Internal audits conducted by a third party are highly recommended because they bring depth of expertise and outside perspectives that identify nonconformities prior to the actual audit taking place.

You might think your organization is doing everything right, but It’s very easy to miss nonconformities.  We have identified several types of nonconformities that often occur.  These are not hypothetical risks.  They are the most consistently cited nonconformities in ISO 17025 assessments, documented when we conduct internal audits, as well as across accreditation bodies and industry literature.  Again, in many cases, a well-conducted internal audit would have caught them first.

Equipment Used Beyond Calibration Expiry – An instrument whose calibration certificate has lapsed, but has not been removed from service, or whose out-of-tolerance condition was not investigated for result impact.  Calibration gaps are consistently among the highest-frequency findings across accreditation body assessments globally.  For instance, an automotive calibration lab where we conducted an internal audit had torque wrenches in active use with expired calibration certificates, rendering all results from that period potentially unreliable.

Personnel Competence Not Demonstrated – We frequently encounter situations during internal audits whereby raining records exist, but they cannot be linked to the specific methods or instruments the analyst is authorized to use.  Assessors look for a traceable competence matrix that connects each person to each procedure they perform, and many labs do not have one.  Imagine a pharmaceutical laboratory audit where a gas chromatograph instrument operators could not produce evidence of method-specific training.  This type of nonconformity can only be closed after a full competence matrix is implemented.

Incomplete or Superficial Internal Audit Records – Section 8.8 of the ISO 17025 Standard is itself one of the most frequently cited nonconformities in assessments because the audit was either not performed against all clauses, the auditor lacked independence, or the scope was not documented.  External assessors review your internal audit records, and gaps are immediately visible.  We encountered a situation where a calibration laboratory's internal audit covered only the technical scope, missing all of Clause 8's management requirements.  And this is exactly where the assessor had subsequently found three nonconformities.

Measurement Uncertainty Not Evaluated or Reported – Many laboratories either have not constructed a complete uncertainty budget, are applying an overly simplified approach, or are failing to include uncertainty on test reports when it is relevant to the customer.  This remains a technically demanding area where even experienced labs receive findings.  We have seen situations where an environmental testing lab's calibration certificates documented uncertainty, but their test reports to clients contained no uncertainty statement, creating a direct nonconformity against Clause 7.8 of the ISO 17025 Standard.

Outdated Procedures Still in Active Use – This happens more often than one might think.  For instance, document control failures are possible where an analyst is working from a printed or cached version of a procedure that has since been revised.  Assessors trace it into actual test records to confirm the impact.  For example, a construction materials lab's concrete testing procedures had been revised twice in two years.  Yet field staff were still using the original printed version.  Three reports referenced superseded methods.

Risk Management Under-Implemented – Introduced formally in ISO/IEC 17025:2017, risk-based thinking requires laboratories to identify risks to impartiality and to the validity of results.  Many labs have acknowledged the requirement on paper, but have not integrated risk assessments into their day-to-day quality activities.  A specific example of this is a food safety lab that had a one-page risk register which had not been reviewed or updated in two years, with no evidence that risk assessments had influenced any operational decisions.

All these types of frequently occurring nonconformities and examples reaffirm once again that being rigorous about internal audits, and having an expert third party help you prepare for the actual audit is a sound strategic decision.

Speak with our IBEC experts today to get your internal audit done!