By Rick Mealy

Many labs dread an audit and are relieved when the auditor leaves.  Audits should not end that way, and there are things you can do to minimize what ultimately appears on your audit report.   I will never forget a two-day audit I once performed at a small commercial lab in Michigan that was seeking Wisconsin certification.  On the morning of the second day, I noticed a trash receptacle overflowing with crushed beer cans.  I asked about it and was told that staff were so devastated by my findings the first day that they just sat in the main area after I left and drowned their sorrows.  That bothered me, so I asked if we could talk about that.  It turned out that they were actually agreed with my findings but were disappointed in themselves.  With a little work, the lab eventually received certification, but that scene and my impact on the lab staff was indelibly stamped on my memory.

Before leaving, your auditor should have summarized any “deficiencies” they identified, which will be written into your audit report.  This is your time to reassess each deficiency and determine whether or not each deficiency is truly valid.  It’s natural to be a bit introspective and ask what things your lab did right, and what things your lab did wrong, but it’s only fair to apply the same analysis to the auditor. Was something truly your error…or was it that the auditor did not understand your responses to a particular sequence of questioning?

The Audit Spectrum

I hear many people saying that their audit went great, and the auditor was really helpful.  But I also hear just as many people saying that they’d prefer having several teeth extracted without Novocaine to going through another audit like they did.   And while it’s logical to suggest that “good” labs have the former experience and “bad” labs have the latter, that thinking is neither appropriate, nor is it accurate.  Some great labs have bad audit experiences, and some not-so-great labs have wonderful experiences.  How can that be?  Shouldn’t audits be performed consistently?  Perhaps more to the point, why should any audit be a negative experience?  Learning should never be a bad experience.

Auditors are Human Too

As much as some folks view auditors as on par with Imperial Stormtroopers out of the Star Wars saga, unlike Stormtroopers, auditors are not cloned.  They are unique individuals, and they are human.  They have good days and bad days…just like you.  Some are quite experienced and have been really well-trained, and some are not.  Again…just like you.   Maybe you caught an auditor with less experience, who was having a bad day/week, and perhaps they unintentionally took their frustrations out on your lab (it can happen).  Maybe your testing was not necessarily a particular strength for them.  It shouldn’t happen, of course, but we have to accept that we are all human, and these things do happen.

Controlling the Audit

The important thing to do during an audit is to stay focused and engaged in what the auditor is reviewing.  The auditor will likely be trying to control how the audit goes, but it’s YOUR lab so you have a right to do what you can to retain control of the process.  Obviously, the auditor has the authority to review just about every piece of documentation in the lab.  You cannot control that.  But what you can control is how they evaluate the data, particularly if there are questions about it, and those questions might lead to a deficiency being cited.  This is your opportunity to explain why your procedure meets the legal requirements, even if it does not precisely meet the auditor’s expectations.

Want vs. Need

Remembering that all auditors are human, you may notice that a specific auditor has a particularly keen interest in some aspect of lab testing…for example, thermometer calibrations, that other auditors have not.   You might also have experienced that one auditor may be more forceful about what corrective action is required to resolve a deficiency than another auditor.  How do you deal with that?

I call this the “Want vs. Need” test.  Is the auditor asking you to do something that you NEED to do (i.e., it is explicitly stated in code and scientifically valid), or rather, is it something the auditor WANTS you to do?  The auditor may even be able to explain why the procedure they suggest is better.  But do you really need to do as they ask?  To get some perspective, reframe the question.  For example, you are looking for a new car.  You may WANT a Mercedes…but do you NEED one?  What you need is a car; you certainly do not HAVE to buy a Mercedes, when a Ford or Chevy will work just fine for your needs.  Your Chevy approach to meeting a specific requirement may be adequate, just not the Mercedes solution that the auditor would prefer.

 Let’s consider a specific lab example.  Most labs just throw out and replace thermometers every year because they do not want to bother with NR 149 annual calibration requirements.    But isn’t that wasteful?   And why fear the calibration?  All NR 149 says is “The laboratory shall [annually] calibrate or verify all support equipment within that equipment’s range of use using available reference materials traceable to NIST.”   Let’s say that the auditor tells you that if you are not going to replace your thermometers each year, then you have to prepare a calibration against one of those very expensive NIST certified thermometers, that you should do it quarterly, and you are going to have to do it at several temperatures—perhaps in an ice bath, and in boiling water (i.e., at “true” temperatures), and maybe at another “point”, such as lab refrigerator or BOD incubator temperature.  Then they want you to establish acceptance criteria.

Hold on…let’s take this piece by piece.  First, the requirement is annual , not quarterly, calibration.  I could successfully argue that using an inexpensive “NIST traceable” thermometer is sufficient, and that comparing your thermometer and the NIST traceable one when placed in an ice-water slurry is sufficient verification of calibration.  After all, it just has to be verified “within that equipment’s range of use” and certainly 0°C would fall within that.  And the code language does not specify or even address acceptance criteria.

Shades of Gray

Many lab requirements referenced in NR149 are not written in black and white.  NR Codes simply would be too lengthy if everything was written very prescriptive.  Therefore, in most cases, rule requirements are often various shades of gray.  Who gets to say whether your shade of gray is not an acceptable shade?  Newsflash, it’s not up to the auditor.  The auditor may have an opinion, but you are equally entitled to your opinion, and the “Decider” is not the auditor, or even the DNR, but rather a state Hearing Examiner.

Look, I’m not suggesting you pursue the nuclear option and request that every audit issue be taken to a Hearing Examiner.  But what I am suggesting is that given that there are shades of gray to complying with many rules, your approach to complying with the rule may not be what a specific auditor would prefer, but it satisfies the rule requirements nonetheless.  Do not live in fear of retribution or a breakdown of your working relationships with DNR staff should you exercise your right to question the validity of deficiencies cited.  It is perfectly acceptable to ask for reconsideration, perhaps at a higher level of authority.  At the very least, you could consult with other facilities to see what they have done or even contract with someone to advocate on your behalf to retract the deficieny(ies) and re-issue the audit report.

Where’s Your Authority?

Sometimes you have to be courageous enough to respectfully ask the auditor where his/her authority lies to cite a particular deficiency.  Upon such a request, the auditor should show you the precise wording in NR 149 that supports their conclusion.  I get it… no one wants to question the auditor.  There is a historical fear of inciting the wrath of the entire DNR.  It’s troubling that those feelings persist in this day and age but they do.  Still, there is absolutely zero harm in respectfully asking an auditor to show you the exact language in NR 149 that gives them the authority to cite what you are (not) doing as a deficient practice.  After all, it’s likely that your supervisor is going to want to know what specifically the lab was doing (or not) incorrectly and what the lab is required to do to resolve the audit.  Remember, there are alternative solutions to complying with many rules.

Help me Understand

If “Pardon me, but where’s your authority?” seems too threatening, another alternative is the “Help Me Understand” approach: “Mr./Ms. Auditor, could you maybe help me understand specifically why what the lab is doing [on some aspect of a procedure] is a violation of code?”  You have a right to know what the rule specifically requires, and you also have a right to ask for an explanation of why your practice does not meet the requirements (particularly if the requirement is not a clear delineation between black and white).

There is a tendency for many lab staff to “go along to get along”, and while that is certainly your choice, your choice can also be to take pride in what you are doing, and respectfully insist that your approach is sufficient even if it is not precisely what the auditor would like.  If what you are doing conceivably meets the letter of the law (even though the auditor would prefer you do something else/better) you should not be cited as having a deficiency.

In fact, I’ve often thought that the term “deficiency” is inappropriate.  Deficiency means lacking or inadequate.  The term deficiency seems to imply that there is a scale to compliance, and you just aren’t doing enough.  Going back to thermometers, the rule just says they have to be calibrated.  It neither states HOW they must be calibrated nor that any criteria must be met.


While there certainly are some absolutes, the line between compliance and non-compliance of NR 149 rules related to many lab activities is simply not crystal clear.    You should be proud of your lab and feel comfortable in advocating how your approach to compliance satisfies requirements.  With a little bit of effort, and maybe some outside assistance, you could successfully eliminate “draft” deficiencies identified during an audit or change deficiencies into recommendations.  Recommendations are much more palatable than deficiencies.  Deficiencies are blemishes which must be corrected, while recommendations are something that you may take into consideration but ultimately choose to ignore—without penalty—and follow your existing protocols.  Do not be afraid to question.


Back to News