The assessment is over, you have ushered the audit team out the door and you already know how you’re going to fix most of those niggly things they brought up. The assessment team were really helpful and you know it’s going to feel great to get all of these NATA requirements ticked off.
You’re not sure why these issues are important enough to be in the assessment report, but you need to get the response under control so the “Just Do It” approach wins. You get the assessment report and hold a meeting to decide who will do what, including all the observations and recommendations. Great work – you’ll have everything fixed and your reply to NATA post haste.
Can I just say whoa?!
When we behave like this we are focussing on one risk: the risk of NATA being annoyed with us for not having a response in time. What about the other risks? The real risk to your business presented by the issues the audit team identified? The risk of wasting time and money on interventions for trivial problems? The possibility of the same issue coming up in future assessments, which can threaten your accreditation and your reputation.
This is the time to slow down and take a quality improvement approach to each of the issues raised by the auditors. Here’s my step-by-step process to address these findings so that hopefully they never come back to haunt you again.
Understand the problem
Study the finding closely. Make sure you have understood exactly what the auditors found that is wrong & why it is wrong. Go and check what they were looking at if you haven’t seen it. Look up the clause of the standard that they refer to in the report and check the wording of that. Phone up the auditor if necessary, to ask for more context.
You should be able to say what the actual thing is that has gone wrong (or could go wrong).
For example, NATA finds a staff member working in section B who has not been signed off as competent in section B. Is it that they are not signed off that’s the real problem? No! It’s that a staff member could be working without all the skills and knowledge that they need to do the job and might stuff it up!
Whether you are accredited to ISO 9001, ISO 17025, ISO 15189 or GLP standards, what they are asking you to do is to make sure that you have trained, qualified and competent staff members doing the job. The training or competency record is a tool for management and others in the organisation to be able to plan (training programs, rosters, recruitment drives, etc).
Check other staff, projects, samples, invoices to see how widespread that problem is. Record this information, including dates and reference numbers. If the problem turns out to be more serious than you thought it was, you will want to use this data as a benchmark.
Assess the risk
1. Assess the risk from the issue to your business. Severity x frequency is the basic formula and there’s a whole Australian Standard on this if you want to formalise your process of risk assessment. Usually an informal assessment of risk is good enough.
In this case the risk is the possibility that a person without adequate training works in section B and produces invalid results. How serious this issue is depends on the nature of the work, how much supervision is in place, how structured it is and how much impact it could have on your test results. Frequency will be determined by discussing the training records with the relevant manager – how representative of the actual state of training are they?
2. If it is a minor issue that has little or no impact on your business you can reply to the auditor at this stage, detailing your investigation and stating that you have corrected the issue they found. However, do not neglect the risk of the issue coming up again at the next assessment.
Corrective action is for NATA requirements too
If the issue is serious and/or is happening on a regular basis, then you need to plan and implement corrective action. Identify all the reasons why it is going wrong and prioritise these. Use brainstorming to come up with ways to prevent it from happening.
Decide which actions are worth taking and implement following the change management practices in your organisation. By this stage you will probably have sent a reply to your external auditor, but you must not drop the ball at this stage.
Once the changes have been in place for a while, assess how effective they are. This is where the data from your original investigation will be useful: so you can demonstrate improvement.
If the corrective action has been effective and is not costing too much (time, money) to implement, then this is the time to update your procedures and standardise the new steps in your process. However, if it has not been effective you may need to go back and reconsider your corrective actions to find something more effective. However, often we need to accept that our fixes will just be good enough and not perfect.
Can we change our minds about what action we take?
I’ve heard people say “but we told NATA we were going to do this, so we have to keep doing it”. This is not an argument for keeping an ineffective or wasteful process in place. Management of any organisation has the right to decide that something is no longer a problem, that they will bear the risk, or that they will investigate further when control measures have been ineffective. So if you decide to adopt NATA recommendations, make sure you understand which risk they are trying to control so you can decide if it is working or not.
If you want assistance to respond to an assessment report, or to plan for your next reassessment contact us to discuss your requirements.