Our Vancouver calibration laboratory just underwent an audit by an accreditation body. Michael Boetzkes, our North American Calibration and Repair Service Manager, is a seasoned veteran of managing audits by accreditors and customers. In this week’s blog, Michael gives three ways to manage audits with relative alacrity.
Understand the scope.
You need to know exactly what is going to be audited. There’s no earthly way you can prepare for the entire scope of what is possible to audit in terms of accreditation or cGMP; there’s simply too much. Ask for the scope in advance of the audit. Don’t walk into it thinking they want to look at calibration when they actually want to look at your product development. (Yes, this has happened to us.)
If the scope is beyond what you are trying to achieve (I.E. You don’t seek to comply with certain criteria) let the auditing body know in advance. It’s important to know the criteria you're being audited against. The standards that are being applied may not even apply to what you do.
If the auditor says they are going to look at something, have it ready. Once you’ve established the scope of the audit, and made sure that what you are being audited for actually applies to compliance you are trying to achieve, prepare the relevant items. These are records that prove you are in compliance, working areas for inspection, people who will be interviewed, and other relevant items. For instance, once you are told the scope of the audit, you know what the auditor can ask for IE: if audited for ISO/IEC 17025, you know they are going to ask for calibration records.
There are elements that fall within the purview of any audit, such as training records, so have them ready. Obviously, if you find something missing or flawed, fix it before they get there. However, (and this is critical) if you don’t have time to fix it, DO NOT try to hide it. Flaws are for fixing. Simply address the failure and clearly outline your corrective action plan, which will obviously be in writing with responsible parties informed and ready to take action on a timeline that you have determined.
Be open to suggestions, as opposed to defensive. Approach an audit as if it’s free consulting time. Once you do this, the atmosphere of the audit totally changes…from confrontational to collaborative. This is a fine line though. Answer the auditor's questions completely but do not elaborate on more than they have asked for. Don’t lead the auditor to topics that they are not asking about.
However, this is obviously not an approach to be universally employed. For instance, an FDA inspection is not a consult, nor a collaborative process. It's a process that can seriously impair operations. If the auditing body has the power to leverage legal recourse, the standard (and correct) tactic is to answer completely, and then stop talking. The FDA controls the scope and you don’t need to open new areas for discussion. For any audit, it’s a fine line between being open, and showing only the information you need to show.