What is the Corrective Action Plan (CAP) process and how are corrective actions verified and continuous improvement ensured?
The auditee’s Corrective Action Plan must contain the following elements, depending on the type of non-compliance identified:
- Providing sufficient documentation to the auditor to reasonably determine the origin and demonstrate the chain of custody for each receipt validated as part of the audit if such information is available. The auditee may work with the supplier of the non-compliant material to obtain follow-up documentation.
- Documented changes in the auditee’s policies and procedures. These changes must be implemented within a three-month period following the audit.
- Any material from a Level 3 country that cannot be validated as from a conflict-free source and that still is residing at the auditee during the audit, must be reviewed and approved by the ARC prior to taking any action. This material must remain in the as-received material state as it originally was purchased by or provided in a tolling agreement to the auditee (or in semi- or final-processed state, if applicable), as it is described in the LIS until the ARC and the auditee agree to a disposition plan.
- A re-audit conducted by the auditing company that has conducted the previous audit may be required to ensure the auditee has implemented the corrective actions identified in the Corrective Action Plan. The re-audit may be desktop-based or may require an onsite visit by the auditor, depending on the non-compliances identified. The auditor will determine the type of re-audit required. The re-audit will primarily focus on validation of all non- compliant items identified in the Corrective Action Plan, as well as new materials received since the initial audit to verify that any further receipts from suppliers deemed non-compliant on the prior audit now meet Sn/Ta audit protocol requirements. Depending on the nature of the non-compliances and the auditee’s commitment to implementing an agreed-upon Corrective Action Plan, the auditee may be responsible for paying all auditor costs for a re-audit, at the CFSP Program Director’s discretion.
- After reviewing information from the re-audit, the ARC will determine whether the auditee can be identified as compliant or whether additional actions are required. For example, a more frequent audit schedule may be required for the future.
Any auditee that has a repeat non-compliance issue identified, or was unable to complete closure on open items within the three-month post-audit Corrective Action Plan period will be deemed non-compliant (subject to the final review by the CFSP Audit Review Committee mentioned in step 5) and will be exempted from participating in the CFSP for a period of six months.