Risk Based Audits ocussing on those areas of identified risk

E

eric abbott

#1
Does anyone have experience of Risk based auditing i.e. focussing on those areas of identified risk rather than on those which, if non-compliant would have no significant impact on the process.

Regards
Eric
 
Elsmar Forum Sponsor
S

stefanson

#2
Hi Eric,

I have evaluated organizations for risk of delivering nonconforming products and violating regulatory requirements. I call them Risk Assessment Audits or Risk Analyses or Risk Reduction System Evaluations. Should allegations of product liability or regulatory compliance be raised, organizations need to have systems, practices and records in place to send the investigators elsewhere.

What would you like to know?
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#3
I'd like to hear whatever you have to say about format, what things are you looking at, how do you assign risk values, etc.
 
G

Greg Mack

#4
Hi Eric,

I have used a risk based assessment for our internal audit schedule. As we have a National system (across Australia) involving five business units, I have asked each Department Manager in all businesses to assess each procedure based on risk to the business.

A rating of "1" is considered a high risk, "2" is considered a medium risk, and "3" a low one. These are then scheduled to be audited six monthly, annually and biennially respectively.

This was a good and easy approach which has worked well for us and also impressed our third party auditors. It is an easy approach to compiling an audit schedule based on risk.

Recently (last week) I re-issued our schedule and changed it somewhat. I have made the schedule more of a "real-time" schedule rather than an excessive planned approach, and also cut back dramatically on the base schedule.

Now we have our category "1's" which are audited by an internal Corporate Team annually. Category "2's" are scheduled once every two years, and category "3's" are considered optional based on need as they are not considered a risk to the day-to-day operation of the business.

The intent is that the trends identified in the Corrective/Preventive Action system are added to the audit schedule on a progressive basis. So this then reflects the current "real-time risks" of the business rather than trying to plan risks over two years based on gut-feel.

Of course, should the business wish to audit areas at a higher rate than the base schedule then that is up to each respective business.

This approach seems to be good on paper so far, and time will tell how effective it is. I am banking on it being a winner though.

Hope this insight helps.
 
Thread starter Similar threads Forum Replies Date
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
Sidney Vianna FAA and DCMA to leverage OASIS data to assist in planning risk-based oversight audits Federal Aviation Administration (FAA) Standards and Requirements 3
Sidney Vianna Risk Based Audits - Will the industry change it's approach? Registrars and Notified Bodies 0
S Risk based internal auditing Internal Auditing 6
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 5
D Reduction of software class based on multiple external risk controls IEC 62304 - Medical Device Software Life Cycle Processes 5
D Validation of existing equipment - Risk based approach example ISO 13485:2016 - Medical Device Quality Management Systems 3
D Requirement of Pharmacovigilance (Drug Safety) Risk Based Strategic and Tactical Audit Plan General Auditing Discussions 0
Ed Panek Are audit non conformances also risk based? ISO 13485:2016 - Medical Device Quality Management Systems 1
C Usability IEC 62366-1:2015 and MDR 2017/745 - Risk based approach IEC 62366 - Medical Device Usability Engineering 1
M Informational USFDA draft guidance – A Risk-Based Approach to Monitoring of Clinical Investigations Questions and Answers Guidance for Industry Medical Device and FDA Regulations and Standards News 0
P Looking for Risk Assessment Template - Not necessarily Asset based IEC 27001 - Information Security Management Systems (ISMS) 1
S Can anybody share a sample risk assessment prepared based on ISO 17025:2017? ISO 17025 related Discussions 15
E Basic Risk based thinking questions Risk Management Principles and Generic Guidelines 5
Jen Kirley Risk Based Thinking and acts of God/Mother Nature Business Continuity & Resiliency Planning (BCRP) 1
T What is Risk-based Design? ISO 14971 - Medical Device Risk Management 15
Q Questions about the Risk-based approach to QMS processes ISO 13485:2016 - Medical Device Quality Management Systems 17
S ISO 13485:2016 - Risk-based Approach ISO 13485:2016 - Medical Device Quality Management Systems 3
S Risk based approach - Procedures already take a risk-based approach to QMS processes ISO 13485:2016 - Medical Device Quality Management Systems 3
S Risk Based Approach for ISO 13485:2016 Form/Procedure ISO 13485:2016 - Medical Device Quality Management Systems 23
Q Risk Based Thinking - Is a Documented Procedure required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Chennaiite But who said we are new to Risk based thinking Imported Legacy Blogs 1
Y Examples of Risk and Opportunities based on ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q Is it worth the effort to implement ISO 31000 Risk based on ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
B Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Examples ISO 13485:2016 - Medical Device Quality Management Systems 21
Sidney Vianna Are the TC 176 Documents on Risk Based Thinking useful to you? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 54
J Timeframes for Risk-Based Biocompatibiilty Assessment Other Medical Device Related Standards 3
S Help me with preparing Internal Audit Schedule based on Risk analysis 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
D Risk Based Inspection: Injection Molding Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
A Risk Based Internal Quality Audit Scheduling and Planning Internal Auditing 2
T Risk based Impact Level related to Customer Complaints 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
G Why do we use Sampling Plans based on Producer's Risk? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 20
RoxaneB Risk-Based Audit Results - Audit Program for Multiple Locations General Auditing Discussions 8
V Evolving QA from 'Compliance-based' to 'Science/Risk-based' approach US Food and Drug Administration (FDA) 2
AnaMariaVR2 Risk Based Approach to Validation [article] Qualification and Validation (including 21 CFR Part 11) 3
W Customer wants 'Risk Based Compliance' for our Plastic Component Other Medical Device and Orthopedic Related Topics 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
C Is Risk Based Decision Making part of Preventive Action Preventive Action and Continuous Improvement 5
Ajit Basrur Risk Based Internal Auditing - Pharmaceutical Plants Internal Auditing 3
J Overall Residual Risk Procedure based on the 2007 version of ISO 14971 ISO 14971 - Medical Device Risk Management 4
S Supplier Risk Check Sheet based on Quality and Delivery needed Supplier Quality Assurance and other Supplier Issues 1
C ISO/ PAS 28000 Implementation Guide - I'm interested in its risk based approach Other ISO and International Standards and European Regulations 4
Jen Kirley Some Options for Risk Based Auditing The Reading Room 14
sathis Risk Based Certification General Auditing Discussions 2
C How is risk management handled in a software-based product ISO 13485:2016 - Medical Device Quality Management Systems 1
Scott Catron Any difference in FDA inspections since the risk-based approach was announced? US Food and Drug Administration (FDA) 6
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
Similar threads


















































Top Bottom