Non-conformity Reporting Module 4

Common Errors Non-conformity description Non-conformity categorization Soft grading Letting the Client instruct the findings Lack of reporting objective evidences Misinterpretation of “Corrective Action” Closure of nonconformity based on the correction only Failure to follow-up on the effectiveness of the corrective actions

NCR Reporting Requirements Reference : IAF / ISO 9001 Auditing Practices Group / Guidance on Documenting a Nonconformity, Feb 2005 There are three parts to a well-documented nonconformity: the statement of nonconformity a record of the requirement against which the nonconformity is detected the audit evidence to support auditor findings

NCR Reporting Requirements Reference : IAF / ISO 9001 Auditing Practices Group / Guidance on Documenting a Nonconformity, Feb 2005 If there is no audit evidence – there is no nonconformity. If there is evidence – it must be documented as a nonconformity, instead of being softened with another classification (e.g. “observations”, “opportunities for improvement”, “recommendations”, etc.). In the longer term, neither the organization, its customers, nor the Certification Body benefit by the use of softer classifications, as this risks the nonconformity being given a lower priority for corrective action.

What is a Non-Conformity ? “Non-fulfillment of a requirement” Objective evidence exists showing that: a requirement has not been addressed (intent) practice differs from the defined system (implementation) the practice is not effective (effectiveness) Avvikelse

Stor avvikelse Major Non-Conformity A failure of the clients system to address a specified requirement of the standard A frequent or purposeful failure to follow specified requirement written within the company system A failure to achieve the fundamental aim of a system requirement A failure to achieve legal or statutory requirements Multiple minor nonconformities within the same requirement of the standard or company system A purposeful failure of the company to correct nonconformities Stor avvikelse

Opportunity for Improvement and Observation A process/activity/document that, while currently conforming, could be improved to bring benefits to the client. Observation An area of concern, a process, document, or activity that is currently conforming that may if not improved, result in a nonconforming system, product or service Observation

Raising NCRs

NCR Reporting Requirements Reference : IAF / ISO 9001 Auditing Practices Group / Guidance on Documenting a Nonconformity, Feb 2005 The final (and most important) part of documenting a nonconformity is the writing of a statement of nonconformity. The statement of nonconformity drives the cause analysis, correction and corrective action by the organization, so it needs to be precise. Formuleringen viktig

Auditor’s Responsibility Reporting of NCR’s based on facts and objective evidences Correct reporting : grading , description, presentation Correct closure based on root cause analysis and effective corrective action to eliminate the root of the non-conformity Follow-up on effectiveness of the corrective actions taken Revisorns ansvar

Auditor’s Responsibility

Spårbart Important Tips Uncovering a non-conformity presents a previously undiscovered opportunity for improvement Be positive, be professional, be precise A non-conformity must be factual, objective, and traceable Someone else must be able to trace back and find the same evidence you found, based on what you wrote Spårbart

Objective evidence Important Tips Don’t see and present a non-conformity in a negative way REMEMBER! You are not there to find NCR’s, you are doing a compliance audit Present the non-conformity with clear objective evidence to avoid any conflict with the client The client must be convinced that the related corrective action will bring a benefit to the management system Objective evidence

Writing NCR’s

Closing NCRs

Don’t cure symptoms only! Hit the cause! 24/04/2017 07:50 Closing NCR’s Correction Root Cause Analysis The extent of the nonconformity has been determined (NCR has been corrected & the client has examined the system to see if there are other examples that need to be corrected). If correction can not be immediate; a plan to correct the NCR may be appropriate (responsible & date). Evidence that the correction was implemented or evidence that the plan is being implemented. Correction is mandated for every Nonconformity , because correction removes the nonconforming element from the system. The Root Cause is not simply repeating the finding, neither is the direct cause of the issue. Well thought out analysis to determine the true root cause: e.g. someone did not follow a process would be direct cause; determining why someone did not follow a process would lead to the true root cause. The root cause statement must focus on a single issue without any obvious "why“ questions remaining. If a "why“ question can reasonably be asked about the root cause analysis, this indicates that the analysis did not go far enough. Don’t cure symptoms only! Hit the cause! 16

Corrective Action Reference : BMS / BV Business Model Lever 5 Production / Audit Realization Process / 7. Closure of Nonconformities The corrective action or corrective action plan addresses the root cause(s) determined in the root cause analysis. In order to accept the plan it shall include; actions to address the root cause(s) identification of responsible parties for the actions and a schedule (dates) for implementation. In order to accept the evidence of implementation: Enough evidence is provided to show the plan is being implemented as outlined in the response (and on schedule). Note; Evidence in full is not required to close the NCR; some evidence may be reviewed during future audit when verifying the corrective actions.

Closing NCR’s

NCR Closing Exercise Handout and Group Exercise

© - Copyright Bureau Veritas