If the HSE audit was undertaken for a ‘customer’ or a ‘third party’, then it may well be up to them to decide on the acceptances of any non – compliance. When the audit team leader is satisfied with the evidence presented he / she in turn may discuss any non – compliances with the organization representative to seek agreement that they exist. Following are the key features and objectives that organization should take care while preparing HSE system audit report.
1. Team Meetings
At a daily meeting (or before the summery report is compiled) the HSE auditors discuss their detailed observations with the audit team leader to determine if non – compliances exist and if applicable, are categorized.
When the HSE audit team leader is satisfied with the evidence presented he / she in turn may discuss any non – compliances with the HES auditee’s representative to seek agreement that they exist. This is not to suggest a ‘bargaining’ situation, but one in which the auditee is given an opportunity to discuss the non – compliances and allow the production of any evidence to demonstrate that there is no deviation from the requirements.
Equally, the opportunity to discuss and recognize a non – compliance may enable the auditee to initiate corrective action.
In either event, the non – compliance is still recorded but the fact that corrective action has been taken it noted in the audit report.
It should be noted that non – compliances are owned by the auditee and not the auditor.
2. Non – Compliance Categorization
It is common practice to classify non – compliances into categories. Categorization of non – compliances is normally decided through discussion between the team leader and the auditors rather than applying a category at the time of the incident. Categorization is not an end in itself but an aid to assist the team leader to assess the severity of the non – compliance and form a reasoned judgment on the auditee’s FSMS arrangements.
3. Non – Compliance
Reporting non – compliance is the method used to indicate to an organisation during an audit that there is a deviation to the laid down FSMS requirement and the applicable legislative requirements. A non – compliance is a non – fulfillment of specified requirements (GMP, SSOP, QMS, Health Safety, Environment). Non – compliances arise from OBSERVATIONS made during an audit.
An observation is a statement of fact recorded on the checklist . The audit team will then review all of their observations to determine which of them are to be reported as non – compliances. The audit team shall ensure that non – compliances are documented in a clear, concise manner and are supported by objective evidence.
4. Non – Compliance Categorization
All non – compliances have to be dealt with regardless of how important an impact they may on the established system. It is common practice to categories non – compliances to enable the overall effectiveness of a QMS management system and the urgency of corrective action to be assessed.
There is no defined standard for categorization of NCR’s, so if categorization is to be applied the methods are required to be defined by the auditing organisation and made clear to the auditee at the start of the audit.
Categorization of NCR should be based on deviation to the FSMS / legislation and impact on product / process and its risk. Observations need to support the grading with sufficient justification.
A typical classification is as follows:-
The absence or total breakdown to meet the requirements of HSE SYSTEM and the requirements of applicable regulations are impacts on implemented HSE.
One critical NCR will lead to failure of certification. A re – audit is normally required within six months after initial audit.
A non – compliance which is likely to result in the failure of the HSE system or reduce its ability to assure safety of processes or products.
If there is any major NCR, registration is recommended subject to a satisfactory verification visit. Verification visits will be arranged within eight weeks after the audit to verify effectiveness of corrective actions.
System deficiency (ies), which do not directly affect the QMS, but need to be improved.
When there are only minor NCRs and its number will not obstruct the system operation, registration can be recommended subject to a satisfactory review and verification of document evidence to corrective action. Document evidence, including self -declaration of corrective actions, is required to be submitted within four weeks after the audit.
A number of minor lapses of the same content (incorrect issue of documentation in use in several areas) show a system breakdown and may therefore be regarded as more serious and be upgraded. It is normal with certification bodies that once a corrective action has been agreed that the check for practice effectiveness may be left until the next surveillance visit.
Categorization of non – compliances is normally decided through discussion with the lead auditor and the auditor rather than applying a the time of the incident. Categorization is not an end in itself but an aid to assist the lead auditor to assess the severity of the non – compliance and form a reasoned judgment on the auditee’s QMS management system.
If the audit was undertaken for a ‘customer’ or a ‘third party’, then it may well be up to them to decide on the acceptances of any non – compliance. This may be influenced by any contractual or specification requirements. The lead auditor should be made aware of any such restriction.
Reporting Non – Conformities
During the audit, the auditor will be documenting observations of the system. These observations may well result in non – conformities being raised. When the auditor decides that there is a non – compliance, then a written report will be submitted. This type of report is commonly referred to as a NCR (Non – Compliance Report).
There should be sufficient detail in the report to clearly identify all the facts concerned, the specification requirement and the evidence of the non – compliance. It is important that sufficient information is provided to ensure traceability to the source of the problem in order that effective corrective action can be completed.
A quick guide is to examine and describe the:-
* Where – the area where the non – compliance was found or can be identified.
* When – date of audit.
* What – description of the problem.
* Why – a statement of the requirements from the specification or procedure.
* Who – not the report must not attribute blame.
REMEMBER someone has to read the report. Clarity of information and the inclusion of as many facts as possible will assist the reader to understand your findings THE FIRST TIME.
My name is John, I have written many articles and blogs about HSE certification and other international standards. Mostly I have found throughout my experience in developing HSE documents, key requirements are HSE manual, HSE procedures
, formats and audit checklists. I have also worked for many years as an HSE consultant
with leading consultancy company in USA.