The reasons why companies are failing audits are diverse and the ranking of the top causes might be different depending on the standards the organizations wish to be certified against. However, one of the most frequent non-conformities found across the various standards is the lack of documentation and the lack of organization of the documentation.

It is suggested by the ISO quality management standard to split documentation into 4 hierarchy levels, which basically differ by the abstraction level or the breadth of scope. On level 1 you will usually have global policy documents affecting the organization as a whole (describing the why), on level 2 will be procedures describing the who/what/when/where of the processes, level 3 are work instruction (the how) and level 4 are records. In ISO terminology records are logs which contain information about the actual performance of the processes which are   generated while running the processes and therefore are valuable evidence for an auditor during stage 2 of an audit to verify that the management system indeed works as designed (level 1 – 3 describe the design).

Especially larger organizations may find it challenging to keep track of hundreds or even thousands of documents and having the information available promptly when it is needed. They may also think that some documentation required by the standard is superfluous and that their processes are running smoothly without it. However, missing mandatory documentation will always attract the attention of an auditor because it is often an indication that something is going wrong and sometimes even going very wrong. If some documents are deemed as mandatory by a standard, there are very good and understandable reasons, why this is the case.