The Audit Program Manager: 4 Areas of Auditor Competency
Passing a webinar on auditing does not make you competent.
This blog reviews an audit program manager’s four areas of auditor competency: experience, skills, training, and education.
Does your company ask incoming inspectors to update CAD drawings when a design changes occur? Of course not. Your company has engineers trained to use SolidWorks, and it takes a new engineer a while to become proficient with the software. Auditing is a skill that you learn—just like SolidWorks.
I’ve never met a manager who wondered where the value was in having an engineer update a drawing, but many managers view internal and supplier audits as a necessary evil. Instead of asking the expert how few audit days you can get away with, ask the expert: “What is the purpose of auditing?”
Internal auditing aims to confirm that the management system is effective and identify opportunities for improvement. Supplier auditing seeks to verify that a supplier can meet your needs and identify opportunities for improvement; therefore, if an auditor finds no nonconformities or opportunities for improvement, what a waste of time!
To receive value from auditing, you need competent auditors. Clause 6.2.1 of the ISO 13485 Standard states, “Personnel performing work affecting product quality shall be competent based on appropriate education, training, skills, and experience.” As the audit program manager, recruit people who demonstrate auditing competency.
Education
First, educational background is essential for auditors. You cannot expect someone who has never taken a microbiology course to be an effective auditor of sterilization validation. Likewise, someone who has never taken a course in electricity and magnetism will not be effective as an auditor for active implantable devices. Therefore, determine what types of processes the auditor will be auditing. Then, ensure that the person you hire has the necessary education to understand the processes they will be auditing.
Training
Second, auditors need to be trained before they can audit. The auditor needs training in three different aspects: 1) the process they will be auditing, 2) the standard that is the basis for assessing conformity, and 3) auditing techniques. If you are auditing Printed Circuit Board (PCB) manufacturers with Surface-Mount Technology (SMT), then you need to learn about the types of components used to make PCBs and how these components are soldered to a raw board. I know first-hand that anyone can learn how SMT works, but it took me a few months of studying.
If your company only sells medical devices in the United States, you will need to learn 21 CFR 820 (i.e., – the QSR). However, suppose your company also sells devices in Europe or Canada. In that case, you will need to learn ISO 13485, the Medical Device Directive (MDD) (93/42/EEC as modified by 2007/47/EC), and the Canadian Medical Device Regulations (CMDR). I learned about ISO 13485 in a four-and-a-half day lead auditor course in Florida, MDD in a three-day CE Marking Course in Virginia, and the CMDR in a two-day course taught by Health Canada in Ontario. A 50-minute webinar on each regulation is not sufficient for auditing.
Finally, you need training in the techniques of auditing. A two-day course is typically needed. I took a 50-minute webinar and passed a quiz before conducting my first internal audit, but I had not developed my skills.
Skills
Third, an auditor needs communication, organizational, and analytical skills to be helpful as an auditor. Communication skills must include the ability to read and write exceptionally well, and the auditor needs to be able to verbally communicate with auditees during meetings and interviews. The most difficult challenge for auditors is covering all items on their agenda in the time available. The auditor rarely has more time than they need to audit any topic, and audit team leaders must be able to manage their own time and simultaneously manage the time of several other auditors.
Experience
Last but not least, an essential aspect of auditor competency is experience. This is why third-party auditors are required to act as team members under the guidance of a more experienced auditor before they are allowed to perform audits on their own. This is required, regardless of how many internal or supplier audits the person may have conducted. More experienced auditors are also required to observe new auditors and recommend modifications to their techniques. Once a new auditor has completed a sufficient number of audits as a team member, the auditor can practice leading audits while being observed. After six to nine months, a new auditor is finally ready to be a lead auditor on their own. An internal auditor does not need the same degree of experience as a third-party auditor, but being shadowed two or three times is not sufficient experience for an auditor (first or second-party). For more information about this topic, please read my blog posting on auditor shadowing.
The Audit Program Manager: 4 Areas of Auditor Competency Read More »