Chapter 9 Nonconformity Reporting and Corrective Action
Chapter 9 Nonconformity Reporting and Corrective Action
Chapter 9 Nonconformity Reporting and Corrective Action
Nonconformity reporting and corrective action(s) are the last step for the onsite audit by the Lead
Auditor.
This chapter covers the following two sections of ISO 19011:2018 for performing audit activity.
I. Completing the audit
II. Conducting audit follow up
1.0 Audit Completion
The audit is completed when all planned audit activities have been carried out, or as otherwise
agreed with the audit client (e.g. there might be an unexpected situation that prevents the audit
being completed according to the audit plan).
Documented information pertaining to the audit should be retained or disposed of by
agreement between the participating parties and in accordance with audit program and
applicable requirements.
Unless required by law, the audit team and the individual(s) managing the audit program
should not disclose any information obtained during the audit, or the audit report, to any other
party without the explicit approval of the audit client and, where appropriate, the approval of the
auditee. If disclosure of the contents of an audit document is required, the audit client and
auditee should be informed as soon as possible.
Lessons learned from the audit can identify risks and opportunities for the audit program and
the auditee.
2.0 Audit Reporting
2.1 Objective evidence
For generating nonconformity report, objective evidence needs to be clearly reported.
The auditor collects objective evidence to ensure system is either matured or does not exist.
He must collect evidence where:
The facility is not adequate or out of order; ( to check implementation)
Any requirement has not been addressed
Practice differs from what has been documented in system (to check implementation)
The practice is not effective (to check effectiveness).
2.2 Nonconformity Reporting
Nonconformity reporting is done to report non-conforming audit findings. Nonconformity
reporting must be:
Factual
Understandable and traceable.
It is a means to raise formal notification of any issues at the time of finding.
The auditee is required to understand and give acceptance of the nonconformity.
2.3 Non–conformity Report (NCR)
The NCR covers following three points; and hence, it is three dimensional:
1. NC Statement (An element of the system which went wrong): What is the Problem?
Describe clearly, concisely and factually.
2. The Evidence (what, where or when actually was found): Where did it occur or When did it
occur? I.e., which department or activity or when?
3. Why it is Nonconformity? i.e., Against which requirement? The requirement (what was
supposed to be)
Annexure-1
Sample Non-conformity Report Form
Correction:
Completion Date:
Auditee Sign: Lead Auditor Sign: Date:
Action Taken
Verified –
Sign Date:
Annexure-2
Corrective Action Process