What are the types of quality audits?

Audits. If you work in life sciences, you know that quality audits are a part of creating life changing products. Though all quality audits aim to evaluate product and system standards, not every audit is conducted in the same way. In fact, there are several types of quality audits each with their own focus. Regardless of your company stage or size, being prepared for any type of quality audits begins with understanding the types of audits and their purpose.

What is a quality audit?

A quality audit is a means to ensure a quality system is in compliance with established guidelines, basically determining the effectiveness of the quality system. This is conducted via a systematic, independent and documented process, whereby the auditor reviews evidence and objectively determines if the findings satisfy the effectiveness of the system or process being audited. 

We’ll review the different quality audits here, but the end result should be the same: a written report of the audit findings to determine the compliance of a system or the quality of a product. The findings should be reported to executive management, so that they are aware of which areas are compliant, and which areas need improvement in order to satisfy the requirements of their established quality management system, quality policy and overall company objectives.

Who can conduct a quality audit?

The most important aspect is all quality auditors need to be qualified and trained in audit procedures to ensure they are correctly performed and in line with company procedures. In addition, quality audits, regardless of type, can only be performed by individuals who do not have direct responsibility for the matters being audited, otherwise it could be seen as a conflict of interest. This should ensure the audit is unbiased and fair in the review and final report. This is usually only an issue in first party internal audits, where there may not be individuals qualified enough in auditing procedures to audit the quality department processes, however, that can be easily corrected with some additional training for someone outside the quality department.

Now, you may be asking, what does a first party audit even mean?

The difference between 1st, 2nd and 3rd party audits

The parties conducting an audit can be classified as first, second or third party, with first party being the most common. All types of audits will include an evaluation against a set criteria, but the main difference is who is conducting the audit and why.

First party audit

A first party audit does not involve anyone else, so it is considered an internal audit and it is conducted by auditors employed by your company organization. As already mentioned, the auditor cannot have a vested interest in the process for it to be an unbiased audit. This could be a mock audit to determine external audit readiness, or a routine audit to measure company objectives, determine gaps, or find opportunities for improvements. The audit can be on an entire quality system or select processes, and it can even be on a product or service. An example would be your quality manager auditing your purchasing department’s quality processes for effectiveness.

Second party audit

Second party audits are considered external audits, because they are conducted by people outside your organization, however they are usually associated with you, either a customer or potential customer audits your company. Or it could even be the other way around, where you are auditing your suppliers or contract manufacturers to determine their quality assurance. These audits are more crucial than internal audits, as they may have an impact on potential business decisions. An example would be a potential customer auditing your entire quality system to ascertain the effectiveness and whether they want to do business with you.

Third party audit

Third party audits are also considered external audits, as they are conducted by people outside your organization to assure relevant standards are met. The qualified auditors have no conflict of interest, or vested interest in your business. This is of utmost importance, as the results of these audits may result in certification, license approval, or to the contrary could result in warning letters, penalties, fines, or injunctions. One example would be a notified body auditor coming in to conduct an ISO audit at your company that will hopefully result in your company gaining certification to an ISO standard.

Types of quality audits

The type of audit performed is determined by what is being audited. There are various types of quality audits, but they can be broadly defined as process, product and system audits. We'll cover each of these audit types in more detail.

Process audits

During this audit the auditor will ascertain whether a company’s processes are working within defined standards that are predefined requirements (e.g. FDA GMP) or industry standards (e.g. ISO). The auditor will review the process controls by reviewing the company’s procedures, work instructions, training logs, job descriptions, etc, against the defined standards. Process audits can be conducted on the entire quality system or selective processes.

Product audits

This type of quality audit inspects whether a particular product or service (hardware, processed material, or software) complies with customer or performance requirements. The product will be inspected against product specifications, performance standards, and most likely customer requirements, to evaluate whether it conforms to desired product requirements. Product audits are usually conducted near or at the end of the production process.

System audits

This type of quality audit will ensure all elements of a (QMS) quality management system are effective, and have been developed, implemented and documented per the specified requirements. The auditor will measure the company’s quality system to ensure conformance by reviewing processes and policies against the regulatory requirements and a company’s additional contractual commitments. Thus, it is the regulatory requirements in totality, as established by the company, as well as agreed upon responsibilities established by contracts between the company and its’ customers. System audits should be conducted at least annually.

What happens after an audit is conducted?

Congratulations, you've made it through an audit. At the conclusion of an audit, the real work begins. The period following an audit is crucial, as it is the time when you will take the observations and implement changes. It's important to remember that an audit should never be looked at as a "pass/fail" type situation. Rather, it should be seen as an opportunity to improve and strengthen your quality system.

Audit report/findings

Documenting the observations and results of an audit is mandatory for a majority of industry and government standards. The final output of an audit is called an audit report. It documents the results of an auditor’s review and it will also capture the details of who (auditor), what (is being audited) and when (dates) for an official record. An audit report not just to prove to other auditors you're documenting findings. It's also for executive management to review and act upon, because it should list the findings along with any corrective actions that need to be taken in order to remain compliant. Additionally, an audit report should enable an organization to easily track quality performance over time.

Take action on Corrective Actions

Did the quality audit discover any areas that don't meet the standards being audited against or did the auditor find areas where improvement is necessary? If so, know you're not alone. Findings from an audit are normal. When you find areas to improve, it's crucial that management takes immediate action and includes the employees who are most able to influence said issue. These individuals have a personal investment in resolving findings and will be more likely to take corrective measures seriously. They also have the most experience in creatively and thoroughly resolving issues. Once the corrective action is in place, if it requires new steps or procedures, be sure to update your processes and retrain all employees on the newly added steps.

Re-audit

Most corrective actions are given deadlines for compliance. The deadlines for making progress in these areas should be followed up with a re-audit to ensure that necessary corrective actions are taken, including proof of the required re-trainings as needed. The same audit and documentation rules apply. Additionally, implement reviews by management in a specified area, and by executive leadership, to ensure the non-compliance originally found is now compliant with the required standard(s).

No matter the audit type, preparation is key

Preparing for and dealing with a variety of audits is an inevitable part of bringing a product to market—it’s even more critical when it’s a life-saving product. No matter which audit type you're facing in your career, the goal is to always be improving the quality of your product. Embracing each audit as an opportunity to do so is key to a successful outcome.

Remember, each quality audit is unique, and each will need a different level of preparation. By taking the time to understand the types of audits that could be performed, you can feel confident and ready to learn from every new experience. No need to feel discouraged by the audits ahead—each one is a valuable tool that helps ensure your product is the best it can be.

Are you ready for your next audit? Get Qualio’s free audit readiness checklist here.