3 Things to Love about Internal Audits

April 28, 2023

3 Things to Love about Internal Audits

I have a confession to make—I love audits. I mean, I really love audits.

Maybe it’s the rule follower in me; maybe it’s because I find something very comforting about having a plan in place based on the standards and best practices for medical devices. Whatever the reason, I simply cannot lie, I love leveraging audits as a way toward continuous improvement.

Don’t believe me? Here are three reasons why you should love your internal audits, too.

BONUS RESOURCE: Click here to download your free FDA QSR & ISO 13485:2016 Internal QMS Audit Checklist.

Internal audits empower quality-driven, cross-functional teams

A major benefit of internal auditing is the opportunity to promote collaboration between departments and ultimately unite your team under the banner of True Quality. 

In my experience, many medical device companies still need to change their mindset by embracing quality as part of their culture, not as an obstacle or barrier. Rather than making quality the sole responsibility of a quality team, you should be encouraging everyone throughout the organization to own this responsibility.

That’s why my number one suggestion to anyone looking for more impactful internal audits is to do it yourself. Taking ownership of your internal audits makes sense, as no one knows your products, quality processes, or people better than you. 

Of course, this doesn’t happen by accident—it requires intentionality, strategy, and planning. Here are some actionable steps you can take to ensure that internal audits promote a cross functional team:

  • Never have someone audit their own work.

  • Emphasize the importance of manager review. 

  • Prioritize training to prepare all employees for quality audit procedures. 

  • Establish a cross-functional CAPA review board. 

  • Classify lead auditors with quality background. 

  • Clarify reporting hierarchy.

  • Define proper cadence for communicating potential quality risks. 

Even if you’re a smaller company with limited resources, collaboration will help you break down silos and uncover untapped, valuable opportunities that can improve your internal quality audit process.

Great internal audits spot potential issues before they become real problems

When your internal auditing process is really running smoothly, you’ll start to love the positive impacts it has on quality culture across the organization. And, while these activities may uncover findings that need to be further investigated, it doesn’t have to mean an increase in CAPAs.

In fact, having a robust internal audit process can drastically reduce the number of CAPAs your company initiates. To do so, however, will require your attention in helping define what does or doesn’t qualify as a CAPA.  

Findings during internal audits commonly come in one of three forms:

  • Major Finding, which means a nonconformity that impacts the capability of the quality management system to achieve its intended results.

  • Minor Finding, which means a nonconformity that does not affect the capability of the management system to achieve the intended results.

  • Opportunity for Improvement (OFI), which are not actually nonconformances, but suggestions of areas to improve before they become a potential nonconformance in the future.

CAPAs should be reserved for major findings, meaning those severe or high-risk non-conformances that could prevent a quality management system process from achieving its intended results. One common trap that manufacturers fall into is becoming “CAPA happy,” in which they initiate a CAPA for every nonconformance and audit finding. In other words, they become like my favorite talk show host, “You get a CAPA, YOU get a CAPA, YOU GET A CAPA!!!”

While this may feel like a good way to be thorough, this kind of misuse of CAPAs leads to mountains of paperwork, months of investigations, and an exhausted staff. Not to mention, makes everyone averse to the next internal audit that is performed. Not only that, it can also cause you to miss truly important systemic issues due to all focused time on open CAPAs.

That’s why you need to have a procedure in place, one that clearly instructs what to do in the instance that you uncover non-conformances and outlines the steps for evaluating whether your internal audit findings are systemic and/or high risk in nature before initiating a CAPA

Typically, I see teams accomplish this with minor findings that result in a non-conformance investigation and major findings that result in CAPAs. It is important to note that both types will be investigated and have a root cause. 

A risk-based approach to internal audits makes for better prioritization

The purpose of internal audits is to uncover hidden or unanticipated non-conformances before they become a larger systemic issue. However, you first have to have some idea of where to focus your efforts. You have to have a plan!

When I first started working in the medical device industry, I viewed internal audits as a checkbox activity–they were something we had to do every year because we were required to do them. I realize now just how unwilling I was to investigate areas deeply where I worried most there would be many findings. There were areas that I didn’t necessarily feel comfortable about what I was going to find when I came out. 

But, a funny thing happened. As I shifted to a more risk-based approach in auditing, it became easier to ask, “Where are we seeing our trends? Where do we need to dig into during this audit? What areas do we need to address specifically?” 

It’s like when I’m cleaning under my 9 year old’s bed. I know it’s going to be bad under there, so sometimes I leave it be. But when I do get the guts to clean it, I find the smelly laundry, the month old dirty dishes, forgotten socks, and dust bunnies.

I learned to choose to think of internal auditing as finding my own dirty laundry before someone else did.  

That’s because taking a risk-based approach requires that you rationalize and prioritize what you’re looking at and why. If a process carries higher risk, I should be spending more time during my audit investigating. I should touch it more often. 

In the standard ISO 19011:2018Guidelines for auditing management systems, there is a direct reference made to the need for prioritization:

The risk-based approach should substantively influence the planning, conducting and reporting of audits to ensure that audits are focused on matters that are significant for the audit client, and for achieving the audit program objectives. 

The risk based-approach is such a game changer when it comes to prioritization and resource allocation. For instance, let’s say your inspection department had 20 complaints this year, whereas the previous year only saw 4. This would be an indicator of a systemic issue, meaning you should prioritize spending a heavy chunk of time auditing this process. 

The point is that rather than fearing what lives under the bed, using a risk-based approach to internal auditing shines a light on the messes that most urgently need your attention.

BONUS RESOURCE: Click here to download your free FDA QSR & ISO 13485:2016 Internal QMS Audit Checklist.

Make loving your audits easier with Greenlight Guru

As a medical device company, your internal audits provide an insightful look into the processes that drive the highest level of quality. But that doesn’t mean loving them is always easy. Audits are inherently scary—even internal ones. You may worry whether documentation is complete, required signatures are in place, and whether the latest version is the right one.

That’s why Greenlight Guru provides an end-to-end QMS solution with dedicated workflows that allow you to link your latest approved QMS procedures and protocols with a single click—and conduct audits without fear.

Within the dedicated Audit Management workflow of the software, you can assign audit-related tasks to your team and track everyone’s progress towards due dates as well as manage tasks, follow-ups, communications, and any actions that result from audit findings. 

In the event that significant issues are found, you can escalate high-risk findings for investigation and monitor low-risk findings for recurrence. Need quick and easy access to your audit artifacts during an external audit or inspection? Greenlight Guru lets you do it with just a couple clicks of your mouse.

Ready to stop worrying and start loving your internal audits? Contact us today for your free personalized demo of Greenlight Guru →

Sara Adams is a Medical Device Guru at Greenlight Guru and a Certified ISO 13485 Lead Auditor who began her career in the medical device industry in the post-manufacturing world. As an experienced Quality Engineer, she has been responsible for leading Corrective and Preventive Action (CAPA) investigations and...

FDA QSR & ISO 13485:2016 Internal Audit Checklist
Download now
FDA QSR & ISO 134852016 QMS Internal Audit Checklist - Slide-in Cover
Search Results for:
    Load More Results