Quality Audits Management. What do we need to take into account? Auditing process optimization
Auditors’ qualification key point audit execution
The training and qualification of the auditors’ team is a key point for achieving the best results during the audit program execution. The quality of the audit will depend mostly on the expertise and capabilities of the auditors. The audit team could be formed by any employee of the organization with the appropriate training and qualification, or by external auditors, experts in the specific fields of audits to be conducted.
The applicable requirements for selection and qualification of auditors are:
- Deep knowledge of applicable standards and regulations. The auditor must be an expert on the regulations versus which the audit is performed. Applicable criteria must be completely clear for the auditor, in order to ensure a proper assessment of the level of compliance with these criteria.
- Knowledge of the processes, products, methods, techniques, and operations performed by the audited company. The auditor’s background and education should be related with the areas of activity of the audited company, to ensure an adequate level of understanding of the processes to be reviewed.
- Specific training in auditing techniques. Official certifications on these trainings would be desirable.
- Auditing experience. Sometimes a minimum number of audits performed during a defined period of time can be required required.
- Independence of the audited areas. The auditor must provide an objective and independent point of view.
Auditors can be staff of the auditing company or external auditors, but they shall fulfill these requirements in both cases.
Standard Operating Procedures and Template documents
Once the audits have been planned, and the auditors team is properly conformed, performing the audits is also a process itself, and as so has to be considered and managed.
Before the audits is conducted the auditor will prepare an Audit Agenda that will be sent to the audited department/company to inform about the items that will be reviewed during the audit, the expected schedule and the responsible staff that will be requested for each area. The Audit Agenda should be available for the audited well in advance, in order to allow its review and to grant the appropriate preparation of the audit.
To prepare de Audit Agenda it is desirable that the auditor reviews available information about the audited, to achieve a better understanding of the company and the operations to be audited, such as:
- Quality Management System documents applicable to the audited area.
- Personnel and facilities
- Activities developed and flow-charts
In case a previous audit has been conducted to the same department/company, the following information should also be reviewed:
- Deviations and corrective actions opened in previous audits
- Change controls since the last audit.
- Deviations and non-compliances opened since the last audit.
- Changes in activities performed or volume
- Changes in staff
The auditor could ask for needed documentation before the audit conduct, if necessary.
Conduct of the audit
The audit should begin with a brief opening meeting at which the auditor team would confirm the scope of the audit, the standard against which the audit is going to be performed and the way in which the audit will be conducted, including the documents and facilities to be reviewed, the staff to be interviewed and the classification criteria for the non-compliances.
An audit is, at the end of the day, a review of a sample. The wider the sample, the more accurate vision will be achieved. However, a 100% review of the audited area won’t usually be possible. Thus, a planned and systematic inspection method is the best way to optimize time and resources, and, therefore, to enlarge the sample and to obtain realistic final conclusions.
When carrying out the audit, the audit team must always bear in mind that:
- the audit will be performed in a respectful and professional way.
- communication with the audited staff will be direct and assertive, avoiding personal judgements or subjective comments.
- the research must be thorough, in order to properly evaluate the degree of implementation and effectiveness of the processes.
- only objective and verified evidence will be evaluated.
- if a possible non-conformity is detected, it will be investigated until it is confirmed or not and whether it is accidental or systematic.
- non/conformities detected in previous audits should be closely monitored.
Sometimes it may be useful to have auditing questionnaires or checklists, just to make sure that all important areas are reviewed, and that the result of this review is properly documented. However, this will depend on the auditor’s preferences and auditing practices. In case they are used, they will be considered as primary auditing records, and should be kept accordingly to ensure their integrity during their complete life cycle.
Once the assessment has ended, the auditor team shall hold a closing meeting with the key staff on the audited company. During this meeting, an overview of the audit will be shared with the audited, including all audited areas, strengths and weaknesses detected, and the non-compliances found. These results may be discussed during the meeting, providing additional information by the audited if needed or explaining the reason for incompliance by the auditor, in order to achieve an agreement between both parties, that will be the base for the audit report preparation.
The main objective of this meeting is making sure that the audited has a clear understanding of the main points of concern that arose during the audit, and that the auditor has complete and clear information to prepare the final report.
Once the audit is completed, the audit team should issue the audit report. The report must be issued within a reasonable period of time after the audit, that must be stated in the internal policies of the company, to make sure that the information is available to the audited as soon as possible, so the appropriate CAPA plan can be addressed and approved on a timely manner.
The Report shall include the complete information about the audited areas, date(s) of the audit, auditor(s) (and, where appropriate, experts and observers), audit objective and scope, findings classification criteria and contact persons involved in the audit. Every single evidence gathered during the audit must be referred in the report, as well as a description of the activities performed and comments from the auditors on the performance of each area.
The areas of non-compliance will be recorded in the report, and shall be classified according to the established criteria. A specific and complete description of the findings is need to fully document the incompliance and to allow the audited to understand their cause and define the adequate action plan.
The Audit Report shall be reviewed and approved by the auditor, and should be submitted to the top management, as a way to ensure that the actions needed to achieve compliance are properly defined and implemented.
Non-Compliances Management and Audits follow up
All non-compliances found during audits shall be classified in relation to their impact over the product/data quality, according to the criteria previously defined. Each non-compliance must be evaluated by the audited, in order to find the route cause and define de corrective actions accordingly.
A CAPA plan should be addressed to solve the non-compliances, including actions to be taken, responsible staff for each of them and expected timeline for its closure. A close follow up of this CAPA plan shall be performed, in order to make sure that potential risks to product quality as a consequence of the non-compliances found during the audit are mitigated.
It is important to have in mind that the objective of an audit is not only to identify potential problems, but also to solve them. That is why the CAPA plan definition and implementation is of crucial importance to complete the auditing process and ensure continuous improvement.