Nouveauté ! Développez votre produit SxMD avec un eQMS structuré comprenant des modèles SxMD prêts à être audités et conformes aux normes EU et US. En savoir plus !

Getting started with a QMS from scratch: How and why do I do internal audits

You have created all procedures, work instructions and templates. You have done a proper risk analysis on process level. Everything is reviewed and approved. People are trained and are working within and with the QMS.

Great! But the work is not yet done!

Setting up a QMS is one thing, however, the aim is to actually use it and maintain it. As mentioned in the previous posts of this series, the basic principle behind the ISO 13485 is Plan-Do-Check-Act. One way of checking is to perform internal audits.

Internal audits allow you to verify the implementation of your processes in an independent way and on a regular basis. It also gives you the possibility to detect degradation of processes early on as well as to make improvements to your organizations' way of working.

What does ISO 13485 say about internal audits?

First of all, §8.2.4 of this standard states that you need to have a procedure about internal audits. 

Furthermore, it states that you need to plan your internal audits.

The aim of performing internal audits is to check that your QMS:

  1. is in compliance with ISO 13485 and regulatory requirements

  2. is effectively implemented and maintained 

Internal audit reports are records that need to be controlled and actions (corrective and preventive actions) should be undertaken in order to eliminate nonconformities.

What do you need for internal audits?

  1. An implemented QMS

  2. An internal auditor

  3. A way of documenting the plan, findings and follow-up actions

As an internal audit is based on sampling to verify that processes are being correctly implemented, it makes sense to have an internal audit once the QMS is actually implemented and not half-way setting up the QMS.

Internal audits should be conducted by someone independent of the audited processes. This means you cannot audit your own work. There are many courses on how to perform audits, based on ISO 19011.

If you don't have people with the necessary experience and skills within the team, you can outsource this activity. 

As mentioned before, internal audits are a planned activity. This means that you'd need to define an internal audit plan.

For each internal audit that has been conducted, you need to write (or receive) a report. Based on the findings, you can generate corrective and preventive actions from them.

All these records need to be controlled.

Documenting internal audits using MatrixQMS

In MatrixQMS, you can create templates for your internal audit plan and reports. These templates are version controlled and can be used to create records which can be stored in MatrixQMS as well.

Furthermore, you can use the REVIEW items to prepare questions related to all the processes and work instructions that are being audited. 

You can indicate in the reports which CAPAs are triggered by the audit findings and make a direct link to the CAPA items.

In this way, not only the review of the processes, but as well the actual internal audit report and the further actions are all linked and managed in the same system.


To summarize, MatrixQMS allows you to:

  • create and maintain your QMS

  • create templates and records

  • implement a risk-based approach

  • document trainings on processes

  • document internal audits and follow up actions (CAPAs)

If you would like to have a demo on MatrixQMS and what it could mean for your organization, don't hesitate to contact us.

About the Author
Ann Vankrunkelsven
RA/QA Manager