What To Do If You Disagree With An NCR From An Auditor?
Let's face it, there will be times in your career where you get told some part of your system is non-conforming but you don't agree with what the auditor has said.
Do you argue with the auditor who gave this NCR? Do you accept it and move on even though deep down you believe it is not a reflection of the company? Do you desperately gather up more evidence that will prove you are conforming?
It can be hard to know what to do in a situation like this, so in this video, I have outlined some information around non-conformances. This way, you will be informed on what to do if you ever find yourself disagreeing with the external auditor.
Differences in Finding Categories
The first thing to note is that every certification body will have different finding categories.
They're going to have at least one for conformance, which indicates that you have met that particular requirement in the standard. But they will obviously also have various categories of non-conformance where they believe you lack evidence of fulfilling that requirement.
Before the audit even commences, it is up to you to get familiar with the auditors categories so that any confusions around what they are suggesting can be addressed.
Non Conformances and Certification
The other point to make is that if there is a non-conformance raised, you won't lose your certification. Similarly, an NCR will not prevent you from getting certified.
There will always be a time period (usually two months) by which you can submit further information and evidence that demonstrates you meet the requirements - then that non-conformance will be changed to a finding of conformance.
Nominate your Organisations Contact Person
To avoid getting in the situation where you feel that there was other evidence that wasn't taken into account, you should nominate someone from your organisation to be the key contact person.
Inform the auditor of who that contact person is and let them know that any potential confusions around non-conformance should be communicated to them immediately.
Sometimes the evidence can be elsewhere. For example, the auditor may be interviewing someone in production about an induction process and asking for records which this production manager doesn't have.
If the contact person is aware that the production manager is being interviewed, they can direct the auditor to the HR manager, who will have any relevant induction records.
The Non-Conformance Must be Required by the Standard
You can’t receive a non-conformance raised on something that’s not actually required by the standard. On occasion, you do see auditors raise a non-conformance on something they would like to see or they think it's good practice, but it's not actually required by the standards.
The auditor also can't raise a non-conformance unless they have objective evidence, which is factual, reproducible evidence that proves that something's a non-conformance.
Ask the auditor to show you where in the standard this is actually a requirement. Ask them to show you the evidence that you are non-conforming.
What to do about Non-Conformances?
If it is a genuine non-conformance that's fine. Treat it as a learning opportunity, a gap in your system or a potential point of failure. If you take action on that, you'll improve your system and be better placed to manage the associated risks.
Remember, It is not the end of the world if you receive a non-conformance, it's just a term.
Here at IRM, our aim is to educate and inform you on everything you need to know about auditing and compliance. You can watch our other auditing videos here.
We encourage you to subscribe if you're wanting to improve your knowledge around ISO compliance and management systems and auditing.