A Novel (?) Idea for Internal Audit Planning

S

spiderman

We are a laboratory testing service organization that is both FDA registered and ISO13485 certified. We host between 40 and 50 customer audits per year. The audits are typically one day audits covering our QS and specific records for the service we perform for ach particular client. Although management has a strong commitment to getting them done, we have struggled with trying to complete our internal audits for a variety of reasons: lack of resources, lack of interest of personnel to be auditors, etc.
We have come up with an idea and would like some feedback on whether this approach meets the intent of the FDA regs and ISO standard.

For each customer audit we maintain detailed records of the audit:
-audit agenda,
-elements of the standard audited,
-list of documents reviewed by the auditor,
-any OFI's, observations, NC's, reports,
-any CAPA's or actions taken to address findings.

We would like to leverage the outputs from those audits to come up with an internal audit plan that may or may not include certain elements of the standard based on the number of times a particular element has been audited in a customer audit and what the outcomes were. If the data shows a robust system with no findings or OFI's we would justify not including it in our internal audit plan as there would likely be minimal value added. If there have been observations, NC's or OFI's, then we would include that element in order to dig deeper into the system to target improvement opportunities and to verify that any previous CAPA has been truly effective.

Thanks!!
 
J

JRKH

Off the top of my head, I don't see a problem with this from an ISO standpoint. I cannot speak to the "FDA" aspect.

Peace
James
 

Ninja

Looking for Reality
Trusted Information Resource
I see that you are ranking OFI with NC...have a think about that in the wording of your defense.

OFI = opportunity for improvement. It doesn't mean that your company chooses to use that particular opportunity. You may choose to improve in a different way that you think is even better.

If your defense is centered around no NC's...sounds pretty good.
If your defense is centered around no NC's or OFI's...now you have to audit even if you choose not to avail yourself of the opportunity.

Consider making the defense around NC's alone. Use the OFI's for what they are...I would separate them from the "already been audited" defense since they may not be directly related to conformance to the standard.

Just thoughts to consider...
 
S

spiderman

Thanks, I understand the distinction in your point and agree.
 

AndyN

Moved On
FWIW - I think you might be making a bigger problem for yourself, trying to do this. Numbers of NCs don't equate to content of NCs. You're assuming that all auditors are created equally and that they possess objectivity and have no bias towards specific requirements of the system. It may seem like a good idea and I don't doubt that there are some worthy findings in there, but I'd prefer to take them on a case by case basis and focus your efforts on getting you own internal audits up to a place where your management go 'wow'...
 
Top Bottom