Internal Auditor Selection (Outsourced Internal Audits)

[Nash27]

We have almost finalised an External Auditor to conduct our Internal Audits (ISO 13485: 2003 audit system) due to TGA requirement. To conduct QA/RA audit the auditor has asked a list of documents to review, which is more than last TGA auditor had requested for our entire QMS. The auditor does this work in addition to his routine work and his rates are far better than other auditing agencies (in other words it fits in our budget).

We have confidentiality agreement set up although we are reluctant to hand information such as Risk Management reports, clinical evaluation reports, technical file etc. through a USB or email for auditor to review. I am in dilemma, as one side auditor require this information in order to perform Internal audit, also to get acclimatised with product and processes and other side we don?t want to hand it to auditor through USB or email.

Does anyone would like to share how your Internal Audits done through an external auditor e.g. general process, frequency and duration, what is covered in the package etc

It would be great if someone can share their experience.

Thanks

 

[Claes Gefvenberg]

Re: Internal Auditor Selection

I am in dilemma, as one side auditor require this information in order to perform Internal audit, also to get acclimatised with product and processes and other side we don’t want to hand it to auditor through USB or email.

I am not really able to provide any clear cut answer, but maybe a bit of reasoning will help.

You do have the Confidentiality Agreement, and as you say, this person needs the information in order to be able to fulfil the task at hand. In the end you will have to let any internal auditor (so be it if you have enlisted external help) see the information needed to prepare and perform audits.

How you do it is another matter: You may have rules about if and how certain information will be allowed to leave the premises. The easiest way out of that predicament would be to provide a workspace inside said premises, but if that is not viable maybe you could provide the information via some copy protected media and require it back after use? That said, you can never erase an auditors memory, and that is where the Confidentiality Agreement (and mutual trust) comes in handy.

/Claes

 

[Kales Veggie]

Re: Internal Auditor Selection

I suggest you invite this auditor on your premises if your company is concerned about confidentiality. (This also happens in the automotive world).

Frequency / duration: Depends on your size of your company and complexity of your product and past and current quality issues and any regulatory findings that have been corrected and must be verified.

The auditor has to audit the complete QMS.

Lastly I hope you have a written agreement with the external auditor on the total cost for the services. You should be in charge and set the rules / audit schedule and

 

[Nash27]

Re: Internal Auditor Selection

I have searched forum and found great information, I love this forum.

I agree its mutual trust and cant erase auditor?s memory. Instead of auditor to direct us on how to conduct audit, we have decided to spend some time and modify our current audit plan. I am going to refer one of the forum member (Patricia) document ?Worksheet to justify your AUDIT PLAN? its great document (attached).

I don?t think that external auditor necessarily audit entire QMS we are planning to conduct few of the audits by our self for e.g. being working in QA and as a trained auditor I can conduct sales audit and Operations Manager who is also trained auditor can conduct finance audits. We will make sure that all QMS is covered as part of the Internal audits to judge effectiveness of QMS. We are small medical device manufacturer with 4 FT and rest are casual staff (4).

We are aiming for external auditor to conduct 3 areas viz QA/RA, Warehouse / Despatch and Operations