1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Audit Categories

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Rich_65, Jul 12, 2022.

  1. Rich_65

    Rich_65 New Member

    Joined:
    Jul 12, 2022
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    I'm new to ISO and can see we three possible Audit Categories listed in an audit report.

    Major / Minor / CFA

    Whilst I think Major/Minor might be somewhat self explanatory, I'm struggling to work out what CFA means.

    The person internally I could ask is off on leave at present. Could someone assist with a definition/explanation?

    Many thanks
     
    Rich_65, Jul 12, 2022
    #1
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,104
    Likes Received:
    2,560
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Rich, welcome to QFO and welcome to "ISO".

    Let's talk about types of audit, before we discuss "grading". What type of audit are you discussing? Internal, Supplier? Certification? Regulatory?
     
    Andy Nichols, Jul 12, 2022
    #2
  3. Rich_65

    Rich_65 New Member

    Joined:
    Jul 12, 2022
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    Hi Andy,

    It's an Internal Audit.
     
    Rich_65, Jul 12, 2022
    #3
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,104
    Likes Received:
    2,560
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Ok, that helps. Traditionally, external audits have attracted a grading system to help justify the actions taken in follow up to the audit. This might be non/approval of suppliers, non/certification to ISO 9001 etc.

    Internal audits - in my 40 years of experience - need no such grading system because there's no similar justification needed. The "gravity" or significance of any internal audit finding is conveyed through the description of the non-conformity or summary report(s). Simply checking a box "Major", "minor" or something else is counterproductive, experience shows.

    It seems that your internal audit process is set up to emulate and external audit, which isn't an effective model. They have different objectives etc. To be honest, it's not uncommon to do this, since it's often taught that was in so-called "Lead Auditor" courses. Most people think there's only one to do do audits and that's the course to teach you, kinda thing. They couldn't be more wrong...

    CFA might mean "Call For Action", or "Continuous Freakin Improvement". Who knows? It's odd compared to the terminology others employ and the fact it has no definition of what any of the grades means, is worrisome, in it's own right. If the management of the organization don't know what it means (you could check with them) what's the purpose?
     
    Andy Nichols, Jul 12, 2022
    #4
    tony s and John C. Abnet like this.
  5. Rich_65

    Rich_65 New Member

    Joined:
    Jul 12, 2022
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2

    Thanks Andy,

    This was helpful. The internal audit does seem to mimic the external Audit style...which might be more helpful to the external auditor than to those undertaking internal audits.

    I've seen External audit reports and I agree the grading they follow i.e. major/minor/OFI relates to the gravity of the finding and the timescale for response,, action and consequence.

    The Internal Audit report which prompted my question is an electronic document and held on an internal management system. I was wondering if the Category fed some 'Report' or Audit Tracker though I can't see where yet. I too am at a loss to know what CFA stands for, though I'd thought 'Consider for Action' might be a possibility. The more I look the more questions I have raised.

    My colleague returns from leave next week and I look forward to their responses.

    Many thanks for your time and thoughts.

    Richard
     
    Rich_65, Jul 12, 2022
    #5
    Andy Nichols likes this.
  6. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,055
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I agree with Andy that internal audits should not mimic how CB auditors categorize their audit findings. Technically, ISO 19011 (guidelines for auditing management systems) define "audit finding" as results of the evaluation of the collected audit evidence against audit criteria. The result is either conformity OR nonconformity ONLY. There's no mention of another category (e.g. observation, OFI, or CFA). If the organization sees the value of grading the nonconformities further (e.g. minor, major), then it's their call. However, recommendations (such as OFIs or CFAs), although can be offered by the auditors and included in the audit report, should not be inferred as an audit finding.
     
    tony s, Jul 23, 2022
    #6
    RonR Quality Pro likes this.