What direction do you provide your internal auditors on OFIs?

[ISO_Man]

When your internal auditors write their audit reports, what direction do you provide on OFIs? I'm thinking that tracking something that might never get done is not useful, and in a high pressure environment where all of my auditors are "volunteers" - OFIs never get done unless I drive each of them myself. During external audits I get a lot of verbal OFIs that I find useful, but I'm running into too many OFIs that are really non-conformances.

 

[ScottK]

Didn't we kind of cover this here: Non-Conformance vs OFI -- your best descriptions

 

[Jim Wynne]

... I'm running into too many OFIs that are really non-conformances.

This would indicate that auditors don't understand how to recognize a nonconformity when they see one.

 

[Sidney Vianna]

This would indicate that auditors don't understand how to recognize a nonconformity when they see one.

Not necessarily; this softgrading practice can simply be an attempt to avoid confrontation with the auditees. Reporting an OFI does not have the same perceived severity as a nonconformity, in most cases. The same phenomenon occurs in the world of 3ʳᵈ party auditing. As an example, the discussion we had @ Aerospace auditors are told to stop soft grading NC's. Or else!

 

[RoxaneB]

When your internal auditors write their audit reports, what direction do you provide on OFIs? I'm thinking that tracking something that might never get done is not useful, and in a high pressure environment where all of my auditors are "volunteers" - OFIs never get done unless I drive each of them myself. During external audits I get a lot of verbal OFIs that I find useful, but I'm running into too many OFIs that are really non-conformances.

When was the internal audit process last subject to an internal audit? Could this "NCs disguised as OFIs" situation warrant an NC against the internal audit process? At that point, you can drill down to the why's driving the occurrence rather than have us offer possibilities - competence, roles/responsibilities, senior leadership support, etc.

 

[ISO_Man]

When was the internal audit process last subject to an internal audit? Could this "NCs disguised as OFIs" situation warrant an NC against the internal audit process? At that point, you can drill down to the why's driving the occurrence rather than have us offer possibilities - competence, roles/responsibilities, senior leadership support, etc.

We just got an external NC against the internal audit process (ouch) so I own getting this fixed.

 

[John C. Abnet]

Sidney Vianna, post: 645120, member: 2212"]Not necessarily; this softgrading practice can simply be an attempt to avoid confrontation with the auditees.

ISO_Man, post: 645105, member: 314211"]OFIs never get done

Good day @ISO_Man

In my professional experience if the "OFIs (or for that matter, corrective actions), don't get done, it is of (should be of) no consequence to the internal auditor.

As you can see, you’ve already received some good council. I would like to remind us of ISO 9001’s stated “purpose” of internal audits…
…to provide information (9.2.1) on whether the…management system”
a)conforms to:
1)the organization’s own requirements for its quality management system
2)the requirements of (the governing) international standard(s)
b) is effectively implemented and maintained.

The key point here is "provide information". Nothing more...nothing less (aside from any internal roles/responsibilities that may be assigned).

My concern and inference from this discussion is that far too often...

1- ...internal auditors are assigned internal roles and responsibility to "fix" the problem...follow up on corrective actions...etc..etc...This puts auditors
in an untenable position.
(Where is top management's role in this? Remember, audit results are to be "reported to relevant management" and are an input into 9.3 Management Review. What's the point of "report" and "input" if Top Management doesn't provide direction, support, and resources?)

2- ...we are not teaching our auditors the interpersonal skills so helpful in making sure they are successful and for ensuring successful audits .

Things to consider.

Hope this helps.
Be well.

 

[Mike S.]

Talk to your auditors, get their feedback. Don't blame them - tell them that perhaps you and/or the company has failed them and you want their help to fix the problem. Go over some examples of NCs that were written as OFIs. There are many possible factors at play here, there may be more than 1 reason, but I'd say this meeting where you humbly ask for their feedback is imperative.

 

[John Broomfield]

Do not bother reporting OFIs as an internal auditor.

Leave such reporting to your fellow employees as a normal everyday part of the system.

Recognizing the need for an improvement but failing to bring this to the attention of the boss may however be reported as a system nonconformity.

 

[Jim Wynne]

Do not bother reporting OFIs as an internal auditor.

Leave such reporting to your fellow employees as a normal everyday part of the system.

I think that having internal auditors document opportunities is not only permissible; it might be the most important part of the job.

Recognizing the need for an improvement but failing to bring this to the attention of the boss may however be reported as a system nonconformity.

You've created a false dichotomy on a couple of different levels. First, in most cases internal auditors are part of the system; they're employees like everyone else. So you're saying, in effect, that all employees except auditors should be charged with reporting improvement opportunities, which makes no sense. You labor under the misapprehension that if internal auditors are responsible for reporting opportunities, that it will not be done "...as a normal everyday part of the system." If people see that things get better as a result of reporting perceived opportunities, they will continue to do so.