The results of a regulatory audit or inspection can impact a company’s brand reputation and even its bottom line. Warnings or failed inspections from regulatory bodies like the FDA could result in a company shutdown, product recall, or delayed product launch.
Internal audits enable organizations to monitor the performance of their quality management system at any given time and mitigate compliance risks. They serve as “practice runs” for companies to identify flaws in the system and implement corrective actions before an official certification review occurs.
To get the most value from your internal audit, consider the following:
Develop an audit plan and scope
Determine the overall goal and objectives of the audit. What insights do you want to glean from the process? Also identify the departments and processes that need to be audited. These are typically the areas that are defined in your QMS manual. Finally, identify the resources or tools that will be needed to efficiently conduct the audit (e.g., audit checklists, documentation, questionnaires)
Select internal employee(s) or an external contractor to conduct the audit
The number of auditors selected will depend on the size of your organization as well as the different areas that need to be reviewed. Auditors should be thoroughly trained on the applicable regulation prior to performing their assessment.
Schedule meeting with auditors
Ensure that everyone is on the same page regarding the audit plan, purpose, and scope before they conduct their review.
Keep management team and staff in the loop
Educate senior management as well as all impacted teams on the auditing process so that they know what to expect. They must have a clear understanding of their contribution to the success of the project.
Assess QMS against applicable regulation or standard
During their assessment, auditors should review and compare various areas of the QMS (e.g., training records, corrective and preventive actions [CAPAs], design controls, environmental and safety certificates) against the applicable regulatory requirements. Auditors should document noncompliance issues and address their findings with staff members.
As part of the assessment, it is good practice to document the following:
- Specific section of the regulation or standard
- Applicable requirement
- Observations and comments
- Indication of whether the process/area is acceptable or deficient (i.e., compliant or noncompliant)
Review audit findings
After completing the QMS assessment, auditors should hold meetings with senior management and impacted teams to discuss their findings and review deficiencies. Reasonable deadlines must be established for teams to implement the necessary corrective actions.