NEU!! Entwickelt SxMDs mit einem strukturierten eQMS, einschließlich auditfähriger SxMD-Vorlagen, die an EU- und US-Standards angepasst sind. Mehr Erfahren!

Internal Audit Checklist: A Step-by-Step Guide for Comprehensive Compliance

Both the FDA 21 CFR 820 and ISO 13485 mandate that medical device companies undertake internal audits. They constitute an integral component of any effectively functioning Quality Management System (QMS) within a medical device company.

Let's put ourselves in the shoes of an internal auditor. As an internal auditor, a first question that may arise is How to conduct internal audits effectively? Well, the obvious answer would be to prepare. But where to start? A good place to start would be to prepare relevant work documents to act both as a reference and something to record audit evidence. As an example, that could be:

  • Forms for recording information

  • Sampling plans

  • Checklists

It is important to note that checklists and forms ought not to constrain and confine audit activities, rather, they should serve as aids.

This article will provide example how to make internal audit checklist that ensures comprehensive coverage of relevant aspects, enabling internal auditors conducting detailed evaluations and maintaining regulatory compliance.

Understanding the Objective of an Internal Audit

Before looking at the specifics of audit checklists, we need to understand why internal audits are important. An internal audit holds paramount importance for every organization. It entails a thorough comparison of an organization's current processes and procedures with established regulatory standards. If we were to adopt the analogy likening the certification/re-certification audit to the final examination, a suitable comparison for an internal audit would resemble an interim assessment. Much like interim assessments, internal audits serve to assist organizations in identifying and addressing issues before they escalate into more serious concerns. Therefore, it can be likened to an impartial assessment for your company, aiding in the identification of potential risks and avenues for improvement.

How to be prepared for an internal audit: the checklist

As part of the preparation for an internal audit, the initial step entails defining the scope. Good practice for audits is to split processes into respected areas and audit them individually. A great internal audit will be flexible and will not be an all-encompassing assessment. It is a good practice to split processes into their respected areas and audit them individually.

That would mean, for example dedicating a separate internal audit for Purchasing Controls, Design and Development and so on. This way it takes less time commitment from the internal auditor and the internal auditor can simply focus on the area at hand with greater detail.

Once the internal audit scope is defined, the internal auditor can proceed with the preparation itself. And one of the preparation activities would be to define the checklist itself. The internal audit checklist serves the purpose of ensuring that the audit is conducted comprehensively, leaving no critical aspects overlooked.

The primary advantages of an internal audit checklist include:

  • Encourages the internal auditor to thoroughly research the audited area

  • Ensures that samples are aligned with audit objectives

  • Clarifies audit objectives, aiding in maintaining focus

  • Facilitates effective time management and pacing of the audit

  • Reduces workload for the auditor during the audit

  • Ensures that auditors are auditing with processes in mind

  • It allows planning during the audit, as it will be visible what still needs to audited within the timeframe.

One might argue that an internal audit checklist risks devolving into a mere tick list, potentially diverting the auditor's attention from critical audit trails. However, on balance, the benefits of a well-crafted internal audit checklist outweigh any disadvantages.

Internal audit checklist should be split into clear and concise sections that map to applicable clauses of the regulation. One potential method involves framing each section as a question. Thus, facilitating a smoother flow during the actual internal audit. Furthermore, if internal auditor has any experience of being audited, that can offer valuable insights, as envisioning checklist questions as if they were posed by the most stringent auditor encountered can enhance the effectiveness of the internal audit checklist.

Find below examples of internal audit checklists for various segments of the QMS.

Management

Leadership from top management is part of the foundation for the ISO 13485 standard. Top management involvement is not optional, it requires constant involvement and engagement.

This only covers section 5 of ISO 13485, but generally management audit could include resource management, document control and other processes as well.

Customer-Related Processes

Customer related processes are intricately interlinked with other processes within the QMS, such as design and control, post-market surveillance and communication with competent authorities.

ISO 13485 clearly states that every medical device company has to have a documented system for customer related processes, questions laid out above could help any internal auditor check whether it complies with requirements of the standard.

Design and Development

The design and development of medical devices represent a pivotal aspect of the ISO 13485 standard, given its inherent complexity relative to other industries. Internal auditing of this specific area within the company is imperative, as non-compliance with regulatory design requirements could hinder market access for the medical device company.

Design and development can encompass large part of organizations QMS. Therefore, checklist should always be tailored to suit specific needs of the organization.

Production and Process Management

Production is another important part of the QMS. The scope for production can vary highly between different organizations. If organization does not provide servicing or sterilization activities, these areas do not have to be audited. Therefore, this has to be tailored to organization needs. In this case example, internal audit checklist could look like:

This is sample production checklist. As mentioned earlier, the content will highly depend on specifics of the company.

Corrective and Preventive Measures (CAPA)

The CAPA (Corrective and Preventive Actions) procedures assist businesses in rectifying quality concerns by conducting root cause analyses to pinpoint the underlying issue, mitigate the impact, and avert future occurrences.

The CAPA process needs effective monitoring and tracking, facilitating measurements necessitating suitable adaptations. Hence, conducting meticulous internal audits of the CAPA process holds paramount importance.

Purchasing Controls

Within a compliant QMS, stringent purchasing controls are imperative to guarantee the incorporation of high-quality materials into your devices. Moreover, any service providers engaged in your product's production or within your quality management system must undergo thorough qualification process.

It is important to note that purchasing/supplier internal audit should vary depending on the criticality of the supplier. Along with limiting the scope of your purchasing audits to those processes critical to you, it is also beneficial to have your audits focus on how to identify purchasing improvements that can help them better meet your needs.

Documentation and Records

Any ISO 13485 internal audit requires extensive documentation as evidence of the safety of the products and effectiveness of their quality processes. One might argue that that a distinct audit checklist solely for documentation is not necessary, as audits of other sectors encompass documentation-related aspects. While there is some truth in that, it is advisable to integrate a comprehensive documentation checklist as part of any internal audit. Specifically, Sections 4.2.4 and 4.2.5 of ISO 13485 holds considerable importance as it frequently reveals significant audit trails concerning instances where organizational processes diverge from documented records.

In summary, adding document control checklist to any internal audit checklist can heap numerous rewards. Not only it ensure adherence to ISO 13485 standard, but also play a vital role in upholding the integrity of the Quality Management System.

Utilize Matrix Requirements Solution to Manage QMS Ready for Any Internal Audit

Preparation for an internal audit does not have to be confusing. Combine the checklists provided above together with MatrixQMS to customize your internal audit requirements. MatrixQMS offers you platform where you can document all of the organization's processes from Design and Development to Production and CAPA to Control of Documentation and beyond. Additionally, it offers a platform for defining and effectively utilizing your internal audit checklists. If you would like to explore further, please don't hesitate to book a demo

About the Author
Ignas Žakaitis
Software Testing Engineer