First, thinking in the 1980s paradigm of a QMS is extremely dangerous and confusing to both management and employees of a business.  Which take priority the QMS or the EMS or the HSMS or the SMS or C-TPAT or BIS export management of SOX financial management system?   The answer to the modern business is none of these.  Every business already possesses a Management System, a framework in which they operate which is most conducive to their own business and customer needs.   Pressing ones business into the mold of ISO is the lest intelligent move any organization could ever make.  taking that pathway will most certainly cause mass confusion and infective management.   

I have been working as an auditor for decades and I observe this same phenomenon with many businesses who adopt ISO MSS as their saving grace. What I observe in the majority of cases is a more convoluted system of mismanagement.   Its as if we took everything Deming taught us and simply threw it out the window, in order to build a pathway for an NGO to become the global authority for standards. 

What is Corrective or Preventive action other than the ability of an organization to recognize and reduce or eliminate variation at meeting the expectations of its customers and interested parties?   However, ISO MSS nor the majority of (some volume of step) corrective action programs ever eluded to the existence of variation existing either in the product of process.    Most focus on the non-repetitive decision process, masked in the ideal of a root cause of failure related to a process.  A process which has a plethora of variables acting upon it at any one point in time, will not have a root cause..... ever.   That is simply flawed thinking.   Further how many business understand their processes, map them and include all the variables in that mapping process?    The answer is of course few to none at all.   

Corrective action in most business is a hip shot at solving a problem using an 8 step process which bears no focus upon the variation of meeting expectations of customers or interested parties.  Most start with defining the problem statement .... in this fish bone (ishikawa) diagram...... and so on and so forth until some result is reached called corrective action. 

In order for true corrective action to occur, Management must understand its business processes as a whole including the interaction between various Transactional (ERP) systems and other minor support software.  Understanding at this level could provide a picture of where variation might rear its ugly head and cause expectation not to be met.   The result would then be to reduce variation based upon the severity of its occurrence, and the ability of an organization to detect it. 

Its sure that any attempt to perform "Corrective Action" without understanding hos that action might effect the Management-system of the organization overall can be more disruptive than doing nothing at all. Organizations must understand ti impact corrective action has upon its overall system of meeting the expectations of Customers and Interested parties and not simply focus on one moving part which is the case with most corrective actions activities. 

Preventive Acton is simply understanding ones business process designed to meet the expectations of customers and interested parties and any variation which could occur from those processes based upon the severity related to the variation, then putting controls in place or changing processes to reduce variation by its severity...   All to often preventive action is bound up in risk assessment and continual improvement, neither of which focus on the variation related to overall business process which disrupt the ability of an organization to meet the expectation of its customers and its interested parties. 

All organization actually do in relation to ISO stated corrective action is solve a localized symptom regardless of its impact upon the overall management system. so they can appease some external auditors whim.   That is about the extent of most corrective action taken within an ISO management system.  I have observed it time an again in my many decades of auditing.   All an auditor need do is ask the manager presenting the corrective action hoe that action effects the business management systems ability to meet the expectations of Customers and Interested Parties and watch how the manager performs the tap dance.   Managers don't answer because the majority of them have no clue regarding what the overall management system is related to their organization. If they make the QMS registrars auditor happy, things are corrected.... Right?