Six Points To Follow In Writing An Audit Nonconformity

Audit nonconformity is one of the potential outcomes of first, second, or third-party audits, and they are one of the main elements of the audit report.

Auditees are interested in the audit reports to evaluate their compliance with the audited requirements. At the same time, the auditees are mostly interested in understanding their potential gaps and addressing corrective actions. Audit nonconformities are the only areas most auditees seek to address actions and maintain compliance. Following a few steps before writing any audit nonconformities is very important. Invalid or unclear audit nonconformities will lead to unnecessary administration and auditees confusion. In addition, an invalid, incorrect or unclear nonconformity adversely impacts the audit and auditee's processes. Specific rules must be followed before starting to write audit nonconformity. This post will review the key points auditors should follow to write valid, verifiable and correct audit non-conformities.

1. Verify your audit nonconformity

During the audit, you may realise a gap in documentation or implementation against the audited criteria or observe a practice you believe is nonconformity. You may be correct, but at the same time, you may have forgotten to examine all aspects of the audit process. Verify your findings with the auditees before jumping to conclusions and ensure all aspects of evidence were verified and examined before raising any audit non-conformities.

2. Use objective evidence to support your nonconformity

Objective evidence is a vital part of any audit nonconformity. You don’t have a valid audit nonconformity unless it is supported by objective and verified evidence. Auditors often like to share their experiences with other businesses with their auditees to bring value to their audits. However, sharing these experiences in the context of audit nonconformity is incorrect, and you can use other audit-finding categories, such as OFI (opportunity for improvement), instead.

3. Following the proper structure

You should follow the correct structure to write a valid and correct audit nonconformity. Three elements shape an audit nonconformity:

1. Audit Criteria. Write down the audit criteria you are using for your audit nonconformity. Audit criteria are defined as “the requirements to audit against”. In most circumstances, auditors should consider three criteria during the audit. a) legislative requirements b) audited standards such as ISO 9001, ISO 14001, or National Disability Insurance Scheme Quality Guideline c) business policies, procedures, and practices
2. Audit nonconformity. In this section, you should write down the missing fact and lead you to raise an audit nonconformity. For example, the business onboarding process has not been followed according to the onboarding procedure.
3. Objective evidence. In this section, you should write down the missing evidence. Have a look at the example above. For example: Refer to the reviewed staff files—the six new entries from June 2022.

Here is an example of an audit nonconformity:

Audit criteria

• ISO 9001:2015 clause 7.3
• Business onboarding procedure PR03.001 Dated June 2020
• National Disability Insurance Scheme (Quality Indicators) Guidelines 2018 Core module indicator number 17

Audit nonconformity

The business onboarding process (PR03.001) has not been followed.

Objective evidence

Records of inductions were not located for the six new staff. The HR manager has verified that the six new staff were not inducted according to the business onboarding procedure PR03.001 dated June 2020

4. Corrective action and the root cause are not part of the audit scope

Write a concise and comprehensive statement about what is missing. The audit scope is to evaluate gaps against a certain and you should keep yourself away from giving consultation. In your writing, you shouldn’t write a statement about what the organisation should do to address your audit nonconformity. Leave the corrective actions to the auditees to come up with something they believe is the best way for them to manage their gaps.

5. Following privacy and confidentiality

Your audit report is your signature; you should prepare it to demonstrate professionalism. You will have an audit nonconformity when a piece of evidence is missing, or someone hasn’t followed a process as it was expected according to the audited criteria. Never write down private, confidential, business-sensitive information in your audit nonconformity. Be clear about what is missing by referring to the project number, department name, building number, code, or role title. Never write down an individual’s name in your audit nonconformity.

6. What’s in it for the audited organisation?

Last but not least is to ask yourself a question before writing an audit nonconformity. The following questions can help you to evaluate the circumstances before jumping to any conclusions:

1. Have they missed implementing a legislative requirement?
2. Is it easy to be fixed immediately, or does it need a long-term action plan?
3. Is it going to impact the consumers, clients, and staff’s safety, or does it affect the quality or the service delivery?
4. What’s in it for the organisation, and is there any value in raising this audit nonconformity.

Perhaps writing a valid, correct, and verifiable audit nonconformity is one of the most important duties of auditors. Following the above key points will help you to have a stress-free audit closure. In addition, your clients will welcome your valid audit nonconformities due to the value it is going to bring to their business. The above elements may not look very complicated to follow but to become a professional audit nonconformity writer, you must always keep practicing and following the above points before writing audit nonconformities.

Who We Are

At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia with an amazing team of expert auditors, consultants, and entrepreneurs.

Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.

We Care for each other, our members, and our society.

We Dare to discover and experiment, trying to be different and be fearless, and innovative.

We share our knowledge and experience, work together and continue to support our members.