Corrective Action & Preventive Action Process Internal Audit

Good day omeng,

8.2.2 of ISO 9001:2008 requires the organization to assess the effectiveness of the quality management system, and that system includes a process for handling corrective actions as per documented procedure.

An audit of that process would therefore begin with a review of the documented procedure, and include a sample of corrective actions performed and recorded in order to determine the process is effectively implemented in order to prevent recurrence of nonconformities. Subclauses a through f should be confirmed to be included in the process. Corrective actions (clause 8.5.2) are referenced in Internal audits (8.2.2), but the process might also be used to address customer complaints and/or other identified issues judged important enough to address in a controlled manner.

I hope this helps!

 

MCW8888, I think Qualmx's post which you quoted, was directed towards the Original Poster. My presumption is that Qualmx is asking the Original Poster if the auditor issued the finding on the basis of ineffective Corrective Actions (or an ineffective Corrective Action process) and not a generic, to-the-world, question on the definition of 'effectiveness'. If you're adding on to Qualmx's post as a way to help the Original Poster understand his/her question, great; perhaps you could edit your post to indicate that is the case.

Jennifer's response is spot-on, Omeng. Presuming you have a (documented) process for managing your corrective actions, you audit that. This includes items such as:

• Does the (documented) process meet the requirements of the Standard?
• Does the process include steps for reviewing and documenting the issue?
• Is there way to contain or temporarily "fix" the problem? Example - quarantine in a designated area for investigation later on, removal from production, prevention of further use or shipment, etc.
• Root cause analysis - when to do it
• Action plan development to address the root cause and prevent recurrence
• After an appropriate amount of time, assess if the actions were successful in preventing recurrence - document evidence supporting the success
• Close and maintain a record of the corrective action

There are two more items I look for when assessing the corrective action process; perhaps they go 'above and beyond' the black and white requirements of the standard, but they are, in my opinion, vital to demonstrate the effectiveness of a Corrective Action process:

• Is the whole process consistently applied across the organization (as appropriate)
• What's done with the corrective action record/documentation...Corrective Action is not a stand-alone process. It can be an input to other activities within your organization's management system:
  • Improvement - trend analysis may identify a need to improve an aspect within the production process
  • Management Review - trend analysis may identify issues requiring attention from leadership (such as investment, resources, etc.)
  • Internal Audits - a spike in the number of Corrective Actions in a particular process and/or department can support an Internal Audit path/discussion

 

These can, and should comprise at least part of the sample to review in order to determine if your process conforms to the requirements of 8.5.2. It is important to understand that doing follow up of audit findings addresses requirements in 8.2.2, which does cite "...shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes" but 8.5.2 can, and should be applied to more than just audits. 8.5.2 can also apply to customer complaint handling and resolution, and even internally recognized issues put forward by personnel outside of audits and customer complaints. The audit to corrective action process should highlight a check to see if cause analyses are performed, if actions are recorded and if effectiveness verification is done for closure. These are the top three issues I find when I review corrective action processes.

Doing an occasional review of the process can help you realize if issues repeat in certain areas, if some groups struggle with cause analysis, and if people too frequently cite symptoms as causes (often a cause for repeat issues).

I hope this helps!