What is an internal audit in a Quality Management System?
Internal audits are planned and documented activities carried out to verify whether the Quality Management System (QMS) functions as intended, complies with legal requirements (such as the MDR / IVDR), and meets ISO 13485. In the medical-device sector, internal audits are not only a formal requirement but also a strategic tool—management decisions on quality and compliance rely directly on their results.
Objectives and functions of an internal audit
The goal is to confirm the effectiveness of the implemented QMS and its conformity with standards and regulations. Internal audits are used to:
- identify non-conformities and improvement opportunities,
- assess the efficiency of operational activities,
- verify compliance with the MDR / IVDR and ISO 13485,
- prepare for external audits (e.g., by notified bodies),
- raise quality awareness across the organisation.
Why internal audits matter for MDR and ISO 13485 compliance
Both the MDR and ISO 13485 require manufacturers to conduct internal audits as part of their QMS. Regular audits allow you to:
- check whether the technical documentation meets MDR / IVDR requirements,
- evaluate whether risk management complies with ISO 14971,
- verify the effectiveness of PMS and vigilance processes,
- reduce the risk of findings during external audits.
Audit scope and areas of evaluation
Internal audits cover every QMS element that could affect product quality and safety:
- Documentation – procedures, work instructions, records, ISO 13485 compliance,
- Risk management – identification, evaluation, and control of risks,
- Process validation – especially manufacturing and quality control,
- Supplier evaluation – conformity of qualification and oversight of contractors,
- PMS & vigilance – effectiveness of post-market activities,
- Training – verification of competence and role requirements.
Stages of an internal audit
An effective audit follows a logical, structured sequence:
- Planning – define scope, objectives, and audit team,
- Preparation – develop check-lists and review documentation,
- Execution – observations, record review, staff interviews,
- Summary – identify conformities and non-conformities,
- Reporting – issue the report and implement CAPA actions.
Audit documentation and reporting
Every internal audit must be documented so results can be reviewed later. Mandatory records include:
- audit plan and schedule,
- check-list or assessment form,
- gathered evidence (records, photos, notes),
- audit report with non-conformities and recommendations,
- Corrective and Preventive Action (CAPA) plan.
Frequency and planning of internal audits
At minimum, conduct a full-system audit once per year. More frequent audits are advisable for areas:
- with high non-conformity risk,
- that previously showed issues,
- undergoing organisational or technical changes.
Create an annual audit schedule and update it based on risk analysis and compliance history.
Benefits of internal audits
A properly executed internal audit delivers operational and strategic advantages:
- better product quality and safety,
- earlier detection of non-conformities,
- readiness for external audits,
- lower risk of major regulatory findings,
- stronger compliance culture and team engagement.
Pure Clinical support for internal audits
Pure Clinical provides professional assistance in planning, performing, and reporting internal audits in line with ISO 13485 and the MDR / IVDR:
- development of an annual audit programme,
- execution of audits as an independent third party,
- gap audits and pre-notified-body audits,
- training of in-house auditors and supply of document templates,
- support in identifying non-conformities and defining CAPA.
Our expertise helps clients monitor their QMS effectively, raise compliance levels, and avoid issues during certification or inspections.
FAQ
Can an internal auditor assess their own department?
What qualifications should an internal auditor have in the medical device sector?
How are audit priorities determined in the annual audit plan?