Writing audit nonconformances
John Marsden, MD of Marsden International (UK), discusses the problems facing auditors when writing ISO 14001 nonconformances, providing an insight into the process
Given that audits can take significant time and effort to plan, undertake and report, it is surprising that the amount of guidance on the preparation of an accurate, factual and meaningful nonconformance is so limited.
Stripped to the bare minimum, the key reason for undertaking an EMS audit is to reveal nonconformances or deficiencies in the function and effectiveness of the system. Unfortunately, auditor reference materials published by the International Organisation for Standardisation and advisory bodies tend to provide generic guidance on the writing of a nonconformance. There are few other resources providing detailed guidance and benchmarking to the EMS auditor.
Some nonconformances can be written very easily and effectively without any difficulty, especially when related to procedures that have not been followed in the right way. Others require the careful use of words to accurately describe the reason why the audit evidence supported the writing of a nonconformance. These seem to arise more frequently when citing an element or clause of ISO 14001.
Internal and certification audits
There may be differences between internal and
certification EMS audits, because internal audits often restrict themselves to checking compliance with company procedures and instructions, while the latter must cover the requirements of ISO 14001 as well as policies, procedures and work instructions. This difference hints at the difficulty of writing an audit finding of nonconformity against ISO 14001 compared to an internal work instruction.
Short, descriptive and unambiguous
An audit nonconformance should be relatively short; sufficiently descriptive to convey the reasoning; objective; factual, so that the content cannot be disputed; and unambiguously worded. All this is required to ensure that the auditee understands why the evidence unearthed during the audit is a nonconformity.
Many auditors find writing EMS nonconformances the most difficult part of the audit process. Difficulties arise because they are short of time, unpractised in this form of writing or unfamiliar with the exact meaning of the elements of ISO 14001. Condensing a whole page of handwritten audit evidence collected during an hour or two of interviews into a few sentences can be a daunting prospect – especially when the closing meeting is 20 minutes away.
Guidance within ISO 19011?
Guidance on the audit process is found within ISO 19011 and very useful information relating to all aspects of undertaking a management system audit can be found. However, ISO 19011 devotes only a few sentences on writing audit findings in 31 pages of text, tables and guidance, although it does describe how positive audit findings can be presented as well as nonconformity findings.
While the standard’s approach in this respect is understandable, the auditor may be faced with a dilemma. Should only a few findings of conformity be included, or is the auditor expected to prepare those that cover all areas of conformity? Also, how does one deal with the corrective action for a finding of conformity, or is that mischievous?
Unless the client agrees otherwise, it is usual to address areas of conformity within the report summary and then to use the findings log to present the specifics of individual nonconformities at the closing meeting.
Given that the ISO standard is not the most appropriate place to find specific examples of nonconformances, it is worth mentioning that a website called www.auditscan.com has been launched to provide written nonconformities together with relevant background to the findings. The site allows users to gain insights on interpretation of evidence and what the standard requires by inviting comments from the international auditor community.
Designing ISO 14001 nonconformances
Simple guidelines for writing an effective nonconformance could start by asking where it was found. This could relate to a physical location, a document or possibly a department of an organisation. This provides a very simple entry point and enables the auditor to start the writing process with the attributes described earlier.
The next part of the nonconformance requires the auditor to state the evidence for the finding. Evidence with an environmental flavour could relate to the following:
- general environmental training has not been planned or given to personnel and operatives…
- demonstrate that effluent discharge volumes have exceeded the legal limit on a number of occasions and that no investigation has been undertaken to identify the cause and correct the problem…
- make no reference to the assessment of significance of the collection of ten leaky oil drums lying on ground behind the boiler house…
Reference to the requirement takes the auditor back to the standard, the procedure or the policy statement where the requirement is stated. This should provide a clear point of reference so that despite all the evidence collected and notes made, the objectivity of the nonconformance can be established. If the auditor begins to have difficulty in tying down the evidence to a particular requirement, there may not be a nonconformity after all.
Using the examples of evidence as provided above, the following phrases can be used to deliver the final part of the nonconformity:
- ISO 14001 (4.4.2 – Training and Awareness) requires that all personnel whose work may create a significant impact on the environment have received appropriate training;
- ISO 14001 (4.5.2 – Nonconformance and Corrective and Preventative Action) requires that the organisation maintains procedures for initiating and completing corrective and preventative action; and
- ISO 14001 (4.3.1 – Environmental aspects) requires that the organisation identifies (all) environmental aspects that can have a significant impact on the environment.
It is considered acceptable for the auditor to select the most relevant parts of the clause, in order to make it more relevant and to improve the clarity of the finding. Many nonconformances have been written against 4.4.6 – Operational Control, but it would be inappropriate to write out the text word for word, as this would confuse the auditee. However, in doing so, the true meaning of the requirement specified in the standard must not be changed.
By clearly stating the location where the evidence was found, followed by the evidence itself, and completing the nonconformity by stating the specific requirement, there will be less chance of an audit finding being contested by the auditee. This technique assists the auditor to be more focused on the standard being used as the benchmark or audit criteria, in this case ISO 14001.
A Nonconformance – but against what?
At times it is necessary to consider audit evidence very carefully before deciding whether or not a nonconformance should be written. Understanding the requirement of the standard comes with experience, but there is always room for debate and internal benchmarking amongst professional EMS Auditors to improve conformity and agreement.
Selecting the right element of ISO 14001 for the requirement demonstrates that the auditor understands what the standard is asking for. For instance, a breach of law may have been written against 4.3.2 – Legal and other Requirements, and it may end badly for the auditor if the EMS representative points out that there is no specific requirement other than to produce a reference source of applicable current legislation in this part of the standard. It would be necessary for the EMS auditor to check the corrective action register (or equivalent) to see if the problem had been addressed in accordance with ISO 14001 4.5.2 – Corrective and Preventative Actions before considering a nonconformance. In this case the finding would be against the lack of corrective and preventative action.
The value of an ISO 14001 nonconformance that gets to the heart of a problem within an organisation can be immeasurable. It is the task of the EMS auditor to select appropriate evidence to support the audit finding and to compare that evidence to a specific requirement of the standard. While in many cases this task is quite
straightforward, there are too many instances where
inappropriate audit findings reduce the credibility of a relatively young profession and hinder the development of ISO 14001 as a tool for the improvement of environmental performance within the global business community.