Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Corrective Action & Preventive Action Process Internal Audit

Discussion in 'ISO 9001:2008 - Quality Management Systems' started by omengramirez, May 20, 2016.

  1. omengramirez

    omengramirez Member

    Joined:
    Mar 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    All,

    We just finished our recertification audit and we were issued an NC because the auditor said we were not doing our CA/PA Process audit. All our CARs are closed and follow up on the corrective action done.
    Is non-conformance correct?, if so how do you perform an audit with corrective and preventive action?

    Thanks
    omeng
     
  2. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    905
    Likes Received:
    635
    Trophy Points:
    92
    Location:
    USA
    Good day omeng,

    8.2.2 of ISO 9001:2008 requires the organization to assess the effectiveness of the quality management system, and that system includes a process for handling corrective actions as per documented procedure.

    An audit of that process would therefore begin with a review of the documented procedure, and include a sample of corrective actions performed and recorded in order to determine the process is effectively implemented in order to prevent recurrence of nonconformities. Subclauses a through f should be confirmed to be included in the process. Corrective actions (clause 8.5.2) are referenced in Internal audits (8.2.2), but the process might also be used to address customer complaints and/or other identified issues judged important enough to address in a controlled manner.

    I hope this helps!
     
    omengramirez and MCW8888 like this.
  3. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    443
    Likes Received:
    58
    Trophy Points:
    27
    Location:
    Mexico
    Please explain in detail it was because CA were not effective?
     
    omengramirez likes this.
  4. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    197
    Trophy Points:
    42
    Effectiveness is to verify, by conducting a follow-up audit of the process for which you raise a CA. If it is determined that the problem did not happen again, then you state that in your corrective action form and close it. Depending upon the Risk of the nonconformance, you must allow enough time for the corrective action to take effect before conducting a follow-up audit.
     
    omengramirez likes this.
  5. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    892
    Likes Received:
    1,033
    Trophy Points:
    92
    Location:
    Ontario, Canada
    MCW8888, I think Qualmx's post which you quoted, was directed towards the Original Poster. My presumption is that Qualmx is asking the Original Poster if the auditor issued the finding on the basis of ineffective Corrective Actions (or an ineffective Corrective Action process) and not a generic, to-the-world, question on the definition of 'effectiveness'. If you're adding on to Qualmx's post as a way to help the Original Poster understand his/her question, great; perhaps you could edit your post to indicate that is the case.

    Jennifer's response is spot-on, Omeng. Presuming you have a (documented) process for managing your corrective actions, you audit that. This includes items such as:

    • Does the (documented) process meet the requirements of the Standard?
    • Does the process include steps for reviewing and documenting the issue?
    • Is there way to contain or temporarily "fix" the problem? Example - quarantine in a designated area for investigation later on, removal from production, prevention of further use or shipment, etc.
    • Root cause analysis - when to do it
    • Action plan development to address the root cause and prevent recurrence
    • After an appropriate amount of time, assess if the actions were successful in preventing recurrence - document evidence supporting the success
    • Close and maintain a record of the corrective action

    There are two more items I look for when assessing the corrective action process; perhaps they go 'above and beyond' the black and white requirements of the standard, but they are, in my opinion, vital to demonstrate the effectiveness of a Corrective Action process:

    • Is the whole process consistently applied across the organization (as appropriate)
    • What's done with the corrective action record/documentation...Corrective Action is not a stand-alone process. It can be an input to other activities within your organization's management system:
      • Improvement - trend analysis may identify a need to improve an aspect within the production process
      • Management Review - trend analysis may identify issues requiring attention from leadership (such as investment, resources, etc.)
      • Internal Audits - a spike in the number of Corrective Actions in a particular process and/or department can support an Internal Audit path/discussion
     
    omengramirez likes this.
  6. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    197
    Trophy Points:
    42
    Thank you Roxanne.
     
    omengramirez likes this.
  7. omengramirez

    omengramirez Member

    Joined:
    Mar 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    @Jennifer Kirley , @RoxaneB ,@Qualmx & @MCW8888 . Thank you very much for the inputs.

    The auditor issued a non conformance because reference to internal audit of the CA/PA process was nowhere to be found on any of our internal documents that the auditor reviewed. The auditor also mentioned that per AS9100 standard the corrective action process should be separately audited.

    Is the non-conformance correct? we have all the corrective actions reviewed and closed out plus the follow up audit were completed. We monitor and review CARs for timely closure and our CAR form is in 8D format and we also verify other processes if the same issue exist.

    Can monitoring and review of CARs plus follow up audits be considered as audit of the CA/PA process?


    Thanks again.
     
  8. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    443
    Likes Received:
    58
    Trophy Points:
    27
    Location:
    Mexico
    With monitoring and review of CARs you are not ensuring that you are auditing that process what is requested by the standard.
    In fact such process ahould he included into the audit schedule in your quality system.
    Hope thia helps
     
    Jennifer Kirley likes this.
  9. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,220
    Likes Received:
    913
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Because we are in the ISO 9001:2008 forum, I would assume that you have a documented procedure for CA and/or PA. Since ISO 9001 requires any organization to audit internally your QMS to determine conformance with the requirements of ISO 9001 (see clause 8.2.2a), your procedure/process for CA/PA must be audited internally against the clauses of 8.5.2 and 8.5.3. Your CB was right for raising an NC if you failed to do this. On how you are going to audit your CA/PA procedure/process, Jennifer and RoxaneB have given the appropriate approaches.
     
  10. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    905
    Likes Received:
    635
    Trophy Points:
    92
    Location:
    USA
    These can, and should comprise at least part of the sample to review in order to determine if your process conforms to the requirements of 8.5.2. It is important to understand that doing follow up of audit findings addresses requirements in 8.2.2, which does cite "...shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes" but 8.5.2 can, and should be applied to more than just audits. 8.5.2 can also apply to customer complaint handling and resolution, and even internally recognized issues put forward by personnel outside of audits and customer complaints. The audit to corrective action process should highlight a check to see if cause analyses are performed, if actions are recorded and if effectiveness verification is done for closure. These are the top three issues I find when I review corrective action processes.

    Doing an occasional review of the process can help you realize if issues repeat in certain areas, if some groups struggle with cause analysis, and if people too frequently cite symptoms as causes (often a cause for repeat issues).

    I hope this helps!
     

Share This Page