ISO 17025-2005 Internal Audit and Technical checklist

Basic Audit Concepts

·     Objective

·     Scope

·     Planning

·     On-site

·     Reporting

·     Corrective Action

·     Follow-up

·     Closure

Planning an Audit - Steps

·     Planning the audit objectives

·     Planning the audit scope

·     Establishing the requirements against which to audit

·     Developing framework or technical approach

·     Reviewing materials and information

·     Selecting the audit team

·     Scheduling the audit

·     Issuing the audit plan/agenda

Planning the Audit Objectives

·     Fulfill requirements of your established quality system

·     Opportunity for improvement

·     Assess specific non-conformance, data integrity issue or customer complaint

·     Prepare for the future

·     Find practical solutions (not to affix blame)

·     Compliance-based or system-based

Planning the Audit Scope

·     Scope addresses focus of audit

·     Identify key or critical elements and activities

·     Are there any sensitive or confidential issues (proprietary, personnel, data integrity, etc.)

Scope of the Audit?

·      Field sampling operations

·     Field testing operations (e.g., C3, RG)

·      Laboratory operations

·      Entire laboratory, or

·      Selected department(s)

·      Test methods SOPs (compliance with SOPs)

·      Review data (assess data quality)

Audit Scope - what to include?

·      Standard operating procedures (SOPs)

·      PT Results/DMR QA

·      Document control

·     Reagent water

·      Control charting

·      Notebooks

·      Sample handling

·      Equipment maintenance

·      Standard and reagent preparation

·      Quality Manual

·      Data review

·      Holding times

·      Training

·      Records management

·      Quality control

·      Facilities

·      Subcontracting

·     MDLs

Audit Scope – what type of audit?

·      Horizontal Audits follow a process from start to end. This type of audit would look at procedures as they support the process itselfand is likely to span many different functions or departments.

·     Vertical Audits look, in depth, at a particular function or department. This type of audit would monitor the use of all relevant procedures as they are used to support the function or activity.

Establishing the Requirements Against which to Audit

·      Is there a contract or client requirements?

·      Is there a NPDES or Pre-treatment permit?

·      Is there a standard (e.g., TNI)?

·      Is there a regulatory requirement and/or mandated test methods.

·      Is there a Quality Manual and/or QAPP?

·      Are there established policies and/or procedures (SOPs)?

·      Do any of these documents contain performance criteria?

·      No requirements, then it’s not an audit!

Developing the Framework or Technical Approach

·      Planning audit data collection

·      Results-based information

·      Records

·      Reports

·      Data

·      Performance-based information

·      Real time observations

·      Interviews

·      Performance indicators (e.g., metrics)

·      Program-based information

·      Policies, procedures, plans (e.g., QAPP)

Audit Materials and Resources

·      Get Prepared and allow time to prepare!

·      Obtain documents/records upfront and review prior to on-site

·      Quality manual, SOPs, QAPP, etc.

·      Permit conditions (required test methods, discharge limits)

·      PT and/or DMR QA performance

·      Major equipment list

·      Organization and staffing information

·      Previous audits and corrective actions

Selecting the Audit Team

·      Senior management should decide who is in charge of the audit.

·      Preferably, it’s someone with QA responsibilities.

·      The subject matter experts may take the lead in asking questions during the audit, but the audit team leader is in charge overall.

·      Is more than one person needed?

·      How complex is the work being performed?

·      What disciplines are involved?

·      Who are the subject matter experts?

·      Auditors need to understand the requirements and work being performed (i.e., knowledge of).

·      Others can participate in support roles.

·      Attributes of auditors:

·      Technical knowledge (whole team covers all aspects)

·      Auditing skills (particularly lead auditor)

·      Independent and objective

·      Professionalism and sound judgment

·      Competence, integrity, fairness, use of due diligence, respect for confidentiality

·      Respectful and courteous toward all

Auditors Role

·      Understand quality system

·      Knowledge of expectations and requirements

·      Gather objective information

·      Report on observations

·      In some cases,

·       Provide recommendations

·       Conduct follow-up activities (verify)

Scheduling Audits

·     Routine audits generally can be more flexible in their scheduling.

·      Need to balance convenience of the organization being audited against the need to perform an audit.

·     Provide potential dates for the audit, but understand that not all staff may be present at that time, or that critical activities take place on schedules other than those convenient to the auditors (particularly an issue for field audits).

·      Audits for cause should be scheduled quickly to avoid generating more questionable data.

·      Unannounced audits may be needed (e.g., Section 308 of the Clean Water Act allows EPA to show up any time to audit a lab performing NPDES compliance monitoring)

·      When to audit: e.g., 200.8 by ICP-MS

·      Take into consideration:

·       Laboratory workload

·      External audit schedule

·      Analyst(s) schedule

·      Auditor’s schedule

·      Other?

Issuing an Audit Plan/Agenda

·      Depending on the purpose of the audit, this may be informal or formal.

·      Prepare and distribute appropriate documentation (communications, schedules, etc.).

·      Outline for formal audit plan:

·      Subject

·      Objective

·      Scope

·      Audit team members

·      Detailed schedule

·     Checklist(s)

·     Data collection responsibilities

·     Affected organizations and interfaces

Opening Meeting

􀁹 Review objectives and scope

􀁹 Review agenda and schedule

􀁹 Review internal audit process

􀁹 Process for identifying findings

􀁹 Confirmation of information

􀁹 Time for closing meeting

Examining the Overall Process

􀁹 Common approach is to follow the data generation process

􀁹 “Treat me like a sample” in lab situations, starting with sample receipt.

􀁹 Audits tend to follow the processes in a sample flow, data flow and/or chronological order.

􀁹 Speak to everyone involved in each step, if you can.

􀁹 For larger organizations, speak to someone at each step, and all of the supervisory staff.

Documenting the Process

􀁹 Checklists are a common approach, but not always ideal.

􀁹 If there are clear-cut requirements, use those to develop checklists during the planning phase.

􀁹 Checklists can help assure completeness and logical observation format.

􀁹 Don’t be bound by a checklist –ask yes/no and open-ended questions based on what you observe.

􀁹 Don’t make checklists so detailed that you spend all your time trying to fill them out and rush through the process. They are a tool.

Method Validation

Methods for testing and calibration should be fully validated. This means using the most recent versions of methods reported in the literature and using them only for tests within their intended scope. The methods should be validated by running standard validation experiments within the laboratory. The purpose is to confirm that the laboratory, using its own equipment, can use the method to produce predicted results. This validates the method for general use in the laboratory.

Environmental Conditions

ISO 17025 sets standards for testing methodology and its validation.

Laboratories are expected to conduct an ongoing assessment of environmental conditions, including temperature, humidity, sterility, hygiene and vibration. The purpose is to ensure that environmental factors do not influence the accuracy of results from tests or calibration exercises performed within the laboratory.

Sampling

·       Sampling should take place in accordance with standards of statistical relevance. The procedure for sampling and the sampling itself should be documented. Samples themselves should be documented for identification purposes, and their integrity preserved through storage and transportation to safe disposal.

Quality Assurance

The standard requires ongoing quality assurance testing to confirm the reliability of results. Quality assurance is similar to validation, and can be carried out by using equipment and methods to perform tests with predictable results, or by replicating the same test using different equipments of methods to assess consistency of results.

Reporting

The standard sets out a reporting template which, in addition to identifying the laboratory where the tests were performed, should include a description of the tests conducted, the methods and equipment used, the sampling procedures, the results, an estimate of the reliability of the results, and identification of the person authorizing the report. Statements of opinion within the report should be clearly demarcated from reporting of results, and the basis for the opinion should be substantiated.

Checklist for Audit as Technical requirements of ISO 17025

·       Are valid Methods, Procedures, instructions, Standards, manuals and reference data available?

·       Are use of methods which meet the needs of Client, Laboratory developed methods and non-standard methods are controlled and validated?

·       Is there a procedure for estimation of uncertainty of measurements?

·       Are the raw data’s and calculations are checked by a competent person?

·       Is there a procedure for the control and protection of automated and electronic data?

·       Is the lab adequately equipped?

·       Are all the equipment is calibrated and calibration status with equipment unique number is displayed on the equipment?

·       Are authorized persons operating the equipment?

·       Is there an Instrument Operating Procedure is available each equipment?

·       Are records for each equipment and software is maintained?

·       Is there a procedure to identify and prevent use of defective equipment?

·       Are all calibration and measurements are traceable to SI units, wherever it is not possible, are inter laboratory comparisons made to establish calibration?

·       Is there a procedure for calibration of reference standards and its traceability?

·       Is there a procedure for the identification of test or calibration items?

·       Is there a procedure and facility to avoid damage to test item during storage, handling and preparation?

·       Is there a procedure for participation in proficiency / Correlation testing?

·       Are reporting done with necessary information including interpretations?

·       Are amendment reports are uniquely Identified?