Maintaining regulatory compliance across the product lifecycle is critical to ensuring the continuity of your operations. Whether your organisation is virtual or fully in-house, internal auditing is a mandatory component of maintaining regulatory compliance.
Audits are an essential part of the Quality Management System (QMS) and are mandatory as part of management responsibilities indicated in the following regulations and guidelines.
- 21 CFR 820.20, Management Responsibility: here
- European Commission, EudraLex, Volume 4, Chapter 1, Pharmaceutical Quality System: here
- ICH, Q10 Pharmaceutical Quality System (ICH, April 2009): here
Audits support an organisation in accomplishing its objectives by bringing a systematic approach to evaluating and improving the effectiveness of risk management, process control and governance systems. Effective audit programmes should not only help ensure compliance and drive continuous improvement, they should deliver substantial benefits to companies in their ability to be current in the continuously changing regulatory environment and industry best practices. Audits provide confirmation that systems are fit for use and are working well. To reap the full benefit of the internal audit system, a well-planned, resourced, consistent, fully engaged and documented programme is required.
It is important to remember that if an internal audit programme is developed and implemented appropriately, it can provide key information to identify concerns or prevent issues before they lead to serious compliance issues. Internal awareness of weak or high-risk areas provides an organisation with time to make decisions on how to address the issues before a regulatory inspector observation is obtained. Even in the midst of a regulatory inspection, the self-identification of an issue, and having a plan or action in place to address that issue will instil confidence in your regulatory inspector that you have systems in place to continuously improve your operations.
Below are the top ten tips that PharmaLex recommend for the successful roll out of an audit management programme:
- Consider the structure of the audit program carefully. Take a risk-based approach to the frequency of the audits. However, include a minimum frequency to ensure no area is overlooked. Consider if you wish to have audits on systems, functional areas or a combination of both.
- Train your audit team well. Have you an auditor certification program? What training or mentoring must they have completed to be an internal auditor? Have you lead auditors available to mentor newer auditors? Complete refresher training with internal auditors. Consistency in approach for each audit is key to good engagement and best follow-up results. Keep them up to date with regulatory changes, observation trends, and risk areas.
- Prepare an audit schedule periodically. The schedule should include the auditor and auditee area. Remember auditors should be independent of the area they are auditing. Inform the auditors and auditees of the schedule as soon as it is issued.
- Auditors should plan the audit with the functional area well in advance. This gives the functional area time to prepare for the audit and an audit agenda should be prepared. In advance of the audit, identify any higher risk areas with the relevant personnel. Take a risk-based approach and plan to apportion audit time to higher risk areas.
- At the start of the audit, have an opening meeting with all of the functional area, if possible. An internal audit should be a collaboration between the function being audited and the auditor. It should be an open, honest, collaborative, learning forum where functional areas have the opportunity to discuss concerns and actions openly.
- During the audit, auditors should be direct and avoid asking questions designed to catch people out or undermine auditees. The auditors should take this opportunity to explain to the auditees why they are asking particular questions and provide the regulatory reference for the inquiry. Another important auditor behaviour is to listen carefully to the answers to the questions. The auditor should adopt an approachable manner and avoid confrontation.
- Individuals who are responsible for performing the day-to-day activities often have the best insight into what works and what requires improvement. Excluding these individuals from participating in the audit process might result in overlooking issues that could come up during a regulatory inspection.
- Audits should remain objective and avoid being overly judgemental. The process should also avoid ‘audits for audit’s sake’ and just ticking the box to progress to the next audit. Positive and forward focussing actions and outcomes should result from the audit programme.
- Have a close out meeting. There should be no surprises here as the collaborative style of the audit means that any issues will have been discussed during the audit.
- Prepare an audit report and capture the Corrective and Preventative Actions on a tracker with a due date and ensure closer of the actions. These, as with all CAPA actions, should have management oversight.
Effective audit programmes require appropriate time and resources which PharmaLex can provide. PharmaLex has built up a wealth of expertise over the years and have a proven record in the ability to deliver audits and audit programmes, internally and externally, in line with their company motto: “Confidence beyond Compliance”. PharmaLex has a team of GxP consultants that come from a wide variety of backgrounds who can perform audits in compliance with global GxP regulations. This allows for maximum flexibility to provide technically suitable and centrally located auditors for each audit when needed. Audits are conducted using a “hat-on/hat-off” approach in which the auditor provides feedback to the auditee during the audit. This real-time mentoring improves auditee performance, preparedness and confidence for upcoming GxP inspections. PharmaLex auditors provide piece of mind auditing; they are responsible for all audit preparation, onsite auditing, and audit reporting. Following the audit, PharmaLex can support post-audit activities such as CAPAs and remediation activities to closure.
If you would like advice or support in relation to the development, improvement or execution of an audit management programme why not get in touch to find out more on the range of services that we offer and how we can help you by connecting with us on +353 1 846 4742 or email us at firstname.lastname@example.org.