Most auditors pretend to “add value.” Adding value is a cliché. In this article, you will learn three auditing techniques that actually improve product development (or any process). The first tool is a simple auditing technique that most auditors know, but forget to use. The second is an advanced technique that auditors don’t always learn. The third tool is probably completely new to auditors.
Tool #1: Open-ended Questions (Simple)
Most auditors use an audit checklist with questions like:
- Do you have a Design Controls procedure?
- Did you document your design plan?
- Is your team trained on risk management?
Unfortunately, this checkbox mentality will not help you find ways to get new products to market faster.
The three questions above are closed questions—they are questions that require simply a yes/no response. Internal auditors from the Quality department ask these questions because they are focusing on regulatory compliance instead of improving a process.
Better audit questions would be:
- How do you know what steps to follow when designing a new implant?
- Which verification tests are required for implant wear resistance?
- Who participated in the risk analysis of your new bone screw?
These three questions are open-ended questions—they require more than a yes/no response. Asking open-ended questions encourages the process owner who is being interviewed to share additional information needed to identify opportunities for improvement. The key to successful use of this technique is using it consistently. It must become a habit.
Tool #2: Turtle Diagrams (Advanced)
Most auditors confuse the “process approach” with “auditing a process.” In product development, specific regulatory requirements exist for that process (i.e., Design Controls). In 2012, Design Control deficiencies were the most common reasons for issuance of a 483 violation by FDA after an inspection. A company can receive a 483 for Design Control deficiencies for three different reasons:
- Nonconformity of Intent: This means that your Design Control procedure is missing one or more of the requirements of the regulations. However, if an experienced auditor does a thorough job of auditing the procedure against the requirements of ISO 13485 and 21 CFR 820 before initial approval of the procedure, then the procedure should meet the intent of the regulations. If this has never been done, it should be done now. This can also be performed as a remote desktop audit by a consultant.
- Nonconformity of Implementation: This means that your Design Control procedure is not missing any requirements, but you have not followed part of your own procedure. This is probably the most common finding, because there is not a diligent review of the procedure by the process owner to make sure it matches the way that things are actually done. This is likely to happen when someone other than the process owner writes the procedure, or the procedure has not been updated in several years.
- Nonconformity of Effectiveness: This means that you have performed your procedure as written, but for some reason the process is still not achieving the intent. This is the most challenging type of nonconformity to find, and the root cause is typically related to ineffective process interactions. In this case, using the process approach to auditing provides the greatest benefit.
The process approach to auditing focuses on interactions with other processes that are upstream or downstream. These interactions involve communication of information and transport of materials. If you think of the product realization process as an internal supply chain, each process or department represents a major link. In a process interaction diagram, major chain links are called “core processes.” Internal communication and transportation of material creates the interconnections between the major links in the chain. There are many minor chain links duplicated throughout your quality management system (QMS). Collectively, you call these minor chain links “management processes” and “support processes.” The organization of processes and the interactions between those processes are important for planning audits effectively. This is why the ISO Standard requires that a process interaction diagram be documented in the Quality Manual.
The checklist approach to auditing is called the element approach. It is an effective auditing approach for the first two types of nonconformities identified above. Using an audit checklist that is focused on the regulatory requirements of ISO 13485 or 21 CFR 820, however, will never evaluate the effectiveness of process interactions. In order to prevent the third type of nonconformity, and to identify opportunities to improve a process, you need to use the process approach to auditing. The tool used for process approach is called a turtle diagram, like the one shown in Exhibit 1.
Exhibit 1: Turtle Diagram
The turtle diagram in Exhibit 1 represents the product development process. The blue oval in the middle is the major process step, while the red arrows radiating from the oval are process interactions. This diagram is referred to as a turtle diagram because the oval is similar to the shape of a turtle shell and the six appendages are similar to a head, tail and four legs. In this turtle diagram, the six appendages are red because these are adjoining links to management processes, support processes and core processes.
Tool #3: Adjacent Link Auditing (NEW!)
The picture of the red and blue chain is a model that represents the product realization process. The process proceeds from left to right. There are four major steps in the process, represented by the larger blue links. The four major steps in this example are:
- Identifying customer requirements (your product manager is the process owner)
- Design and development (your engineering manager is the process owner)
- Purchasing (your purchasing manager is the process owner), and
- Receiving inspection (your QA Manager is the process owner)
Most audit program managers will assign a person based upon availability. This is practical, but it’s not strategic. The best person to assign to audit a process is the person in one of the adjacent links. The reason why the process owner in one of the two adjacent links is the choice to audit a process is, the adjacent processes have the best perspective of the adjoining links (that is, those smaller red links) that connect each of the major process steps.
The adjoining links are the six appendages of our turtle diagram. Adjoining links represent the communication of information between departments and the transport of materials between departments. In Lean Manufacturing, you learned to eliminate muda and to keep your buffers between process steps as small as possible. The ideal process flow is “single piece flow.” Creating a short link between two process steps is critical to rapid identification of process defects and efficient communication upstream in the process to correct the problem.
The person with the ideal perspective for identifying problems with the adjoining links is the person who is the process owner in the adjacent link. This person is an internal supplier located upstream from the process, or this person is an internal customer located downstream from the process. Therefore, for the design and development process, your product manager and your purchasing manager are the two people who are ideally situated to audit the design and development process.
The most important thing to remember is that the auditor is auditing the process—not the person. If you are the purchasing manager, design and development is your supplier of engineering drawings. You need to have drawings communicated early, and updates need to be communicated often. The purchasing manager and the engineering manager need to work together to ensure that supplier selection is strategic.
If you are the product manager, design and development is your customer. You need to document user needs and identify any customer-specific design inputs (i.e.—objective criteria for design verification). Some of the best practices for developing a list of user needs include post-market surveillance, customer focus groups, competitor benchmarking and House of Quality (a Six-sigma tool). It is critical that each user need is translated into a Design Input that is an objective design verification requirement—not a design specification. For example:
- A User need is “must be biocompatible.”
- A Design Input is “must comply with ISO 10993.”
- A Design Output is “must be made of medical grade polysulfone.”
The User Need is provided by the product manager and the design output is created by the engineering department. The identification of Design Inputs requires the entire design team’s contribution in order to make sure that no inputs are missing. If there is a verification test that was performed on the previous version of the product, but that Design Input is not included in this version of the product, there may be a missing User Need.
If your company wants a shorter product development cycle, the key to identifying opportunities for improvement is to assign internal auditors who are in the best position (that is, an adjacent link) to identify inefficient processes and ineffective communication. These people are the most likely to see opportunities that are hidden from the process owner. The adjacent link auditing approach, however, will only work if you train process owners in adjacent links to be effective internal auditors. This training must include the use of turtle diagrams to evaluate the adjoining links.
If you are an audit program manager who would like to learn best practices in auditing, and learn how to improve the skills of your auditing team, Rob Packard and Brigid Glass are teaching a 2-day course in April. Course details and a link to registration can be found at www.medicaldeviceacademy.com.