How to Prepare ISO Audit Reporting

If the audit was undertaken for a ‘customer’ or a ‘third party’, then it may well be up to them to decide on the acceptances of any non-compliance. When the audit team leader is satisfied with the evidence presented he/she in turn may discuss any non-compliances with the organization representative to seek agreement that they exist. Following are the key features and objectives that organization should take care while preparing ISO audit report.

1. Team Meetings

At a daily meeting (or before the summery report is compiled) the auditors discuss their detailed observations with the audit team leader to determine if non-compliances exist and if applicable, are categorized.

When the audit team leader is satisfied with the evidence presented he/she in turn may discuss any non-compliances with the auditee’s representative to seek agreement that they exist 먹튀검증. This is not to suggest a ‘bargaining’ situation, but one in which the auditee is given an opportunity to discuss the non-compliances and allow the production of any evidence to demonstrate that there is no deviation from the requirements.

Equally, the opportunity to discuss and recognize a non-compliance may enable the auditee to initiate corrective action.

In either event, the non-compliance is still recorded but the fact that corrective action has been taken it noted in the audit report.

It should be noted that non-compliances are owned by the auditee and not the auditor.

2. Non-Compliance Categorization

It is common practice to classify non-compliances into categories. This subject is dealt with in Section 12.

Categorization of non-compliances is normally decided through discussion between the team leader and the auditors rather than applying a category at the time of the incident. Categorization is not an end in itself but an aid to assist the team leader to assess the severity of the non-compliance and form a reasoned judgment on the auditee’s FSMS arrangements.

3. Non-Compliances

Reporting non-compliances is the method used to indicate to an organization during an audit that there is a deviation to the laid down FSMS requirement and the applicable legislative requirements.

A non-compliance is a non-fulfillment of specified requirements (GMP, SSOP, QMS, Quality, Environment).

Non-compliances arise from OBSERVATIONS made during an audit.

An observation is a statement of fact recorded on the checklist. The audit team will then review all of their observations to determine which of them are to be reported as non-compliances. The audit team shall ensure that non-compliances are documented in a clear, concise manner and are supported by objective evidence.

4. Non-Compliance Categorization

All non-compliances have to be dealt with regardless of how important an impact they may on the established system. It is common practice to categories non-compliances to enable the overall effectiveness of a QMS management system and the urgency of corrective action to be assessed.

There is no defined standard for categorization of NCR’s, so if categorization is to be applied the methods are required to be defined by the auditing organization and made clear to the auditee at the start of the audit.

Categorization of NCR should be based on deviation to the FSMS/legislation and impact on product/process and its risk. Observations need to support the grading with sufficient justification.

A typical classification is as follows:

Critical

The absence or total breakdown of a FSMS to meet the requirements of ISO 22000 and the requirements of applicable regulations that impact QMS.

E.g. seriously inadequate hazard analysis, insufficient CCps are identified, no action responding to violation of critical limits, use unsafe water etc.

One critical NCR will lead to failure of certification. A re-audit is normally required within six months after initial audit.

Major

A non-compliance which is likely to result in the failure of the QMS system or reduce its ability to assure safety of processes or products.

E.g. improper control of chemical compound, shop workers are not very hygienic or there is no necessary action to prevent food from contamination etc.

If there is any major NCR, registration is recommended subject to a satisfactory verification visit. Verification visits will be arranged within eight weeks after the audit to verify effectiveness of corrective actions.

Minor

System deficiency (ies), which do not directly affect the QMS, but need to be improved.

E.g. environment of production areas is not in good condition, which may contaminate food, inadequate light in production areas or cleaning facility is not in a good condition etc.

When there are only minor NCRs and its number will not obstruct the system operation, registration can be recommended subject to a satisfactory review and verification of document evidence to corrective action. Document evidence, including self-declaration of corrective actions, is required to be submitted within four weeks after the audit.

A number of minor lapses of the same content (incorrect issue of documentation in use in several areas) show a system breakdown and may therefore be regarded as more serious and be upgraded. It is normal with certification bodies that once a corrective action has been agreed that the check for practice effectiveness may be left until the next surveillance visit.

Categorization of non-compliances is normally decided through discussion with the lead auditor and the auditor rather than applying a the time of the incident. Categorization is not an end in itself but an aid to assist the lead auditor to assess the severity of the non-compliance and form a reasoned judgment on the auditee’s QMS management system.

If the audit was undertaken for a ‘customer’ or a ‘third party’, then it may well be up to them to decide on the acceptances of any non-compliance. This may be influenced by any contractual or specification requirements. The lead auditor should be made aware of any such restriction.

Reporting Non-Conformities

During the audit, the auditor will be documenting observations of the system. These observations may well result in non-conformities being raised. When the auditor decides that there is a non-compliance, then a written report will be submitted. This type of report is commonly referred to as a NCR (Non-Compliance Report).

There should be sufficient detail in the report to clearly identify all the facts concerned, the specification requirement and the evidence of the non-compliance. It is important that sufficient information is provided to ensure traceability to the source of the problem in order that effective corrective action can be completed.

Leave a Reply

Your email address will not be published. Required fields are marked *