Is Your Internal Quality Audit Effective?

Quality engineering services are becoming a major area of focus for companies in practically any sector, since most of them are heavily reliant on IT for business operations. Quality engineering encompasses a larger view of quality requirements in every area from management to operation, by managing, developing, operating and maintaining high-quality IT systems, software solutions and enterprise architectures.

With quality engineering services, organizations can ensure that defined attributes and requirements are maintained across platform, device and organizational boundaries, using integrated tools and procedures from IT service management, enterprise architecture/software-product management, software quality and information security management, as well as software and systems engineering.

For many companies, quality engineering is also essential to legal or business compliance requirements and standards, especially in heavily regulated industries like food or medicine. A quality management system (QMS) must be established and maintained in a manner that defines the organization’s quality objectives, policies, processes, resources, and most crucially, monitors and measures the system’s performance.

According to ISO 9001:2000, the process of setting up and maintaining a QMS is broken into three parts:

  • General requirements
  • Documentation requirements
  • Quality management principles

The executive management in an organization needs to remain active and involved in these three areas, and regular audits are crucial to this task.

Audit Classification

The classification of quality audits is defined on two levels:The relationship between the auditor and auditee

1. The relationship between the auditor and auditee

  • Internal Audits – If an organization is conducting its own audits, these are known as first-party audits. They are used to gauge QMS performance and effectiveness, collect data for improvements to be made, and for management review.
  • External Audits – When any party with an interest in the organization conducts quality audits (e.g. customers auditing their suppliers), these are known as second-party audits. Audits conducted by independent organizations (e.g. regulation or certification boards) are known as third-party audits.

2. The type of quality audit being conducted

  • Product Audit – A certain product is examined to gauge its compliance with quality requirements.
  • Process Audit – The inputs, actions and outputs of a certain process are examined to gauge its conformance with requirements.
  • System Audit – A specific system is examined to gauge whether its elements are appropriate and effective, as well as developed, documented and implemented as per requirements.

Internal quality system audits are an important part of quality engineering services, since they can help gauge the system’s effectiveness.

Are You Getting the Most from Internal Quality Audits?

Effective internal audits keep the company informed about how the QMS is performing, and whether any changes are needed to enhance its efficiency. These require a collaborative and interactive effort between various parties, since data comes in from multiple sources.

According to ISO 19011:2011 guidelines, here’s a step-by-step approach to effectively conducting internal quality system audits:

  • Step 1 – Initiation – At this stage, initial contact needs to be established with auditees (for internal audits, the managers responsible for matters being audited), since key people, equipment and resources involved in the audit need to be available. An audit schedule allows management to remain informed about pending audits and decide if they are feasible or need to be rescheduled. If you’re rescheduling audits too often, there may be other issues that need to be addressed.
  • Step 2 – Preparation – For effective audits, the next stage is document review (work instructions and procedures for internal audits) to check conformance with regulations, standards and requirements. While scheduling and planning the audit, document all the relevant details, i.e. location, dates, scope, audit criteria and responsible management. Also, develop and maintain audit checklists, data collection forms and interview questions.
  • Step 3 – Performance – At the stage where the audit is being performed, the investigating team needs to follow the audit plan, implement checklists and collect relevant data. This data (audit evidence) includes results of interviews, records and work procedures or practices that are observed, and helps with the preparation of positive or negative audit findings based on conformance/non-conformance with requirements. While usually quite straightforward, there should be some flexibility in the audit so that unforeseen changes can be managed without affecting its effectiveness.
  • Step 4 – Reporting – For the final stage of internal audits, results from the investigation are collected and compiled into an audit report, which is a quality record related to the audit. Typically, it includes the location, dates, criteria, scope, findings and conclusions of the investigation, and defines the distribution of the results too.

Audit Results and Records

It’s important for the report (discussed in step 4 above) to be reviewed by appropriate managers, i.e. those responsible for the matters or areas being audited. This ensures that any areas of nonconformity are identified and eliminated. The review needs to be followed up with a reaudit, i.e. an internal effectiveness check confirming that issues have been identified and addressed with corrective or preventative action.

The results and dates of audits and reaudits must also be documented in quality records, since FDA investigators may review quality records during external audits. While the FDA will not review internal quality audit reports, they can ask for corrective action records and documentation of reaudits.

No Comments

    Leave A Comment

    1047 Serpentine Lane, Suite 500, Pleasanton, CA 94566
    Call us today 1-877-799-0922
    Malcare WordPress Security