AUDITS! Different types of audits and what they mean?

C

cartman1417

Hello Experts,

Some of you might recognize me from my recent posts. I have a silly question now.

What is an audit? audit system? internal audit system? etc.

Background: We are a new 2 person medical device company. I am the QA/Manufacturing/Engineering director (believe it or not!). We are starting to setup QMS and make our way to get the product CE Marking.

I've established the quality manual and a lot of procedures and forms. A few are remaining. Now I am at the 822 - Internal Audit procedure and I don't understand what it is?

I looked at other threads in this forum, but it keeps on confusing me

When I did internal audits I audited the internal audit system. I was not responsible for the audit system, only for the internal audit I did.

What I did do was require someone from the company to go over my internal audit and do a writeup (audit, if you will) of my audit to verify that I did the internal audit according to the system. The person who reviewed my internal audit was the person who was responsible for the internal audit system.

Can someone please explain in plain English what audit is all about and what's the process to get it done? audit system, internal audit system, internal audit, external audit, who does what, should i take internal audit course, etc.

Thanks in advance!
 
Last edited by a moderator:

qusys

Trusted Information Resource
Hello Experts,

Some of you might recognize me from my recent posts. I have a silly question now.

What is an audit? audit system? internal audit system? etc.

Background: We are a new 2 person medical device company. I am the QA/Manufacturing/Engineering director (believe it or not!). We are starting to setup QMS and make our way to get the product CE Marking.

I've established the quality manual and a lot of procedures and forms. A few are remaining. Now I am at the 822 - Internal Audit procedure and I don't understand what it is?

I looked at other threads in this forum, but it keeps on confusing me


Can someone please explain in plain English what audit is all about and what's the process to get it done? audit system, internal audit system, internal audit, external audit, who does what, should i take internal audit course, etc.

Thanks in advance!

Hi,
I advice to follow a training or get familiar reading book about QMS, iSO9001 etc...and auditing.
As per ISO 9001 you shall establish a documented procedure about internal audit, explaining what you do meet the clause of ISO 9001 8.2.2 for example.
Internal audit is a sistematic, documented activity to verify the audit criteria by internal competent personnel. You can find definition in ISO 9000:2008
External audit are registrar audit or audit vs your supplier
or your customer vs you.:bigwave:
 

Mikishots

Trusted Information Resource
Hello Experts,

Some of you might recognize me from my recent posts. I have a silly question now.

What is an audit? audit system? internal audit system? etc.

Background: We are a new 2 person medical device company. I am the QA/Manufacturing/Engineering director (believe it or not!). We are starting to setup QMS and make our way to get the product CE Marking.

I've established the quality manual and a lot of procedures and forms. A few are remaining. Now I am at the 822 - Internal Audit procedure and I don't understand what it is?

I looked at other threads in this forum, but it keeps on confusing me



Can someone please explain in plain English what audit is all about and what's the process to get it done? audit system, internal audit system, internal audit, external audit, who does what, should i take internal audit course, etc.

Thanks in advance!

An audit is a planned, indepedent and documented assessment to determine if agreed-upon requirements have been met.

First-party audits are internal audits - the auditor conducts these to determine conformance to requirements within the organization itself. Second-party audits are audits of customers or suppliers crossing into the organizational circle to audit the organization (their supplier). Third-party audits are completely independent of the customer-supplier relationship; these are termed external audits and are generally conducted for independent certification of a product, process or system.

Where I work, our main standards are AS9100C and CAR561/Standard 563. It requires us to perform first-party audits using the process-based model (not only verifying that the requirements of the standards are met, but more importantly conducting them from the point of view of inputs, process and outputs, examining metrics that show the degree of effectivity). The point is that even if you have documentation to show that you have satisfied every single clause of the standard, it doesn't show that you have determined how the requirements flow together or if your flow actually works to be effective; so many quality manuals are a copy-paste from the standard, clause by clause, but without a process map showing how all the functions connect, it's meaningless.

I'd strongly recommend a training course - it will go a long way in helping you determining not only what you need to do, but also guide you in what the best method is for your business.

EDIT: As for 8.2.2, it asks that you verify that your QMS conforms to what you said you were going to do (which you should have done through Clause 7.1), and conforms to the standard. It also asks that you examine if the QMS is EFFECTIVE; does it work? Does it do what you intended it to do?

Next, it asks you to schedule your audits based on past results and the criticality of your processes. You're required to have an internal audit procedure that defines how you'll detail what is included in each audit, how often you'll do them and how you intend on performing them. You need to be objective and collect evidence - no assumptions or personal views. You can't audit the internal audit process yourself, there needs to be someone to do this.

You need to treat the audit results as records. You need to keep them according to your Control of Records procedure (also mandatory).

The manager of the area audited is responsible for addressing your findings. He/she doesn't have to actually do it, but rather is responsible for getting the actions completed satisfactorily. Then you are required to follow-up to see if your findings have been adequately addressed.

Now the biggie - you'll hear these questions a lot: "I realize that our process is broken, so if we did "X", would that be OK to you?" or "What do you think we should do?". You cannot get involved in this conversation because if you do, you become an owner of that solution. What if it's wrong or doesn't work? The last thing you ever want to hear is "We do it this way because the auditor told us to". Instead, gently refer to the requirements of the standard. Maddening for them, but objectivity is paramount. The old joke is that an auditor always responds to a question by asking another question.

Sorry it's so long, but I hope this helps.
 
Last edited:

kreid

Involved In Discussions
An audit is an independent inspection and review of a quality management system or part of a quality management system (the scope should be defined before beginning the audit). The objective is to assess that, what is being done by the 'workers' complies with the quality management system of the company. This assessment is based on the review of objective evidence. The result of any audit should be a document (audit report) which details all of the evidence reviewed, people interviewed etc and what findings were made - findings are areas that were found not to comply with the QMS (these can be graded - with remedial action being linked to the grade).

An audit system is the planned series of audits which will cover the whole QMS and the repetition over time of the audits to ensure the continuing adherance to the QMS.

An auditor training course will be useful.

The problem you (and many other small companies) have is that the auditor (you) needs to be independent of the processes being audited. As there is only two of you in the company then this will be very difficult :).

One solution would be to find another small med-dev company with the same independence issue and 'trade' audits. You do their audits and they do yours. Everybody wins!
 
Q

QASPECIALIST2012

:confused: Hello, I would like to add to this question... What is the difference between product audits and process audits and is there a schedule for one or both. I am so confused. I work for an automotive supplier and I have been auditing the QMS and the Processes but I have become completely lost when the 3rd party auditor told me that I needed a audit schedule for product and not process.
 

qusys

Trusted Information Resource
:confused: Hello, I would like to add to this question... What is the difference between product audits and process audits and is there a schedule for one or both. I am so confused. I work for an automotive supplier and I have been auditing the QMS and the Processes but I have become completely lost when the 3rd party auditor told me that I needed a audit schedule for product and not process.

Hi,
welcome on the forum.
I guess you are talking about ISO TS 16949 and that your organization is certified vs that standard.
ISO TS requires for internal product audit, process audit and system audit.
The requirement of the internal audit clause say that you shall establish a program for the internal audit, including the above items.
Product audit is focus on the product itself, you need to audit a product at appropriate stage of production, including , labelling, shipping and customer requirments fulfillment. There are several method to do it. I do not know if you have established procedure for this. Hower in this forum in post attachment you can find several example , putting product audit or checklist in the requested keyworf field.
Process audit is related to mfg process and the scope is to if you are compliant starting from control plan.In this audit you shall take into account the customer requirements too.
In system audit you shall audit your QMS processes checking if ISO TS clauses, internal requirments and customer one are met as well as their effectiveness and efficiency.
In brief you can evaluate your QMS processes in terms of input, output, procedures, training, measurement, indicies, controls as well as link with the other QMS processes. You should apply the so called process approach in auditing.
Hope this helps:bigwave:
 

NikkiQSM

Quite Involved in Discussions
An audit is an inspection of a what you say you do basically. Its a process in which you provide evidence that you are really doing what you say you are doing.

For example, when I conduct the audits on my procedures, I randomly select sections for my audit questions. Let's say, I am auditing my Control of Documents Procedure. My procedure states that I keep a log of all documents, and the changes / adjustments made to them. I would go to this log, and take a quick copy of the last page. I put the copy with my audit documents, and there, that question is done, we are in conformance, and I have objective evidence to prove it.

My internal audit system is pretty simple. It consists of a calendar, which lists my internal procedures and the months each one is due to be audited. It also lists who does the audit. Because I work for such a small company - I am basically the audit system. There is only one other auditor here, and they are responsible for auditing the areas that I am responsible for, because we all know, you can not audit your own work :)

An internal audit is an audit you perform on your own processes.

An external audit is an audit you may perform at your supplier's company to ensure they are following their own processes / ISO / etc.

I hope this is helpful, but again, this is what works for me :)
 
Q

QASPECIALIST2012

Thank you so much for the help. I will look through some of the examples here.
 

AndyN

Moved On
An audit is an inspection of a what you say you do basically. Its a process in which you provide evidence that you are really doing what you say you are doing.

For example, when I conduct the audits on my procedures, I randomly select sections for my audit questions. Let's say, I am auditing my Control of Documents Procedure. My procedure states that I keep a log of all documents, and the changes / adjustments made to them. I would go to this log, and take a quick copy of the last page. I put the copy with my audit documents, and there, that question is done, we are in conformance, and I have objective evidence to prove it.

So, Nikki, do you ever evaluate if this is effective? That's also what internal audits is about. Do you ever look to see if the changes are getting to the correct people at the correct time? Keeping a log is great, but what about all the other things that go to make up effective document change controls...

Doing audits is more than "say what you do, do what you say". An internal audit programme is supposed to be validating for management that the processes of the QMS are also effective, which is a step further.

BTW - if you are in an ISO certified company and your CB auditor didn't comment about that, you've been paying too much for their visits!:mg:
 
T

treesei

My procedure states that I keep a log of all documents, and the changes / adjustments made to them. I would go to this log, and take a quick copy of the last page. I put the copy with my audit documents, and there, that question is done, we are in conformance, and I have objective evidence to prove it.

Is the completion and accuracy of the log verified?
 
Last edited by a moderator:
Top Bottom