Pushback on a Nonconformance Found in a Supplier Audit

GStough

Staff member
Super Moderator
#1
During a supplier audit which I led recently, we discovered that the company was not following the procedures they had established in at least 4 instances (4 procedures). When I wrote this up in the audit report as one nonconformance for not following their procedures and citing these 4 instances as the objective evidence, my team leader pushed back and asked why didn't I write it as 4 separate NCs. He thinks it will be easier for the supplier to correct those 4 procedures. My line of thinking is that the supplier should review ALL of their procedures and determine whether they are being followed, not just the 4 that we found.

Which do you think would be the best way to present this finding in the audit report - as one nonconformance or as 4 separate nonconformances (under the same ISO clause)?

TIA!
 
Elsmar Forum Sponsor

howste

Thaumaturge
Super Moderator
#2
Based on what you described, I would probably write one NC. The correction should include all four procedures, but the containment should be much broader to include any & all procedures that need to be updated. The corrective action should address how they will ensure that the procedures and practices match in the future.

I would only write multiple NCs if I thought that there were separate causes for each issue identified.
 

qpled

Involved In Discussions
#3
IMHO, I would go by the supplier's response when you asked them why they were not following those 4 procedures - if the same reason for all 4 (ie., their written procedures have to be updated to reflect best practices) then one NC could be used. If for each of the 4 procedures a different reason was given (ie, additional training needed by new employee for one of the procedures, new revision of procedure not communicated to employees for another procedure, etc...) then 4 NC's could be issued.
 

GStough

Staff member
Super Moderator
#4
IMHO, I would go by the supplier's response when you asked them why they were not following those 4 procedures - if the same reason for all 4 (ie., their written procedures have to be updated to reflect best practices) then one NC could be used. If for each of the 4 procedures a different reason was given (ie, additional training needed by new employee for one of the procedures, new revision of procedure not communicated to employees for another procedure, etc...) then 4 NC's could be issued.
The company had recently undergone some changes and turnover of personnel, and procedures had not been followed. However, the new Quality Manager seems dedicated to getting the QMS back on track, but it will take some time, as his staff is quite small.
 

Ninja

Looking for Reality
Trusted Information Resource
#5
Coming from the new QM position...I would ask him what would or would not help him get back on track best.

If 4 just gives him more paperwork and slows him down...write one.
If 4 gives him more leverage with upper management to provide resources...write 8 (kidding...write 4).

From your side, it seems to make little difference...so help his side if possible.
:2cents:
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#6
During a supplier audit which I led recently, we discovered that the company was not following the procedures they had established in at least 4 instances (4 procedures). When I wrote this up in the audit report as one nonconformance for not following their procedures and citing these 4 instances as the objective evidence, my team leader pushed back and asked why didn't I write it as 4 separate NCs. He thinks it will be easier for the supplier to correct those 4 procedures. My line of thinking is that the supplier should review ALL of their procedures and determine whether they are being followed, not just the 4 that we found.

Which do you think would be the best way to present this finding in the audit report - as one nonconformance or as 4 separate nonconformances (under the same ISO clause)?

TIA!
I agree with Steve. 1 NC should be generated.

As for having the Supplier review all existing procedures for potential change to what they are actually doing. I would also consider any training that was performed to assure that the person or persons not following existing procedures have been trained in one way or another. Also look at possibly identifying, if their procedures requires a annual review of the existing procedures to see if they are applicable to they way they are doing business. This would generate a review of all of their existing procedures, in my opinion.

I think maybe your Team Leader was over zealous.
 
Last edited:

Sidney Vianna

Post Responsibly
Staff member
Admin
#7
When I wrote this up in the audit report as one nonconformance for not following their procedures and citing these 4 instances as the objective evidence, my team leader pushed back and asked why didn't I write it as 4 separate NCs.
Gidget, I also support your line of thought and your audit team leader is making the mistake of putting himself in the position of the auditee, thinking how to respond to the NC.

However, not to be pedantic, if the audit was using ISO 9001:2015 as a criteria, remember one thing: "failure to follow procedures", technically, is not a requirement in the standard. We even have threads at The Cove discussing this. In my opinion, when an organization is not following their procedures, the real problem, vis a vis the standard is: failure to implement the processes and application of the methods needed to ensure effective operation and control of such processes. That is part of what 4.4.1 and 4.4.1.c) requires in 9001:2015.

I am just saying that, so you are never in a position to respond to auditee who asks you in return: Where does it say anywhere that I have to follow my procedures?

Now the challenge will be to reject the CA when they propose "RETRAINING".:cool:
 

GStough

Staff member
Super Moderator
#8
Gidget, I also support your line of thought and your audit team leader is making the mistake of putting himself in the position of the auditee, thinking how to respond to the NC.

However, not to be pedantic, if the audit was using ISO 9001:2015 as a criteria, remember one thing: "failure to follow procedures", technically, is not a requirement in the standard. We even have threads at The Cove discussing this. In my opinion, when an organization is not following their procedures, the real problem, vis a vis the standard is: failure to implement the processes and application of the methods needed to ensure effective operation and control of such processes. That is part of what 4.4.1 and 4.4.1.c) requires in 9001:2015.

I am just saying that, so you are never in a position to respond to auditee who asks you in return: Where does it say anywhere that I have to follow my procedures?

Now the challenge will be to reject the CA when they propose "RETRAINING".:cool:
Thanks, Sidney. I should have mentioned that the standard used in the audit was ISO 13485:2003 (they were scheduled for an upgrade audit to 13485:2016 a few weeks after our audit). 4.1 requires that the company establish, document, implement, and maintain a QMS and maintain its effectiveness in accordance with the requirements of said standard.

Oh, don't *EVEN* get me started on the "RETRAINING" as the CA rant! :mad::mg:
 

Golfman25

Trusted Information Resource
#9
Since it was a supplier audit, I would ask "what was not followed" and how does it effect you, the customer. If they are major issues that materially affect your product then you need to make sure you give them something to actually work on so they can correct it. If it's just ticky tak stuff and not relevant to your organization, then its an opportunity at best. Your obligation is to your company to make sure they are doing what you need them to do.
 

Ron Rompen

Trusted Information Resource
#10
Just to add in my $0.02, I would also write it as a single NC, however I would give serious consideration to making it a major - failure to follow 4 of their own procedures (particularly if they are related) could point to a systematic breakdown of their QMS.

Again, I would suggest working with your supplier - the goal of supplier auditing is to DEVELOP them, not to punish them. How can you make this audit finding a 'good' thing for them?
 
Thread starter Similar threads Forum Replies Date
C NCR (Nonconformance System) Software Nonconformance and Corrective Action 7
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
E When to generate a nonconformance report ISO 13485:2016 - Medical Device Quality Management Systems 6
K Counterfeit parts prevention - Audit Nonconformance - AS9100 8.2.2 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 25
Q When to write up a nonconformance and require a NCR - We produce labels ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
PhilM Nonconformance report, Customer complaint investigations and RMAs ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
M Medical Device Directive - Seeking common nonconformance write up scenarios CE Marking (Conformité Européene) / CB Scheme 2
CPhelan Nonconformance opened as incorrect expiration date placed on received product. Escalate to CAPA? Nonconformance and Corrective Action 4
Q Ineffective follow up of people performance - Audit Nonconformance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
Q AS9120 7.5.3.2 Control of Documented Information - Audit Nonconformance AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 20
Q Criteria to raise a Nonconformance based on KPI values ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 39
L AS9100 D- Handling Nonconformance Documentation for an organization that outsources most of the work. AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
G Timing allowed by IATF to close a Remote Site Minor Nonconformance IATF 16949 - Automotive Quality Systems Standard 2
R Visually impacting graphics for Nonconformance status metrics for Management Report Nonconformance and Corrective Action 5
J ISO 13485 Audit Nonconformance written against 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 25
PastorBee13 IATF 16949 Audit Nonconformance Responses per 5.1.1.2 - Format IATF 16949 - Automotive Quality Systems Standard 11
A What ISO 9001:2015 clause could be used to write nonconformance for not updating licensed driver list? General Auditing Discussions 8
S Nonconformance to a Note in ISO13485 clause 6.2 Human Resources Effectiveness ISO 13485:2016 - Medical Device Quality Management Systems 13
A API Spec Q1 9th Edition - 12 month Internal Audit Schedule Audit Nonconformance Oil and Gas Industry Standards and Regulations 10
A Where are the rules for when a repeat minor nonconformance becomes a major? IATF 16949 - Automotive Quality Systems Standard 36
R ISO 9001:2015 9.3 - Required inputs to the management review - Audit Nonconformance Manufacturing and Related Processes 14
K Which clause would best fit this Nonconformance? (Supplier Related) Internal Auditing 2
W Minor Audit Nonconformance Against Determining the scope of QMS IATF 16949 - Automotive Quality Systems Standard 12
J IATF 16949 registration - Major Nonconformance Finding IATF 16949 - Automotive Quality Systems Standard 9
Ajit Basrur Are inputs to the nonconformance process required to be identified? Nonconformance and Corrective Action 21
N Responding to NADCAP nonconformance - Control of External Documents AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
P Examples of Nonconformance, Corrective Action Requests, and Root Cause Analysis Nonconformance and Corrective Action 2
Q Should I initiate CAPA for a nonconformance not recorded? Nonconformance and Corrective Action 25
K Nonconformance on training - Not following own processes (IATF 16949) Internal Auditing 14
J Audit opportunity for improvement raised to nonconformance months after the audit General Auditing Discussions 7
K NCR or CA? We're taking any issue we have and saying its a nonconformance Nonconformance and Corrective Action 11
GStough Nonconformance Found Outside the Audit Scope - Supplier Audit General Auditing Discussions 16
R Closing out an API/ISO QMS Audit Nonconformance - Magnetic Particle Examination Inspection, Prints (Drawings), Testing, Sampling and Related Topics 5
Q Nonconformance Raw Material Treatment in ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C Recurring Nonconformance - Missing Deadline for Closing a Corrective Action Problem Solving, Root Cause Fault and Failure Analysis 14
N Laboratory Audit Nonconformance - Maintenance of Standards ISO 17025 related Discussions 10
K Internal Auditing a previous Nonconformance? Internal Auditing 19
D Interpretation of new IAQG ruling - Audit duration for nonconformance verification AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 7
Q Customer Complaint Vs. Nonconformance - CAPA SYSTEM Customer Complaints 2
D Nonconformance on document control - Unapproved document on production server Document Control Systems, Procedures, Forms and Templates 4
P Ratio of Supplier with a nonconformance vs. Supplier without a nonconfomance Supplier Quality Assurance and other Supplier Issues 10
W Nonconformance Recurrence Response Help General Auditing Discussions 4
dubrizo If Quality Objectives are not known to employees, is it a Nonconformance? General Auditing Discussions 7
xfngrs Automotive Industry Nonconformance Database wanted - Preferably SharePoint based Quality Assurance and Compliance Software Tools and Solutions 5
Gman2 Processes sharing the same nonconformance during an audit General Auditing Discussions 13
T Audit Nonconformance - ISO 9001:2008 Clause 6.2.2 - Competencies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
J Audit Nonconformance for Design of Choke Manifold Oil and Gas Industry Standards and Regulations 4
L How to avoid Nonconformance Reoccurrence problems IATF 16949 - Automotive Quality Systems Standard 20
M Corrective Action for a Recurring Nonconformance Nonconformance and Corrective Action 16
G Nonconformance Categories - QMS web app to support ISO9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Similar threads


















































Top Bottom