Quality Services
An internal audit program is only as effective as the auditors who execute it. Auditors without the skills to probe beneath surface-level answers — or without the independence to write findings against their own colleagues' work — produce audit records that look compliant but provide no real quality system intelligence.
Build Your Audit CapabilityAudit Competency
ISO 19011:2018, the international guideline for auditing management systems, establishes the principles, framework, and process for conducting competent quality audits. The core audit principles — integrity, fair presentation, due professional care, confidentiality, independence, evidence-based approach, and risk-based approach — distinguish competent auditing from checkbox compliance. For medical device internal audit programs, applying these principles means writing specific, evidence-supported findings rather than vague observations, following audit trails wherever the evidence leads rather than stopping at the first question, and maintaining independence even when auditing work performed by colleagues or by the audit team's own department.
Medical device auditors face specific competency challenges that general quality management auditors do not. Understanding the regulatory framework — what 21 CFR Part 820 actually requires versus what the company's procedure says it requires — is prerequisite to evaluating whether a procedure is compliant. Understanding QSIT inspection methodology allows internal auditors to evaluate their findings from the perspective of how FDA would view them, not just from the perspective of whether the procedure was followed. We train internal auditors on both the ISO 19011 methodology and the medical device regulatory framework that defines what compliance actually means.
Under 21 CFR 820.22, device manufacturers must establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with established quality system requirements and to determine the effectiveness of the quality system. ISO 13485:2016 Clause 8.2.4 has similar requirements and adds specific requirements for audit planning, auditor independence, reporting, corrective action, and management notification.
An audit program that covers all quality system processes at appropriate risk-based frequencies, assigns audits to appropriately trained and independent auditors, and generates specific findings that produce actionable CAPAs satisfies both frameworks. An audit program that cycles through procedures annually with a standard checklist, produces "no findings" reports for every audit, and never triggers a CAPA is not a functional quality system element — it is documentation that an audit activity occurred without any quality system benefit.
We design audit programs with risk-based scheduling, process-specific checklists that reflect current QSIT and ISO 13485 expectations, and auditor assignment rules that ensure independence. We train audit teams on how to write findings that drive root cause analysis and CAPA — the output of the internal audit program that connects it to quality system improvement.
Get Started
The purpose of an internal audit is to find quality system weaknesses before FDA does. We build audit capability and execute audits to that standard — not to the standard of producing a clean annual record.