You must be signed in to read the rest of this article.
Registration on CDEWorld is free. You may also login to CDEWorld with your DentalAegis.com account.
An internal audit is dental laboratorymanagement's "eyes and ears" to catch small problems before they become big problems. However, an organization must first understand and accept the purpose and value of an audit program before establishing its goals for the program. This article will address the review/auditing requirements of the Occupational Safety and Health Administration (OSHA) and The Food and Drug Administration (FDA).
Organizations can use multiple different types of audits to improve efficiencies and business results. It's not uncommon for an audit of the safety program and/or quality management system (QMS) to be performed as an obligatory matter rather than as a means to improve the business. Auditing an organization's health and safety program (HSP) as well as their QMS can have many benefits. An employer needs to understand not only its governmental obligations for compliance audits, but also how to use auditing to determine the effectiveness and suitability of the rules for achieving an organization's goals.
Compliance audits and performance audits utilize different perspectives. A compliance audit is typically a snapshot in time and shows whether standards that have been established are being met at the time of the audit. A performance audit, conversely, tests the ability of the rules to achieve the organization's objectives. Both are beneficial to the organization.
Frequency of Audits
The frequency of the audit can be determined by regulations or internal objectives of the organization. These audits should be performed in a cost-effective manner consistent with the needs of the organization and available resources. The Safety Coordinator and the Quality or Management Representative should initiate the annual audit planning by the end of the first quarter of each year and prepare an Annual Audit Planning Schedule.
Some factors to take into consideration when planning the audit schedule are cost, risk, management requests, number of departments, and administrative activity. High-dollar and high-risk activities should be audited first. These could be followed by areas that receive the greatest management attention such as workplace injuries and customer complaints. Schedule at least one audit each year for each department or section. This would be above and beyond the annual audit of your QMS or HSP. Administrative activities such as document control, records management, and general employee training also must be scheduled during the year.
Preparation of an Annual Audit Planning Schedule will identify audited activities and the month in which they are scheduled for audit. This Audit Schedule should be approved by management and distributed to all departments. If the schedule is modified during the year, then it should be re-distributed to the departments.
The most important recommendation, from the perspective of an auditor, is for the laboratory to ensure that everyone in the organization is familiar with the quality system and its purpose. Everyone should know where information is maintained and how to access it. Prepare everyone for the audit process so that they are not caught off-guard during the audit. Also, ensure that executive management is actively involved in the quality system and that it is not about just the documentation but more the effectiveness of the system to continuously improve the quality, productivity, and customer satisfaction.
Who Can Audit?
A good auditor should have an instinct for investigating, analyzing, and communicating. The auditor will be looking for the root cause of why things happen by asking the right questions in order to verify and confirm that the organization truly has an effective HSP and/or QMS. The auditor must be trained in the functions, procedures, and principles of the systems being audited and understand the safety and/or quality standards/specifications against which the audit is based.
While conducting the audit, one must ask the right questions and enough of them to get to the root cause of why functions and procedures are being done the way they are. This means that communication is a key tool for the auditor.
Because an audit must be objective and impartial, it is necessary for the individual(s) conducting the audit to not be directly responsible for the area being audited. However, knowledge of the operation is extremely helpful. This would not preclude a person within a department from performing a self-assessment within their own department.
An auditor must also be knowledgeable of any tools or programs used to document or measure an HSP, such as injury records, training programs, inspection logs for safety equipment, and even near-miss records. Documents for a QMS could include flow charts, check sheets, descriptive statistics, or sampling techniques. If parts of the HSP or QMS involve electronic recordkeeping, then the auditor should be knowledgeable of the software system.
Interpersonal skills that benefit the internal auditor include listening, handling conflict, good written skills, good oral skills, appropriate body language, tact, planning and preparing, leading, recording, analyzing evidence, drawing conclusions, and time management. It is important to know how to maintain healthy relationships when you are critiquing another person's work or questioning the validity of actions.
As the auditor gains experience in internal auditing, they should become a more effective auditor and have an impact on improving the organization's performance.
Audit Team
Other resources may be necessary to perform an audit, such as additional team members. It may be more effective to break up into mini-teams so different parts of the audit can be analyzed at the same time. A lead auditor must be determined if there is a team. The lead auditor will be responsible for preparing the audit plan, briefing the audit team and the auditee, submitting the audit report, selecting other audit team members, and delegating assignments. This is where the interpersonal skills mentioned above are important to the lead auditor. Some undesirable characteristics include being argumentative, opinionated, lazy, easily influenced, inflexible, impulsive, and poor at planning.
The size of the audit team can vary. It should be well-balanced and not too large. Because it may be necessary to have a technical member of the area being auditing with the team, ensure that there are not too many people in one location, which can make answering questions difficult and intimidating for the area being audited. Typically, there should be no more than six audit team members, and no more than two auditors should interview an individual at one time. Mini-teams make the audit more efficient.
Types of Audits
An audit is generally defined as a systematic, independent, and documented process for obtaining audit evidence (records, statements of fact, or other relevant and verifiable information) and evaluating it objectively to determine the extent to which the audit criteria (a set of policies, procedures, or requirements) are fulfilled. This definition is similar to definitions published by the International Organization for Standardization (ISO) and the American Society for Quality.
The Occupational Safety and Health Admini-stration (OSHA) places the burden on employers to identify the hazards and implement the controls that will provide a safe and healthy workplace. The employer's role also includes ensuring that the controls or rules are being followed by employees. An audit may seem like a formal way of looking at this, but it can be an effective way to recognize where improvements are needed. OSHA may not formally require employers to conduct audits, but it does require that they identify and address areas where employees are not following the organization's written health and safety rules.1
The Food and Drug Administration (FDA), meanwhile, states: "Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action(s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented."2
There are a number of types of audits and they are determined by their purpose or objective. Dental laboratories should audit their quality system at a frequency that ensures conformance. The FDA typically looks for an annual audit, but if the business model is fairly simple, as may be the case for a small traditional laboratory, then the inspector would look more at the effectiveness of the audit process than the frequency of the audits. Following is a summary of different types of audits.
Systems Audit
This audit verifies through objective evidence that applicable elements of the HSP and/or QMS are appropriate and have been developed, documented, and effectively implemented in accordance with specific standards or specifications. For example, this type would be used for auditing the entire QMS. It evaluates the organization's quality program to determine if it is conforming to company policies, contract commitments, and regulatory requirements such as FDA.
A dental laboratory would perform a systems audit to determine if the company policies that are in place are still relevant to the business activities. Laboratories often forget the importance of ensuring that new manufacturing processes and products are incorporated into the quality and safety systems. This audit would find any gaps or nonconformances to regulatory requirements in preparation for an inspection by FDA or OSHA.
Process Audit
This audit verifies that process procedures such as QMS Standard Operating Procedures and Work Instructions are being followed under various conditions such as standard conditions, rushed conditions, and adverse conditions. This audit is used to verify the product during production and covers a portion of the total system, thus requiring less time than a systems audit. This type of audit would be used to check conformance to defined requirements such as time, accuracy, temperature, pressure, etc.
A process audit can be utilized by a laboratory that suspects something has changed in the process that has caused nonconforming product to become an issue. It can also be used to streamline processes to improve workflow.
Product Audit
This audit assesses the inspection process in a completed stage of production after having passed the final inspection. In other words, this is a method of re-inspecting a product that has been released for distribution to the customer. This type of audit would be used to verify conformance to specified standards of safety, workmanship, and performance. It can also measure the quality of the product going to the customer. In a QMS audit, the form, fit, and function of the completed item after final inspection are examined. This type of audit may be more technical and involve special examinations, inspections, and testing of a product. The product audit allows a laboratory to focus on internal quality control issues to determine where and when product quality diverged from the expectations of the customer.
Regulatory/ Compliance Audit
This audit verifies that certain activities of the organization have been implemented to meet the laws and regulations imposed on the organization. It assesses the efficacy of the HSP and/or QMS to determine where corrective action is needed. It should serve to ensure that the laboratory is conforming to the requirements of all regulatory bodies-not just FDA or OSHA. Environmental regulations, state regulatory boards and agencies, and even local government ordinances and regulations must be considered.
Registration Audit
This audit is typically used with international trade to verify that the parties are used to assess the compliance of suppliers working across international boundaries. Laboratories wishing to obtain a certification to a voluntary standard such as ISO would use this type of audit, which is really a systems audit based upon the standards of the certifying body. Laboratories also need to know that their subcontractors and vendors are appropriately registered with the FDA. This audit can be used to support supplier and subcontractor approval along with an operational audit of the supplier/subcontractor's facility.
Operational Audit
This audit ensures that employees are meeting performance standards that have been established by the organization.
Four Phases
The logistics involved in audit planning include establishing the length of time for your audits. The length of time planned will depend on the number of audit team members, the size of the organization, the number of verifications required, and the scope and depth of the audit. A system audit for the size of most dental laboratories will require between 1 and 3 days. Process or product audits may require less time because the scope is limited.
There are basically four phases:
• Phase 1, the Audit Initiation and Preparation, will consume approximately 25% of the total time allocated for the audit.
• Phase 2, the Performance of the Audit, will consume approximately 50% of the total time allocated for the audit.
• Phases 3 and 4, the Reporting and Closure, will consume approximately 25% of the total time allocated for the audit.
Summary
Even though most audits are performed to ensure compliance or conformity with certain standards, the results of the audit can be used to:
• Identify actual problems or potential risks so they can be corrected and prevented
• Reduce the costs associated with nonconformance
• Identify areas of opportunity for continual improvement
• Assess competency of personnel through training effectiveness
• Review equipment maintenance programs
• Provide visible management support of the HSP and QMS
• Ensure ongoing compliance and conformity to regulations and standards
• Determine system and process effectiveness
• Identify system and process inefficiencies
Auditing is an evolutionary process; however, the purpose of the audit will always be to provide meaningful information upon which to base decisions. The ultimate goal is to improve operations so the workplace is safe and healthy and the cost of quality remains low.
About the Authors
Mary A. Bartlett
President
Safelink Consulting Inc.
Gary D. Morgan, CDT, CQA/ASQ
Vice President
Safelink Consulting Inc.
References
1. Standard Interpretations. OSHA website. https://www.osha.gov/laws-regs/standardinterpretations/1996-09-11. Published September 11, 1996. Accessed April 18, 2023.
2. CFR - Code of Federal Regulations Title 21. FDA website. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?fr=820.22. Updated January 17, 2023. Accessed April 18, 2023.