NCR (Auditor)

Non-Conformance Reports

NCR, or Non-Conformance Report, is used to highlight issues found during a review of a control's evidences.

It categorizes problems as major or minor, helping streamline the resolution process for a more effective audit.

Here's how to add Non-Conformance Reports (NCRs) to an Auditor's framework review, let's simplify the process for a more efficient auditing experience.

Creating a NCR

When reviewing a Control, select the NCR tab (marked with an arrow below).

selecting the NCR tab

Click on the 'Create NCR' button, now you can mark it as either Major or Minor, depending on your judgement as an Auditor.

Then, in the text box, describe the reason there is a Non-Conformity.

After filling the Type and text box, the 'Create NCR' button will turn blue (marked with an arrow below).

Click on it once again and the NCR will be added to the Report's Control.

a filled NCR allows us to create it, the Create button is now blue

Viewing and Editing an NCR

After creating the NCR, find it in the NCR tab, accompanied by its creation date.

On its right, you can edit it (pencil icon), delete it (trash bin icon), or view it (arrow-down icon).

The icons are circled below.

the NCR option icons are circled

If we click on the edit button, we can edit the NCR, to save the changes click the save icon (marked with an arrow below), to discard the changes click the X button next to it.

the save changes button is marked with an arrow

Clicking on the arrow-down icon, reveals the NCR's content, clicking it again will minimize said content (marked with an arrow below).

the minimize icon is marked with an arrow

Using NCR's

After creating NCRs for a Control, the NCR status in the Control list will be labeled as 'Open.'

It remains so until we submit the report, provide the organization's collaborators with the opportunity to address the issues, and subsequently review and accept the changes.

Circled below we see an NCR Status as 'Open' on a Control.

the Open NCR status is circled

After publishing a report review containing NCRs and receiving it back with remarks or fixes, you'll notice that the NCR status is now indicated in orange as 'Review.' This signals that you need to review the changes made based on your NCR notes (marked with an arrow below).

Review status is marked with an arrow

To review changes or fixes made to the NCR, enter the control and navigate to the NCR tab. Here, you will encounter three blue buttons, circled below.

  1. Approve: If the changes are accepted, and the control is deemed complete, click on 'Approve.'

  2. Reject: If the changes are not accepted, click 'Reject.' This action publishes the report back to the collaborators for addressing the issues.

  3. Revoke: In the scenario where the Auditor receives an irrelevant response regarding an NCR, choosing 'Revoke' nullifies the NCR. This allows the Auditor to complete the report and serves as a counterpart to 'Approve,' offering flexibility when revisiting reported issues. The three options are circled below.

the NCR review options are circled

To return to the Reports Guide hub, click here.

To return to the main guide hub, click here.

PreviousReview a Report (Auditor)NextGenerated Reports

Last updated