How to handle opportunities for improvement (OFIs)

By Kelly Huckabone

September 2020

There are many ways within an internal audit report to document feedback that is not an actual compliance finding (non-conformance). Typically, the most common categories are opportunities for improvement (OFIs) and recommendations.

We use OFIs to document feedback when an action is not taken and may result in a future/potential noncompliance. We use the term “recommendation” to document a best practice or an opportunity to improve a process without causing any impact to compliance.

Here is an example of each:

Recommendation: The Supply Chain Department posts metrics on their SharePoint site to provide easy access for all employees within the department. Logistics should review the benefit of adopting this process.

OFI: The Logistics Department is not storing their records in a secure area.

Can you see the difference? The recommendation offers feedback for consideration and does not require follow up from the auditor at the next internal audit cycle. Since lost records could impact traceability, it is the responsibility of the Supply Chain Department to ensure all records are secure.

In this example, there is no reference in the procedure or standard for this requirement. However, any lost records should be actioned accordingly under an OFI. OFIs need to be assessed for root cause and corrected, then followed for completion and verification at the next internal audit cycle.

Mature quality management systems (QMS) often have less non-conformances and more findings. This is based on my personal observation after completing hundreds of internal audits.

Helping your audit team and stakeholders understand the difference between an OFI and a recommendation will help ensure the robustness of your audit program and point you in the right direction toward compliance.

Download a PDF of this article



About the author

Kelly Huckabone is the North American Audit Program Manager who oversees the Unity™ Lab Services internal and external customer and supplier audit programs. Kelly is a certified risk manager, lead auditor with the American Society for Quality (ASQ), and has been conducting audits for over 25 years for different quality systems, including ISO 9001, 13485, and 17025, as well as Health Canada and the FDA.

Contact me at if you have any questions.