Internal audit: Introduction and Implementation

 

Internal audit: Introduction and Implementation

An internal audit is a systematic, independent, and objective evaluation of an organization's activities, processes, systems, and controls and should be conducted  periodically according to a predetermined schedule and procedure.

Internal audits play a crucial role in ensuring the ongoing effectiveness and compliance of a laboratory's quality management system with ISO 17025 requirements. They help laboratories identify areas for improvement and maintain confidence in the quality and reliability of their services.

The laboratories should conduct internal audits of their activities to verify that the operations continue to comply with the requirements of the defined management system. These internal audits should also ensure that the defined management system fulfills the requirements of ISO/IEC 17025:2017. Furthermore, the audit should verify whether or not the requirements of the laboratory’s Management System Document/Quality Manual and related documents are applied at all levels of work.

For effective internal audit, it should be conducted by qualified personnel. These individuals must possess a deep understanding of the technical aspects being audited and have undergone specialized training in auditing methods and procedures. Ideally, laboratory personnel with relevant expertise should perform the audits whenever possible.

The audit should be scheduled to cover each element/activity of the management system at least once a year. This includes all activities, personnel, procedures, and test methods. However, technical competence assessment through witnessing tests/calibrations may not always be necessary during internal audits.

To ensure objectivity in internal audits, auditors must be independent and abstain from auditing their own work or activities. No individual shall audit their own activities. Auditors must maintain independence at all times. 

The non-conformities found during the internal audit should provide valuable information for the improvement of the laboratory’s management system and technical competence, which is to be used as an input to management review.

Horizontal Audits vs. Vertical Audits: Ensuring Efficiency and Effectiveness

Horizontal Audits: A Cross-Functional Journey

A horizontal audit, also known as a process audit, focuses on a single process across various departments within an organization

Focus: A specific process, like document control, training, or purchasing.

Scope: Tracks the process across all departments involved.

Benefits:

·       Identifies inconsistencies and inefficiencies in how the process is applied.

·       Reveals areas for improvement in process standardization and communication.

·       Provides a holistic view of a process's effectiveness.

For example, a horizontal audit on document control might track how documents are prepared, reviewed, approved, distributed, and stored across all departments. This could reveal inconsistencies in document versions, missing approvals, or department-specific storage methods that hinder easy access.

Vertical Audits: A Deep Dive into a Department

A vertical audit, on the other hand, takes a deep dive into a specific department. It examines all the processes and activities within that department.

Focus: A specific department, like Chemical section, biological section or quality section.

Scope: Examines all processes, procedures, and activities within the chosen department.

Benefits:

·       Identifies departmental strengths and weaknesses in adhering to standards and procedures.

·       Reveals opportunities for departmental improvement and resource allocation.

·       Ensures departmental compliance with regulations and internal policies.

 

Choosing the Right Audit Approach

Use a horizontal audit (single process across various departments) when laboratory want to assess the effectiveness and consistency of a specific process across the organization.

Use a vertical audit (all process in single department) when laboratory want to comprehensively evaluate a specific department's adherence to standards and procedures.

Remember, these approaches can also be combined. Laboratory may conduct a horizontal audit followed by vertical audits in departments where the horizontal audit identified key issues.

Benefits of Internal Audits:

Stronger Internal Controls: Internal audits evaluate laboratory systems and processes to identify weaknesses and ensure they are designed and implemented effectively. This reduces the risk of errors, and non-compliance.

Improved Risk Management: By proactively identifying potential risks, internal audits help laboratory to develop strategies to mitigate problems. This leads to better decision-making and increased resilience.

Enhanced Efficiency and Effectiveness: Internal audits can identify areas for improvement. This allows laboratory to streamline operations, reduce costs, and improve overall performance.

Ensured Regulatory Compliance: Internal audits help laboratory stay up-to-date with relevant regulations and ensure their operations adhere to established standards.

Promotes Continuous Improvement: Internal audits identify areas for improvement and provide valuable recommendations for change.

Increased Transparency and Accountability: Internal audits provide independent oversight of laboratory's activities. This promotes transparency and accountability among employees and management.

Improved Ethical Culture: Internal audits can help identify and address ethical concerns within the organization. This strengthens the organization's ethical foundation and builds trust with stakeholders.

Internal audit Record

Internal audits are crucial for maintaining a strong management system, and thorough record-keeping is essential. A complete audit record should be maintained for all audits, regardless of findings. These records serve as a valuable historical reference for management, highlighting areas of success and opportunities for improvement. All records should be clear, concise, and readily accessible.

When non-conformities are identified during an audit, a detailed record should be created documenting the issue's nature, potential causes, corrective actions required, and a designated timeframe for completion.

The formal audit report should provide a comprehensive overview, including the names and date of the audit team, the specific areas audited and the plan followed, positive observations from the audit, a list of identified non-conformities with references to relevant documents, recommendations for improvement, and a detailed corrective action plan. This plan should outline agreed-upon actions, timelines for completion, and the individuals responsible for implementation. Additionally, the report should document the corrective actions taken and the date of confirmation for completion, along with a signature from the management system/quality manager confirming closure of non-conformities and implemented actions.

Finally, all audit records, including non-conformity documentation, should be retained for a defined  period  to ensure traceability and accountability.