inventory_2

SOP Internal Audit

Use this SOP Internal Audit template to establish a consistent, compliant process for planning, conducting, and documenting internal audits of your quality management system, including required auditor qualifications and handling of findings such as nonconformities and opportunities for improvement. This document is essential for demonstrating ongoing compliance with ISO 13485, FDA QSR, and EU MDR/IVDR requirements, and should be completed whenever you plan or perform internal audits to ensure your processes meet regulatory and organizational standards. Filling out this template helps you identify gaps, drive continuous improvement, and prepare for external audits or inspections.
Generate ->

SOP Internal Audit

ID: eget-metus-quis

1. Purpose

This document describes the process for how internal audits are conducted for the purpose of determining if the quality management system and processes conform to planned and documented arrangements, requirements of relevant International Standards, quality management system requirements established by the organization, and applicable regulatory requirements.

2. Scope

The SOP shall be used primarily for internal audits. Supplier audits can be performed using the framework of this SOP but will depend on the product or service being provided by the supplier.

3. Auditor Qualification

Auditors that conduct audits must be sufficiently qualified as having training on performing audits and participated in audits before. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

The quality team will select an auditor who meets the above criteria. The auditor can come from within the company or can be external. The auditor will be responsible for conducting the audit and preparing the audit report with the support of the quality team.

4. Audit Process

4.1 Audit Planning

The quality team will maintain the planned audit schedule and inform the management team as well as all team members who may need to participate in the audit due to their responsibilities in each quality management system process. All potential audit participants will be notified of the approaching internal audit with sufficient time to prepare, as necessary.

The quality team and the selected auditor will together compile an audit plan that specifies the audit scope and anticipated time frame for review of each process under that scope. The audit plan will be shared with the potential audit participants and the management team prior to the audit date.

Appropriate resources will be dedicated to the audit in order to ensure that the audit is conducted effectively, with rooms and equipment reserved for in person audits, as necessary. For remote audits, the quality team will ensure that all necessary technology is available and functioning properly prior to initiating the audit.

A full audit of the QMS is not required annually but should be planned with consideration on particular processes that are most important to the organization's quality management system or those that are most at risk or have been found at risk from previous audits.

4.2 Auditing Activities

The auditor shall review the processes designated in the audit plan to ensure the quality management system and processes conform to planned and documented arrangements, requirements of relevant International Standards, quality management system requirements established by the organization, and applicable regulatory requirements. This can be achieved through interviews with process owners and review of process documentation, records, and data, as needed.

Process owners or other personnel who are responsible for the subject being reviewed by the auditor(s) should be made available to the best of the organization's ability to answer questions and provide information during the audit. The auditor(s) will document their findings and observations in an audit report following the conclusion of the audit.

4.3 Findings from Audits

The following include definitions for the types of audit findings:

Major Nonconformities:

Major nonconformities represent systemic failures to meet regulatory requirements, signaling that the organization's QMS is unable to consistently achieve its intended outcomes. These issues may include the complete absence of a required process, recurring minor nonconformities within the same area, or an inability to address and prevent the root cause of a previously identified nonconformity.

Minor Nonconformities:

Minor nonconformities are isolated deviations that do not compromise the overall functionality of a process or the integrity of the quality management system (QMS). Despite these occurrences, the organization's ability to maintain controlled operations and produce compliant products remains intact. These typically involve singular instances, such as an incorrectly labeled document or an unrecorded review approval.

Opportunities for Improvements (OFI):

Opportunities for Improvement include recommendations like auditor advice for improved quality system processes, tasks/actions identified for continuous improvement as well as product processes implemented to meet regulatory requirements.

4.4 Audit Report

The findings of the audit will be documented in the audit report and shared with the participating members of the audit, including the management team and quality team. The audit report will include the following information:

  • Date(s) of the audit
  • Auditor(s) name(s) and title(s)
  • Scope of all activities and processes that were audited
  • Individuals who were audited during each review section and their roles in the organization
  • Findings of the audit, including major nonconformities, minor nonconformities, and recommendations

The audit report will be reviewed by the quality team and the management team, and any necessary corrective and preventive actions will be initiated based on the findings of the audit.

5. Additional Actions Following the Audit

For all major nonconformities resulting from audit findings, a corrective and preventive action (CAPA) is initiated according to SOP Corrective and Preventive Action. The audit report shall be included as inputs for the management review process according to SOP Management Review. Management Review Report which includes audit findings shall be considered verification of processes implemented as a result of an internal audit.