How to define risk levels in an audit - Is a Major critical?

R

rick melton - 2007

#1
Hi Folks,
I didn't know where to sart this , so I thought I would start here.

Does anyone know where and/or who I can find information on how audit findings are defined in terms of "Risk". EX "critical, moderate, minimal or no risk.

EX Would a "Major observation equal Critical"?

Any help would be greatly appreciated!!

Rick :confused:
 
Elsmar Forum Sponsor
C

Carl Keller

#2
Rick,

You have touched on a problem that ISO does not fully address.

The standard is completely open to interpretation in this area.

Certainly a "major" finding would be considered "critical" because if it is not addressed, it could result in loss of registration (theoretically, because I have not seen an actual first hand account of it)

All I can give you is my opinion based on 15 years of experience, however it remains an opinion.

A Major = Critical
Several Minors for the same or similar issues = Critical
One Minor = moderate
Several observations in same or similar area = moderate
One observation = minimal

Losing registration = no risk, because you are not going to lose it unless you don't pay your invoice (Sorry guys and gals, had to add that in!)


Carl-
 
Last edited by a moderator:
R

rick melton - 2007

#3
Thanks Carl for your input!!

Let's look at this from a different angle.
This is how my boss wants to look at it.

Critical = A warning letter from the FDA
Moderate = An OAI "Official Action Indicated" 483 (several Items)
Low Risk = A VAI "Voluntary Action Indicated" 483 (Minimal Items)
No Risk = No 483 issued

Any thoughts?? :)

Rick
 
C

Carl Keller

#4
Sounds sensible to me.

I am by no means an FDA audit expert, but it is consistent with the Medical device regulatory seminar I just attended.

I would think as long as you addressed each appropriately (Instant reaction to critical, timely reaction to Moderate/low) you would be fine.

Carl-
 

Randy

Super Moderator
#5
1st you start with a blindfolded Chimp, a bottle of Tequilla, a dart board, a dart and a revolving stool.....and that's as scientific as it gets :lmao:
 

RoxaneB

Super Moderator
Super Moderator
#6
Rick, I don't understand why you wish to have risk levels assigned to audit findings...we have enough debates on what constitutes a Major versus a Minor!

You could do a search on "risk assessment" here in the Cove. That triggered a few hits when I did it.

My company, while we do not assigned risk levels to audit findings, does do an exercise to help us identify key processes (we do not like to use the word "critical" as we are an union environment).

A key proces is both important and a problem. It is the overlapping area between Problem Processes (creates defects, downtime, rework, etc.) and Important Processes (large impact on cost, quality, safety, environment, ability to meet requirements, etc.)
 

Weiner Dog

Med Device Consultant
#7
Re: HELP!! How to define risk levels in an audit.

Remember, not all violations to the FD&C Act are placed on a FDA 483. Examples would include unapproved medical devices, mislabeling issues, and registration and product listing issues. OAI, VAI, NAI are FDA's inspectional classifications. These classifications are made by FDA compliance officers not FDA investigators. However, the Compliance Programs and Regulatory Manual (on the FDA website) give FDA guidance as to how to classify inspections. OAI is serious. It does not mean an instant warning letter. FDA may have something else in the works... A warning letter is just that- it gives warning- if "X" is not corrected within a specific time, then actions may occur (such as civil money penalties, invunctions, seizures, and/or prosecutions).
 
Thread starter Similar threads Forum Replies Date
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
I How do you define Risk (Medical Device)? ISO 14971 - Medical Device Risk Management 30
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
V How to define Risk Acceptance Criteria? ISO 13485:2016 - Medical Device Quality Management Systems 3
B Define Fault, Double Fault and Normal Conditions - Preparing a Risk Management File FMEA and Control Plans 1
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
M Define voltage and frequency to perform tests 61010-1 and 61326-1 for CE certification CE Marking (Conformité Européene) / CB Scheme 4
I Sampling processes - Who must define the AQL level? AQL - Acceptable Quality Level 9
V Who should define and own the Design and Development Plan and how to maintain the updates and revisions. ISO 13485:2016 - Medical Device Quality Management Systems 2
S API Spec Q1 - How to define Management Representative competency for QMS Oil and Gas Industry Standards and Regulations 12
M How To Define ISMS (information Security Management System) Scope IEC 27001 - Information Security Management Systems (ISMS) 18
K How to define Expected life service life of medical device Other Medical Device Related Standards 4
S How to Define Importers under EU MDR / Brexit EU Medical Device Regulations 3
M Should Potential Customer Complaint Outcome Define Registrar NC Rating? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
K ISO 9001:2015 clause 9.2.2 a. - Define the audit criteria and scope Internal Auditing 2
Q QI Macro Histogram - Can someone define *sorted data*? Capability, Accuracy and Stability - Processes, Machines, etc. 7
H How to define Root Cause when some points are out of control chart Statistical Analysis Tools, Techniques and SPC 6
M SOP or template for a study to Define Storage Conditions of Orthopaedic Implants EU Medical Device Regulations 3
D Definition Client - How does the government define their clients? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 1
G How to define the scope of QMS as per ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
R How to define QMS certification scope statement? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
R Review of "Key Data" for contract labs, but SOP doesn't define "key data". Problem? Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
G Procedure to define Signing Authority for Procurement Limits ISO 13485:2016 - Medical Device Quality Management Systems 2
P Can a company define new quality standards for special industry ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
L Are there any requirements to define barcode requirements ? Misc. Quality Assurance and Business Systems Related Topics 2
X How to define Calibration Acceptance Criteria General Measurement Device and Calibration Topics 3
H ISO 17025 - How to define a "Test Equipment" ? ISO 17025 related Discussions 2
J Where do you define Internal Auditor qualifications? Internal Auditing 9
V Is there an approach to define the "must 'or' should" in supplier audits? US Food and Drug Administration (FDA) 2
T Internal Audit - How to define the Importance of Departments and Processes Internal Auditing 8
T Help me understand how to define Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 40
L How to define R & D Receiving (Incoming) Inspection Plan Design and Development of Products and Processes 18
B How to define and implement Configuration Management Document Control Systems, Procedures, Forms and Templates 5
C How to Define and Document Controls of Outsourced Processes Food Safety - ISO 22000, HACCP (21 CFR 120) 5
S Please help me define training requirements for a Career in Regulatory Affairs 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
K How to define the Acceptances Criteria for all equipment? Manufacturing and Related Processes 7
L Definition Program - How do you define Program with regard to ISO 9001? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
A Supplier Evaluation SOP - How do I Define Major and Minor Suppliers? Supplier Quality Assurance and other Supplier Issues 14
Q Where to define Authorities and Responsibilities in Documentation? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
J Define Energy Used/Delivered - Applicable to Electrical or Mechanical Power or both? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
R 820.50 (A) (2)Define the Type and Extent of Control to be exercised over Vendor Misc. Quality Assurance and Business Systems Related Topics 5
A Where to define Process Tailoring Form used in CMMI in the ISO 9001 Quality Manual? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Criteria to define QMS processes in ISO/TS 16949:2009 IATF 16949 - Automotive Quality Systems Standard 23
S How to define New Equipment? Device is Returned, Refurbished or Repaired Misc. Quality Assurance and Business Systems Related Topics 3
C Controlling Documents: Beyond the standard, how do we truly define what to control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
C How to define Process Special Characteristics (SC) FMEA and Control Plans 4
kedarg6500 What is the meaning of "define/defined" in ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
Crusader Local Control Document procedure....define it or not? Document Control Systems, Procedures, Forms and Templates 24
M Excel Templates for Plan & Define Phase in NPI Process for Tire Manufacturer Excel .xls Spreadsheet Templates and Tools 1
R Define Data from Taguchi to Response Surface Methodology in Minitab Using Minitab Software 2

Similar threads

Top Bottom