When dealing with audits, there are some common terms that you will run into. For example, if you are managing an audit program, you will need to know for each audit, who is the Auditee, and who the Auditor is. This is specific to each audit because your program will need to handle when your organization is the Auditee, such as a 3rd party audit. However, sometimes, your program may manage audits where your organization is the Auditor, and someone else is the Auditee, such as a supplier audit.
In the case of internal or quality audits you may be orchestrating how your organization will balance being both the Auditee, and the Auditor.
Both 1st and 2nd party audits can be outsourced. That is one of the services that Medical Device Academy offers. You will have much less control over 3rd party audits.
An Auditee is a person or organization that is being audited by and Auditor.
An Auditor is the person or team performing an audit of an Auditee.
Conformance and Nonconformance, and all the variants of those terms will be used frequently. Especially Nonconformity because Nonconformities documented during an audit will be used as inputs into your CA/PA process. Which will happen eventually. No system is perfect, and improvement is all part of the process.
Conformity is simply a fulfillment of a requirement.
Nonconformity is the nonfulfillment of a requirement.
When the final audit report is issued it include Objective Evidence of the audit findings. Either findings of Conformity or findings of Nonconformity. Either way, everything within an audit report should be objectively demonstratable.
Objective Evidence is data supporting the existence or verity of something.
This type of evidence can be records, test results, observations, interview statements, etc. Regardless of the kind of evidence, it should always be verifiable. Observations of documents and records are easy because anyone can refer back to the exact file or piece of paper that the auditor reviewed. Interview statements alone are more complex because it relies on the integrity of both the auditor and the interviewee unless the communication is recorded.
Audits, especially with consultants like us here at Medical Device Academy, all have an Audit Client. The Audit Client is the person or organization that is requesting the audit. In the context of your audit program, either you or your organization will almost always be the Audit Client but won’t always be the Auditee.
For example, if you have a subcontractor supply auditing services for your internal/quality audits, you will be both the Audit Client and the Auditee. If instead the requested audit is for supplier qualification then you will be the Audit Client, but the supplier will be the Auditee.
Finally, we should also take a look at what a Requirement is. A Requirement is a need or expectation that is stated, generally implied or obligatory. Take a look at the Quality Audit section of the QSR below.
In the very first sentence you can see that there is a Requirement for each manufacturer to establish procedures for quality audits. This is an FDA Requirement under 21 CFR 820. If you keep reading you will see that the very next Requirement is actually conducting those audits as well.