Internal Audit Plan using Risk Assessment for ISO 17025

[swang]

Hello Everyone,

We are an ISO 17025 testing laboratory that are accredited to a wide variety of test/technology for Chemistry testing. Our A2LA scope encompasses Medical Device testing for metals (ICP-OES, ICP-MS), Fatty Acids (UPLC/MS), Extractables Preparation, Semi-Volatiles (GC/MS), Volatiles (GC/MS), Time of Flight (UPLC/TOF). We also test Nicotine for Propylene Glycol (HPLC-RI), Nicotine Assay (UPLC-UV), Water Content (GC-TCD) etc. We also test for Cannabis using for percent moisture, terpenes etc.

Our current internal audit plan schedule is to audit each technology on a rotating schedule. My management objective is to revise our internal audit plan to add risk assessment in dictating our plan. I want to factor in corrective actions, client complaints, results of external audits, changes to personnel and/or method to get a score that allows for less frequency based on lower risk and more frequent auditing for higher risk scores. Can someone provide an excel template they utilize for this?

Also I am uncertain for ISO 17025:2017 compliance, is all the individual technology its own category for internal audits? If a company's scope is large, that is a lot of audits!!! Wondering how does someone handle this.

Please help, much appreciated.

 

[Jen Kirley]

Hello Everyone,

We are an ISO 17025 testing laboratory that are accredited to a wide variety of test/technology for Chemistry testing. Our A2LA scope encompasses Medical Device testing for metals (ICP-OES, ICP-MS), Fatty Acids (UPLC/MS), Extractables Preparation, Semi-Volatiles (GC/MS), Volatiles (GC/MS), Time of Flight (UPLC/TOF). We also test Nicotine for Propylene Glycol (HPLC-RI), Nicotine Assay (UPLC-UV), Water Content (GC-TCD) etc. We also test for Cannabis using for percent moisture, terpenes etc.

Our current internal audit plan schedule is to audit each technology on a rotating schedule. My management objective is to revise our internal audit plan to add risk assessment in dictating our plan. I want to factor in corrective actions, client complaints, results of external audits, changes to personnel and/or method to get a score that allows for less frequency based on lower risk and more frequent auditing for higher risk scores. Can someone provide an excel template they utilize for this?

Also I am uncertain for ISO 17025:2017 compliance, is all the individual technology its own category for internal audits? If a company's scope is large, that is a lot of audits!!! Wondering how does someone handle this.

Please help, much appreciated.

Hello, welcome to The Cove! I am sorry for the delay in this response.

Any spreadsheet dashboard I could provide for you might be interesting but presents potentially hours of labor to populate unless it could be modeled to collect and present the data from various sources on a single page.

So I wonder: what if top management includes this topic in Management Review? The data in its inputs are (hopefully) complete, correct and current, and since audits are supposed to serve everyone in the group and would need their buy-in in any case it makes sense to me that strategic audit focus could start there and the results of decisions recorded. Once the audits get completed their results can get reported back as audit result inputs so the management team can respond with whatever further plans they decide are proper and practical.

In this way the review of performance data serves a practical purpose for the organization, facilitates "actions taken to reduce risk" by taking the first step which is to assess and identify need for action.