Identifying nonconformities during an audit can be a source of frustration for many organizations. However, in reality, these findings are not only normal, they also represent a way to improve your organization or processes. It is important to view nonconformities not as failures, but as valuable learning moments. This article provides insight into how to effectively deal with nonconformities and how to develop a good action plan.
The importance of a structured approach
Many auditors see the proper resolution of nonconformities as one of the most important ways to determine whether the organization is implementing a good improvement cycle. Therefore, their resolution is always verified in the audit of the following year. In our experience, there are auditors who also review all opportunities for improvement (OFIs) from the previous year during the audit.
When an auditor identifies nonconformities, it is important to adopt a structured approach. Documentation of these nonconformities is also important, as often nonconformities can be quickly resolved, and it may take months before another audit occurs. By then, you may have forgotten how exactly you resolved the nonconformity!
Good documentation not only helps in solving current problems but also prevents the same nonconformities from occurring again in the future. A good action plan consists of several steps, which are explained below.
1. Implement corrections
The first step in dealing with a nonconformity is to take corrective action. These are short-term solutions aimed at addressing the immediate nonconformities. This often involves supplementing missing elements or restoring processes that are not functioning properly. It is important to document these actions quickly to have a clear overview of what has been done. Some certification bodies (CBs) require evidence of the implementation of corrections, for example in the form of screenshots. Other CBs find it sufficient if you accurately describe what you have done.
2. Root cause analysis
After implementing corrective measures, it is essential to identify the underlying causes of the nonconformities. A thorough root cause analysis helps you understand why the nonconformities occurred. This can be done, for example, by performing a "5 x Why" analysis, where you repeatedly ask "Why?" until you reach the core of the problem. This process can provide insight into structural issues that need to be addressed.
Example: A machine stops unexpectedly (production)
Why? The motor is overheating.
Why? The cooling fan was not working.
Why? The fan's fuse blew.
Why? The wiring was worn out and caused a short circuit.
Why? The wiring was not replaced on time as part of the maintenance schedule.
Root cause: Deferred maintenance or lack of a clear maintenance process.
3. Scope analysis
In addition to identifying the causes, it is also important to investigate whether the nonconformities occur in other areas within the organization. This is done through a scope analysis. Here, you look for similar problems in other departments or processes. This not only helps to understand the impact of the nonconformity but also prevents similar situations from arising in the future.
In the context of this example, it would make sense to map out which machines of this type exist and whether there are other similar machines with an unclear maintenance process.
4. Formulate corrective actions
Once you have established the causes and scope of the nonconformities, it is time to formulate corrective actions. These actions aim to eliminate the underlying causes and are often more long-term in nature. This may include improving processes, providing training to employees, or adjusting guidelines and procedures. It is important that these actions are specific, measurable, achievable, relevant, and time-bound (SMART).
5. Effectiveness assessment
The final step in the process is to assess the effectiveness of the measures taken. This involves determining how the organization verifies whether the implemented measures have had the desired effect. This can be done, for example, by monitoring performance, conducting follow-up audits, or gathering feedback from employees. A good effectiveness assessment ensures that the organization learns from nonconformities and continuously improves.
In the context of the aforementioned example, additional attention could be given to the maintenance program of the machines identified in step 3 within the internal audit program.
Documentation and reporting
A structured and detailed documentation of the entire process is therefore crucial. This is not only for internal purposes but also to demonstrate to external stakeholders, such as certification bodies, that the organization takes quality management and compliance seriously. The use of tools (such as auditreporter.io) can assist in this, as they provide support in planning, executing, and reporting audits. This can increase the efficiency of the entire process and simplify documentation.
Fostering a culture of improvement
External audits are one source for identifying nonconformities. The approach outlined in this article can also be used for other types of nonconformities. Possible sources of nonconformities include:
The results of monitoring and measuring
Results of penetration tests
Reports from employees
Customer complaints
Incident analyses
Dealing with nonconformities should not only be a reactive action. It is important to foster a culture of continuous improvement within the organization. This means that employees should feel free to signal nonconformities and areas for improvement without fear of repercussions. By encouraging open communication and collaboration, organizations can not only address nonconformities more effectively but also promote innovation and growth.
ISO standards require organizations to learn from identified nonconformities and use them as a stepping stone to improvements. By following a structured action plan and creating a culture of improvement, organizations can optimize their processes and meet the requirements of quality management systems.