One of the biggest fears about having an external audit is that you'll get a nonconformity (or non-compliance, or not met). To avoid this, people put a huge amount of effort into preparing for their audit. As I've said previously, being prepared is not a bad thing; but, especially if your organisation is just starting their quality management journey, you may still get a nonconformity. So what happens next?
First of all, your external auditor should say that they will provide you with written details of the nonconformity. This information should be specific - while it won't tell you how to address the issue, it should provide you with enough information so that you clearly know what to do. If you feel that the auditor hasn't given you the information in a clear and specific way, tell them! The auditor won't mind (we prefer to know that you understand the issue and want to resolve it).
Once you have that written information, you should ensure that you cross-reference it with the indicator / standard that it is against - this should give you enough information to confidently address the nonconformity. Now is the time to start documenting this resolution phase:
1. State what you will do to address the issue, for example, that x procedure will be updated to include y and z.
2. State what you will do once that change has been made, for example, that the procedure will be
distributed and explained to all staff at the next staff meeting.
3. Include a follow up action and a timeframe - this provides assurance that you will know that the change has been embedded. Document this when completed with a description of what happened (please note, stating something like 'achieved' is really not good enough. You don't have to be a writer to be able to describe what happened when you did something, you just have to put the effort in).
All of this information will need to be provided to the external auditor at some point (different quality frameworks have different requirements, and it also may depend on how serious the nonconformity is), so it is important that you document thoroughly.
important thing, though, is to not feel too disappointed or discouraged from a
nonconformity - it is a part of quality and of the continual improvement
process. See it as an opportunity to improve and keep moving forward.
The debate over whether to use continuous improvement or continual improvement is not a new one, but I thought I would weigh in, seeing as I do write about this subject, and have debated it vigorously many times!
So, a straight-up definition of 'continuous' from The Free Dictionary is that it is "uninterrupted in time, sequence, substance, or extent", or "unceasing". The Free Dictionary states that for 'continual', it is " usually used to describe something that happens often over a period of time".
Personally, I think you can see straight away from the definition why 'continual' should be used rather than 'continuous' when it comes to quality improvement - as much as we may like to improve, it is not really "unceasing" (at least I hope that's not your goal - otherwise, you might incite a staff revolt).
But if we get a little bit more cerebral about it, there are some very good reasons for using continual instead of continuous. For me it comes down to this:
Your improvements shouldn't be uninterrupted, because you cannot know if you've actually improved anything unless you stand back and check that your action has had its intended result. Improvement actions take time to embed and show results. If you are too quickly moving on to the next thing, or, worst case scenario, getting stuck in an endless loop of reviewing just one process, you are probably not improving much at all - or you'll never be able to properly evidence it, in any case.
By stating that your organisation has a culture or process of continual, rather than continuous, improvement, you can make a policy statement such as:
Our organisation has embedded a continual improvement framework across all of our operations and processes. Our improvements:
1. are considered as part of our quality management system, and as such are planned as much as possible, using consultative and collaborative techniques
2. can be reactive, or the result of feedback or a complaint from internal or external stakeholders 3. will always have the intended result documented
4. will always be evaluated to ensure that the intended result has been achieved.
Are you a fan of one or the other? Feel free to give your argument in the comments.
Thanks for reading,
Now that you know when to call a finding a non-conformity, the next step is making sure that the non-conformity (or issue or observation) has been closed out. This will usually fall to the internal auditor to do, as being someone who can provide an independent assessment of the effectiveness of the action taken.
I believe best practice is not just to note if an action has been taken, but to also assess if that action has been effective, thus minimising the risk of future non-conformances. This might involve some time spent on a follow-up audit or desktop review. To me it's time well spent - I would rather continue to follow up an issue than write about the same issue occurring in report after report.
The first step in the process is to give people a clear idea of what the issue is and why it's an issue. A statement like the following makes things really clear: "The service is not currently reviewing client support plans within the timeframes set out in the Client Review procedure, i.e. every six months, as monitoring of review timeframes has not taken place regularly."
At this stage you might like to give a direction for action - at the very least, you should give a timeframe for completion, such as: "The service should ensure that all clients that are overdue for review have one completed in the next four weeks."
You could extend this to ensure minimisation of ongoing non-conformity: "The service should ensure that the client review report is monitored weekly and reminders set in relevant staff calendars to ensure that reviews are conducted on time."
You then need to let the service know how their non-conformity will be closed out: "Manager to provide the client review report to the internal auditor by (date)."
Now the most important part is actually following up - mark it in your calendar and keep your word. Sticking to your own rules is a fundamental part of being an internal auditor.
If someone has not been able to close out a non-conformity, set a new follow up time and keep going back until the issue is resolved; also ensure that you follow your escalation processes, particularly if you feel the issue is high risk.
Thanks for reading,
The Quality Nerd loves all things Quality Management and Internal Audit...too much is never enough!