What do I do if I’ve failed my ISO audit?
When you fail anything, be it a test or a task, it can be disheartening. The mind can start to worry that the worst will happen – in the case of a failed audit, the removal of your certified status.
Although it can be hard to do, try not to panic. There are very few occasions when a failed audit means your certification will be taken away, nor is it a rare occurrence – it is quite typical for businesses to experience a failed audit at some point in the certification cycle.
It may also help to see the failure as an opportunity to improve your business and its processes.
So if you have failed your audit and are looking for help, read through our guide and you’ll soon be back on course.
Why did I fail my ISO audit?
Your auditor will have given you a report on the areas that need addressing, so start there. Read through each of their points carefully and see what they recommend.
It is important that you prioritise your auditor’s comments. If your auditor has graded the severity of the failures (e.g. major, minor, advisory etc.) then you can use this to help you. Lower priority items typically will not have contributed to the failure of your audit and are merely recommendations from your auditor, but should be addressed by your next audit as they may cause a larger issue if left untreated.
It is difficult to provide definitive guidance here – after all, your audit will have failed for reasons specific to your business – but there are a number of common failures frequently seen in audits. Here are the top 5 that the QMS auditing team have noticed across all ISO standards.
1. Errors and non-conformities
As part of the continual improvement process, it is important to log errors and non-conformities. Mistakes could be repeatedly happening within your business, but if no one is writing them down, it can be difficult to stop them from escalating and causing larger issues further down the line. We have a guide to addressing non-conformities that explains more about this topic.
What you auditor is looking for here, is evidence that you have a process in place for raising such issues, as well as evidence that they have been addressed. Addressing the problems is not just about finding a solution. It’s also about reviewing the changes made and making sure that no unforeseen issues have occurred as a result.
2. Objectives and targets
An important part of your management system is setting a series of objectives and targets that your business aims to achieve. These goals are typically related to the ISO Standard to which you are certified, but can also be targets that are used to show how financially successful your business is, for example. Other targets can be defined by legal, financial, operational and business requirements as well as any hazards or risks it may encounter.
Your auditor will be looking for evidence that your business’ objectives and targets are documented, and are measurable so that they can be monitored and reviewed regularly to ensure they are being met.
3. Training records
For a business to run at its best, its staff need to have the correct skills and knowledge to be competent at their job. To make sure that this is the case, you will need to think about what skills are required for each job, how a person’s proficiency in that skill can be measured, and how you can increase knowledge where it is lacking.
Your auditor will be looking for evidence that you have considered staff competency through a documented and evidenced training procedure, role specifications and job descriptions, a robust recruitment procedure, induction checklists and a staff handbook that describes the expected behaviour of staff members.
4. Internal audits
As the goal of continuous improvement is one of the main aims of your management system, performing regular reviews is vital. To do this you should perform audits on your own systems and procedures; our guide to performing internal audits will help here.
To prove that you are performing these checks, your auditor will want to see that the results of these internal audits have been recorded, and they will want to look at your audit schedule (i.e. the documents showing when you plan on auditing each part of your business).
5. Management reviews
Another type of review that should be performed on the management review. Where your internal audits will look at the minutia of each process, the management review will look at everything from a birds eye view. We have a guide to performing management reviews that will provide more details.
Your auditor will want to look at the minutes kept during these meetings as well as your schedule for performing them.
How do I recover from a failed audit?
Firstly, it is not difficult to recover from a failed audit, you just need a bit of time to correct the items pointed out by your auditor and gather proof of these corrections. Your certification body will grant you a reasonable amount of time to do this (QMS will give 30-60 days, depending on the type of audit).
For example, your auditor has pointed out that you do not have a documented procedure for gathering customer feedback. To address this, your first task will be to discuss with your team how you will gather feedback, and then document the new process. You should also communicate this new process to your team, not only because it is their job to act on the new process, but also because communication is also a common area of failure for audits and may be picked up as an issue on your next audit. With the process documented and in place, send a copy of the documented policy, and a copy of some customer feedback gathered through the new policy, as proof that you have addressed this area.
When you have sent all of your evidence, it will be reviewed by the auditor and providing it meets the criteria of the standard, your audit will be changed to a pass.
Should you want to find out more about the different types of audit, our guide to audits may be of use.