Quality audit simply explained

Quality audits are usually part of a quality management system, but are also often regulated in contractual agreements (e.g. contract, quality assurance agreement). They are important in order to:

• Check compliance with specifications.
• Prevent operational blindness due to consistent behavior.
• Promote communication that leads to organizational improvement.
• Avoid and prevent risks and errors.
• Implement best practices.
• adhere to defined corporate goals.
• remind employees of agreements made and implement them permanently.
• comply with the strict regulations and standards of the batch-controlled process manufacturing industry.

The term audit is very often associated with a (QM) system audit. However, if one considers the general character - namely the examination of the correct implementation of specifications - there are inevitably numerous types of audit, such as

• Process audit: looks at individual processes
• Product audit: examines the product on the basis of customer expectations
• Financial audit: checks financial figures according to accounting principles (correctness, accuracy, regularity)
• Compliance audit: checking compliance with a set of rules, list of questions

ISO 19011 is an internationally recognized standard for quality audits of management systems. These can be quality management systems or information security management systems. The standard applies to companies that audit their management systems.

According to ISO 19011, the risk-based approach is the basis for quality audits. It looks at risks and opportunities and takes into account the planning, implementation and follow-up of quality audits. The aim is to achieve continuous improvement.

A basic distinction can be made between internal and external quality audits. In internal audits, processes within a company are checked by the company's own employees with the necessary expertise. External audits, on the other hand, are carried out by external parties.

A distinction is also made between 1st, 2nd and 3rd party audits:

• 1st party audits are carried out by a person from within the company, an "internal auditor". These quality audits are usually part of the company's own QM system.
• 2nd party audits refer to a procedure in which two parties are involved. In supplier relationships, it is usually customary to convince oneself of a supplier's quality capability through a quality audit. This means that a company carries out regular quality audits itself, but is in turn audited by its customers.
• 3rd party audits can only be carried out by external auditors. They must be approved for the underlying set of rules (e.g. in the course of certification).

Quality audits play a crucial role in ensuring quality, safety and regulatory compliance in the life sciences industries. Here are the specific roles that quality audits play in each industry:

Food industry

• Safety and hygiene: Quality audits check compliance with hygiene standards and food safety guidelines to protect consumer health.
• Quality control: Ensuring that products meet established quality standards.
• Regulatory compliance: Checking compliance with legal requirements and certifications such as HACCP (Hazard Analysis Critical Control Point) and ISO 22000.
• Traceability: Ensuring that all products are traceable in order to be able to act quickly in the event of recalls.

More about quality audits in the food industry

Pharmaceutical industry

• GMP (Good Manufacturing Practice): Ensuring compliance with GMP guidelines to guarantee the quality and safety of pharmaceuticals.
• Regulatory compliance: Quality audits check compliance with regulations from the FDA, EMA and other regulatory authorities.
• Data integrity: Monitoring the accuracy and reliability of production and laboratory data.
• Supplier qualification: Ensuring that all suppliers and their products meet quality standards.
• Thorough process documentation: ensuring accurate documentation of all processes to support process validation and ensure compliance with quality standards.

Cosmetics industry

• Product safety: Quality audits check that the products are safe to use and do not contain any substances that are harmful to health.
• Quality management: Ensuring that manufacturing processes are consistent and of high quality.
• Regulatory requirements: Compliance with regulations such as the EU Cosmetics Regulation (EC) No. 1223/2009.
• Documentation and traceability: Ensuring that all ingredients used are documented and traceable.

Chemical industry

• Safety management: Checking compliance with safety standards to prevent accidents and environmental damage.
• Regulatory compliance: Ensuring compliance with REACH, CLP and other regulatory requirements.
• Quality control: Monitoring product quality and production processes.
• Environmental protection: Ensuring compliance with environmental regulations and standards.

Medical devices

• Product quality and safety: Ensuring that medical devices are safe and effective.
• ISO 13485: Verifying compliance with the ISO 13485 standard for quality management systems.
• Regulatory requirements: Compliance with FDA, MDR (Medical Device Regulation) and other regulatory agencies.
• Risk management: Identification and minimization of risks associated with the use of medical devices.

Biotechnology

• GMP compliance: Ensuring that the manufacture of biotechnological products complies with GMP guidelines.
• Product development and quality: Monitoring the processes for developing and manufacturing biotechnology products to ensure quality.
• Regulatory requirements: Compliance with regulations from the FDA, EMA and other relevant authorities.
• Research and development: Ensuring that research processes and data integrity meet the highest standards.

A distinction is made between internal and external quality audits. External auditors come from an independent certification body and must be trained and tested for this purpose. Internal auditors are not subject to any fixed regulations. Neutrality and the necessary knowledge of the subject are prerequisites; experience in quality management is usually helpful.

• Holistic view of processes from the outside or from a bird's eye view by a person who is not actually involved in the process
• Unbiased judgment by a neutral person on processes and their evaluation
• Process and quality improvement
• Compliance with regulations
• Approval of processes in sensitive work areas such as the regulated environment
• Maximum process reliability
• Prevent defects and achieve (re-)certification
• Stimulate personal initiative to improve processes
• Increase employee and customer satisfaction

Even though quality audits are individual to a certain extent, they always follow a similar pattern:

1. Audit preparation

What is the reason for conducting an audit (e.g. internal audit, as part of supplier qualification, etc.)? The definition of the basis for the audit (e.g. rules and regulations, corresponding SOPs, etc.) and the appointment of the audit team and the audit manager are also important topics in the preparation. Other preparation topics include the audit date, audit objectives and the audit plan.

2. Audit execution

The audit is carried out in accordance with the audit plan. In addition to all discussions, questions and explanations, it is important that statements are also substantiated (e.g. with corresponding documents). After consulting the auditors, a final meeting is usually held with representatives of the audited party.

3. Audit report

The audit report contains audit findings, audit conclusions and - but marked as such - recommendations from the quality audit carried out. Audit findings are the results of the evaluation of the collected audit evidence and show conformity or non-conformity with regard to the rules and regulations. The conclusions are then the result of an audit after taking into account the audit objectives and all audit findings. The audit report is usually sent to the auditee with the opportunity to comment before finalization. It is then finalized.

4. Measures for improvement (CAPA)

The auditee proposes specific measures based on the audit report to remedy the deficiencies found. In the case of an internal audit, the implementation of the measures can be determined internally. In the case of external audits, a review is carried out by means of corresponding reports or a re-audit after a certain period of time.

With our Yaveon 365 industry-specific ERP solution, companies in the process manufacturing industry benefit from a range of functions that generates maximum automation. This also facilitates successful quality audits.

The following functions are particularly helpful here:

• Seamless traceability: complete tracking of products from the raw material at the supplier to the end customer.
• Automated batch management: Efficient management and control of batches to ensure product quality.
• Integrated compliance modules: Support for compliance with regulatory requirements such as GMP, ISO 13485, REACH, HACCP.
• Documentation and qualification: Facilitate the process validation and qualification of processes and systems.
• Detailed audit trails: Provision of audit trails to ensure data integrity and transparency.
• Integrated quality control processes: Improve quality control through automated review and approval processes.
• Safety data management: Management of safety data sheets and hazardous substance information.
• Process validation of production processes: Support in the validation and review of production processes to ensure they consistently deliver high quality results and meet regulatory requirements.