Top IATF 16949® Audit Findings & How To Address Them In The QMS

The last of our automotive series looks at the top IATF 16949® audit findings and how to address them in the company’s quality management system (QMS). Data and internal measures are compiled and analyzed by most every organization within the automotive supply chain.  So, it should come as no surprise that data analytics is a key function within the International Automotive Task Force (IATF®) and oversight community.  A large amount of data is collected and analyzed by the IATF®.  This data is then used to drive improvements within the automotive supply chain and with the requirements established for the automotive suppliers. 

The charts below show the top 10 major and top 10 minor certification body audit findings through October 2020. 

Think of a major nonconformity as the absence of or total breakdown of a system to meet an IATF 16949® requirement or lack of ability to meet customer-specific requirements.  On the other hand, a minor nonconformity is a failure to comply with IATF 16949® that is not likely to result in the failure of the QMS or to reduce its ability to ensure controlled processes or products.

A review of the global nonconformance data from the October 2020 AIAG Quality Summit:

Top Major Audit Findings (Nonconformities)

1.   10.2.1 (ISO 9001) (1,221 NCs) – Nonconformity and corrective action
2.   10.2.3 (943 NCs) – Problem solving
3.   8.3.5.2 (471 NCs) – Manufacturing process design output
4.   8.5.1.1 (445 NCs) – Control plans

Top Minor Audit Findings (Nonconformities)

1.   8.5.1.1 (9,666 NCs) – Control plans
2.   8.3.5.2 (9,622 NCs)- Manufacturing process design output
3.   8.5.1.5 (9,307 NCs) – Total productive maintenance
4.   8.5.1 (ISO 9001) (9,016 NCs) – Production control

This article will focus on the Major nonconformities and offer insight on these top four problem areas and actions to take to avoid audit findings within these specific clauses (10.2.1, 10.2.3, 8.3.5.2, and 8.5.1.1).  Note that Clauses 8.5.1.1 and 8.3.5.2 are also ranked at the top for most Minor nonconformities issued.

Knowledge. Expertise. Experience.

Schedule A Free Consultation

Outsource Your Internal Audits

Highest Issues of Major Nonconformities

Nonconformity and Corrective Action/Problem Solving

There is probably little surprise that issues dealing with corrective actions have the largest number of Major non-conformities.  They can result from poor root cause analysis, lack of understanding of clause intent, insufficient documentation of implemented actions, and/or ineffective validation of corrective actions.  Issues and corrective actions are prevalent within any quality system.  Issues may result from internal conditions (for example audit results, negative trends, high-risk events) or external conditions (for example customer complaints, warranty problems, supplier issues, external audits).  Whether the issues are internal or external, the overall goal is the same: take systemic actions to prevent recurrence within the organization.

To prevent a recurrence, corrective action must be effectively completed and implemented.  The first step is understanding what exactly the issue is and organizing a cross-functional team to help identify the cause and develop systemic actions.  The actions taken by the team should be recorded, with timing and responsibilities also defined.  This information can be recorded on a CAR form (either internal or customer prescribed) or some other action reporting tool.

Components of corrective action/problem solving include the following (NOTE: these components are auditable by internal and external auditors and should display compliance and robustness):

1. Identify the issue in the most direct and clearest terms/condition.
2. Immediately organize a cross-functional team whose purpose is to address the issue, causes of the issue, and identify systemic action to prevent a recurrence.
3. Take immediate correction (if appropriate) to stop the problem from occurring until systemic action can be put into place.
4. The cross-functional team should determine WHY the issue occurred. This can be done utilizing many different tools (for example 5 why, fishbone diagram, drill deep).  The goal is to uncover the systemic “why” this specific issue happened and lead to a systemic fix.
5. Once the “why” is determined, the cross-functional team should discuss and implement the systemic process fix with a focus on preventing recurrence. This systemic fix should also include other areas within the organization that could possibly be impacted by the “why”.  This is a great method of preventive action and is also required by IATF 16949® 2.3d.
6. While implementing the systemic fix, a focus on APQP output needs to be conducted (for example: does the FMEA, control plan, work instructions, procedure or any other QMS document need to be updated, does staff need to be trained to the modifications/updates, and does any other QMS focus need to be conducted). This step is very auditable and evidence of this step being completed is crucial.
7. A review of the entire corrective action process of the above steps (1-6) must be completed when the systemic fix has been in place long enough to allow a review of effectiveness. One of the main areas of non-conformities during a third-party audit is the lack of effectiveness or actions taken based upon the requirements described in corrective action.

Control Plans

All IATF 16949® compliant quality systems use some form of control planning.  Control plans are a significant output of the process design activity (section 8.3.5.2) and a significant tool in product realization (section 8.5.1.1).  Control plans (along with FMEAs) should be reviewed and utilized during all internal and external auditing activities.  In short, the control plan is the “road map” of the organization’s product realization process.  As with any road map, accuracy is critical.  Most non-conformities occur due to the control plan not matching the actual manufacturing and supporting processes.

When thinking about your organization’s control plans and planning activity, please consider the following points:

1. Does the process flow diagram, FMEA, and control plan match (for example: are all process steps identified and have control points)?
2. Does the control plan include the correct and current methods of inspection and inspection frequency and do inspection records agree with the control plan?
3. Has the control plan been updated with any actions taken due to customer complaints or other corrective actions?
4. Does the control plan include the special characteristics identified on the part’s print or specifications?
5. Does the control plan and the part print match 100%?
6. Does the control plan include receiving activities, warehousing activities, and shipping activities?
7. Does the control plan have a cross-functional team identified?
8. Is the reaction plan current and applicable?
9. Are annual layouts and other customer-specific considerations included in the control plan?
10. Are outsourced manufacturing processes included (including shipping parts to the service provider, receiving and inspecting the parts after return by the service provider)?

8.3.5.2 Manufacturing Process Design Output

All manufacturing processes need to be planned and designed to ensure the organization is achieving desired levels of efficiency and effectiveness from the manufacturing processes.  Also, a robust process design will allow the manufacturing processes a high level of assurance that customer specifications will be met, and when not met, will be detected prior to the non-conforming product being shipped to the customer.  When thinking about your organization’s manufacturing process design output, please consider the following points:

1. Can the manufacturing process design outputs be verified against the manufacturing process design inputs?
2. Have we included requirements a-n and is there objective evidence to support these requirements?
3. Have the defined special characteristics cascaded through the manufacturing documentation (PFMEA, Control Plan, Work Instructions, Inspection Sheets, etc.)?
4. Was the control plan created from the PFMEA to ensure the commonality of processes and process controls?
5. Have required work instructions been developed to support the manufacturing process?
6. Have new equipment or inspection instruments (i.e.: check fixtures) been included within the QMS?
7. Have mistake-proofing devices been deployed, and if so, have we also developed a method of validating the mistake-proofing devices (red rabbits, challenge parts) and ensure the operator is aware of why there is mistake-proofing at the manufacturing area?
8. Have we sufficiently trained the operators and inspectors to the work instructions and control processes?
9. Have we ensured that the production lines have an acceptable level of process capability and performance prior to release, as well as final approval of the process?

Driving Improvement With IATF®

The IATF® will keep collecting and analyzing data to help drive the direction of the automotive supply chain and the directives that are established for the industry.  The IATF® will use this data to drive the certification bodies to improve the industry.  Your organization can use the analytics to help identify the industry issues, know where your certification body’s focus will be and drive improvement in your quality management system.

If you’re not sure your system is up-to-speed, simpleQuE offers certification readiness audits that are performed prior to a surveillance, recertification or initial Certification Body (CB) audit to be sure that your quality management system and team are ready. In addition, 2nd party internal audits can be conducted by our experts to be sure your system is maintained to these standards and CSRs, such as VDA audits and CQI audits.  All of simpleQuE’s IATF® 16949 internal audits include a sampling of CSR requirements. Contact us for information about our services and on-site customized training classes for Root Cause Analysis and Problem Solving, Process Ownership, Core Tools and more.

Knowledge. Expertise. Experience.

Schedule A Free Consultation

Outsource Your Internal Audits

IATF 16949® Four-Part Series

This is the fourth of a four-part series of IATF 16949® articles written by simpleQuE consultant and auditor, Bob Dornhecker.*  With over 35 years of combined experience in auditing, manufacturing and certification, Bob has an extensive quality background.  Additionally, he has taught and facilitated many quality-related training classes for clients and has provided support to companies securing their own ISO/Quality Management Systems certifications.  He also conducts ISO 9001 and IATF 16949® 2nd and 3rd party audits.

*Other articles in this series for automotive suppliers:

• Where Does it Say THAT?! – Frequently Overlooked IATF 16949^® Requirements
• Using Automotive Manufacturing Process Audits to Focus on Value and Maximize Improvements
• How to Gather, Communicate and Implement CSRs

We Can Help: IATF 16949^® Experts a Click Away

If you’re searching for an IATF 16949:2016 consultant, our team at simpleQuE is well-positioned to support your IATF 16949® and MAQMSR consulting (Minimum Automotive Quality Management System Requirements), certification, maintenance, training and internal auditing needs. Our consultants are qualified, certified, and are experts on the automotive standards, customer-specific requirements, and AIAG or VDA core tools. In addition, many are current or former 3rd party auditors who bring valuable insight because of the knowledge gained from auditing for certification bodies.

SimpleQuE also offers a full line-up of IATF 16949 training courses which includes AIAG and VDA Core Tools, Root Cause Analysis and Problem Solving, Requirements and Implementation.  With IATF® also putting a major focus on internal auditor competency, it is essential to have IATF 16949® Internal Auditor Training. Our IATF 16949® auditor training utilizes the process audit approach. Contact Our IATF® consultants to learn more about the customized services offered to match your certification and training needs.

Obtaining and maintaining IATF 16949®, and meeting all of the related Customer Specific Requirements (CSRs), is difficult, which is why we’ve created free IATF 16949® tools, checklists and resources for your use. 

SimpleQuE is not associated with the IATF®, IAOB, ANAB®, IAQG®, and is not a certification body. SimpleQuE is an independent consulting, training, and second-party auditing service provider that assists a company on a path for the company to obtain and maintain certification through accredited certification bodies.