Conducting Internal Audits – Guidance from our Quality Team

Our quality team has a well deserved reputation for excellence.  In this blog they share their thoughts on what you need to do when conducting internal audits at your facility.

Guidance on conducting Internal Audits – ISO 9001:2008

ISO 9001:2008
8.2.2 Internal Audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
A) Conforms to the planned arrangements, to the requirements of this International Standard and to the quality management system requirements established by the organization, and
B) Is effectively implemented and maintained.

Guidance summarised from the NSAI ISO9001:2008 manual:
• Are you doing what you said you would do and does it work? (ie is everyone following the procedure steps as documented in SOPs?)
• Use audits to stand back and look at your organisation objectively to confirm that the QMS is helping you do both what you want to do and what you need to do. (Refer to the applicable ISO9001 standards during the audit and determine whether you are both aligning with the standard and meeting your own internal needs)
• Seek out areas for improvement.
• If the previous audit recommended or required action to be taken, the current audit should check how effective the change was.
• Look out for conditions that may not be nonconforming but may carry a risk of a potential problem. (ie take note of ambiguity in an SOP that could lead to different interpretations / differences in how different personnel carry out the same process. These can be documented as an observation or suggestion for improvement)

Key Points for Auditing
1. Get the broad picture before focusing on detail.
2. Information may be obtained from several sources such as; interviews (ie speak to personnel working directly in the area being audited, ask if they are aware of existing issues or causes for concern etc), observe activities, review documents, records, reports and analysis/metrics (ie KPI’s).
3. Identify whats new / recently changed in a process.
4. An Audit will only consist of a sample. Depending on the audit, it is reasonable to select a small number of samples, provided no non-conformities are found. If however, the samples show up one or more non-conformities, then the auditor must take further samples / investigate further, to discover the true extent of the problem.
5. Evaluation of the effectiveness of a process. Every audit should be examined from three perspectives;
a. Intent: “Have you said what you do?”
b. Implementation: “Have you done what you said?”
c. Effectiveness: “Have you done it well?”

Coming Soon: 

There is a planned update imminent for ISO9001 – Quality Management Systems.  ISO 9001:2008 is being updated to ISO9001:2015 in order to respond to the latest trends and ensure the standard stays relevant in the business world.  Acorn has conducted a Gap Analysis which will be published shortly.

About the Author
Gemma Robinson, PhD
Managing Director
As Managing Director of Acorn Regulatory, Gemma Robinson is actively involved on client projects on a day to day basis and she leads a team of respected pharmaceutical, medical device, pharmacovigilance and clinical trial experts.  Gemma is also an active contributor to developing and promoting standards in the regulatory affairs profession and she has worked with a number of academic and not for profit organisations to encourage individuals to pursue a career in regulatory affairs and the broader STEM subjects. You can read more articles by Gemma by clicking the link below.
Other articles by Gemma Robinson PhD