Quality audit explained simply

Quality audits are usually part of a quality management system, but they are also often defined in contractual agreements (e.g. contracts or quality assurance agreements). They are important because they help to:

• Verify compliance with requirements
• Prevent tunnel vision caused by repetitive routines
• Foster communication that drives organizational improvement
• Identify risks and avoid errors
• Implement proven best practices
• Ensure adherence to defined company objectives
• Remind teams of agreements and ensure their consistent application
• Comply with the strict regulations and standards of the batch-driven process industry

When people talk about a quality audit, they often mean a (QM) system audit. But if we consider the broader principle – checking whether defined requirements are being correctly implemented – several different audit types emerge, for example:

• Process audit: Examines individual processes
• Product audit: Reviews the product against customer expectations
• Financial audit: Assesses financial records for correctness, accuracy, and compliance with accounting principles
• Compliance audit: Checks conformity with a specific set of rules or questionnaires

ISO 19011 is an internationally recognized standard for auditing management systems. These may include quality management systems or information security management systems. The standard applies to companies that carry out quality audits of their management systems.

According to ISO 19011, the risk-based approach forms the basis of quality audits. It takes risks and opportunities into account during audit planning, execution, and follow-up. The objective is to drive continuous improvement.

In general, a distinction is made between internal and external audits. Internal audits review processes within a company, carried out by employees with the necessary expertise. External audits, by contrast, are conducted by outside parties.

In addition, audits are classified into 1st, 2nd, and 3rd party audits:

• 1st party audits: Conducted by someone within the company – an “internal auditor.” These audits are usually part of the company’s own quality management system.
• 2nd party audits: Involve two parties. In supplier relationships, it is common to conduct audits to verify a supplier’s quality capability. This means a company not only conducts audits itself but is also audited by its customers.
• 3rd party audits: Can only be performed by external auditors authorized for the relevant standard (e.g. as part of a certification process).

Quality audits play a crucial role in the life sciences industries to ensure quality, safety, and regulatory compliance. Here are the specific roles they fulfill in each sector:

Food industry

• Safety and hygiene: Audits check compliance with hygiene standards and food safety regulations to protect consumer health.
• Quality control: Ensure products meet defined quality standards.
• Regulatory compliance: Verify adherence to legal requirements and certifications such as HACCP (Hazard Analysis Critical Control Point) and ISO 22000.
• Traceability: Guarantee that all products are traceable, enabling quick action in case of recalls.

Learn more about quality audits in the food industry

Pharmaceutical industry

• GMP (Good Manufacturing Practice): Ensure compliance with GMP guidelines to safeguard the quality and safety of medicines.
• Regulatory compliance: Audits confirm adherence to requirements from the FDA, EMA, and other regulatory authorities.
• Data integrity: Monitor the accuracy and reliability of production and laboratory data.
• Supplier qualification: Ensure all suppliers and their products meet defined quality standards.
• Comprehensive process documentation: Guarantee precise documentation of all workflows to support validation and ensure compliance with quality standards.

Cosmetics industry

• Product safety: Quality audits verify that products are safe for use and free from harmful substances.
• Quality management: Ensure manufacturing processes are consistent and of high quality.
• Regulatory requirements: Compliance with regulations such as the EU Cosmetics Regulation (EC) No. 1223/2009.
• Documentation and traceability: Guarantee that all ingredients used are documented and traceable.

Chemical industry

• Safety management: Check compliance with safety standards to avoid accidents and environmental damage.
• Regulatory compliance: Ensure adherence to REACH, CLP, and other regulatory requirements.
• Quality control: Monitor product quality and production processes.
• Environmental protection: Ensure compliance with environmental standards and regulations.

Medical technology

• Product quality and safety: Ensure medical devices are safe and effective.
• ISO 13485: Verify compliance with the ISO 13485 quality management standard.
• Regulatory requirements: Adhere to FDA, MDR (Medical Device Regulation), and other regulatory authorities.
• Risk management: Identify and minimize risks associated with the use of medical devices.

Biotechnology

• GMP compliance: Ensure the production of biotechnological products follows GMP guidelines.
• Product development and quality: Monitor processes for developing and manufacturing biotechnological products to safeguard quality.
• Regulatory requirements: Ensure compliance with regulations from the FDA, EMA, and other relevant authorities.
• Research and development: Guarantee that research processes and data integrity meet the highest standards.
   

A distinction is made between internal and external audits. External auditors come from an independent certification body and must be trained and certified for this role. Internal auditors, by contrast, are not bound by strict regulations. What matters most is neutrality and the necessary subject knowledge – experience in quality management is usually a strong advantage.

• A holistic view of processes from the outside or from a bird’s-eye perspective by someone not directly involved
• Unbiased judgment from a neutral person assessing processes and performance
• Process and quality improvements
• Fulfillment of regulatory requirements
• Approval of processes in sensitive areas such as regulated industries
• Maximum process safety
• Prevention of deficiencies and support in achieving (re-)certification
• Encouragement of initiative to improve workflows
• Increased employee and customer satisfaction

Even though every quality audit is to some extent unique, they generally follow a similar structure:

1. Audit preparation

Why is the quality audit being conducted (e.g. internal audit, supplier qualification …)? Preparation also includes defining the audit basis (e.g. regulatory framework, applicable SOPs …), appointing the audit team and lead auditor, and setting the audit date, objectives, and plan.

2. Audit execution

The execution follows the audit plan. In addition to interviews, questions, and explanations, it is essential that statements are backed up with evidence (e.g. relevant documents). After the auditors have reviewed their findings, a closing meeting is usually held with representatives of the audited party.

3. Audit report

The audit report contains audit findings, audit conclusions, and – clearly marked as such – recommendations. Audit findings result from evaluating the collected audit evidence and indicate conformity or nonconformity with the defined standard. Audit conclusions summarize the outcome of the audit after considering the objectives and all findings. Before finalization, the report is usually shared with the audited party for comments, then completed.

4. Corrective and preventive actions (CAPA)

Based on the audit report, the audited organization proposes concrete measures to address the identified deficiencies. In the case of an internal audit, implementation can be verified internally. For external audits, verification takes place through follow-up reports or a re-audit after a defined period.

With our ERP industry solution Yaveon 365, companies in the process industry benefit from a feature set designed for maximum automation – making successful quality audits significantly easier.

Particularly valuable functions include:

• End-to-end traceability: Complete lot tracking from raw material at the supplier to the finished product at the customer.
• Automated batch management: Efficient handling and control of batches to ensure product quality.
• Integrated compliance modules: Support for meeting regulatory requirements such as GMP, ISO 13485, REACH, and HACCP.
• Documentation and qualification: Simplified process validation and qualification of processes and systems.
• Detailed audit trails: Provision of audit trails to safeguard data integrity and transparency.
• Integrated quality control processes: Enhanced quality controls through automated inspection and release workflows.
• Safety data management: Administration of safety data sheets and hazardous substance information.
• Validation of production processes: Support in validating and verifying production processes to ensure consistent, high-quality results and compliance with regulatory standards.