This document provides the process for Internal Auditing.
This document covers Internal auditing in compliance with ISO 13485.
(Version at end of page)
Signed V14 HJM 02.05.2023
The process covers all documents, processes and products as defined in the SOP.
Approval: Author of the document, Marelize Robertson
Changes: Author of the document, Dean Kowalski
Audit - Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.
Conformance - In line with the QMS, process, procedures, practices.
Compliance - In line/ acceptable to regulations/ legislative requirements.
Deviations - Factual approach to decision making effective decisions are based on the analysis of data and information.
Factual Approach to Decision Making - Effective decisions are based on the analysis of data and information.
Follow-Up on Audits - An evaluation carried out in order to determine the adequacy and effectiveness of preventive/corrective action taken after an audit has been carried out.
Findings - Positive or negative conformances of evidence to criteria.
PCA - Preventative and Corrective Action
QMS - Quality Management System
NCR – Non-Conformance Record
NCCA- Non-Conformance Corrective Action
SHEQ - Safety, Health, Environment and Quality
ISO 13485 clauses 8.2.4. & 5.6.
Procedure for Preventative, Corrective Action and Handling of Non-Conformance Product
INTERNAL AUDIT (ISO 13485 8.2.4.)
Regular monitoring and measuring the key characteristics of operations and activities that can have significant impacts on quality and safety are performed and therefore audited for compliance to regulations and ISO 13485.
Evaluation of compliance with relevant laws, regulations and applicable standards shall be done.
This procedure includes performance data, relevant operational controls, and adherence to identified objectives and targets.
The organisation conducts internal audits at planned intervals as per Quality Audits Schedule to determine whether the quality management system:
a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organisation, and applicable regulatory requirements;
b) is effectively implemented and maintained.
The schedule identifies when audits will take place and what areas will be audited. High risk processes will be audited a minimum of two times per year and low risk processes identified once a year.
The organisation shall document a procedure outlining the responsibilities and requirements for planning and conducting audits, as well as for recording and reporting audit results. Refer to Responsibilities, point 4, above.
An audit program is planned as a Quality Audits Schedule, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits using a risk feature refer Schedule where Scope / Area Risk Levels (H= "Large number of NC, can have a HIGH impact on product / system", MED = "low of NC or low impact on product / system" " and LOW= "low of NC or no impact on product / system" H= each IA, M= 2nd IA, and LOW - ONE (1) IA /per annum. )
The audit;
criteria are the SOP, ISO 13485 or regulations are relevant to the process/ activities;
scope will be as per the audit plan;
intervals as per the Quality Audits Schedule;
methods follow interviews, observations and testing, as relevant to the process/ activities.
The selection of auditors is a consultant, refer SOP Purchasing, or qualified persons (trained or experienced) competent to audit, and conduct of audits ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
Findings are categorised as a
1. Minor non-conformity relates to a single identified lapse, which in itself would not indicate a breakdown in the management system's ability to effectively control the processes for which it was intended. It is necessary to investigate the underlying cause of any issue to determine corrective action.
2. Major finding is where there is a process/ system omission or failure that can adversely affect the quality management system and/or the product/ service.
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected non-conformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification result.
This procedure is followed for ALL types of audits.
a) Internal/ External Supplier audits, for either supply of materials, components or products that are deemed significant as per SOP Purchasing / External providers.
b) Internal audits, not limited to, of processes, procedures, practices, documents, products and materials within the company.
c) External/ Third Party audits; for contract compliance and non-conformance reporting, if required e.g. Principal audits, Conformity assessment bodies and / or the Regulation.
The Management Representative prepares a Quality Audits Schedule.
The Audit Schedule may be changed because (not limited to):
•The Audit highlight a weakness in a department, process or system
•The number of corrective action reports raised against a department, process or system increases.
•No Auditors are available
The Management Representative on preparation of the audit, completes an audit plan using the template included in the files section below, which is uploaded to the audit plan folder. The audit plan must be circulated to the auditors and managers that will be involved in the audit a minimum of two days before the audit.
The Management Representative and/or Consultant can conduct the audits with any trainee auditor present. The team will also include the department manager or any other necessary person.
The Management Representative appoints qualified Auditors who are:
•Free from bias.
•Not auditing their own work or Department
•Free of influences that could affect objectivity.
The Management Representative and/or Consultant agree with the Auditee concerning the date for and scope of the audit. Any relevant documentation for preparation maybe requested.
Prior to the audit the Auditor prepares for the audit and ensures that all documentation needed is available; documentation can include and not limited to; Procedures, Work Instructions, Previous audit reports, etc.
The Auditor may prepare an audit checklist, if required, which may be a procedure, work instruction, etc. and a copy is filed with the Management Representative.
The Auditor determines, using the prepared checklist or following the Quality Audits Schedule requirements:
•The conformance with specified requirements.
•The effectiveness of the Quality System.
The Auditor looks for evidence of conformity or non-conformity to the system and records the findings. The Auditor records all findings in the Audit Report and categorises them as follows:
•Opportunities for Improvement (OFI)
•Non-conformance (NCR) findings recorded for a NON-CONFORMANCE CORRECTIVE ACTION
The auditor must then send the report to the Management Representative who saves it in the Audit Reports folder and follows the Non-Conformance Corrective Action procedure for all nonconformance findings.
Opportunities for improvement form part of the input to management review.
At the end of the audit, the Auditor completes the audit report sends the report to the Management Representative who saves it in the Audit Reports folder, issues any necessary NCR following Non-Conformance Corrective Action procedure and discusses the contents with the Auditee.
Both the Auditor and Auditee decide on NCR closure dates.
If necessary, the Management Representative schedules the re-audit date.
The results of all Internal Quality Audits are analysed and discussed at the Monthly Meetings and Management Review Meeting.
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes.
Internal Audits; follow records on the SharePoint Audit Report Folder.
External Audits; can be filed on the SharePoint Audit Report Folder.
Follow-up activities include the verification of the actions taken and the reporting of verification results, which may occur at an agreed time, follow-up audit or any other means with a record as evidence.
The follow up can be:
a new audit within 30 days
audit at next schedule date
email confirmation with evidence e.g. copy of document or picture if even
In the event of non-compliance follow SOP Non-Conformance Corrective Action.
The Risk Assessment to is found in SOP Preventative Action Risk Assessment refer Document.
The analytical reviews with data analysis of internal audits, and any other quality related matters, are reported to management and as part of the input to management review.
The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.
Quality Audits Schedule to be monitored monthly as per risk assessment
Revision 15; 15.07.2024 - RB - Change over to SharePoint Site
Revision 14, 2.05.2023 - HJM - Corrected Hyperlinks on this SOP
Revision 13; 23.01.2023 -MR - 23.01.2023 - DK - 7. Changed to References and documentation, 8.2. Requirements updated Low risk - once etc.
Revision 12; 11.07.2022 - 8.2. Requirements - DK 11.07.2022
Revision 11; 14.10.2021 - MR - Updated the Responsibilities
Revision 10; 11.08.2021 - MR - Reviewed
Revision 9, 24.06.2021 - TNA - New format with Approval, Scope, Responsibilities, Risk based approach and Records and revision history added and new google site format. amending of links and forms
Revision 8, Digitally signed on 21.01.2020 by WJW
Revision 1-7, unknown due to google site change to new google site
Name Retained in Retention period Hard copies Destroyed by
Audit Plan Template Google Form indefinite N/A
Audit Schedule SharePoint indefinite N/A
Audit Plans SharePoint indefinite N/A
Audit Reports SharePoint indefinite N/A