ISO 9001 Lead Auditor Training

Module 7 - Audit Reporting

7.3.4 Auditor post-audit actions
The auditing company needs a system for follow-up to monitor the auditee's progress. More external systems lose their credibility due to lack of an effective follow-up system than for any other reason.

ISO 9001 Auditor Training - There are certain situations where there would be no follow up. If the audit was by a second party to establish a degree of conformity with the Standard and found many major failures (and no likelihood of business), then there would be no follow-up requirement by the auditor. Another example would be if the audit was by a third party for the purpose of registration and the auditee decided not to proceed. More commonly, the nonconformities are followed up by the auditor to satisfactorily “close out” the audit.

When a follow-up visit is made, it is only the nonconformities that were identified that are re-audited. If this were not the case, the process would never end and would not be logical. Often, the follow-up may be done without a visit.

For a small number of minor nonconformities found during an internal audit, the follow-up may be left until the next planned audit within that area, if practical.

ISO 9001 Auditor Training - For second party audits (and especially third party audits), a written response to minor nonconformities is required. Based on an acceptable response, the nonconformities would be reviewed and closed out during the next surveillance visit.

For some of the nonconformities that were purely documentary in nature, it might be possible to deal with them by only a written response.

When a visit is necessary, for example, to follow up on a major nonconformity, it may not be the team leader, or even a team member, but another suitably qualified person located near the auditee company that performs the audit. If the auditor is to use the nonconformity statements to follow up on the corrective action, then the nonconformity statements must be very specific and traceable. A summary of the follow-up process is:

1. Identification of nonconformities
2. Summary report prepared
3. Corrective action request (CAR) issued
4. Auditor evaluates response to CAR
5. Completion of corrective action by auditee
6. Evaluation of effectiveness by auditee
7. Verification of completion by auditor
8. Escalation (if necessary)
9. Records of each stage in this process

Audit reports need to be read by various people in the company, so a distribution list can be helpful, especially where confidentiality is a major concern.

Within the system for third party registration, the audit is not the end of the story. Following the granting of a certificate (which attests to the conformity of the system to the Standard at the time of the audit), the third party carries out some form of regular surveillance by visiting the company at periodic intervals and checking that the system continues to operate effectively in terms of realizing planned activities and achieving planned results. After a number of these continuous assessment visits, a complete re-audit or review of previous results is carried out, depending on the policy of the Registrar. During the surveillance period (typically 2 3 years), the visits themselves (every 6-12 months) would normally cover the complete quality management system.

7.3.5 Corrective Action and Preventive Action
The auditor's responsibility is to make clear to the auditee that corrective action is necessary. The auditor rarely specifies corrective action (that is the auditee's duty). Since the auditee is likely to propose corrective action, the auditor must have a view about how effective, or otherwise, such an action might be in resolving the situation once and for all.

Once a nonconformity is in the system, the auditee must ensure that effective and appropriate corrective action has been taken. After clarifying with the auditor for a clear understanding of the nonconformity, and certainly with people in the area where the nonconformity was found, the best corrective action can be decided.

ISO 9000 Lead Auditor Training - The process of taking, checking, and monitoring the action should be formal   it is perhaps the most important “Quality” activity that takes place in a company. It is certainly where the audit system takes a positive aspect rather than a negative one. However, the process of corrective action is not an easy one.

The auditee has to get to the root cause of the problem if it is going to be corrected forever. It is very easy to correct the effect of the nonconformance instead of the root cause, so in time the nonconformity will re-appear. The auditee also will have to consider the impact of the corrective action on the rest of the process, as well as, the effect it might have on areas not considered during the audit.

The essential features of corrective action are as follows:

1. Identification of nonconformity
2. Establish responsibility for controlling the pertinent process
3. Collect data to establish root cause for the nonconformity
4. Analyze the data and establish corrective action
5. Monitor effectiveness of this action, including internal auditing
6. Revise the action if ineffective
7. Record all the actions taken
8. Amend system documentation, as necessary

All corrective action is not necessarily so involved. Some of the stages listed above are completed rather easily. However, all corrective action follows this general path.

ISO 9000 Training - The forward-looking company will determine some criteria for success. If the company is going to be involved in these activities, the business should improve after the audits and the corrective(s) have been taken. Has the error rate reduced? Do we now respond to our customer needs quicker? Have we reduced the number of bad debts? Are we throwing out less waste every night, etc?
Sources of preventive actions may arise from analysis of data and from lessons learned from corrective actions that may be applied to potential similar situations. Once identified, the process for addressing preventive actions may be similar to corrective action.

"Understanding ISO 9001" provides a detailed explanation of each ISO 9001 clause (requirements).

ISO 9001 FAQ provides answers to commonly asked questions about the ISO 9000 family of quality management standards.