standard 3
E Design and Development file Procedure ISO 13485:2016 - Medical Device Quality Management Systems 0
B Procedure facility license in karnataka Manufacturing and Related Processes 3
S MDR - System and procedure pack article 22 and all sub processes that apply ISO 13485:2016 - Medical Device Quality Management Systems 0
P Software verification and validation procedure IEC 62304 - Medical Device Software Life Cycle Processes 6
K Need procedure for D&D inputs? ISO 13485:2016 - Medical Device Quality Management Systems 4
J Example of a defined procedure for carrying out Material Review Board (MRB) Manufacturing and Related Processes 0
A ISO 13485 procedure change and reflect to legacy manufacture items ISO 13485:2016 - Medical Device Quality Management Systems 2
S What should i choose for "testing procedure" characteristics? (N95) General Information Resources 0
S Critical characteristic on manufacturing operations test procedure Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
A SPC procedure / flow chart Statistical Analysis Tools, Techniques and SPC 2
J Action Not defined in procedure - NC - Incoming inspection AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
E Procedure ( SOP) for Device Master Record ( DMR ) and for Device History Record (DHR)? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
shimonv Document Control Procedure Header Content Document Control Systems, Procedures, Forms and Templates 3
U Procedure pack components EU Medical Device Regulations 3
G Control Plan & PFMEA Review Procedure? FMEA and Control Plans 1
J Strategy for MDR Regulatory Compliance Procedure ISO 13485:2016 - Medical Device Quality Management Systems 4
A IVD in MDR procedure pack EU Medical Device Regulations 2
G RoHS Procedure REACH and RoHS Conversations 2
John Predmore Configuration Management as a process instead of a procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
L How to add exemption or statement to control of document procedure? ISO 13485:2016 - Medical Device Quality Management Systems 5
A Design and development procedure for API Spec Q2 Oil and Gas Industry Standards and Regulations 6
W Using tailoring guidelines to tailor a QMS procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Change management procedure when 7.3 is not applicable ISO 13485:2016 - Medical Device Quality Management Systems 5
L Sample Procedure from Contract Manufacturer Prospective ISO 14971 - Medical Device Risk Management 1

Similar threads

Top Bottom