This is the San Diego Section 703 Audit Decision Making Web Page.

Your browser does not support inline frames or is currently configured not to display inline frames.

Jobs

Meetings

News

Calendar

Education

This article was written by Pete Maizitis who is a member of ASQ in Cleveland Ohio and is in the process of re-locating back to San Diego. A similar version of this article was published by the Cleveland Ohio section of ASQ entitled "Evaluating Observations vs. Deviations (non-conformances)". The bulk of Peter's experience comes from being a Principal Auditor with TUV America but you can find his profile posted on our job seekers page.

Abstract

There is a fine line that an auditor must walk when documenting the results of a management systems audit. Determining the differences between a major non-conformance, minor non-conformance, and or observation can be difficult. It is also understood that QS-9000 and ISO/TS 16949 do not recognize observations and all nonconformities must be documented by the auditor and addressed by the auditee. This article clarifies these audit decision making difficulties.

Defining Non-conformity

One of the more difficult and sometimes to be perceived, subjective, elements of auditing to the ISO standards and/or the requirements of QS-9000 is the determination of observations versus nonconformities when a perceived system anomaly or finding is noted. EN ISO 8402 defines a nonconformity as, “nonfulfilment of a specified requirement . . . Note: The definition covers the departure or absence of one or more quality . . . characteristics [including dependability . . . characteristics], or quality system . . . elements from specified requirements.” Observations are defined by ISO 10011-1 as, “A statement of fact made during an audit and substantiated by objective evidence.”

Typically, nonconformities require a closed loop, documented corrective action with follow-up for effective implementation. An observation may be a statement regarding compliance issues or the state of implementation of an organization’s quality system. To confuse things further, observations may become nonconformities should there be objective evidence of a system nonconformity. One may hear several terms used for nonconformance (deviation, finding, nonconformity) and observation (comment, recommendation, opportunity for continuous improvement, suggestion). These are all the flavor of the auditing organization’s language and should correlate with the definitions in ISO 10011-1 and EN ISO 8402. For the purposes of this article, we will abide by the official terminology in EN ISO 8402 which is nonconformity and observation. I've always used the term, “deviation” for referring to nonconformities.

Calibrating the Audit Team

Quality Systems auditing may not be the most exacting science, however the audit team needs to calibrate themselves with regards to which findings will be considered observations and which will be considered nonconformities. These calibrations should be consistent with the auditing party’s policies and mandates. Typically, an auditing organization will provide for training and a meeting with and between auditors on a regular basis to provide a forum for interpretation of the standards, as well as nonconformance discussions.

Rules governing consulting and registrars are more stringent than those for a consulting firm. The reason is that registrars are not permitted to consult per EN 45012 and observations need to reflect only our recommendations for continuous improvement efforts, especially as allowed by the requirements of QS-9000. A nonconformity needs to reflect a clear-cut system nonconformance. Audit reports are reviewed by the registrar’s independent certification council, are subject to audit by the registrar’s accrediting bodies (e.g., RAB, DAR, RvA), and may be questioned if there appears to be inappropriately reporting findings (observations and nonconformities). Rule of thumb, if you as an auditor and find that you are consulting, you have just taken ownership for the Auditee’s corrective actions and would constitute a conflict of interest. Most registrars now have systems in place to assure that their auditors will not audit at a client they have been consulting at.

Categorizing Observations & Non-conformities

The following flowchart is an attempt at categorizing observations and non-conformities.

Now, we have categorized the observations and nonconformities and have provided the client with an audit report detailing the results of the audit. The next step, other than to debrief or have a closing meeting with the client, is to determine the need for a follow-up audit. Again, these are based on the registrar’s procedures and guidelines, as well as the audit team’s training, experience and judgment.

Determining the Need for Follow-up Audits

The audit team determines whether a follow-up audit is required to verify a client’s implemented corrective action. The delegated audit team leader has the final decision making authority regarding follow-up at the client’s facility. The following are general guidelines for making these decisions:

Can the corrective action be effectively verified via documentation and telecon? Typically, this is defined as a minor nonconformance: A system nonconformance that is not likely to reduce materially the usability of the product or service for its intended purpose or is a departure from established procedures having little bearing on the effective use or operation of the product or service.
Is the corrective action extensive? Is it serious enough to warrant a return visit? Example would be that the system is allowing un-inspected or non-conforming product to be shipped to the customer. In many cases this would be defined as a major nonconformance. Guidelines include:
- A system nonconformance which would result in a hazardous or unsafe condition for individuals using, maintaining, or depending on the product or service.
- A system nonconformance which would likely result in failure, or to reduce materially the usability of the product or service for its intended purpose.
- A system nonconformance indicating lack of implementation of an applicable quality system standard clause.
- Multiple minor non-conformances that in the audit team’s judgment indicates a system breakdown.

Conclusion

Third party quality management system audits are meant to objectively review of the effectiveness of a quality system. Without consistency in categorizing the results, the effectiveness of the audit can become compromised. The audit decision making tools described in this article are just some of the many tools that auditors utilize in the performance of the audit to maintain that effectiveness.

About the author

See more about Peter Maizitis on our job seekers page.

Prior to working for TUV America, Mr. Maizitis held positions as a Supplier Quality Engineer with several Major Aerospace companies: Goodyear Aerospace/Centrifuge Divisions, General Dynamics Convair Division, and Lockheed/Martin. Prior to TUV Mr. Maizitis was a lead auditor for a local Registrar. He was responsible for generating and successfully submitting for their QS-9000 accreditation and quality plan to the RAB and the RVA which, in conjunction with the required witness audit performed by fellow auditors, contributed to their accreditation to provide QS-9000 registration services. He also participated as the Lead Auditor on the ISO 9002 audit witnessed by the US Government in the first such pilot program in this country to evaluate the suitability of ISO 9000 for government contracts.