Responding to Audit Findings - Procedures not being followed to the letter

F

fionanm

#1
We recently had our ISO 13485 / 9001 audit and are finding it much more difficult to address the audit findings then in previous years. The auditor was the same but they seem to have become much more stringent in the last 12 months.

Some of the minor findings relate to procedures not being followed to the letter. I have stated this as the cause analysis, however it has not been accepted.

I'm at a loss as to how to respond, can anyone offer any advice?

Thanks
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
Re: Responding to audit findings

As an internal auditor I look for analysis that results in identification of why procedures were not followed. Your post suggests you did not provide that. Why were procedures not being followed? Are they understandable? Adequate? Simple enough for their users to apply on the job? Accurate? Available and current where and when needed? Your auditor may be looking for a response that gives some kind of assurance you have considered factors such as these and, having determined that, devised a plan to deal with it that not only addresses the procedures cites in the NC, but others that may have the same problem(s). In short, your auditor is looking for a system fix.

It is not unusual for registrars to become more demanding as time goes on. Auditors are tasked to assess effectiveness, and once the surface things are established as satisfactory we peel back the onion's layers, so to speak, and look deeper into the system's function. It can be tiring, but I can vouch I value such a thing more than I would having an auditor come and look at the same things over and over.
 

Colin

Quite Involved in Discussions
#3
Re: Responding to audit findings

It is difficult to answer your points specifically without knowing the detail. Jennifer raises some excellent points in her response - especially the point about finding out why the procedures were not followed.

Too often I see corrective actions which state they will re-train people in the procedures - in my experience this is rarely the real reason why the N/C has occurred.

I also agree about the visits getting tougher as time goes by. I regularly let things go early in the certification cycle which I will not allow to pass by in subsequent visits. I do tell the company this by the way. :)
 
J
#4
Re: Responding to audit findings

I agree with the others that you need to address the why of the procedures not being followed "to the letter". Though your stating it this way makes me think that the problem may be in the way the procedure is written.
Possible things to consider might be:

1) There are too many "letters" in the procedure(s), in other words they are too specific for the task and don't allow for individual variations.
Example: it really doesn't matter whether "part A" or "part B" is assembled first, but the procedure specifies "A", and then "B". The operators, knowing it doesn't matter are assembling most efficient manner for them as individuals, some doing "A" first, others doing "B" first. The output is fine, but the procedure is not being followed "to the letter" by everyone.​

2) It could be that the operators have determined a better way to do the process and the procedure has not been updated, or not adequately updated.

3) Operators are not adequately trained in the procedure. However if this is the case I would expect to see problems with the process output. If the procedure is not being followed and the process output is satisfactory, then I'd look at the other issues dealing with how the procedure is written.

It is important that we remember that procedures are dynamic things that should reflect how things are actually done. They should not be written so tightly that allowances are not made for the variances of individuals unless such stringency is requird by the process output itself.

When I would write a procedure, I would call out the required inputs and outputs along with general statement of what needs to happen to the inputs in order to generate an acceptable output. One could add an expected time to complete the task if appropriate and also a statement (as appropriate) that the steps need not be followed in the precise order called out. If one gets into much more than that, it can quickly become too wordy and difficult to maintain.

Just some ideas to consider.

Peace
James
 
Last edited by a moderator:
#5
Re: Responding to audit findings

We recently had our ISO 13485 / 9001 audit and are finding it much more difficult to address the audit findings then in previous years. The auditor was the same but they seem to have become much more stringent in the last 12 months.

Some of the minor findings relate to procedures not being followed to the letter. I have stated this as the cause analysis, however it has not been accepted.

I'm at a loss as to how to respond, can anyone offer any advice?

Thanks
It's true to say that over the past few years, the accreditation bodies have brought some weight to bear on the CB's grading of ncs. As a result, observations have been issued as minors etc.

It's all too easy to pick on some part of a job and say 'the procedure isn't being followed'. What's missing in this story is the effectiveness of what's being done! I make a cup of tea on a regular basis (I like tea) but I don't follow the process that my grandmother taught me! Is the result effective - you bet! Time to write down something different? Possibly.

Trouble is, your auditor didn't indicate if the results were any good - lazy auditor!
 
B

Bill Mitchell

#6
Re: Responding to audit findings

We recently had our ISO 13485 / 9001 audit and are finding it much more difficult to address the audit findings then in previous years. The auditor was the same but they seem to have become much more stringent in the last 12 months.

Some of the minor findings relate to procedures not being followed to the letter. I have stated this as the cause analysis, however it has not been accepted.

I'm at a loss as to how to respond, can anyone offer any advice?

Thanks
To me it is simple, your response does not dig down to the root cause of the problem. What is the real problem, what really needs to be fixed to prevent this from happening.
 
Last edited by a moderator:
C

ChrissieO

#7
Re: Responding to audit findings

I also agree about the visits getting tougher as time goes by. I regularly let things go early in the certification cycle which I will not allow to pass by in subsequent visits. I do tell the company this by the way. :)
I have had first hand experience of this over the last few years with our external 9001 auditor pushing us harder and harder. This is good as at the end of day it pushes us to improvement and is taking our QMS to the next level. I am not someone that believes that our certification is a necessary evil but someone who believes that it is a serious improvement tool.

I don't have experience with 13485 (I have that joy to come over the next couple of months) but have over 10 years with 9001/14001/18001/TS16949 and my feeling is that our external auditors are expecting more and more in all disciplines, but surely this can only be a positive thing:agree1:

Am I a bit wierd that I actually welcome NCs and OFIs from our external audits? it highlights areas we need to improve and sometimes helps me get over to senior management a failing that I have been banging on about for months with no subsequent action from them. I have been known to steer the external auditor in the direction of a known NC so that it gets the attention it deserves;)

I digress, as a Lead Auditor (Colin can vouch for that - he trained me,:notme:) if someone is not following a written procedure/WI to the letter, the first thing I do is question why and investigate into whether it is the written document that is wrong and not the operative. All too often, procedures are written by people who don't do the job or have limited knowledge of it. The people doing the job should have major input into "their" procedures.

Cxx
 
Last edited by a moderator:

Stijloor

Staff member
Super Moderator
#8
Re: Responding to audit findings

To me it is simple, your response does not dig down to the root cause of the problem. What is the real problem, what really needs to be fixed to prevent this from happening.
Bill,

What post are you responding to? #1?

Stijloor.

Added in edit. Quote (Post #1) added.
 
Last edited:

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#9
Chrissie O, when "steering" auditors towards a problem you know needs addressing, your heart is in the right place - I also know some issues I see as big problems won't be adequately addressed unless the registrar hits us on them.

However, I sure wouldn't let anyone in your organization know you're doing that. Oh my! :lol:
 
C

ChrissieO

#10
Chrissie O, when "steering" auditors towards a problem you know needs addressing, your heart is in the right place - I also know some issues I see as big problems won't be adequately addressed unless the registrar hits us on them.

However, I sure wouldn't let anyone in your organization know you're doing that. Oh my! :lol:
Oh they know:cool:, I've been doing it for 10 years. Its become a bit of a game :lmao: My old QM, Stuart, used to do the same as he was fed up of the rest of the management team not pulling their weight so it sort of rubbed off on me. I am sure it wasn't in my Lead Auditor Training;)

Basically, If I raise an NC and they don't react, the penny has finally dropped, they can expect to see it in the next external assesment, so they tend to take more notice now;)

Cxx
 
Thread starter Similar threads Forum Replies Date
J Time Frame for Responding to a Major Nonconformance - Registrar Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Responding to ISO9001 Audit NCR?s/Observations - ?Top Management? ? Clause 5.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
B Responding to ISO9001 or TS16949 Audit NCR?s/Observations. Nonconformance and Corrective Action 5
D Overwhelmed, next audit around the corner - Responding to Nonconformances Identified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
J Supplier not responding to PPAP request APQP and PPAP 5
N Responding to NADCAP nonconformance - Control of External Documents AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
J Technical Documentation Review: Responding to a Nonconformity ISO 13485:2016 - Medical Device Quality Management Systems 14
K Suppliers not responding to Supplier Corrective Action Requests (SCAR) Supplier Quality Assurance and other Supplier Issues 12
W Responding to an FDA FOIA Request US Food and Drug Administration (FDA) 5
R Responding to a Customer Identified Nonconformance caused by Human Error Nonconformance and Corrective Action 22
M Operator Mistakes (Errors) and responding to CAR (Corrective Action Requests) Nonconformance and Corrective Action 20
N Is there a standard length of time to track down non-responding customers w recalls? Misc. Quality Assurance and Business Systems Related Topics 2
AnaMariaVR2 Strategic Priorities: Responding to the Public Health Challenges of the 21st Century US Food and Drug Administration (FDA) 0
Q Not responding all the NCR?s Nonconformance and Corrective Action 10
M Responding to customers upon receipt of an alleged medical device deficiency Customer Complaints 6
M Workmanship Related Failures - Responding to a customer CAR Nonconformance and Corrective Action 12
ScottK Responding to calls for references, how do you handle it? Career and Occupation Discussions 5
M Responding to external communciation - In particular 4.4.3 b) - Dinged Miscellaneous Environmental Standards and EMS Related Discussions 6
S The Unreasonable Customer - Responding to 3 or more Customer Concerns a Day Customer and Company Specific Requirements 26
B Request: Suggestions / Tips for Responding to CAR for Late Deliveries Nonconformance and Corrective Action 14
I Corrective Action Time Line When Responding to a Major from a Registrar IATF 16949 - Automotive Quality Systems Standard 8
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7

Similar threads

Top Bottom