Quality Management System Audits & Inspections

Companies of all sizes and trades undergo quality management system (QMS) audits to ensure that their processes and records are in line with applicable regulations and standards. Audits also enable organizations to pinpoint deficiencies in the system and drive continuous improvement.

Depending on the industry and type of product, manufacturers may be required to undergo an external certification inspection or audit. This is the final step before an organization is granted approval or clearance from a regulatory body such as the International Organization for Standardization (ISO), U.S. Food and Drug Administration (FDA), or European Commission to market and sell their products in designated regions.

Companies seeking certification or approval often conduct routine internal audits to assess whether their QMS meets regulatory requirements. Internal audits usually take place during the initial QMS implementation as well as after the certification process.

Additional Resources

What is QMS?

QMS Audits and Inspections

QMS Implementation

QMS Planning

Continuous Improvement

Most Frequently Asked QMS Questions

INTERNAL AUDIT PLANNING AND PROCESS

The results of a regulatory audit or inspection can impact a company’s brand reputation and even its bottom line. Warnings or failed inspections from regulatory bodies like the FDA could result in a company shutdown, product recall, or delayed product launch.

Internal audits enable organizations to monitor the performance of their quality management system at any given time and mitigate compliance risks. They serve as “practice runs” for companies to identify flaws in the system and implement corrective actions before an official certification review occurs.

To get the most value from your internal audit, consider the following:

Develop an audit plan and scope

Determine the overall goal and objectives of the audit. What insights do you want to glean from the process? Also identify the departments and processes that need to be audited. These are typically the areas that are defined in your QMS manual. Finally, identify the resources or tools that will be needed to efficiently conduct the audit (e.g., audit checklists, documentation, questionnaires)

Select internal employee(s) or an external contractor to conduct the audit

The number of auditors selected will depend on the size of your organization as well as the different areas that need to be reviewed. Auditors should be thoroughly trained on the applicable regulation prior to performing their assessment.

Schedule meeting with auditors

Ensure that everyone is on the same page regarding the audit plan, purpose, and scope before they conduct their review.

Keep management team and staff in the loop

Educate senior management as well as all impacted teams on the auditing process so that they know what to expect. They must have a clear understanding of their contribution to the success of the project.

Assess QMS against applicable regulation or standard

During their assessment, auditors should review and compare various areas of the QMS (e.g., training records, corrective and preventive actions [CAPAs], design controls, environmental and safety certificates) against the applicable regulatory requirements. Auditors should document noncompliance issues and address their findings with staff members.

As part of the assessment, it is good practice to document the following:

Specific section of the regulation or standard
Applicable requirement
Observations and comments
Indication of whether the process/area is acceptable or deficient (i.e., compliant or noncompliant)

Review audit findings

After completing the QMS assessment, auditors should hold meetings with senior management and impacted teams to discuss their findings and review deficiencies. Reasonable deadlines must be established for teams to implement the necessary corrective actions.

9 TIPS TO PLAN FOR A REMOTE AUDIT

EXTERNAL CERTIFICATION AUDIT/INSPECTION PROCESS

Certification audits and inspections are typically conducted by accredited third-party representatives or in the case of the FDA, inspection officers. Depending on the type of certification, audits or inspections may occur in multiple stages and require onsite visits. The duration will vary based on the size of your organization.

It is best practice to schedule your certification audit or inspection after the QMS has been implemented for at least three months and you have successfully completed an internal audit and management review.

Like an internal audit, preparation is key to ensuring that you successfully pass a QMS certification. Senior management and staff should be aware of the upcoming assessment and understand the process. In addition, the following items should be up to date and readily accessible:

• Quality policy, objectives, and scope
• Employee training records
• Organizational roles and responsibilities
• Documentation (e.g., SOPs, work instructions, product design records, supplier information)

As part of their initial assessment, auditor(s) or inspector(s) will review any notes that were gathered from your internal audits and management reviews. They will also look at your quality objectives as well as your documented processes and procedures.

The auditor(s) or inspector(s) will visit departments and interview staff members to assess whether they are following the processes that are implemented under the specified regulatory requirement.

Additionally, they will check for records or data that demonstrate you have been tracking the progress of your QMS and meeting the objectives outlined in your quality plan. They also want to see that you have implemented corrective measures to make improvements along the way.

Upon completing the QMS review, auditors/inspectors will document their findings and provide feedback on what is going well and areas that need improvement.

If significant compliance issues are found, you will need to implement corrective actions prior to receiving the certification. If no major issues are identified, you will be issued a certification that lasts for a specified period.

5 TIPS TO PASS AN FDA OR ISO AUDIT

SURVEILLANCE AND RECERTIFICATON AUDITS/INSPECTIONS

Organizations may be required to undergo periodic (e.g., annual) surveillance audits to ensure that they maintain conformance to the applicable standard or regulation. Surveillance audits are less extensive than the initial certification audit, focusing only on select areas of a QMS. If any gaps are identified during the surveillance, the auditor will issue a nonconformance report. In turn, the company will need to implement the necessary corrective actions to maintain their certification.

Recertification audits/inspections occur a specified amount of time after the original certification assessment. They ensure that companies are updating their QMS to align with changing regulatory requirements. They also check whether the QMS adequately documents process changes and improvements over time and whether companies implement the necessary employee training.

REDUCING AUDIT RISKS WITH A PRODUCT-CENTRIC QUALITY MANAGEMENT SYSTEM

Whether it’s an internal, certification, or surveillance audit, organizations must always be audit ready.

Cloud enterprise quality management system (eQMS) solutions eliminate the manual work and stress that is often associated with audit preparation. They provide a centralized platform to store, manage, and track quality records electronically. In turn, teams can quickly respond to auditors’ or inspectors’ request for information and be confident that everything is accurate and up to date.

A product-centric eQMS solution streamlines audits and inspections even further by maintaining a tight connection between product information, quality processes, and training plans. By managing linked relationships between product bills of materials (BOMs), documentation, and any changes or quality issues, organizations gain complete visibility into nonconformances and reduce audit risks.