In our organization, Comercializadora Escambray, conducting internal audits of the Quality Management System has become a good habit and has become an important moment in the validation and verification of its operating status, an interesting tool as part of its continuous improvement.
Annually, all UCTs are internally audited through various channels, based on an Annual Audit Program that is prepared and approved by the Board of Directors in November of the year prior to which they will take place. They are carried out by people with specific and relevant training and with demonstrated professional competence.
During its execution, a logical sequence of actions is followed in correspondence with the Checklist prepared based on the reference standard to be audited, prepared for this purpose and fully known and managed by both the auditee and the auditor. This Check List will be the methodological support of the audit criteria, that is, the "set of policies, procedures or requirements used as a reference against which objective evidence is compared".
Given the characteristics of internal audits, it has become a style that the audit team must convince, not defeat; you must argue, not just expose. It should help, not attack, and that good judgment should always characterize the auditor.
The findings and evidence of the audits. Nonconformities
The audit evidence must be obtained from "records, statements of fact or any other information that is relevant to the audit criteria and that is verifiable", not from what may occur to each, their beliefs, habits, customs, interests, personal experience, knowledge, ways and means of doing. This is not rejected, but cannot become part of the audit evidence.
The findings that arise during the audit must be associated with the "results of the evaluation of the evidence of the collected audit against the audit criteria", so the auditor should avoid exposing criteria or personal assessments, and you must ensure that your argumentation is always supported by evidence based on the reference standard or checklist used.
The findings can become Non-Conformities (NC) and these are not particular criteria, it is the non-compliance with a requirement of the standard or application of the company's procedures. Failure to do it in this way may detract from the true value and objectives of the audit and the findings arising from it may not contribute favorably to the continuous improvement of the organization's QMS.
Now, an important moment, very important, I would say, during the performance of the audits and which guarantees to a great extent that this will be of high practical and methodological utility for the improvement of the system, would be the precise moment in which it is They write the detected incidents, the findings are described and argued, they are classified as observations, suggestions or NC. This is a very important moment that requires that it be carried out correctly, that requires removing emotions and sensations, in which we must adjust to the evidence, according to ISO 9001: 2008; to the facts, according to ISO 9001: 2015 and to the letter of the reference standard. A poorly identified, poorly exposed and argued, or poorly written nonconformity can create ambiguities, confusion or misunderstandings with stakeholders.
At this level of the writing, and to clarify, he mentioned some concepts of interest associated with the issue that we address of non-conformity and some associated concepts (ISO 9000: 2015):
3.6.9 nonconformity
non-fulfillment of a requirement (3.6.4)
3.6.4 requirement
Necessity or expectation estabilished, mandatory or implicit generally
quality requirement
quality requirement (3.6.4) (3.6.2)
3.6.6 legal requirement
mandatory requirement (3.6.4) specified by a legislative body
3.6.7 regulatory requirement
Mandatory requirement (3.6.4) specified by an authority mandated by a legislative body
In this way, non-conformity could be interpreted as the non-fulfillment of an established need or expectation, generally implicit or mandatory, regarding quality, or specified by a legislative body or by an authority that is mandated by a legislative body.
Despite the experience in audits of our organization, in the most recent follow-up audit to the certification of the management system by the ONN we have been pointed out as an observation “Although the organization has worked and the training of the personnel for the cause analysis, still in some UCTs it is not carried out completely correctly, so some corrective actions were appreciated that were actually corrections. ”, and it is specified, as corresponds to an auditor with experience and proven competence of the entity in which the finding is detected, in association with the analysis of nonconformities. In this sense, I consider it appropriate to refer to ISO 9000: 2015 as regards the definition of corrective action. The standard specifies:"Action to eliminate the cause of a nonconformity and prevent its recurrence"; and, correction, is the “action to eliminate a detected nonconformity”. It is important to note the difference between one definition and the other, eliminate the cause in one case, and eliminate the nonconformity in the other. This makes an interesting difference between corrective action and correction.
I take this opportunity to show and recall in a summarized and schematic way through figure 1, once again, the cycle of management of non-conformities.
Management of non-conformities in Audit
Based on these antecedents, from now on I will try to provide certain guidelines, not the only ones, nor certainly the best ones, to guarantee an adequate drafting of the detected non-conformities, which can facilitate the investigation of the causes and help to specify the corrective actions. or corrections to manage them.
The drafting of non-conformities. Suggestions.
The fundamental objective of the assessment and application of the guidelines is that when we carry out internal audits of the QMS, the auditee unequivocally understands the magnitude and specificity of the incident or finding, and that it can help them prioritize and speed up the management and resolution of each NC; secondly, that the auditor can accurately categorize the NCs to guarantee a correct judgment and understanding of them by the auditee and, finally, guarantee an adequate management and monitoring of them, in correspondence to as described in the organization's procedures and that is briefly shown in Figure 1.
Montes, in an interesting and attractive article on the subject, exposes certain points of view that I would like to return to. The author suggests that four main blocks be taken into consideration when writing an NC: MAGNITUDE / DESCRIPTION / REFERENCE / OBJECTIVE EVIDENCE
MAGNITUDE:
It will be the dimension or scope of the detected breach and it could be differentiated according to:
A) Casual, specific, generalized or systematic fact, for which the following beginnings of a sentence can be used….
- In all cases it is detected…….. In most cases it is detected… Generally… In some cases… In "x" cases of "y" cases examined it is detected… In the case… In the process… In the Key Results Area of the process ……..In the project…
B) Absence, total or partial non-fulfillment of a requirement, in this case it may be appropriate to take into account the following examples:
- The quality system does not contemplate the application of the point of the standard which on the treatment …… of the non-conforming product ……… of the evaluation of suppliers ……….. of the release of the product… of the control of externally contracted processes ….. of the competence of the workers ……, etc In the procedure such implanted, the requirement of the standard has not been taken into account….. The application of what is stated in the heading of the procedure more than of the system.
DESCRIPTION:
Where will be written what is really not fulfilled. At this time it is important to consider:
- Legible, avoiding spelling mistakes, use the same terminology used in the reference standards. Clarity and specificity: The content of the non-conformity must be unambiguous and not lead to possible semantic interpretations. It must provide a correct idea of the situation for that someone outside the writing can make decisions about it.A repetitive writing and with expressions that make it difficult to understand should be avoided.
Some examples are suggested that should be avoided:
- There is or should be… It should or should… Perhaps it could have been done ………… I consider it adequate or I do not consider it correct… It is not sufficiently documented… It is considered insufficient… It is considered imprecise…..
In case you want to comment on any evaluation in your writing, you should use defined and objective structures such as:
- GOOD: no objective evidence of… WRONG: it has not been possible to verify… GOOD: in the analyzed records… WRONG: in no records… GOOD: it has not been provided… BAD: they do not have…
EVIDENCES:
It is the objective test that supports the previous description, the exact place where the NC has been detected.
As far as possible, the evidence should be supported by:
- Identification of records Identification of equipment Identification of system documents, etc.
REFERENCE:
At this point, it must be made clear whether the NC is a non-compliance with a specific requirement of the reference standard that is being audited or a non-compliance with a requirement established in the company's documentation.
I hope that these small notes can contribute to continue improving the quality and effectiveness of our management system. I invite you to participate, comment and express your own ideas and points of view, but above all to use those presented here.
Don't forget the 5 whys technique when identifying nonconformities. It is important not to confuse nonconformity with its causes and corrective actions with corrections.
BIBLIOGRAPHY.
- ISO 19011: 2012, Guidelines for auditing management systems. ISO 9000: 2015, Quality management systems - Fundamentals and vocabulary. Fourth edition. 2015-09-15ISO 9001: 2008, Quality management systems - Requirements ISO 9001: 2015, Quality management systems - Requirements. Fifth edition. 2015-09-15 Luis, A. “The future of ISO 9001: 2015. Preparing for change. " Magisterial Conference given at the National Quality Management Workshop. Comercializadora Escambray. Havana. Cuba. May 2014. Luis, A. “ISO 9001: 2015. Projection, changes and perspectives until 2025 ”. Lecture given at the National Business Management Workshop. Agrarian University of Havana. Cuba. April 2014. Luis, A."Non-conformities and their proper management." Magisterial Conference given at the National Quality Management Workshop. Comercializadora Escambray. Havana. Cuba. May 2014. Luis, A. “ Preparing for change. Comments on planned changes in ISO 9001: 2008. " Training course. Quality Management Workshop. Comercializadora Escambray. Havana. October 2013 Luis, A. Comments and reflections on changes foreseen in ISO 9001: 2008. Training course. Quality Management Workshop. Comercializadora Escambray. Ciego de Avila. October 2014. Luis, A.; Gretel, Dopico Leyva; Miriam Celeste, Benítez Rivera; Camilo, Company Azcuy:“A perspective view of the new version of ISO 9001: 2015. Preparing for change. " Comercializadora Escambray. Havana. January 2015.
- Montes, Marifé: "How to write the non-conformities detected in an audit." Quality Responsible Club Courses in Food Quality and Safety » Blog » Quality Management.
