How to Audit Preventive Action

One of the difficulties in auditing a preventive action program is that some organizations don’t understand well the differences between corrective actions and preventive actions.

corrective action is taken on a detected nonconformity to prevent it from happening again. An organization will first correct or contain the problem, and then determine its root cause so they can take corrective action to prevent its recurrence.

When we act to “prevent” a repeat of a detected nonconformity, that is full and complete corrective action, not preventive action.

Preventive action is when we anticipate a potential problem and take action to eliminate the possible causes and prevent the occurrence of the nonconformity.

Auditing a preventive action program begins with a review of the preventive action procedure required by ISO 9001:2000. Of course, an organization may choose to have corrective actions and preventive actions covered in the same documented procedure. This is acceptable as long as the requirements in both clause 8.5.2 and 8.5.3 are adequately addressed.

When a potential problem is identified, organizations must determine the action needed to eliminate the causes of the potential nonconformity and thereby prevent its occurrence. However, the action taken must be appropriate to the effects of the problem.

In other words, it would be acceptable to not take a preventive action if the anticipated problem is unlikely to happen, would have little impact, and would be easily detected. If a potential problem is low risk, the business decision may be to not attempt to prevent it.

However, if there is a need, the organization must determine and implement the appropriate preventive action. Records must be kept of the results. The action taken must be reviewed to assess its effectiveness in preventing the potential problem.

The best time to take preventive actions is early in the product cycle, e.g., performing Failure Mode Effects Analysis and conducting Design Reviews. However, these actions are integral to the process and won’t necessarily be captured on preventive action forms.

When auditing a preventive action program, find out how potential nonconformities are identified. If they aren’t analyzing trends and looking for warning signs, they may be ignoring possible problems that could be avoided if only they were considered.

Examine the preventive action records to see if the organization is following their procedure. Find out how they identify causes and determine the appropriate actions. Review the results to see if their actions were effective in preventing the problems.

Strange as it may sound, the goal of a preventive action program can be viewed as keeping the status quo. By avoiding future problems, we are keeping the quality system at its current level so it can be improved upon by eliminating actual problems through our corrective actions.

If you’d like to know more about preventive actions, consider ordering The Preventive Action Handbook.