How to write non-conformances

Checking a form

In our opinion, writing non-conformances is one of the most important aspects of auditing, and as far as an auditee is concerned one of the aspects of auditing that is of most interest to them. 

A non-conformance details what was found to be incorrect during the audit, and what has to be acted upon once the auditor has left. In some instances people will have to act upon a non-conformance even though they were not at the audit, so it is very important that they are written clearly, are technically correct, and that they are easy to understand.

There are three clear steps to follow.

  1. Firstly, establish that something is wrong and that you have some evidence to back this up; somebody just telling you that it is wrong is not evidence. Make sure you have clear evidence and that you have written this down, bear in mind that no evidence of activity can be evidence that it is not happening.
  2. Secondly, determine which part of the audit criteria/requirement is not met. This is crucial in ensuring that it is a legitimate non-conformance and not just something you think they should be doing. It can be challenging to determine which part of the audit criteria/requirement to use as the evidence may suggest it could be wrong against many parts of the audit criteria. It is normal practice here that you only pick one part of the criteria and the part or section of criteria you choose is the one that it most suitable – it is your call as the auditor. If you are not sure and you have another team member with you can ask them for their opinion.
  3. Finally, it’s time to write out the applicable part of the audit criteria/requirement– this can be abbreviated to keep it clear and succinct, you can use tools such as ‘quotation marks’ and ellipses (…), but you should not change the meaning. Using the exact text is typically good practice. Finally, write out the evidence you have that shows that the audit criteria/requirement is not being met.

Following are some examples. For audit criteria, we have used some of the ISO and AS/NZS standards.

Example 1

ISO 9001 Clause 6.2.2 Competence, training and awareness states that “The organisation shall, e) maintain appropriate records of education training, skills and experience”. However, there were no records available for the carpenter, the bricklayer and the painter. 

Example 2

ISO 14001 Clause 4.3.1 Environmental aspects states that “The organisation shall…maintain a procedure(s)…b) to determine those aspects that have or can have significant impact(s) on the environment. The organisation shall document this information and keep it up to date. Whilst a procedure exists and the aspects and impacts have been documented the impacts that can have significant impact(s) have not been determined.

Example 3

AS/NZS 4801 Clause 4.4.7 Emergency preparedness and response states that ‘All potential emergency situations shall be identified and emergency procedures documented…The organisation shall periodically test such procedures.’ Although emergency procedures have been documented, the medical treatment emergency procedure has not been tested nor is it planned to be tested.

Leave a Reply

“This was one of the best training courses I have been on. Tom was engaging and kept the information relevant.”

“Many thanks Tom, I really enjoyed the course and will get a lot of use from it at my workplace.”

“Overall very valuable course. Balance of theory with practical workshops was excellent. Trainers stuck to timetable very well.”

“The course was thorough and many relevant examples provided by both Tom and Jackie to help me apply it to the workplace.”

“Great presentation of the course, engaging facilitators and good use of group work. I found the course to be a great refresher for an audit course I did 10 years ago and now feel more motivated to go audits in a non-bow tie way!”