Management review that isn’t a slide show — genuine quality signals

I used to prepare hour-long slide decks for management review because that’s what everyone expected: charts, a few heat maps, and the obligatory “actions” slide at the end. Five notified-body audits later I stopped fooling myself. Auditors don’t want polished slides; they want evidence that management actually used the QMS to make decisions that reduced risk, fixed systemic issues, or allocated resources where they mattered.

If you are running a CE-marked Class IIa/IIb programme under MDR and ISO 13485, management review is not a ceremony. ISO 13485:2016 (clause 5.6) sets out the inputs and outputs. MDR Article 10(9) requires an effective QMS. In practice this means the management review is one of the clearest places auditors and regulators look for functioning governance — not aesthetics.

What auditors actually look for

From my experience in several notified-body interactions, these are the concrete things they pick over:

• Evidence the meeting had the right inputs: audit results, customer feedback/complaints trends, production/process performance, nonconformities, CAPA status, supplier performance, and post‑market surveillance findings (including vigilance).
• Traceable outputs: decisions, assigned actions with owners and deadlines — and proof those actions were completed.
• Risk-driven decisions: changes to risk controls, updates to risk management files (per ISO 14971), or decisions to change clinical follow-up or intended use.
• Follow-up: previous review actions tracked to closure, not “we did it” statements but linked evidence (CAPA records, supplier corrective actions, updated procedures, updated Technical Files).
• Management engagement: attendance by top management or suitable delegates and minutes showing informed decisions.

If any of those are missing, expect a question in the audit report.

Run the review as a decision loop, not a presentation

Here is the sequence I run now. It takes discipline, but it flips the meeting from theatre to governance.

• Pre-read (one pager): circulate a 2-page pre-read seven days in advance. Top-line metrics, open high‑risk items, and proposed decisions. Keep the slide deck for the room, not the record.
• Timebox to outcome: 60–90 minutes. Start with a one-minute reminder of the meeting objective: “decide on X, Y, Z.”
• Focus on exceptions: use the Pareto rule — spend time on the 20% of issues that drive 80% of risk or cost.
• Live links to evidence: minutes should cite the CAPA IDs, audit reports, and risk-file references. Don’t paste evidence into slides; link to it in your QMS so reviewers can navigate traceability.
• Assign and schedule: every decision needs an owner, target date, and a way to verify closure (e.g., “CAPA 2026-14 raised, root cause RCA complete, verification plan scheduled”).

A practical agenda (one page)

• Attendance and conflicts of interest
• Review of actions from previous management review (with closure evidence links)
• Inputs: internal audit results, supplier performance, complaints/vigilance, process/product performance, PMCF/PSUR signals, changes that could affect QMS
• Discussion highlights (focus on exceptions)
• Outputs: decisions and actions (owner, deadline, verification)
• Resource needs and strategic topics
• Close and confirm next review frequency

Metrics that actually matter (not vanity numbers)

Pick a small set of KPIs that drive decisions. From my current checklist:

• Number of open CAPAs by age band and number overdue with root cause unresolved
• Top 3 recurring nonconformities and whether they’re linked to supplier or process issues
• Vigilance/serious incidents reported in the period and regulatory status
• Effectiveness verification outcomes for completed CAPAs
• Changes impacting the Technical File or risk management (design changes, new suppliers)
• PMCF/PSUR trend signals that might require action

Keep the list lean. If management can’t recite why each metric matters, it’s noise.

Use your QMS to make the management review auditable

This is where connected workflow and traceability earn their keep.

• Link actions in the minutes to CAPA records in your eQMS. Auditors want to follow the trail: decision → CAPA → evidence → verification.
• Use the QMS to show reviewability: who approved the minutes, when, and how closure was verified.
• Automate reminders for overdue items (automated CAPAs or CAPA-driven risk assessment workflows reduce follow-up friction).
• Keep the pre-read and supporting evidence in the system as immutable records; the minutes reference them, the evidence is retrievable.

If you still have follow-up by email and spreadsheets, your traceability will break at the first audit question.

Common traps I’ve seen (and how I fixed them)

• Trap: Management review treated as a compliance tick-box. Fix: Make it a board-level input into resource planning — tie CAPAs that need investment to budget requests.
• Trap: Actions without owners or deadlines. Fix: Every output recorded as a CAPA or documented action with a reviewer in the QMS.
• Trap: Slides hiding absence of evidence. Fix: Minutes explicitly list evidence links and CAPA IDs; auditors can click through.
• Trap: Annual-only reviews when the product landscape has changed. Fix: Schedule ad‑hoc reviews after significant events (vigilance spike, major design change).

Final note — culture matters

A meeting is only as good as the actors. Senior management must understand that the purpose of management review is not to reassure the quality function but to be informed and make decisions. If that doesn’t happen, you will find the same issues reappear in audits and PSURs.

How have you altered your management reviews to move from slide theatre to decisions that actually close the loop?