Standard Operating Procedure: Quality Department Internal Audit

Introduction

This Standard Operating Procedure (SOP) outlines the mandatory framework for conducting internal audits within the Quality Department. The objective of these audits is to ensure ongoing compliance with established quality management systems (e.g., ISO 9001:2015), identify process inefficiencies, and confirm that quality controls are functioning as intended. By performing systematic, objective assessments, the organization maintains operational integrity, mitigates risk, and prepares for external certification audits. This process must be conducted with strict impartiality, ensuring that no internal auditor reviews their own work.

Internal Audit Checklist

Section 1: Documentation and Control

• Verify that the Quality Manual is current and reflects actual departmental practices.
• Confirm that all Standard Operating Procedures (SOPs) are version-controlled and approved.
• Check that obsolete documentation has been removed from workstations and digital folders.
• Review the Document Change Request (DCR) log to ensure all updates were processed according to protocol.

Section 2: Process Compliance and Execution

• Observe production or quality control staff to confirm adherence to current work instructions.
• Validate that quality checks are being performed at the required frequency.
• Examine logbooks and digital records for missing entries, erasures, or unauthorized corrections.
• Verify that equipment calibration labels are visible and within their current validity period.

Section 3: Non-Conformance and Corrective Actions (CAPA)

• Review the Non-Conformance Report (NCR) log for entries that lack root cause analysis.
• Confirm that corrective actions were implemented within the designated timeline.
• Verify that "closed" CAPAs include evidence of effectiveness (e.g., re-testing or process audit).
• Ensure that trends in non-conformances are being reported to senior management.

Section 4: Training and Competency

• Audit individual training files to ensure signed copies of current SOPs are present.
• Confirm that personnel are qualified for their specific roles via documented competency assessments.
• Verify that training records are updated following any change in process or equipment.
• Check for evidence of recurring training for high-risk processes.

Section 5: External Communication and Customer Feedback

• Review the customer complaint log for timely resolution and professional response.
• Check that feedback has been analyzed for systemic quality issues.
• Verify that vendor quality audits are completed and documented as required.

Pro Tips & Pitfalls

• Pro Tip: The "Show Me" Approach. Never accept a verbal confirmation of compliance. Always ask, "Can you show me the record for that?" to verify the existence of objective evidence.
• Pro Tip: Follow the Trail. When you find a non-conformance, trace it back to the source (e.g., did the training fail, or was the procedure poorly written?).
• Pitfall: Lack of Neutrality. Allowing staff to audit their own processes creates a bias that leads to missed critical failures. Ensure cross-departmental auditing where possible.
• Pitfall: Focusing on Blame. An internal audit should be a diagnostic tool for the system, not a disciplinary tool for individuals. If the culture is one of fear, staff will hide non-conformances.

FAQ

Q: How often should the Quality Department undergo an internal audit? A: Typically, internal audits are conducted annually at a minimum. However, high-risk processes or departments with frequent non-conformances should be audited on a quarterly basis.

Q: What constitutes "objective evidence" in an audit? A: Objective evidence consists of qualitative or quantitative data, records, or statements of fact pertaining to the quality of an item or service. This can include digital logs, signed forms, photographs of labels, or physical samples.

Q: What happens if I find a major non-conformance during the audit? A: You must immediately document the finding in the audit report and issue a formal corrective action request (CAR). If the issue poses a significant risk to safety or product integrity, you must escalate it to the Quality Manager or Operations Director immediately, regardless of the audit’s completion status.