PROMISE: Our kitties will never sit on top of content. Please turn off your ad blocker for our site.
puuuuuuurrrrrrrrrrrr
Miriam Boudreaux
Published: Tuesday, August 18, 2009 - 04:30
Story update 8/21/2009: We corrected an error regarding the function of the accreditation body.
I’ve worked with several companies over the years and dealt with different individuals, different processes, and different levels of ISO 9001 understanding. However, when an organization is getting ready to apply for ISO 9001 certification, the question most often asked is: “Are we going to pass the audit?" Similar questions I've been asked are:
"How many of your clients have passed the audit?"
"How many of your clients failed the audit?"
And after I have conducted an internal audit, the usual question is, of course, “Did we pass?”
Those seem to be very simple questions and a yes or no should suffice, however the truth of the matter is that ISO 9001 audits don't have a grade, there is no pass or fail status or there is no pass or fail grade.
Please visit our blog on the ISO Audit Results and Nonconformities for a detail explanation on what constitute an audit finding, or nonconformity.
Let’s look at the case of internal audits. Internal audits are usually run by people from the organization, or often by consultants who issue an internal audit report containing audit findings, specifically nonconformities. If your company gets one or two nonconformities, will it pass the internal audit? The answer is that audits aren't pass or fail exercises. Basically, you will have done great even with two or five audit findings, or perhaps even 10. In all cases, you should see the results as great, because you have found some shortcomings in your company and now you are in a position where you can fix them.
So the internal audit isn't a passing or failing matter, the purpose of the audit is to assess the degree of conformance to the audit standard and report the results of the audit in the audit report. The audit report will not indicate that the company passed or failed, but rather whether the company has a high degree of conformance or needs some improvement, which can be accomplished by taking appropriate actions to address the nonconformities.
In the case of external audits, the same principles apply. You don't have a pass or fail grade. However there is a difference—whether it is an initial audit or a periodic audit, and whether there were major or minor nonconformities issued.
Registrars have their own procedures, which establish how much time the organization has to respond to nonconformities. If the audit is a certification or initial audit, then there's a set time for responding to nonconformities. Failure to comply will result in the organization not being recommended for certification and ultimately not receiving their certificate.
If the audit is a periodic audit, then again, there is a set time to respond to nonconformities. If the organization submits their response within that allotted time, then their certificate will continue in good standing. If the organization doesn't submit their responses in the allotted time, then they risk losing their certificate. In most cases, you have 30 days to submit your response to the registrar on how you will resolve the nonconformities.
During the initial audit there are indeed worries whether the organization is going to pass or fail the audit and get its certificate. Let us explain that the certificate isn't issued immediately upon completion of the audit. When the registrar completes the initial or certification audit of the organization, they submit their report to the technical committee who will in turn review the report and issue the certificate. Now this process can happen immediately after the audit or it can be done a few weeks later. It all depends on how many nonconformities the organization got during the audit. So if the company didn't get any nonconformities, then the registrar will feel comfortable recommending the company immediately for certification. The auditors don't issue the certificate immediately, they recommend. So again, if there are no nonconformities to follow up then the registrar will most than likely tell the organization during the closing meeting that they will be recommending them to be registered as an ISO 9001 organization, and then the registrar will issue the certificate a few weeks (or months) later.
The pictures changes when there are nonconformities. Here there is one question to ask, whether those nonconformities are major or minor.
If there are nonconformities, the registrar won't recommend the organization for certification. However, if all the nonconformities are minor, they will say during the closing meeting that they will recommend the company for certification upon receipt and approval of written corrective action for all the nonconformities issued. So if the company got, for example, two, five, or seven minor nonconformities, the organization should feel great because if appropriate corrective action is submitted for review to the registrar, they will be recommended for certification. So if the registrar conducted the audit this week, and they leave you with a report and findings and you spend one or two days to come up with a corrective action plan for all those findings, you may be on your way to success. Once you submit your response to the registrar and they review and accept all your answers, they will at that point recommend your organization for certification. So it may not even be a week after the audit before you are recommended for certification. It just depends on how long you take to come up with the answers and how long it takes the registrar to review the corrective actions.
Again, the audit was not pass or fail, just a matter of assessing the degree of conformity.
There is a third case, which is when there are major nonconformities. If there are major nonconformities issued during the initial certification audit, then most likely the registrar won't recommend the company for certification during the closing meeting. Not only will you have to submit your responses by e-mail, but most registrars will require a follow up audit, so they will need to come back to your organization and physically verify that the major findings have been taken care.
So that is the main difference. On minor nonconformities the company submits their corrective actions via e-mail and no follow up is required. On major nonconformities, the corrective action responses to the nonconformities are also submitted by e-mail, but in most cases the registrar is going to come back verify the corrective action implementation. They will schedule an audit follow up, which will probably take a day or so. If everything goes well and the responses to the nonconformities are verified, they should recommend the company for certification.
So once again, external audits aren't a case of pass or fail. Even if you get major nonconformities, you should address them, issue the corrective action plan, send it to the registrar, make sure they approve it, and if you do so in a very expeditious way, the registrar will be in a position to schedule a follow-up audit shortly. When they come, if they see that the nonconformities have been taken care, they will validate the nonconformities, close them and subsequently recommend you for ISO 9001 certification.
Periodic audits conducted by the registrar differ slightly from initial audits. Besides the difference in audit time, the big difference is that the organization already has an ISO 9001 certificate. If the organization satisfactorily addresses all nonconformities issued—whether there are major and or minor—the registrar will keep their ISO certificate in good standing. Failure to address minor nonconformities may result in the nonconformities being elevated to a major category. Failure to resolve major nonconformities may result in the company being put on probation, and could go so far as causing them to lose their ISO certificate.
In essence, once the organization puts into action their preventive and corrective procedures, as well as their continual improvement process to correct nonconformities generated through the internal or external audit, they will receive or continue their ISO 9001 certification. No pass or fail grades, no good or bad remarks, ISO 9001 audits are basically just a great opportunity to continually improve the organization and its quality management system.
Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks, Miriam Boudreaux is the CEO and founder of Mireaux Management Solutions, a technology and consulting firm headquartered in Houston, Texas. Mireaux’s products and services encompass international standards ISO and API consulting, training, auditing, document control and implementation of Web QMS software platform. Mireaux’s 6,500 square foot headquarters, located in the northwest area of Houston, houses their main offices as well as their state-of-the art training center. Mireaux itself is certified to ISO 9001:2015 and ISO 27001:2013. To get in touch with Miriam Boudreaux, please contact her at info@mireauxms.com.What Happens If You Fail Your Audit
It's not the end of the world. It's a chance to improve.
Passing or failing an internal audit
Passing or failing an external audit
Initial ISO 9001 audits without nonconformities
Initial ISO 9001 audits with minor nonconformities issued
Initial ISO audits with major nonconformities issued
Periodic ISO audits
Final words
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Miriam Boudreaux
© 2021 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.