Of all the types of findings a quality auditor can write up in an audit, Document Control Audit Findings are one of the most common. In this day and age, there’s really no excuse for getting a document control audit finding. How can I say that?
Easy, most document control findings are the result of reliance on a manual review-and-control process. Do you rely on memory, handwritten notes, a “prompt” function on your PC or cellphone, or an assistant to tell you when to review documents? If you have to make a change to a company document, are you hunting people down for approval signatures? Do you have a file cabinet for your approved documents?
Common Document Control Audit Findings
How do you get copies of your procedures to the people who must carry them out? When you physically hand out copies of revised procedures, are you collecting all the obsolete copies? What if somebody who isn’t on your distribution list makes a copy of a copy (how many copies are out there that you don’t know about)?
Are you managing document revisions on the same hard drive the originals are stored on? Are you “manually” backing up your revisions? How do you handle document retention, document security, or document distribution?
Policies and procedures need to be managed, not simply collected, as we oftentimes tend to do. Add in the offspring of policies and procedures — documented information — and you have the making of a problem common to business…a lack of control leading to document control mistakes.
Documented Information Control is Critical to Compliance
ISO 9001 requires documented information control that clarify’s how you are maintaining control. HIPAA requires access control. Sarbanes-Oxley requires access and revision control. Documented information control are at the heart of many of the various compliance schemes businesses encounter.
If yours is a small business, you’re probably using one of two basic solutions: manual or server based file sharing to control your policies and procedures. The manual system consists of a series of file cabinets that contain your business policies, procedures, documents, and vital records.
Modern businesses use some form of file server to store and share their policies, procedures, documents and records. A file server is often a shared hard drive on your local area network (LAN). Shared drives have several advantages over manual filing systems. They are searchable, don’t take up as much space, and can be made somewhat secure by restricting access using various file permission schemes. But, shared drives require training (to various degrees), it can be difficult to index non-text files (images), and they require back-up systems to prevent accidental changes or deletions. And, as soon as you add an electronic back-up system, you’ve just increased the complexity of the solution dramatically.
Resolving Common Documented Information Control Issues
Your document management system should resolve many of your documented information control issues which, in turn, should provide the support for more effective policies and procedures deployment. If you’re managing procedure workflow using policy and procedure management software then you should be experiencing fewer document control audit findings. In other words, it’s far less likely your auditor will find fault with your document control. Improving your document control system can help you reduce defects that your documents were originally designed to prevent.
Let’s look at a few examples of document control audit findings:
- Are the quality procedures identified in your Quality Manual approved prior to use?
- Do your documents, forms, and master lists (or logs) conform to the requirements of your document control procedure? In other words, are there revision (or version) numbers, review/approval signatures, dates, or other evidence of document control?
- Does your document control procedure ensure that the most relevant, up-to-date version of every document versions — and only that version — is available at its point of use?
- How do you ensure documents remain legible?
- Do you have a way to control external documents?
- Does your system prevent unintended use of unapproved or obsolete documents?
Document Management Software
Enter document management software. Using document management software provides more than just file serving. Your document management system (DMS) should provide the document and record control that most compliance standards require and do it in a more user-friendly environment. In other words, you should get more benefits for less work resulting in reduced document control audit findings.
Policy and procedure management software automates mundane (manual) tasks that are sometimes forgotten about during the average workday.
- Back-up / disaster recovery
- Security / access control
- Search / document retrieval
- Compliance / record control
- Revision / document control
- Approval / document workflow
- Consistency / ease-of-use and training
- Flexibility / scalability
- Filing / record scanning
Larger companies can sometimes afford a document control specialist but you might not have that kind of room in your budget. And, even if you did… If you’re not using document management software today, you should consider what you’re missing — and what you won’t miss once you’ve converted. Look around your office — if you have a lot of file cabinets in use, maybe it’s time to upgrade your document management system to the 21st century. Maybe it’s time to start realizing the benefits of a modern document management software solution.
Any company that implements document control software can reduce its audit findings AND stop the wasteful, time consuming “paper hunt”. Bizmanualz OnPolicyTM automates your policy and procedure management and assures you of a better, more compliant document control process for one low subscription. For more information, look for our OnPolicy procedure software now.