Audit nonconformity is one of the potential outcomes of first, second, or third-party audits, and they are one of the main elements of the audit report.
Auditees are interested in the audit reports to evaluate how they comply with the audited requirements. At the same time, the auditees are mostly interested in understanding their potential gaps and addressing corrective actions. In fact, audit nonconformities are the only areas most auditees are looking for to address actions and maintain compliance. Following a few steps before writing any audit nonconformities is very important. Invalid or unclear audit nonconformities will lead to unnecessary administration and auditees' confusion. In addition, an invalid, incorrect or unclear nonconformity adversely impacts the audit and auditee's processes. There are specific rules that must be followed before starting writing audit nonconformity. In this post, we will review the key points auditors should follow to write valid, verifiable and correct audit nonconformities.
During the audit, you may realise that there is a gap in documentation or implementation against the audited criteria, or you may observe a practice you believe is nonconformity. You may be correct, but at the same time, you may have forgot to examine all aspects of the audit process. Verify your findings with the auditees before jumping to conclusions and ensure all aspects of evidence were verified and examined before raising any audit nonconformities.
Objective evidence is a vital part of any audit nonconformity. You don’t have a valid audit nonconformity unless it is supported by objective and verified evidence. Auditors often like to share their experiences with other businesses with their auditees to bring value to their audit. However, sharing these experiences in the context of audit nonconformity is incorrect, and you can use other audit-finding categories such as OFI (opportunity for improvement) instead.
You should follow the correct structure to write a valid and correct audit nonconformity. An audit nonconformity is shaped by three elements:
Here is an example of an audit nonconformity:
The business onboarding process (Business onboarding procedure PR03.001) has not been followed.
Records of inductions were not located for the six new staff. The HR manager has verified that the six new staff were not inducted according to the business onboarding procedure PR03.001 dated June 2020
Write a concise and comprehensive statement about what is missing. The audit scope is to evaluate gaps against a certain and you should keep yourself away from giving consultation. In your writing, you shouldn’t write a statement about what the organisation should do to address your audit nonconformity. Leave the corrective actions to the auditees to come up with something they believe is the best way for them to manage their gaps.
Your audit report is your signature, and you should prepare it to demonstrate your professionalism. You will have an audit nonconformity when a piece of evidence is missing or someone hasn’t followed a process as it was expected according to the audited criteria. Never write down private, confidential, business-sensitive information in your audit nonconformity. Be clear about what is missing by referring to the project number, department name, building number, code, or role title. Never write down an individual’s name in your audit nonconformity.
Last but not least is to ask yourself a question before writing an audit nonconformity. The following questions can help you to evaluate the circumstances before jumping to any conclusions:
Perhaps writing a valid, correct, and verifiable audit nonconformity is one of the most important duties of auditors. Following the above key points will help you to have a stress-free audit closure. In addition, your clients will welcome your valid audit nonconformities due to the value it is going to bring to their business. The above elements may not look very complicated to follow but to become a professional audit nonconformity writer, you must always keep practicing and following the above points before writing audit nonconformities.
LMS TRG is an Exemplar Global Recognised Training Provider for courses in Management Systems Auditing. We come together from various specialist backgrounds to produce unique online learning experiences. Our team is composed of auditors, management systems consultants and providers, with over fifteen years of experience in delivering high-level quality training. We were founded with the policy of being pioneers in fully online and smart training solutions. To learn more, click here.
Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.