Management Review Procedure Case Study Example

1 Comment / ISO Certification / By / , , ,

This article, “Management Review Procedure Case Study” describes an error-proof method for review and approval of procedures.

Redlined Management Review Procedure Management Review Procedure Case Study Example

The first time I was ever formally trained on how to conduct a document review was during a lead auditor course. I thought the topic seemed out of place, but as I audited more companies, I realized that missing a regulatory requirement in a procedure was quite common. Regardless of who reviews a procedure, or how many times it is reviewed, something is always missed. Unfortunately, a desktop audit of procedures is not an effective corrective action or verification method. Auditing procedures is an ineffective method for reviewing procedures because audits are limited by sampling.

Instead of random sampling, a systematic review of 100% of regulatory requirements is needed to ensure that none of the regulatory requirements are accidentally omitted. Systematically reviewing the requirements for each country your company is selling in is tedious at best. You need a tool to make the reviewing process error-proof and straightforward. You also need each reviewer of the procedure to have a defined function to eliminate the duplication of work.

Procedure Reviewer Roles

Typically, there are 3-5 reviewers of procedures in most companies. Some companies make the mistake of having as many as 8-10 reviewers of procedures, but more is not better in this case. There are four primary roles for review and approval of procedures:

  1. process owner
  2. quality management
  3. regulatory
  4. independent

The process owner may be the author of a procedure, but I don’t recommend it. Editing someone else’s work is much more useful than editing your own work. Therefore, I recommend that department managers delegate the responsibility for writing a draft of a procedure to a subordinate that needs to perform the procedure. Then the department manager, who should also be the process owner, is responsible for reviewing and approving the initial draft.

The quality management person should be responsible for reviewing the procedure for accuracy and interactions with other processes. For example, the management review process has eight required inputs (i.e., ISO 13485, Clause 5.6.2a-h). Each of those inputs comes from another process and procedure. It is essential to ensure that if you are reviewing the complaint handling procedure, somewhere in that procedure, it should state that the monitoring and measuring of complaint trends should be input into the management review process.

The regulatory person is responsible for verifying that the procedure meets 100% of the regulatory requirements. This person should verify that the scope of the procedure identifies the relevant markets. If there are references to documents of external origin, the regulatory person should verify that these references are accurate. It is recommended to eliminate references to revisions of documents of external origin and internal procedure revisions because the inclusion of revisions will increase the frequency of minor revisions to procedures that add no value.

Finally, the independent reviewer is looking for two things:

  1. Does the procedure make sense–to someone that performs the procedure (if that person was not the author); and to an external auditor, such as a certification body (internal auditors can fill this role)?
  2. Are there typos, spelling, or grammar mistakes?

The independent reviewer does not need to be a manager. It needs to be someone that writes well. Copy editing is tedious, but apparent mistakes in spelling or grammar prompt auditors to review procedures more carefully. I recommend asking an internal auditor to be the independent reviewer.

Reviewing Regulatory Requirements

The two most common reasons for audit findings are:

  1. the procedure is not being followed, and
  2. a regulatory requirement is not being met.

The first problem should be addressed by having processing owners review and write procedures instead of asking quality assurance to provide a procedure. If you are purchasing a procedure, it’s important for the person that will be performing the procedure to carefully review the procedure to ensure it matches how they intend to perform that process. If it’s a manufacturing procedure, I like to conduct the training of personnel with a draft procedure and hand out red pens. That also dramatically reduces complaints from the people that do the work.

For regulatory requirements, your regulatory reviewer needs to create a checklist that includes 100% of the requirements for that procedure. The model I like to follow is the Essential Requirements or Essential Principles Checklist used for technical documentation (i.e., for CE Marking). There are 13 Essential Requirements, and most of the requirements have multiple subparts. The regulatory person that completes an Essential Requirements Checklist must indicate the following information next to the applicable requirement in the checklist table:

  • yes, the requirement applicable or justification if it’s not applicable
  • a reference to any applicable standards
  • a cross-reference to the record where evidence of meeting the requirement can be found (e.g., the risk management file)

Regulatory personnel can revise this approach slightly by doing the following for a review of procedures:

  • yes, the requirement applicable or justification if it’s not applicable
  • a reference to the applicable specific sub-clause in a Standard or a regulation
  • a cross-reference to the subsection of the procedure where evidence of meeting the requirement can be found (e.g., section 5.1 of the SYS-003)

Case Study of SYS-003, Management Review Procedure

In the Medical Device Academy Management Review Procedure, Section 8 is the “procedure section.” Sub-section 8.3 of the procedure lists all the required inputs to a Management Review meeting. Next to each input, I have included a cross-reference to the sub-clause in ISO 13485:2003 for the Management Review input. There is also a requirement in 21 CFR 820.20 for conducting Management Reviews at scheduled intervals. This requirement is met by sub-section 8.1 of the Management Review procedure.

Teaching Auditors to Review Regulatory Requirements

Now, when I teach my version of the Lead Auditor Course, I ask attendees to split into small groups and review one of their procedures. In the last company I did this, each of the four teams found a regulatory requirement missing in the procedure they were reviewing. All four procedures the teams selected were reviewed, approved, and currently in use.

Management Review Webinar & Procedure – Free Download

Management Review Procedure Case Study Example Read More »