Audit nonconformity is one of the potential outcomes of first, second, or third-party audits, and they are one of the main elements of the audit report.
Auditees are interested in the audit reports to evaluate their compliance with the audited requirements. At the same time, the auditees are mostly interested in understanding their potential gaps and addressing corrective actions. Audit nonconformities are the only areas most auditees seek to address actions and maintain compliance. Following a few steps before writing any audit nonconformities is very important. Invalid or unclear audit nonconformities will lead to unnecessary administration and auditees confusion. In addition, an invalid, incorrect or unclear nonconformity adversely impacts the audit and auditee's processes. Specific rules must be followed before starting to write audit nonconformity. This post will review the key points auditors should follow to write valid, verifiable and correct audit non-conformities.
During the audit, you may realise a gap in documentation or implementation against the audited criteria or observe a practice you believe is nonconformity. You may be correct, but at the same time, you may have forgotten to examine all aspects of the audit process. Verify your findings with the auditees before jumping to conclusions and ensure all aspects of evidence were verified and examined before raising any audit non-conformities.
Objective evidence is a vital part of any audit nonconformity. You don’t have a valid audit nonconformity unless it is supported by objective and verified evidence. Auditors often like to share their experiences with other businesses with their auditees to bring value to their audits. However, sharing these experiences in the context of audit nonconformity is incorrect, and you can use other audit-finding categories, such as OFI (opportunity for improvement), instead.
You should follow the correct structure to write a valid and correct audit nonconformity. Three elements shape an audit nonconformity:
Here is an example of an audit nonconformity:
Audit criteria
Audit nonconformity
The business onboarding process (PR03.001) has not been followed.
Objective evidence
Records of inductions were not located for the six new staff. The HR manager has verified that the six new staff were not inducted according to the business onboarding procedure PR03.001 dated June 2020
Write a concise and comprehensive statement about what is missing. The audit scope is to evaluate gaps against a certain and you should keep yourself away from giving consultation. In your writing, you shouldn’t write a statement about what the organisation should do to address your audit nonconformity. Leave the corrective actions to the auditees to come up with something they believe is the best way for them to manage their gaps.
Your audit report is your signature; you should prepare it to demonstrate professionalism. You will have an audit nonconformity when a piece of evidence is missing, or someone hasn’t followed a process as it was expected according to the audited criteria. Never write down private, confidential, business-sensitive information in your audit nonconformity. Be clear about what is missing by referring to the project number, department name, building number, code, or role title. Never write down an individual’s name in your audit nonconformity.
Last but not least is to ask yourself a question before writing an audit nonconformity. The following questions can help you to evaluate the circumstances before jumping to any conclusions:
Perhaps writing a valid, correct, and verifiable audit nonconformity is one of the most important duties of auditors. Following the above key points will help you to have a stress-free audit closure. In addition, your clients will welcome your valid audit nonconformities due to the value it is going to bring to their business. The above elements may not look very complicated to follow but to become a professional audit nonconformity writer, you must always keep practicing and following the above points before writing audit nonconformities.
At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia with an amazing team of expert auditors, consultants, and entrepreneurs.
Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.
We Care for each other, our members, and our society.
We Dare to discover and experiment, trying to be different and be fearless, and innovative.
We share our knowledge and experience, work together and continue to support our members.
Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.
50% Complete
Kindly complete the form below and confirm your email address. We will keep you updated with news, articles and promotions.