Internal Audits
Version:04
Page:1 of 4
WORK INSTRUCTIONIssue Date:5 August 2000
Authorised by:Marjorie Dickenson
1.PURPOSE
Internal audits are SimuLab’s own processes for monitoring the correct implementation of its integrated management system. Internal audits serve three basic purposes:
- To provide assurance to management that the system is operating as intended.
- To investigate the cause of noted problems, determine how the system allowed such problems to occur, and implement corrective action to prevent recurrence.
- To identify opportunities to improve the system or the manner in which it is implemented.
Essentially, internal audits give SimuLab assurance regarding the effective operation of its integrated management system and identify opportunities for continuous improvement.
2.SCOPE
This procedure applies to all aspects of the management system, i.e., Quality Management System, Environmental Management System and OH&S Management System. Internal audits should be conducted as a scheduled series of detailed examinations to verify that the laboratory’s operation complies with the requirements of the integrated quality system and of AS ISO/IEC 17025:1999, including analytical testing activities. All systems work instructions, documents, records and accreditation are included in such audit.
Additionally, unscheduled audits may be carried out to satisfy a specific Corrective & Preventive Action Request. The scope of each such audit may be determined by the importance of the activity that is being audited.
3.REFERENCES
AS ISO/IEC 17025:1999 – General requirements for the competence of calibration and testing laboratories – Section 4.13
ISO 9001:2000 – Quality Management Systems
ISO14001:1996 – Environmental Management Systems-Specification with guidance for use
Work Instruction – Employee training
Work Instruction – Management Review
Form – Audit Checklist - various
Form – Audit Register
Form – Audit Report
Form – Corrective & Preventive Action Request
Form – Corrective & Preventive Action Request Register
Form – Customer Complaint
List – Audit Schedule
4.RESPONSIBILITY
Quality Assurance Manager /- Overall responsibility for internal quality audits
All supervisors /
- Managing, taking and confirming corrective / preventive action where necessary
All personnel /
- Performing corrective / preventative action where delegated to do so
5.ACTION / METHOD
5.1.Selection and training of auditors
Whilst the Quality Assurance Manager will play the key role in each audit, it is necessary to draw company personnel into the program as auditors. The requisite personal qualities include:
- Understanding of quality management system concepts.
- Knowledge of the quality management system itself.
- Appropriate technical knowledge.
- Ability to investigate and analyse situations.
- Good judgement and communication skills.
- Positive attitude toward the quality management system.
5.2.Training of Auditors
For the audit program to be successful, chosen personnel will need specific audit training. The requisite skills and expertise will include:
- Understanding of the auditing concepts.
- Understanding of the audit program objectives and procedures.
- Knowledge of how to plan and conduct an audit.
- Knowledge of what to audit in various audit situations.
- Knowledge of the most effective information gathering techniques.
- Understanding of the human relations aspects of auditing.
The Quality Assurance Manager shall acquire the necessary training skills through participating in one of the comprehensive auditing trainer courses.
5.3.Planning audits
At least annually, the complete quality management system - together with associated documentation and records - will be audited to ensure its operational effectiveness. This will generally encompass a series of audits of the various processes and procedures that comprise SimuLab management system.
The Quality Assurance Manager will establish an audit schedule to plan and appropriately record the audits, and thereby ensure that a complete audit takes place over the twelve (12) month period. The schedule will be maintained in the quality records file.
The Quality Assurance Manager may also decide [based on their importance, or prior history] that selected processes may need to be audited more frequently.
When an audit becomes due under the audit schedule, the Quality Assurance Manager gives a suitably thorough briefing on the audit to the auditor previously designated.
As part of such briefing, the Quality Assurance Manager must:
- Define the scope of the audit – exactly what is to be audited (processes, etc.) against what criteria (work instructions, analytical test method etc.).
- Convey the duration and depth of both the proposed audit and reporting arrangements.
- Ensure the auditor has current copies of all management system documents related to the scope and subject of the audit, including previous audit reports, both internal and external, as well as all non-conformances and preventative actions.
- Provide auditor with checklists and any other working documents that form part of the audit program.
All reported audits are allocated a sequential number and recorded in the Audit Register. This includes external audits.
5.4.Performing an audit
Audits may be performed by the Quality Assurance Manager, or be delegated to other personnel. They must however be carried out only by:
- Wherever possible, personnel NOT having direct responsibility for the process being audited.
- Those designated auditors possessing the requisite qualities and audit training.
All auditors will be provided training for the task. Refer to "Employee Training" work instruction.
An audit is essentially a fact-finding mission. The auditor’s task is to gather evidence about SimuLab’s compliance (or otherwise) with the management system it claims to be following. During the audit, the auditor must:
- Gather information about the management systems, analytical test methods, staff equipment, work instructions, environment, quality assurance and verification and validation records, recording and reporting practices.
- Evaluate this information against the documented quality management system.
- Identify, through objective evidence, any breakdowns in the quality system or departures from quality procedures or work instructions.
- To do all this in the time allotted, the auditor must gather the information as efficiently and effectively as possible whilst also being sufficiently thorough and objective in such information gathering exercise.
Four means of gathering information are:
- Questioning.
- Listening.
- Observing activities – continually and with specific tasks.
- Examining records, documents and facilities.
5.5.Audit Report
All audit results shall be written in an audit report. Audit reports serve four (4) main purposes:
- To act as a reminder to the auditee (the person being audited) of what actions he/she needs to take.
- To inform the Quality Assurance Manager and senior management as to the results of the audit.
- To act as part of the means of initiating/tracking resultant actions.
- To provide evidence that the audit was conducted.
Audit reports need to be kept simple. It is important that non-compliance statements do not imply/infer criticism of a particular individual. Audit Reports shall be sequentially numbered, with the relevant number obtained from the Audit Register by the Quality Assurance Manager.
Following completion of the audit, the Audit Report will be signed, dated, and returned to the Quality Assurance Manager.
The Quality Assurance Manager will advise the relevant supervisor of the audit results. In the event of non-conformances or opportunities for improvement being detected, "Improvement Action" procedure will apply.
The responsible personnel will ensure that prompt action is taken on any deficiencies found during the audit.
5.6.Follow-up
The performance of these improvement actions will be followed-up by the Quality Assurance Manager. The follow-up may be by means of continuous monitoring, arranging a further unscheduled audit, or re-assessment at the next scheduled audit.
5.7.Customer Audits
Some customer contracts may provide for audits of the SimuLab facilities. It is imperative that SimuLab suitably restricts access by such customer auditors to commercially sensitive information, e.g., information relating to other clients. The Quality Assurance Manager shall coordinate ALL customer audits.
5.8.Thirds Party Audits
All audits conducted by the accreditation body for continuance of accreditation to AS ISO/IEC 17025:1999 will be coordinated by the Quality Assurance Manager.
5.9.Management review
The results of audits will be made available for the periodic management review of the quality system.
03-002