This is the next in the series regarding ISO/IEC 17025:2005 to give some idea regarding the Clauses. As always, this is not from the Oracle of Delphi, so your input is sought also.

ISO/IEC 17025:2005 Clause 4.14 including the sub-Clauses, addresses the internal audit.

Internal audits are often looked upon as bad, but they don't have to be; infact properly done they are good things. First though we need to understand the role of the internal audit.

Internal audit is like a full physical exam you get from your doctor. They take the height and weight and blood pressure and temperature, EKG, other tests too. Some tests we might consider invasive but they are necessary. Intruth internal audits are invasive and disruptive also, but necessary.

Not necessary just because the Standard requires it, but it is a good monitoring tool. In ISO/IEC 17025:2005 it should NOT be considered the ONLY monitoring tool however, and we will discuss others later.

In ISO/IEC 17025:2005 Clause 4.14.1 the internal audit is required to look at the QMS of course but ALSO at the technical operations of the lab. Small labs of course will find this challenging just the same as for Management Review. In larger labs, it may be a littl easier as more people are available, but may not be technically qualified for given operations.

The Standard suggests a one year time to complete the internal audit of all lab operations. However, take this as Gospel. After all, try to take two years or three and see if your AB lets that go!

There must be a predetermined schedule and procedure. Small labs that do everything with quality manual and cal procedures can include this in the quality manual easily. Don't over-engineer this. Most of the time your chosen AB will likely give you their 17025 checklist (not all will though) and then change the headers and use that.

You need to include a schedule also. This may be as basic as simply stating a month in the year, included in the procedure, or could be as detailed as specific departments on specific days. The detail will vary lab to lab, but must be reasonably appropriate to the lab. And of course, the assessor will look to see if the documentation supports the internal audit as covering QMS and technical operations, and whether the audit is effective.

Clause 4.14.2 requires the audit to review whether the operations are effective, and whether the results are correct and valid. The effectiveness is somewhat interpretive, but if incorrect results are going out, review of reports/certs is not done, etc., then the operations may not be effective. This needs to be documented in the internal audit.

The lab has to take "timely" corrective action. The term is interpretive, but the time needs to be resonable, and follow-up to assure effectiveness needs to be done also. Oh, make sure the corrective action system is used, and that non-conformances are reviewed in Management Review.

One other point here that is also mentioned in Clause 4.9.1.d and .e is the potential to have to notify customers and recall work. This comes directly from the effectiveness or lack of, and if the system is not effective then it must be documented under Control of Non-Conforming Work and use the corrective action system.

Clause 4.14.3 basically means keep the documentation, which parallels Clause 4.13.1.1 concerning records.

Non-conformances need to be followed up on once resolved, and that also must be documented.

Now, here is the summary, time for you the reader to share experiences, tips, tricks, etc. with everyone else!

Internal audits are often looked upon as bad, but they don't have to be; infact properly done they are good things.

How so? What's "properly"? Could it be that the very way they are currently taught engenders the negative atmosphere?

Hershal, I've spent years trying to teach my management that internal audits are a snapshot of what is going on at that point in time. IMHO, saying that they are a full physical places way too much responsibility on the audit team. Unless a business had a fully dedicated audit team who did nothing except auditing 8 hours a day, I just don't see where you could compare an audit to a full physical? Other than that, I do agree that auditing can help a company improve their process by finding the "sick" parts (nonconformities) and healing them (CA/PA).

Hershal, I've spent years trying to teach my management that internal audits are a snapshot of what is going on at that point in time. IMHO, saying that they are a full physical places way too much responsibility on the audit team. Unless a business had a fully dedicated audit team who did nothing except auditing 8 hours a day, I just don't see where you could compare an audit to a full physical? Other than that, I do agree that auditing can help a company improve their process by finding the "sick" parts (nonconformities) and healing them (CA/PA).

I totally agree with Steel!

Using the analogy (which is always risky because they rarely work completely) - no one would maintain their health by only going to the docs once or twice a year. It has to be monitored (standing on the scales, looking in the mirror and poking your tongue out! etc.) especially when one is not feeling 'tip top', rather than having a physical each time.

Certainly, basic things are checked at each docs visit - blood pressure etc. To me these are like auditing the basics of document control, records etc.

When symptoms (problems) develop it's wise to focus on those and have them diagnosed and treated, whether it's a simple headache, blister etc. One simply wouldn't rush off to the docs for all ailments and it would be crazy to mention a small issue six months after is appeared and healed!

I also don't agree that using an AB's checklist as the basis for internal audits is a good idea - but we've done that one to death and beyond in other threads....

Alright, finally hit one that gets some discussion going! Woo Hoo!

I agree, internal audits are typically a sample, just as external ones are. But the internal can and should spend more time than the external.

I agree that it should be easier for internal auditors to be able to find the bodies. But, I'm lucky if I can get my auditors pried away from their jobs for more than an hour at a time. I usually have to bring them in on their days off to get any really quality time. Of course, you know what happens when I force people to come in on their day off, right?

A company will either do a good job at internal audits, or it will do what is necessary. Most want their auditors to perform world class audits, but don't want to give them the resources, the encouragement, or the recognition that they should be rewarded with.:(

Hershal,

Thank you for this series of threads and thanks to everyone who has posted replies so far. About 9 months ago I moved from manufacturing into the ISO 17025 world. For me this discussion ranks right up there with sliced bread. I hope you all can keep it going. People out here are paying attention.

One comment I would like to add is that I have found, at least in smaller shops, the internal audit is a great training tool. It can be used to train, encourage people to be involved and understand that what they do makes a difference.

Thanks again.:thanx:

My audits have tended to be a physical exam, and it's caused a fair amount of pain in an organization that previously had, and sort of wishes it still had, someone who is just kicking the tires. We're tight on resources to do troublesome things like rethink what I'm asking about: is such-and-such really required, or are we doing it out of tradition or what?