Using internal audits as part of document reviews

cgaro62

Registered
#1
Hi All,

I am an experienced quality assurance professional that includes implementing ISO 9001:2015, 13485:2016, AS9100D management systems, as well as ISO 19011:2018. I was advised by an ISO consultant that internal audits could not be used to meet the requirement of the periodic review of documents for applicability to whatever process the document covered. I cannot find anything in any of the above mentioned standards that states that internal audits cannot be used for periodic review of documents. Does anyone know where this is mentioned, which standard?

If I am assigned to conduct a process audit, part of that audit is to review the current process against the controlled process procedure/documents to determine if the process is compliant to the procedure. Why couldn't I use this review to also meet the requirement to review the document for applicability?

Regards,
Cgaro
 
Elsmar Forum Sponsor

Ninja

Looking for Reality
Trusted Information Resource
#2
FWIW, I think you'll get more value out of your IAs if you focus on "are you following the docs?" rather than "are the docs right?"

Based solely on the desire to get as much value as possible out of an IA (see the rest of my posts here)...I suggest that they NOT be combined.

That said, a finding in an IA because the docs are outdated should result (through CA) in updating the docs...but that is an effect, not a cause.
 

Cari Spears

Super Moderator
Staff member
Super Moderator
#3
I'm not familiar with 13485, but there isn't a requirement for "periodic review" in ISO9001 or AS9100.

We set up our own internal requirement to review the Quality Policy Manual, our Quality Policy, our Interested Parties and Issues List, and our Order Management Procedure annually. Otherwise, we review documents during internal audits, as you described, and if a process changes at any time, any related documents are reviewed and updated.
 

Mike S.

Happy to be Alive
Trusted Information Resource
#4
Some auditors think ISO9001/AS9100 7.5.2 and/or 7.5.3 requires periodic review of documents. I don't happen to agree, but if someone had that as a requirement, and the auditee told me they reviewed their documents in advance of the internal audit, I would accept that. If as an auditor I saw that the documets did not truly reflect the practice, that would be a NC.
 

John C. Abnet

Teacher, sensei, kennari
Staff member
#5
Good day @cgaro62 ;
As mentioned by @Cari Spears , there is no such requirement for a "periodic review". I have seen this erroneous "requirement" burden other organizations. I even had one client who had annual "due dates" established in a data base and they were holding themselves accountable (their own internal documented requirements), to annually review EVERY document in their QMS as part of some misguided belief that it was a requirement.

I have found that this misguided belief usually comes from 7.5.2 c) of ISO 9001, which requires "review and approval for suitability and adequacy". You will notice two important things, however...

1- There is no stipulated frequency or periodic requirement. In fact....
2- This requirement is within the scope of "Creating and Updating" . In other words, when an organization decides to create a controlled document (i.e. critical to quality, ...i.e. if that document is "wrong or gone" it can lead to a nonconformance), then the organization should review to make sure it is suitable and adequate before releasing that document (or updating it).

Here are the requirements from ISO 9001:
ISO 9001:2015
7.5.2 Creating and updating
c) review and approval for suitability and adequacy.

In regards to ISO 13485, the requirement is specific to ...
1- Prior to use (again, as with 9001, don't implement a document without the necessary review/approvals to ensure adequacy.)
2- The requirement is for a governing process of "Control of documents" which identifies your organization's governing requirements ("controls needed")...necessary to "review, update as necessary, and re-approve documents".

Here are the requirements from ISO 13485:
ISO 13485:2016
4.2.4 Control of documents
a) review and approve documents for adequacy prior to issue;

b) review, update as necessary and re-approve documents;


In regards to your consultants council. Hmmmm. The only way what you are doing is a problem is if REVIEW is not being done at the creation, revision (update) and approval of controlled documents.

Question your consultant's advice in this situation.

Hope this helps
Be well.
 
Last edited:

John Broomfield

Staff member
Super Moderator
#6
To use internal audits as part of document reviews suggests to me that the document reviews themselves are not being audited.

So, would the document reviews continue to audited?

In my experience it is advisable not to compromise the independence of audit (per its definition) by making audit responsible for any control within your system.
 

Tagin

Trusted Information Resource
#8
Why couldn't I use this review to also meet the requirement to review the document for applicability?
19011:2018 4e)
...Auditors should be independent of the activity being audited wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should be independent from the function being audited if practicable...

You can't do a process and audit a process at the same time. Maybe if you were a one-person company you could argue it...but, realistically, no.
 

lanley liao

Involved In Discussions
#9
In fact, the word John said is very right. the question about this "review and approval for suitability and adequacy" has been interpreted as "periodic review" by a lot of persons in these management systems.
 
#10
FWIW, I think you'll get more value out of your IAs if you focus on "are you following the docs?" rather than "are the docs right?"

Based solely on the desire to get as much value as possible out of an IA (see the rest of my posts here)...I suggest that they NOT be combined.

That said, a finding in an IA because the docs are outdated should result (through CA) in updating the docs...but that is an effect, not a cause.
************
Hi Ninja - I agree and our IA Program is focused on the value of the audit; our Doc Control procedure allows for 'periodic review' by the creator or SME, sometimes both and we "also use IAs" as a second set of eyes, so to speak. Does that make sense?
 
Thread starter Similar threads Forum Replies Date
D Using consultants for Internal Audits Internal Auditing 24
ScottK Using Customer Audits as part of the Internal Audit Plan for ISO9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
A Guidance on using Turtle Diagrams for Internal Audits (main & sub processes) Process Maps, Process Mapping and Turtle Diagrams 11
C Using Outlook to Schedule Internal Audits Internal Auditing 11
A Internal Audits - Can we to perform audit just using process maps? Process Maps, Process Mapping and Turtle Diagrams 19
B Our QS9000 audit team has been using checklists to perform internal audits Internal Auditing 37
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
S Internal Audit Man-days requirements using IAF MD9 General Auditing Discussions 2
V Internal Audit using Plan, Do, Check, Act - Way to go? Internal Auditing 11
P Company Conducted Internal Audit Offsite using a Document Review Process Internal Auditing 65
H "Internal Calibration" using other Calibrated Equipment Calibration Frequency (Interval) 13
T Internal Audit Plan using Oracle GRC (Governance Risk and Compliance) modules Internal Auditing 4
A Swimlane Diagram for Internal Auditing System - Anybody using this? Process Maps, Process Mapping and Turtle Diagrams 13
E Internal Process Audit Sampling using MIL-STD-105-E - 500 operators on 3 shifts Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
M Internal Audit Checklists - Using the standard itself replace any checklist Internal Auditing 8
H Using/Selling power banks with your product as a "mobile version" CE Marking (Conformité Européene) / CB Scheme 3
R Select the 1 Supplier based on the Parts Durability from 6 Supplier Samples using Minitab Using Minitab Software 11
M MSA angle issue - Nylon parts using Aberlink 3D Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 0
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
J Using of CE marking - Two CE markings on the product CE Marking (Conformité Européene) / CB Scheme 5
R Using R package to implement Bayesian phase I/II dose-finding design for three outcomes ISO 13485:2016 - Medical Device Quality Management Systems 6
S Defibrillator Protection applicability When using Multiple applied parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
P Using Zinc Plated Steel in a Cleanroom Other Medical Device Related Standards 3
J Incoming Inspection Records using Excel File ISO 13485:2016 - Medical Device Quality Management Systems 2
J Using ring gauges General Measurement Device and Calibration Topics 2
M Load Cell Calibration using a totalizer on a flow meter General Measurement Device and Calibration Topics 0
P Can Neoprene be Cleaned Using Isopropyl Alcohol (IPA) Manufacturing and Related Processes 4
GreatNate Anyone using the Intellect QMS software? Quality Assurance and Compliance Software Tools and Solutions 1
chris1price Sterilization using beta radiation Other Medical Device Related Standards 2
M Using the phrase "herein referred to" Document Control Systems, Procedures, Forms and Templates 8
B Struggling with using the 5.6 version Ford Capacity Analysis Report APQP and PPAP 5
cnbrosa Study Type 1 on a CMM using a measuring support Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
rerusk1 MRB (Material Review Board) Process using MS Sharepoint or MS Teams Manufacturing and Related Processes 2
K 510k FDA review, will they accept Biocompatibility result generated using feasibility product lots? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
B AS9100D 7.1.5.2 Calibration or Verification Method using outside cal lab AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
U Medical Device CE Marking - Using a disposable bearing CE Marking (Conformité Européene) / CB Scheme 3
D Calibration tolerance question using Pipettes Medical Device and FDA Regulations and Standards News 3
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
W Using tailoring guidelines to tailor a QMS procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Y We found out we have been using a equipment without validation for past 4 years Quality Manager and Management Related Issues 6
D Using Laboratory Notebooks in R&D and Design and Development ISO 13485:2016 - Medical Device Quality Management Systems 3
C Importer shell game - Using a third party logistics provider (3PL) in the EU EU Medical Device Regulations 5
S Work performed in Canada on US patients using US device Canada Medical Device Regulations 1
S Is using ANSI/ASQ Z1.4-2008 the correct sampling plan to determine Pass/Fail of Apparel measurements? AQL - Acceptable Quality Level 4
Tagin Evaluating nonconformances for escalation using Bayesian methods? Statistical Analysis Tools, Techniques and SPC 2
D Using non-conforming components even though the final assembly is conforming? Manufacturing and Related Processes 5
R Clause 7.7 Replicate, Recalibration and Intermediate checks using Artifact ISO 17025 related Discussions 1
Stoic Are any medical device companies using the 2011 FDA process validation guidance instead of GHTF/SG3/N99-10:2004? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1

Similar threads

Top Bottom