After hundreds of IATF 16949 audits, the same nonconformances appear repeatedly. From inadequate FMEA linkages to missing customer-specific requirements, from poorly implemented SPC to incomplete PPAP submissions — these are the findings that lead to major nonconformances and even decertification. We catalog the top 10, explain why they occur, and provide prevention strategies so your next surveillance audit is clean.
The Top 10 Findings
After years of conducting IATF 16949 audits across automotive suppliers of all sizes, certain nonconformances appear with remarkable consistency. Understanding these common findings and their root causes helps manufacturers prevent them proactively rather than discovering them during certification audits.
The top 10 nonconformances consistently involve FMEA effectiveness, control plan compliance, MSA completeness, internal audit rigor, management review substance, corrective action root cause analysis, training and competency records, customer-specific requirements, calibration management, and change management. Each represents a systemic gap that proper implementation prevents.
FMEA and Control Plan Issues
The most common FMEA finding is disconnect between the FMEA and actual process risks. FMEAs that list generic failure modes without reflecting actual process knowledge receive audit findings consistently. Auditors verify that FMEA severity, occurrence, and detection ratings reflect real conditions — not theoretical assessments copied from templates.
Control plan findings typically involve missing characteristics that should be monitored based on FMEA outputs, incorrect measurement frequencies, or monitoring methods that do not match the actual inspection process on the shop floor. The control plan must be a living document that accurately reflects what happens in production — not a planning document created during PPAP and never updated.
Audit and Review Weaknesses
Internal audit programs frequently receive findings for insufficient depth, lack of process-based auditing approach, or failure to cover all IATF 16949 requirements within the audit cycle. Auditors evaluate not just whether you conduct internal audits but whether your audits are effective at finding issues and driving improvement.
Management review findings typically involve incomplete review inputs (missing Clause 9.3.2 required inputs), lack of decision-making output, or failure to follow up on previous review actions. As discussed in our management review article, effective reviews require pre-analyzed data and produce specific, assigned, time-bound actions.
Prevention Strategies
Preventing these common nonconformances requires three things: understanding the requirement, implementing it substantively rather than superficially, and maintaining it actively between audits. The manufacturers who consistently pass audits with minimal findings treat their quality system as an operational tool, not an audit preparation exercise.
Conduct a pre-certification readiness assessment at least 90 days before your audit. Review each common nonconformance area and verify your implementation addresses not just the written requirement but the intent and auditor expectations behind it. This proactive approach converts potential findings into demonstrated compliance.
