I was told that when you raise an Observation during an audit that would require corrective or preventive action you do not need to investigate the cause of the problem.
My understanding is that whether it is corrective or preventive action you need to investigate the cause of the problem because understanding the cause helps us in the evaluating the need for action to ensure that nonconformities do not recur or to prevent occurrence of nonconformities.
Correct my understanding also that this is why ISO 9001:2008 has written the requirements in Section 8.5.2 and 8.5.3 of the respective standards in this way.
The standard ISO 9001:2008 indicates that you are required to conduct internal audits at a prescribed interval (typically once a year) but does not explain how to conduct internal audits. The standard for detail on conducting audits is ISO 19011:2011…recently updated.
An observation is just a statement of fact. We should be gathering information (observations) to support all of our audit activities – positive and negative. When an observation indicates that a “nonfulfillment of requirements” has occurred it should be considered to be addressed as a nonconformity. What if you looked at 20 purchase orders and 1 which was supposed to be signed was not? There is a need to evaluate the impact on the organization’s ability to address its system and organizational requirements. While in this case 1 unsigned purchase order may be technically nonconformity – is there actual value in writing a nonconformance, which would then lead to corrective action?
It is the auditor’s responsibility to make a determination as to an adequate response. In this case I would probably leave it as an observation and document it as such on my audit report. When the observation is sufficiently serious (20 unsigned purchase orders) – then there is a need to write up a nonconformance – which leads to a corrective action request – and root cause analysis. There is and always should be judgment by the auditor in the appropriateness of response. I do not ignore anything – every nonconformity should have correction, but not necessarily corrective action.
Correction should be taken to correct the problem. Corrective action should be taken to understand the cause of the problem when there is the potential for the nonconformity to recur. There is a subtlety that is important. Preventive action may never be necessary during an audit but I do look for proactive activities as part of any audit. Preventive action is to address POTENTIAL nonconforming situations to prevent it from occurring in the first place.
Hope this helps.
– Michael Haycock, Sr. BRC Quality Consultant