The purpose of conducting an Internal Audit is to evaluate the efficiency of an organization in terms of quality processes, risk management, and overall business practices with respect to applicable standards and regulations. An internal audit is a means of identifying any shortcomings in the quality processes in order to plan actions to correct and prevent the flaws and thereby improve the overall quality adherence at the company. As per the requirements stated by ISO standard 19011, internal audits must be conducted at an organization at least once a year.
Why is internal audit important?
Performing routine audits offers an organization multiple benefits which are as follows:
How to Conduct an Internal Audit?
The PDCA (Plan, Do, Check, Act) cycle should be followed for the successful completion and management of any audit.
Identify the Auditor
Identifying an auditor with relevant experience, knowledge, training, and skills is important. The medical device manufacturer can have an in-house internal auditor or can outsource the entire internal audit process with the necessary evaluation of the supplier to a consulting firm like Elexes Medical Consulting.
Identify areas to be audited
Before planning for an audit, identifying the areas to be audited is important. Certain areas need to be audited on a regular basis whereas certain processes need not be. Based on the criticality and risks involved in the processes, the audit shall be performed.
Define the frequency of the audit
It is important to define the frequency of conducting an internal audit. However, all the processes that fall under the scope of the company’s quality management system shall be audited at least once a year to verify their effectiveness and maintenance. Further, it also helps to verify the improvements that are made to the system to ensure consistency with the products or services that a company provides.
An internal audit plan must be prepared by the auditor in order to clearly define the objectives, scope, and audit criteria of the audit. This plan should be shared with the respective personnel/department prior to the commencement of the audit. The plan must also include the schedule for different activities during the audit. This allows the auditor to ensure timely access to the documents and personnel as required during the audit. Further, the audit plan shall include references against which applicable standards and regulations an audit will be performed. This will allow companies to understand and assess:
- How the requirements of applicable standards and regulations are met by the organization
- Whether all the requirements of applicable standards and regulations are met by the organization
Generally, it is advisable for the organizations to generate and follow an audit checklist to prepare for the audit and to verify whether the findings from the previous audit have been effectively closed, be it external or internal audit findings.
The audit checklist shall be structured in such a way that it decodes and breaks down the standard/regulatory requirements, to verify records and documents that are being generated to stay in compliance with those requirements.
Conducting the Audit
The method of audit depends on various factors such as objectives, scope, criteria, and location of the audit. An audit can be performed On-Site or Virtually. However, the mode of audit is determined based on the risk classification of the product and the scope of the audit. An audit typically comprises 5 major milestones, depicted in the image below, followed by a detailed explanation.
- In this meeting, the Audit Plan shall be discussed to ensure that all the auditees agree with the plan.
- The auditees shall be introduced during this meeting and shall be provided with an opportunity to raise questions.
- The auditees shall include any personnel from the top management and those in charge of the processes to be audited.
Conducting the Audit
- Information shall be collected and verified by the auditor either through interviews, observations, or review of documented information.
- All the relevant documents and records of the process that support the audit objectives and compliance with the applicable regulatory and standard requirements shall be reviewed by the auditor.
- During the audit, the auditor shall communicate with the auditees the audit progress, and any significant findings or concerns, as appropriate.
- A closing meeting shall be chaired by the auditor.
- The closing meeting shall be attended by the auditees, responsible personnel corresponding to the process audited, and relevant parties as concluded by the auditor or auditee.
- In the closing meeting, the auditor will discuss at a minimum:
- The audit findings and conclusions
- Potential results of not addressing the findings
- Suggestions to address the findings
- Post audit activities, such as NC plan, CAPA initiation, and closure
Completion of audit and audit reporting
- An audit is considered to be completed when all the scheduled activities have been completed.
- The auditor prepares a report of the findings that includes information such as objectives, participants of the audit, time and venue of the audit, findings and conclusions of the audit, and differences in opinion between auditor and auditee if any.
- The audit report is shared with the auditee in a time period agreed upon by both parties.
Follow-up action items
- A Corrective Action Preventive Action will be raised by the auditees for any identified non-conformities.
- Adequate actions have to be taken by the auditee to correct the non-conformities identified in the Corrective Action and Preventive Action plan within an agreed time period.
- When a Corrective Action Preventive Action is initiated, a schedule or plan will be set for the verification of the effectiveness of the CAPA.
- The results of the Corrective Action Preventive Action will be discussed during the Management Review Meeting.
- Also, the auditor shall decide if a follow-up audit is needed based on the level of non-conformances
In conclusion, structured documentation aids in obtaining a lesser number of nonconformities during an audit. A lower number of non-conformities is also an indicator of an effective business and management. It helps ensure that losses in business that often occur due to poor structuring of documentation are avoided. If you do not have a robust quality system or want to evaluate the areas of improvement in your quality compliance, systems and documentation reach out to us at firstname.lastname@example.org for assistance. We can launch a yearly audit program and conduct an internal audit hassle-free.
#internalaudit #elexes #healthcare #capa #quality #regulatoryconsultant #iso13485 #pdca
Elexes medical consulting is one of the leading regulatory & compliance consultant for several industries: Medical device, Pharmaceuticals, Cosmetics, Food, and Biologics.