Viewed from this perspective, internal audits allow you to:
• Identify inefficiencies and opportunities for process improvement
• Proactively identify and reduce compliance risks
• Ensure alignment between documented processes and plant floor practices
• Demonstrate your commitment to quality to your team, so that they in turn prioritize quality
Known problems should be a key area to focus on during internal audits, based on records such as:
• External audit findings
• Corrective and Preventive Actions (CAPAs)
• Nonconformance reports
• Customer complaints
Creating and sticking to a regular audit schedule is key to avoiding rushed audits or external audit preparation. If you’re required to conduct an audit every calendar year, and you’re scrambling to complete it in December, how much value do you think it will provide?
With that in mind, this article explores nine strategies for more effective internal audits, looking beyond mere audit readiness to focus on extracting maximum value from this labor-intensive effort.
1. Understand the benefits of internal audits
Once you’ve identified compliance gaps, you must then add new controls via corrective action to ensure you address them adequately. Adding future verification checks is also crucial to make sure you hold those gains in place, as is implementing preventive action in other at-risk processes.
Finally, internal audits help the organization maintain a state of readiness for external audits and inspections. Remember, you don’t want somebody asking a question you don’t already know the answer to. By making sure you’ve already asked yourself all the tough questions with meticulous and thorough audits, you’re better prepared to avoid external audit findings such as FDA 483 observations and warning letters.
2. Document your internal audit procedure
Related to the above point, you want to consider the outside perspective as you plan and conduct your internal audit. What would customers look for during a customer audit? What about ISO auditors, or regulators?
So, how often should you conduct internal audits? Some companies will audit a different area each month, looking at individual production lines or processes such as calibration systems. In other cases, organizations will audit their entire system once a year or even once a quarter.
Include any relevant regulatory requirements, ISO standards, and internal requirements such as SOPs, work instructions, and specifications.
Here, you need to check not just that there is a documented process or control for each requirement, but also that the control is in place on the manufacturing floor. You’ll also want to verify that employee training materials align with process requirements.
Add corrective actions and follow-up
These events represent some of the biggest areas of risk in a plant. For example, if you implemented a new control after a CAPA, it’s vital to check that the control is in place and working.
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Published Jan. 17, 2024, on the AssurX blog.
In the field of quality, internal audits are the equivalent of sunlight. Like spring cleaning, internal audits provide the opportunity to bring process issues into the open before they become external challenges like customer complaints, warning letters from the U.S. Food and Drug Administration, and recalls.
The key takeaway: Assess your systems with a critical eye for deficiencies you can fix now before they become a problem on an external assessment.
8. Document everything
As U.S. Supreme Court Justice Louis D. Brandeis famously wrote, “Sunlight is said to be the best of disinfectants.”
Thorough documentation is a vital component of any internal audit. As the saying goes, if it isn’t documented, it didn’t happen. External auditors and regulators will likely want to see your record of internal audits, making it essential to fully document:
• Areas, processes, and systems you’ve audited, and when
• Any findings that occur during the audits, including items corrected on the spot
• Corrective actions and subsequent monitoring activities put into place
• How you improved your procedures with preventive action based on audit findings
For example, ISO audits frequently include checks of employee training records. Rarely would an auditor ask to see every person’s training record. But it’s likely they will ask for a random selection. To prepare for this, you must make sure employee training files are up to date, documenting training on SOPs, procedures, and more.
A thorough audit requires careful preparation and meticulous attention. That means deciding ahead of time what you will audit and when, ensuring that responsible parties have time to do the job right.
The answer: Not much.
Link each requirement to a control
One strategy here that can improve documentation in certain situations is to add photo evidence to both findings as well as CAPA verification. This helps clarify what needs correction, since a photo can provide critical context and detail. Adding photo verification to a CAPA can also help demonstrate and document the problem’s full resolution.
9. Automate your workflows
Defining and documenting your internal audit procedure is another preliminary step that helps streamline the process and make it more effective. Steps you’ll want to cover are:
• Scope and objectives of the audit
• Planning activities such as reviews, scheduling, and meeting
• How you will execute the audit
• Reporting and assessment processes
• Follow-up measures and corrective actions
• Who is responsible for each step in the process
3. Stick to an audit schedule
It’s possible that through the above process you may identify a number of compliance gaps needing attention. Classifying findings by risk helps you prioritize follow-up so high-risk problems don’t languish while you’re busy resolving minor items.
However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads.
Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types.
It’s one reason why internal audits are a basic requirement under ISO standards such as ISO 9001, ISO 13485, and ISO 45001. However, if compliance is the only reason you’re conducting audits, you’ll get minimal results from your efforts.
Internal audits require coordinating a wide range of documentation and action items. Automating your workflows in the QMS can help eliminate bottlenecks and prevent issues from falling through the cracks. A robust QMS will allow you to create custom workflows for planning, audit execution, and follow-up, with the ability to:
• Create standardized audit and checklist templates
• Generate your audit plan
• Schedule and assign audits, with email reminders to keep people on track
• Manage findings with risk assessments and corrective action routing
• Generate final reports and route them for sign-off
Conclusion
Internal audits are a foundation of the quality process. But far too many companies conduct them from a basic compliance perspective. The key to getting more from them requires an expanded view of the role of internal audits, combined with a thorough approach to bringing issues into the light.
Getting more from internal audits requires an expanded view of their role combined with a thorough approach to bringing issues into the light. Photo by Headway on Unsplash.
Thanks,
Quality Digest