Fixing Audit Findings
Guest Post by John Mason (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The audit is finished, the exit meeting conducted and the audit report has hit your desk. As discussed, there should be no surprises, there should be correctly categorized findings, and specific examples.
Now you have 3, 6, 9 or 12 months in which to fix them.
If you have findings that have to be addressed within 3 months, then you have got a nonconformity or a major corrective action (of course the names are different for every certification service provider).
Where you have one of these, you normally have to provide details on:
• what corrective actions you will take;
• what resources you will use, and
• a timeline to at least reduce the matter to an improvement request / minor corrective action, if not closed all together.
The rest of the categories of findings will need to be addressed before the next audit or at least considered if they are an observation.
It doesn’t matter what the category is. My recommendation is that you treat each finding as an individual event and include them in your system’s own corrective action process. Make sure you cross reference them so that you can trace them when the auditor returns.
Once in the system, correct the situation as reported. For example, if the finding is that the audit report for the internal audit of purchasing in October was not signed, get it signed. The matter can then be closed.
If you are using certification as an improvement process, you should also look into why the report was not signed. If it is for continual improvement, close the initial finding, then open a new corrective action and review the signing process. Make sure you still reference the originating circumstance.
This is not the only methodology. You could keep the original open and make the review of the signing process part of the effectiveness review of the entire finding / corrective action / matter.
Don’t re-invent the wheel based on the findings and examples of one audit. Be reflective and only take those actions that you need to take to address the tabled findings. Once you have that out of the way with your certification provider, you can then get on with your own continual improvement cycle through your management reviews, internal audits and corrective actions.
Avoid the Cram
It’s been three months since you were certified.
Do you still have that inner glow from a ‘job well done’?
You should. But now you need to avoid any hangover and you definitely need to avoid the ‘cram’.
Some companies think that certification is a race. You cross the finish line and dine out on the success forever. It isn’t. Certification is only the beginning and if you are not careful, that success can quickly be replaced with the threat of your certification being suspended.
Can they do that?
Yes, they can. Your certification body will be back within 6 months of your certification and they will be looking for a number of things.
• Did you record the findings from the audit in your own corrective action system or management review?
• Have you fixed them?
• Have you met your frequencies for internal audits, management reviews, corrective actions, calibrations, etc, etc.?
• Have new employees been made aware of their impact on the system and so on and so on.
There is much ongoing work required. To ensure you aren’t faced with suspension threats, keep the project rolling.
Do not leave it to the last minute. Don’t create that last minute cram of work / activity as you ready for the next audit. Spread it out, take your time and review your frequencies.
Companies which create cram days or in fact cram weeks just to ‘pass’ audits are not doing themselves any favours. Once your certification provider gets wind of cramming, the more clever of them (some say, the more caring of them), will find ways to show management that cram quality is not good quality.
John Mason is founder, managing director, managing consultant, managing auditor and author for Oberon NSW Pty Limited, trading as quality.com.au and qualitycertifications.com.au, which is a specialist management consultancy designing, developing, implementing, supporting and auditing quality management systems