ID: eget-metus-quis
This document describes the process for how internal audits are conducted for the purpose of determining if the quality management system and processes conform to planned and documented arrangements, requirements of relevant International Standards, quality management system requirements established by the organization, and applicable regulatory requirements.
The SOP shall be used primarily for internal audits. Supplier audits can be performed using the framework of this SOP but will depend on the product or service being provided by the supplier.
Auditors that conduct audits must be sufficiently qualified as having training on performing audits and participated in audits before. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
The quality team will select an auditor who meets the above criteria. The auditor can come from within the company or can be external. The auditor will be responsible for conducting the audit and preparing the audit report with the support of the quality team.
The quality team will maintain the planned audit schedule and inform the management team as well as all team members who may need to participate in the audit due to their responsibilities in each quality management system process. All potential audit participants will be notified of the approaching internal audit with sufficient time to prepare, as necessary.
The quality team and the selected auditor will together compile an audit plan that specifies the audit scope and anticipated time frame for review of each process under that scope. The audit plan will be shared with the potential audit participants and the management team prior to the audit date.
Appropriate resources will be dedicated to the audit in order to ensure that the audit is conducted effectively, with rooms and equipment reserved for in person audits, as necessary. For remote audits, the quality team will ensure that all necessary technology is available and functioning properly prior to initiating the audit.
A full audit of the QMS is not required annually but should be planned with consideration on particular processes that are most important to the organization's quality management system or those that are most at risk or have been found at risk from previous audits.
The auditor shall review the processes designated in the audit plan to ensure the quality management system and processes conform to planned and documented arrangements, requirements of relevant International Standards, quality management system requirements established by the organization, and applicable regulatory requirements. This can be achieved through interviews with process owners and review of process documentation, records, and data, as needed.
Process owners or other personnel who are responsible for the subject being reviewed by the auditor(s) should be made available to the best of the organization's ability to answer questions and provide information during the audit. The auditor(s) will document their findings and observations in an audit report following the conclusion of the audit.
The following include definitions for the types of audit findings:
Major Nonconformities:
Major nonconformities represent systemic failures to meet regulatory requirements, signaling that the organization's QMS is unable to consistently achieve its intended outcomes. These issues may include the complete absence of a required process, recurring minor nonconformities within the same area, or an inability to address and prevent the root cause of a previously identified nonconformity.
Minor Nonconformities:
Minor nonconformities are isolated deviations that do not compromise the overall functionality of a process or the integrity of the quality management system (QMS). Despite these occurrences, the organization's ability to maintain controlled operations and produce compliant products remains intact. These typically involve singular instances, such as an incorrectly labeled document or an unrecorded review approval.
Opportunities for Improvements (OFI):
Opportunities for Improvement include recommendations like auditor advice for improved quality system processes, tasks/actions identified for continuous improvement as well as product processes implemented to meet regulatory requirements.
The findings of the audit will be documented in the audit report and shared with the participating members of the audit, including the management team and quality team. The audit report will include the following information:
The audit report will be reviewed by the quality team and the management team, and any necessary corrective and preventive actions will be initiated based on the findings of the audit.
For all major nonconformities resulting from audit findings, a corrective and preventive action (CAPA) is initiated according to SOP Corrective and Preventive Action. The audit report shall be included as inputs for the management review process according to SOP Management Review. Management Review Report which includes audit findings shall be considered verification of processes implemented as a result of an internal audit.