A step-by-step guide to internal quality audits
Gearing up for a quality audit is no small feat. Whether it’s your organization’s first time being audited or the 100th, there’s always room for improvement when it comes to your quality management system. An internal quality audit is an important tool for any company that wishes to assess its quality procedures, compare performance against external standards, or prepare for an external audit. By conducting an internal audit, organizations can identify areas where they need to make changes or improvements. We'll review the benefits of and responsibilities within an internal audit, as well as the 4 steps you should follow to make sure your audit is successful.
What is an internal quality audit?
Quality audits are conducted to ensure a quality system is in compliance with guidelines, which can vary depending on the products or services offered by a company. Audits are conducted via a systematic, independent and documented process, whereby the auditor reviews evidence and objectively determines if the findings satisfy the effectiveness of the system or process being audited. An internal audit is known as a first-party audit, and is done within your own company by your own employees. Internal audits are performed for a variety of reasons, but the ultimate objective is to measure your strengths and weaknesses within your own company.
Benefits of internal audits
An internal audit is a starting point for determining gaps and opportunities for improvements. They should be welcomed, not avoided. Audits are frequently feared and seen as a disturbance to your regular workday, but an internal audit is quite the opposite. Internal audits are a beneficial management tool that should be seen as a learning opportunity, especially for any company that wants to improve their quality management system. The immediate internal benefit is a streamlined process, but the overall objective might be to determine if your company is ready for an external audit to garner or maintain an industry certification to an ISO or GMP standard.
Who can conduct internal audits?
By definition, internal audits are conducted at your organization by employees of your company. The employees conducting the audits must be trained, qualified auditors to ensure the audit is performed correctly and documented in line with company procedures.
While the internal auditors have a vested interest, the audits can only be performed by individuals who do not have direct responsibility for the matters being audited. This should ensure the audit has no conflict of interest and is fair in the review and final report. The quality manager and/or appointed quality management representative is typically in charge of managing the audit process, which usually means the quality department handles a majority of the audits. Issues (such as a conflict of interest) can arise in first-party internal audits where there may not be enough properly audit-trained individuals outside the quality department to audit the quality department’s procedures. This particular issue may be resolved with additional training (both internal and external) for someone outside the quality department.
If you're a medical device company, your executive management should appoint a management representative who is responsible—irrespective of all other duties—for ensuring all requirements of the quality system are in place and well documented, which includes the audit process. The representative is in charge of reporting the effectiveness of the quality management system to top management and internal quality audits are great tools to determine effectiveness.
4 steps for conducting internal audits
The key to an effective audit, whether internal or external, is good planning. The essential steps involved are: planning, executing, reporting and follow up/closure. When you're conducting an internal audit, your company has complete control over the process. Use this to your advantage by creating a roadmap that will help you meet your objectives and follow your procedures. In smaller companies where employees wear many hats, ensure there are no conflicts of interest and that sufficient time is allocated to complete the audits and reports.
1. Audit planning
The first step in audit preparation is determining the overall scope and objective of the audit. Once this is known, the assigned management representative or quality manager will plan the entire audit cycle utilizing the internal policies, forms (audit checklists and reports) and procedures. They'll assign various employees as auditors and delegate which areas will be audited to ensure the overall company objectives are met during the audit process.
2. Audit execution
This phase should allow the auditor to become familiar with the area being audited. At this step, processes may be pulled ahead of time (data gathering), previous corrective actions, previous audits, meeting with key team members, and tours of areas are usually first steps for successful audit execution.
Remember to put auditees at ease during your audit by communicating what is being audited and the format being used (e.g. direct interviews, reviews of process related documentation, demonstration of the workflow, etc.). During the audit, you're looking for compliance, but you should also be looking for opportunities for improvement and possible inconsistencies in the system. For example, you may notice one area has a streamlined way of meeting their objectives that could be shared with other areas. Someone with an auditor perspective might be the only one to observe these types of opportunities for improvement.
3. Audit reporting
The output of the audit investigation is the audit report where you will compile all of your audit findings. An audit report is used to communicate to respective area management and top management the results of the internal audit. The report should be done as soon as possible and be clear and concise, so management can address potential organizational issues. The key members of the areas being audited should be involved in any follow up corrective actions required for compliance.
Successes should also be reported, so the entire picture of quality performance improvements are tracked over time. Successes should also be reported and communicated for the entire picture to be tracked for quality performance over time. If no corrective actions or opportunities for improvement are necessary, the audit can be concluded for that area.
4. Audit follow up/corrective action/closure
Once all required areas have been audited, the lead auditor or management representative will make final determination of which areas need corrective actions and subsequent follow up reviews. While it's required that the audit results are communicated to upper management, key members have the most insight and vested interest to ensure it's corrected/complete. The respective area manager should be responsible for ensuring the follow up activities are done and well documented. These activities may require updated processes to implement the changes, followed by re-trainings for compliance, as necessary.
Final audit sign-off can be completed by the lead auditor once they have evidence that all of the corrective actions or opportunities have been implemented/satisfied. This may require a full re-audit of the area, but that's not always necessary. Once the audit objectives are complete, the entire audit can be closed and the results should be communicated to upper management for tracking at regular intervals during management reviews.
Internal audits spell out future success
Successful internal audits are the first step in maintaining a strong quality management system. There are many benefits to internal audits that help in the short term, while also being beneficial for long term goals of continued regulatory compliance, external certifications and customer required objectives. Prioritizing internal audits on a regular basis will show employees, customers, and other interested parties that your organization is committed to quality. Successfully conducting internal audits will lead to a more efficient and effective organization that is better prepared to meet the demands of future audits and regulatory standards.