Thoughts on Auditing - Seeking opinions regarding a couple of auditing points

[ccochran]

Howdy, folks:

I'm curious about everyone's opinions regarding a couple of auditing points. These aren't incredible breakthroughs or anything, but they seem to come up quite often. Here they are:

1) A nonconformity doesn't exist without a requirement. The best way to ensure that this isn't forgotten is to insist that auditors (first party second party, and third party) clearly write out nonconformities in a two-part manner: part 1 is the requirement and part 2 is exactly what the auditor found that contradicts the requirement. A one-two punch, so to speak. Asking registrar auditors to write nonconformities this way removes a lot of "invented" discrepancies.

2) Auditors (even internal auditors) should never propose fixes, remedies, or suggestions for corrective action. This short-circuits the problem solving process and encourages laziness. It also takes away the ownership for the corrective action. Even when pressed for ideas, the auditor should defer to the auditee's creativity and knowledge of their process.

So, anyone want to bite on either of these? The 2nd point is the one I expect people have stronger opinions on. For the curious or bored, these notions and others come from an article of mine in last month's QD: http://www.qualitydigest.com/aug03/articles/02_article.shtml. Any feedback on that is appreciated, too.

Have a nice weekend,
Craig

~~~~~~~~~~~~~~~~~~~~~~~~~~~
Craig Cochran
Center for International Standards & Quality
Georgia Institute of Technology
[email protected]

 

[Aaron Lupo]

Re: thoughts on auditing

Ummm Craig yes when an auditor writes a non-conformance they should state what the requirement is that is not being addressed, may be ISO/QSR/Internal etc.. Requirements, as well as what the exact noncomformity the observed was, how else would the auditee know why they received the non-conformance. I would say that most auditors (Registrar auditors) do this already.

Your second point I would disagree with. Why shouldn't an internal or second party auditor give some suggestion on possible solutions, sometimes that gets the auditee thinking in a direction they would not have gone. Auditors have seen a variety of differnt ways to do things and should be looked upon for ideas/suggestions. Why not use the resources (the auditors experience) you have in front of you. JMHO.

 

[Craig H.]

Craig:

I suspect your second point will indeed draw the most response. I like for the auditor to provide some direction other than to just say "gotcha", but don't they have to be careful to avoid consulting? How do those of us here who do third party audits know where the "line" is, and how do you avoid crossing it?

The other Craig.

 

[Aaron Lupo]

Re: thoughts on auditing

Craig:
but don't they have to be careful to avoid consulting? How do those of us here who do third party audits know where the "line" is, and how do you avoid crossing it?
The other Craig.

Easy- 'I have seen it done this way before and give some examples, and it really seemed to work for those companies', just as long as you don't say "do it this way".

 

[Cari Spears]

Re: Re: thoughts on auditing

Easy- 'I have seen it done this way before and give some examples, and it really seemed to work for those companies', just as long as you don't say "do it this way".

Right - this is how our auditor handles it. I ask him his opinion on everything. The only thing I'd add is that this advice is not written in the NC.

 

[Craig H.]

Iso Guy, Cari:

Thanks for your input. That is almost exactly the way our auditor handles it. Since he has been around the industry so long, and seen so many different approaches, his "examples" are usually excellent - and he knows they can work because he's seen it.

Thanks again

Craig

 

[Icy Mountain]

Give me the guidance!

Point #1. Absolutely, I would expect nothing less than a statement of the requirement that I do not meet and why I do not meet it.
Point #2. I also expect some guidance from the auditor on what would meet the requirement, IHO. If the nonconformance is due to a lack of following a procedure that meets the requirement that's easy to fix (mostly). However, I have had several NCs written against processes or procedures. Obviously, I (and the Steering Team) thought the process or procedure met the requirement or we wouldn't have implemented it that way or documented it as is. In this case, a little "some companies do it this way or that way, which is compliant..." goes a long way toward understanding what an assessor believes meets the requirements.

 

[Randy]

Pretty much right on in my book guys. I kinda put it this way...."Looky here, I can't tell you how to fix it but,.....".

The "Looky here" gets 'um

Craig!! Where do you take the one person organization into account with your statement. You're so focused on the large organization that in almost everything you write, whether it's here, in the magazine articles or, on other web sites, you lose sight of 90+% of the business and service organizations in the USA alone.

 

[ccochran]

Randy,

I gave your comments a lot of thought. You're right. I think I have a bias towards approaches that require resources, which is odd because most of the people I work with are in small to medium sized organizations. I need to shake myself up a bit.

In all honesty, it's impractical for auditors in small organizations not to provide a little guidance to auditees. I agree. After all, there's often no one else to turn to. The subtle approaches that Craig H., Cari, ISO Guy, and Icy Mountain suggested sound perfectly reasonable. In fact, years ago in industry I would ask the same sort of thing, "How have you seen this done in the past?" It was just one more perspective to throwi into the pot and stir around.

I think I've been converted...

Craig

 

[JGamboe]

Craig, sorry bud. Ya knew point two would do this to people, even lurkers like myself.

With regards to an internal audit, would there ever be a time that an auditor would issue a corrective action based on audit findings?

If no, then how would you handle a potential non-conformance during a safety audit?

I realize that not all companies do safety audits or have need to, however we do. My belief is that an auditor not become involved or be responsible for writing a corrective action, unless a safety issue is uncovered during an audit on a facility/warehouse.

Just wondering your thoughts as well as the other members.


Thanks,
Jim