Expert Offers Tips on Designing, Conducting Internal Audits
Internal audits can be a great way for a devicemaker to uncover quality issues and improve compliance programs, but there are challenges to doing them. The vast majority of manufacturers conduct internal audits soley because the FDA and ISO regulations say they should, says Susan Reilly, owner of the consultancy Reilly & Associates. That results in poorly conducted audits with little or no added value. During a recent FDAnews webinar, Reilly answered questions about how to design and perform effective internal audits.
Question: Would a company ever need to turn over internal audit reports or findings during an FDA inspection?
Answer: The regulation does not require that a company present audit reports to the FDA. Obviously, if the agency subpoenas those records, that’s a slightly different story. However, FDA investigators can access some audit outputs in the form of nonconformances that have become CAPAs.
Q: How should you document an internal efficiency audit so the audit report won’t pose a burden during regulatory body audits if action is not taken?
A: Even if you are auditing for efficiency and process improvement, the company will have to defend why it didn’t take action. A company could create a separate document that shows it has a process for addressing, handling and presenting to management. Some companies have audit procedures that say all nonconformances require a CAPA. If that is a manufacturer’s procedure, then each opportunity for improvement found in the efficiency audit will have to have a CAPA.
Q: How should a company handle multicultural audit teams or auditors for internal audits, where every team may have different audit etiquette?
A: All procedures should be written so they can be adjusted depending on how things work where the different organizations are located. What often works well is to assign the lead role to an individual who is from the culture of the facility being audited or who has more experience with that culture, even if this is not the most seasoned auditor of the group. Where there are cultural issues, handling those may be more important than the audit technique and the audit skills for a lead auditor.
Q: Are there any advantages to doing just a general quality system-based audit versus auditing individual departments?
A: Absolutely. Often, this is not done because of a resource constraint, but it is always recommended to do both the individual audits and a comprehensive audit. By looking at the whole system, a company can truly see the interactions. Key questions include:
- How is it working together?
- Are we putting emphasis in the wrong areas?
- Is there a gap between this process and that one?
Q: During the review of audit findings, can the auditor give the auditee advice?
A: An outside auditor is not going to be responsible for the corrective action or for the re-assessment of that corrective action, so caution is warranted. When dealing with an internal auditor, caution is also recommended because the auditor should not own the corrective response to the finding. There is a risk of the company saying that it did as the auditor suggested, but that action didn’t work.
Q: Are process efficiency findings considered part of preventive actions? If so, do the root cause investigation and corrective actions requirements apply? If not, should a stand-alone procedure be established to document efficiency audit requirements?
A: If a company has a preventive action process set up, it certainly can use that, but that doesn’t always apply if the company is not identifying a trend that has not yet caused a nonconformance. It’s more of a “this could be better” analysis. Some companies have processes specifically for program improvements that include a quality plan outlining the actions to be taken, responsibilities assigned and the achievable goals of the plan. This is generally recommended over a preventive action process specifically to avoid the need for a root cause analysis.