How to define risk levels in an audit - Is a Major critical?

R

rick melton - 2007

Hi Folks,
I didn't know where to sart this , so I thought I would start here.

Does anyone know where and/or who I can find information on how audit findings are defined in terms of "Risk". EX "critical, moderate, minimal or no risk.

EX Would a "Major observation equal Critical"?

Any help would be greatly appreciated!!

Rick :confused:
 
C

Carl Keller

Rick,

You have touched on a problem that ISO does not fully address.

The standard is completely open to interpretation in this area.

Certainly a "major" finding would be considered "critical" because if it is not addressed, it could result in loss of registration (theoretically, because I have not seen an actual first hand account of it)

All I can give you is my opinion based on 15 years of experience, however it remains an opinion.

A Major = Critical
Several Minors for the same or similar issues = Critical
One Minor = moderate
Several observations in same or similar area = moderate
One observation = minimal

Losing registration = no risk, because you are not going to lose it unless you don't pay your invoice (Sorry guys and gals, had to add that in!)


Carl-
 
Last edited by a moderator:
R

rick melton - 2007

Thanks Carl for your input!!

Let's look at this from a different angle.
This is how my boss wants to look at it.

Critical = A warning letter from the FDA
Moderate = An OAI "Official Action Indicated" 483 (several Items)
Low Risk = A VAI "Voluntary Action Indicated" 483 (Minimal Items)
No Risk = No 483 issued

Any thoughts?? :)

Rick
 
C

Carl Keller

Sounds sensible to me.

I am by no means an FDA audit expert, but it is consistent with the Medical device regulatory seminar I just attended.

I would think as long as you addressed each appropriately (Instant reaction to critical, timely reaction to Moderate/low) you would be fine.

Carl-
 

Randy

Super Moderator
1st you start with a blindfolded Chimp, a bottle of Tequilla, a dart board, a dart and a revolving stool.....and that's as scientific as it gets :lmao:
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
Rick, I don't understand why you wish to have risk levels assigned to audit findings...we have enough debates on what constitutes a Major versus a Minor!

You could do a search on "risk assessment" here in the Cove. That triggered a few hits when I did it.

My company, while we do not assigned risk levels to audit findings, does do an exercise to help us identify key processes (we do not like to use the word "critical" as we are an union environment).

A key proces is both important and a problem. It is the overlapping area between Problem Processes (creates defects, downtime, rework, etc.) and Important Processes (large impact on cost, quality, safety, environment, ability to meet requirements, etc.)
 

Weiner Dog

Med Device Consultant
Re: HELP!! How to define risk levels in an audit.

Remember, not all violations to the FD&C Act are placed on a FDA 483. Examples would include unapproved medical devices, mislabeling issues, and registration and product listing issues. OAI, VAI, NAI are FDA's inspectional classifications. These classifications are made by FDA compliance officers not FDA investigators. However, the Compliance Programs and Regulatory Manual (on the FDA website) give FDA guidance as to how to classify inspections. OAI is serious. It does not mean an instant warning letter. FDA may have something else in the works... A warning letter is just that- it gives warning- if "X" is not corrected within a specific time, then actions may occur (such as civil money penalties, invunctions, seizures, and/or prosecutions).
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: HELP!! How to define risk levels in an audit.

I have put an attachment to address this question in this thread.
 
Last edited:
Top Bottom