An internal audit can be an overwhelming prospect, especially if you’re new to the company or internal auditing in general.
The MedTech space is huge, and even the standards that are meant to help, like ISO 13485:2016, cover a lot of ground.
So, if you’re part of the audit team in your company, and you’re staring down the barrel of some pretty complicated processes, I’d encourage you to make things a little easier on yourself. In my experience, one of the best ways to do that is by using what’s known as the turtle diagram.
The turtle diagram is a simple way to break down what feels like a huge task—auditing one of your company’s processes—and turning it into manageable chunks that you can check off one at a time.
It’s very easy to miss things as you’re working through an internal audit, particularly if you’re auditing a process with many inputs. The turtle diagram gives you a holistic way to think about and examine each part of a process—everything that goes into it, and everything that should come out.
Here’s how it works:
The process is at the center of the turtle because it’s the key to everything you’re about to do. Start by defining the process that you’ll be auditing. In this case, let’s say it’s the manufacturing process for one of your company’s devices. The body of the turtle consists of outlining all the procedures that make up this process and becoming familiar with everything you’re about to dive into.
Your inputs will be everything that goes into this process. So, to continue with our manufacturing example, you’ll need to identify things like the materials you’re using, the specifications for them, and the suppliers providing you with the materials.
You’re asking questions like:
What components or raw materials are we receiving?
Where are those materials coming from?
Are all these suppliers on our Approved Supplier List (ASL)?
Where are the inspection records for these materials?
When you ask “How?”, you’re checking to make sure there are no deviations from the SOPs for this process. In other words, are you doing everything you’ve planned to, and nothing that you haven’t? If there was a deviation, was it documented accordingly? Were the results of that deviation acceptable?
You’ll also need to find out how the deviation happened. Was it due to a nonconformance? If so, you may need to follow the audit trail as you investigate the nonconformance. Was it closed? Did it end with opening a CAPA? What was the end result?
Here, you’re examining the equipment that is used to complete the procedure. That means looking at equipment logs and making sure everything is calibrated and up-to-date. You might, for example, discover a piece of equipment isn’t properly calibrated. In that case, you’ll need to find out when it was last serviced, and following that trail might lead you to additional audit findings.
At this stage, you’re identifying the people who are executing the procedure, as well as the competency of those individuals in regards to the procedure. These are the technicians, the engineers, or whoever else is driving the process.
Once you’ve identified who is involved, you’ll need to confirm that this individual’s competency requirements have been met. One way to do that is by reviewing training logs and comparing them to the requirements in your Training Matrix.
For example, you may need to confirm that an individual has read and understood the most recently released SOP associated with the process you’re auditing. If the individual isn’t trained on this procedure, why are they still doing it? Digging into that may turn up more findings. And frankly, training is an area where findings are very common, especially if you’re just using hand logs.
That’s why at Greenlight Guru, our Training Management workspace is integrated with our QMS software. When you use Greenlight Guru Quality, you’ll be able to efficiently create, duplicate, assign, and track individual or role-based training activities within your QMS—ensuring the right people are trained on the right things at the right time.
Here, you’re identifying the results of this process. That means looking at things like batch records and lot nonconformance records to make sure you have a completed batch record and that there are no Good Manufacturing Practice (GMP) errors. Are all the dates correct? Did you actually produce a product that was within your specifications?
Finally, you need to put everything together, step back, and look at what you have. Are there any findings? Do you need to follow the audit trail further in some areas? If you’ve taken this step-by-step, you should have a thorough picture of this process—both everything that goes into it and the results of the process.
The turtle diagram should help you identify everything you need to look at during your internal audit, and it will help you take a more methodical approach to each process. What it won’t do is tell you exactly how to spend your time during the audit.
I want to emphasize that while it’s possible to go as deep as you want down an audit trail, it’s not always advisable to do so. You don’t have an endless amount of time to carry out this audit, so sometimes it’s worth stepping back and considering whether you’re beginning to get tunnel vision.
The goal of auditing is not just to ding people for nonconformances; it’s to confirm their overall process, to look at everything holistically, and to give each team the information that is most important to their success.
It may not always seem this way, but as an auditor, your job boils down to acting like a good friend. You want your team to succeed, and the way you do that is by shedding light on their findings to show them how they can improve.
Otherwise, those findings are going to be caught in an external audit. And when that happens, you may be looking at 483s—or worse.
So, follow trails and investigate where you find nonconformances, but be sure you have enough time to take a holistic view of the processes you’re auditing. That’s where I think the turtle diagram will really help you if you decide to use it.
Not everyone loves internal audits. But they are critical to the safety and effectiveness of your devices, as well as the overall health of your company.
That’s why Greenlight Guru provides an end-to-end QMS solution with dedicated workflows that allow you to link your latest approved QMS procedures and protocols with a single click—and conduct audits without fear.
Within the dedicated Audit Management workflow of the software, you can assign audit-related tasks to your team and track everyone’s progress towards due dates as well as manage tasks, follow-ups, communications, and any actions that result from audit findings.
In the event that significant issues are found, you can escalate high-risk findings for investigation and monitor low-risk findings for recurrence. Need quick and easy access to your audit artifacts during an external audit or inspection? Greenlight Guru Quality lets you do it with just a couple clicks of your mouse.
Ready to stop worrying and start loving your internal audits? Contact us today for your free personalized demo of Greenlight Guru Quality →
Jamie Bihary is a Medical Device Guru at Greenlight Guru who has spent her career working in various roles ranging from R&D to Quality Engineering. As a Biomedical Engineer specializing in Tissue Engineering, she started her career in collagen-based Medical Devices and is interested in Advanced Wound Care Management....