8D on Audit Non Conformance -- Incomplete Document

Bev D · Sep 4, 2023

I’ve had large CBs that had both good and bad auditors.
Once a well respected CB in the “medical field” sent us an auditor that almost exclusively audited hospitals. They wrote us up on a major because our employee cafeteria didn’t follow recipes precisely and they weren’t under revision control. Also a minor because the employee cafe satisfaction survey form wasn’t under revision control.

It happens and is one reason I am opposed to these standards and the auditors. While good ones can be helpful the bad ones do a lot of damage.

Golfman25 · Sep 4, 2023

Jen Kirley said:
I don't understand how it's clear to you because my annual training includes this and 100% of our reports are reviewed.

Maybe you need a new CB?

Then I have had a handful of auditors who have slept thru training. Too large of a sample to conclude that these items have a consistent emphasis in training and/or supervision.

And I know, 100% of reports are "reviewed." My question is (and was), what does that review consist of. To they just look at the report, take it at face value, and approve it. Or do they look at it with a critical eye and question things that seem out there.

A perfect example was the finding that was the point of this post. They auditor used a single document to determine that "the process of assigning roles and responsibilities" wasn't "entirely" effective. First the use of "entirely effective" is BS. What does that even mean? It's working, but could be improved? (Isn't that the textbook definition of opportunity for improvement?) Second the use of a single document without any commentary of other evidence seems pretty weak to me (because she didn't even look at any other evidence to verify the actual process). So no supervisor "caught" this and suggested a bit more development might be in order? Supervisory review was weak at best.

Randy · Sep 4, 2023

Golfman25 said:
Then I have had a handful of auditors who have slept thru training.

Nobody ever slept though my deliveries. If Marc was still alive he could vouch for that!

Sidney Vianna · Sep 4, 2023

Golfman25 said:
A perfect example was the finding that was the point of this post. They auditor used a single document to determine that "the process of assigning roles and responsibilities" wasn't "entirely" effective. First the use of "entirely effective" is BS. What does that even mean? It's working, but could be improved? (Isn't that the textbook definition of opportunity for improvement?) Second the use of a single document without any commentary of other evidence seems pretty weak to me (because she didn't even look at any other evidence to verify the actual process). So no supervisor "caught" this and suggested a bit more development might be in order? Supervisory review was weak at best.

Dont fool yourself. In the overwhelming majority of cases, the technical review of audit reports is a go through the motion step. A decent size CB generates hundreds of audit reports per week and to think a single tech reviewer can scrutinize this massive amount of reports is not realistic.

One of the most contentious threads I engaged in, here was the one about a registrant that preferred to have a blind gopher type of CB auditor (Blind Gopher Auditors Comment - Who is responsible?). And very few people here sided with me when I was fighting that perspective. A lot of people in the receiving end of CB audits do prefer the morons, the lazy, the incompetent, the bad auditors because, they think, they are easier to control, compared to the insightful auditor(s). And the commoditization of management system certification is providing plenty of bad options.

Auditors, just like everybody else, want to maximize their income while minimizing the effort in doing their jobs. So, CBs promote an assembly line approach to auditing with almost zero customization of the assessment to the registrant. Anybody who knows anything about management system auditing knows the importance of proper planning, scheduling, performing an audit and reporting the audit results for the unique event. Both the IAQG and the IATF with their augmented accredited schemes attempt to force the issue about proper audit planning, based on the system performance, with mandatory input from the registrant's customers, but in the "vanilla" ISO 9001 certification schemes, for the most part, auditors have NO IDEA of how the system is performing prior to showing up to the site, as there is close to zero interaction with the registrants prior to the audit. An assembly line approach to audits is another component of the reasons for devaluing of certificates and valueless audits.

Randy · Sep 4, 2023

Sidney Vianna said:
proper planning, scheduling, performing an audit and reporting the audit results for the unique event.

I'd say I probably provide 15-25-50% more time planning and report writing than I get compensated for, depending on the complexity (like multiple certs/standards and/or QEHS risk involved). The same would go for cert transfers and other tasks I do.

I especially do a bunch of transfers and I'm sure others that do them as well can say that there are a bunch of crappy reports out there that are literally gibberish, containing reams of gobbeldy-goop and upchuck, created by what Sidney is pointing out....Of course others may look upon my stuff the same as well.

Golfman25 · Sep 5, 2023

Sidney Vianna said:
Dont fool yourself. In the overwhelming majority of cases, the technical review of audit reports is a go through the motion step. A decent size CB generates hundreds of audit reports per week and to think a single tech reviewer can scrutinize this massive amount of reports is not realistic.

One of the most contentious threads I engaged in, here was the one about a registrant that preferred to have a blind gopher type of CB auditor (Blind Gopher Auditors Comment - Who is responsible?). And very few people here sided with me when I was fighting that perspective. A lot of people in the receiving end of CB audits do prefer the morons, the lazy, the incompetent, the bad auditors because, they think, they are easier to control, compared to the insightful auditor(s). And the commoditization of management system certification is providing plenty of bad options.

Auditors, just like everybody else, want to maximize their income while minimizing the effort in doing their jobs. So, CBs promote an assembly line approach to auditing with almost zero customization of the assessment to the registrant. Anybody who knows anything about management system auditing knows the importance of proper planning, scheduling, performing an audit and reporting the audit results for the unique event. Both the IAQG and the IATF with their augmented accredited schemes attempt to force the issue about proper audit planning, based on the system performance, with mandatory input from the registrant's customers, but in the "vanilla" ISO 9001 certification schemes, for the most part, auditors have NO IDEA of how the system is performing prior to showing up to the site, as there is close to zero interaction with the registrants prior to the audit. An assembly line approach to audits is another component of the reasons for devaluing of certificates and valueless audits.

My bad for wanting them to provide a quality product.

Sidney Vianna · Sep 5, 2023

Golfman25 said:
My bad for wanting them to provide a quality product.

It is, maybe, another case of be careful what you wish for. If we imagine extremely competent, high performing and courageous CB auditors, chances are, a lot of NCs would be written up against the top management function. And you would be paying around 3 times of what you currently pay in terms of CB fees. I doubt top management of many registrants would be happy to pay more and be exposed for their lack of support and involvement in the quality function of their respective organizations.

Golfman25 · Sep 5, 2023

Sidney Vianna said:
It is, maybe, another case of be careful what you wish for. If we imagine extremely competent, high performing and courageous CB auditors, chances are, a lot of NCs would be written up against the top management function. And you would be paying around 3 times of what you currently pay in terms of CB fees. I doubt top management of many registrants would be happy to pay more and be exposed for their lack of support and involvement in the quality function of their respective organizations.

My wish is for competence at a reasonable cost. I don't need Nieman Marcus when Kohls will do. There are thousands of businesses that provide good service, good product and good value. It's really not that hard. Time for CBs to step it up.

Jen Kirley · Sep 6, 2023

Golfman25 said:
My wish is for competence at a reasonable cost. I don't need Nieman Marcus when Kohls will do. There are thousands of businesses that provide good service, good product and good value. It's really not that hard. Time for CBs to step it up.

I can't vouch for other CBs, but I can assure you that DQS has more than one technical reviewer. Several, in fact.

Based on the First Time Pass metric I can also assure you the review is more than a check-the-box exercise.

There is no question that some auditors are better than others. Some ought not be doing it at all, but when teams are used very often the Lead is experienced enough to temper the results. I can remember a few who co auditors were very little help to me as Lead. There are lots of influences including culture. Variation is as inherent in the certification industry as in other industries.

Auditors also tend to change over time. Some become less aggressive. I find the new ones tend to "pitch wild" until they learn to focus on what's important, as Bev said.

I don't know who you deal with, but based on the number of complaints I am thinking you may not even be shopping at Kohls. Even so, some of the less expensive CBs might treat you better. Why not find out?

Dr. IJ Arora · Dec 4, 2023

Golfman25 said:
Ok. Looking for some help here. Third party audits found a few NCs based on incomplete documents. For example: 5.3 Organizational roles, responsibilities and authorities: "The process of assigning roles and responsibilities is not entirely effective." Objective Evidence: Organizational chart only identifies top management -- does not identify setup persons, operators, or inspector.

Here's the backgroud: Our QMS has at least 20 years of certification behind it (Everything from the old QS, to TS, to ISO 9001). Current cert is ISO 9001:2015 for the past 5 years -- this was the third surveillance of the second cert. So we have had a lot of eyes on it over the years -- first time anyone objected to the Org Chart. The primary way we meet 5.3 is via flow charted procedures which lay out who does what, when, etc. Auditor didn't go past the org chart and never looked at anything else.

So apparently I just can't fix the glitch and update the Org. Chart. I need to do a full 8D style response -- Immediate correction taken; Root cause analysis; corrective action plan, and Verification. I am having trouble filling out those statements. If my immediate correction is to fix the Org chart, then what is the root cause, corrective action, etc.? If my corrective action is to fix the org chart, then was is my immediate correction? Etc.

I suppose my struggle is how do I do a systemic root cause/corrective action on a process that is some percentage (90-95%?) effective and a NC based on a single document the auditor felt was incomplete. Thanks in advance for your help.

What specific sub clause did the auditor choose? Can you please share the exact NC? The standard is never pushing for documents and the auditors whims and fancies can not decide and create a requirement? If you share more infor I can perhaps give you a solution. IJ

8D on Audit Non Conformance -- Incomplete Document

Bev D

Heretical Statistician

Golfman25

Randy

Sidney Vianna

Post Responsibly

Randy

Golfman25

Sidney Vianna

Post Responsibly

Golfman25

Jen Kirley

Quality and Auditing Expert

Dr. IJ Arora

Involved In Discussions

Similar threads