A pharmaceutical company's Quality Management System (QMS) relies heavily on Internal Audit, which can be a useful tool when it comes to identifying compliance gaps, weaknesses and potential improvements prior to being alerted by a regulator. The internal audit process is designed to enhance the GMP compliance and to promote a culture of continuous improvement.
To maximize the benefits of an internal audit, they need to be properly developed and executed. In addition, they should be objective in nature and should include meaningful corrective actions upon completion.
This article discusses several of the top ten best tips for developing and implementing an Internal Audit System in the Pharmaceutical Manufacturing environment.
The purpose of performing an internal audit as per WHO GMPs (Annex 4) as well as EU GMP Chapter 9 is for trained, impartial staff to regularly conduct an audit to confirm the functionality of a company's quality management systems.
Through the use of an internal audit, a company can work towards the following goals:
- Identify any non-compliance prior to inspections being conducted by regulatory authorities.
- Verify that all processes are in compliance with 21 CFR Part 211, EU-GMP and Schedule M.
- Evaluate and find opportunities for further improvement.
- Support a positive culture of compliance.
Having a good internal audit program will enable a company to be in “inspection readiness” at all times.
Following best practices should be taken into account during development and implementation of a structured audit schedule.
1. Create an annual audit calendar that includes all of the departments including production, QA, QC, warehousing, engineering and validation.
2. Audit each department at least once per year and audit critical departments such as sterile manufacturing more frequently than once per year as required.
3. Allow flexibility in the audit schedule to accommodate for any unplanned audits that may need to occur as a result of deviation, complaints or recalls.
A properly planned and implemented audit schedule will prevent any department from being missed and will facilitate the even distribution of the audit workload over the audit calendar year.
Scope - Audit of HVAC system qualification and maintenance records.
Objective - To confirm environmental conditions meet ISO-14644 requirements and that they are documented appropriately.
By clearly defining the auditor’s boundary they will focus on their job and eliminate the potential for duplicate auditing. You also enable the auditor to prepare their checklists and reference materials before the audit.
Audit checklists should be:
A. Detailed: Checklist should cover detailed review of the Good Manufacturing Practice (GMP) elements, including documentation, equipment, testing, training and data integrity.
B. Dynamic: Checklist should be subjected to continual review for updates based on regulatory changes or revisions to internal standard operating procedures (SOPs).
C. Customized: It should be designed specifically for each department or system like a laboratory audit checklist and a warehouse audit checklist.
Examples of audit checklists might include:
- Documentation practices (good documentation practice (GDP) and record control)
- Calibration and maintenance records
- Cleaning and sanitation records
- Change control and CAPA management
- Training records and competency assessments
- Batch manufacturing and testing records
Audit checklists ensure uniformity across multiple audits by a variety of auditors at numerous sites.
Auditors should possess the right balance of technical skills, objectivity and communication.
Training will include:
- The current regulations and principles of GMP.
- Techniques to perform internal audits.
- Methods to observe and to interview.
- Evaluation of root cause analysis and CAPA.
- The ability to present and communicate audit findings.
Ensure auditors has independent view and the internal audit team must be separate from the audited area. This means QA employees may audit production or QC but not their own department. Also, to keep auditors up to date on changes in regulations, internal audit personnel should be regularly re-qualified.
The following is a general overview of risk based auditing:
A. Identify high risk areas: Sterile production, data Integrity, deviations and complaints are high risk areas.
B. Prioritize the frequency of audits: Audit high risk areas and systems with higher frequency.
C. Evaluate product quality: Focus on systems or areas during audits that affect critical quality attributes (CQAs).
By applying the use of risk companies are able to utilize their resources more effectively in conducting audits and achieve greater compliance overall.
Auditors should:
- Keep the atmosphere professional and cooperative.
- Use open-ended questions (“Can you help us with how this process is documented?”)
- Listen carefully to what staff has to say.
- Provide a point of information to staff without interruption to their daily tasks.
When auditors promote a culture of open communications during audits, they allow for easier audit experiences for both the auditor and the audit staff and give staff more opportunities to be open regarding any problems and possible non-compliance.
Observation: What was observed or reviewed.
Requirement: The specific SOP, regulation or guidance according to which it is non-compliant.
Impact: How this could potentially impact product quality or compliance.
Evidence: References for the information above with examples like batch number, a record ID or location.
For example:
Observation: Refrigerator #2's temperature log was not available for the date of 15 July.
Requirement: Schedule M, Clause 4.3 states, "temperature logs need to be documented for all controlled storage areas."
Impact: The lack of a temperature log raises the possibility of losing traceability of raw materials regarding temperature-controlled storage conditions.
Evidence: Logbook itself.
When all findings have been fully documented, QA and management can address identified issues with priority, thus preventing any miscommunications regarding the plan of action taken to resolve those issues.
Corrective and preventive action (CAPA) must be assigned to all internal audit findings to address the root cause and systemic issues
Some best practices concerning the implementation of CAPAs:
- Use 5 Whys or fishbone diagrams for root cause analysis tools.
- Assign responsibility and due dates for CAPAs.
- Track and record progress of CAPA in logs or through electronic quality management system (QMS).
- Re-verify effectiveness of CAPA during follow-up internal audits.
If there are delays in implementing CAPA or providing only superficial responses, the audit system will lose credibility. Quality assurance (QA) leads should closely monitor implementation of all CAPAs.
The process of evaluating audit trend data on a continuous basis can provide following information:
- Determining any ongoing discrepancy gaps.
- Effectiveness of corrective and preventive actions (CAPA).
- Adjusting audit frequency of high risk areas.
- Faster management review decisions.
Management reviews should include assessments of:
- Actual audit completion versus originally planned schedules.
- Timely closure of corrective and preventive action (CAPA).
- Recurring audit findings.
- Auditor performance and any training required.
Incorporating information from previous audits allows the evolution of the internal audit function into a more robust compliance improvement tool.
What you gain by utilizing tech to manage audits:
- Centralized audit scheduling and recording
- Automatic tracking of CAPAs and provision of escalation alerts
- Integration with modules of quality management systems including deviation processes and change control processes
- Easy access to audit evidence for FDA or WHO inspections.
Utilizing a technology based solution allows you to have increased transparency, accountability and traceability in the audit process.
Internal audit system of a company is an indication of the extent to which it has developed a culture of quality to support its goal of becoming compliant with Good Manufacturing Practice (GMP) through an on-going process of internal audit through a relationship-based model of risk-based thinking and use of digital technology. The internal audit process goes beyond compliance with regulatory requirements. The internal audit process provides an opportunity for learning, prevention and improvement.
Companies have the opportunity to establish an internal audit system that enhances their quality at every stage, while also developing a reputation for quality through using structured audit planning, training, risk-based thinking and utilizing digital tools.
Having a solid and effective internal audit system means that an organization is capable of preventing issues before they occur, as opposed to only identifying problems after they have occurred.
To maximize the benefits of an internal audit, they need to be properly developed and executed. In addition, they should be objective in nature and should include meaningful corrective actions upon completion.
1. Understand the Purpose of Internal Audits
An internal audit is a type of self-assessment that uses a systematic, independent process to evaluate how well a company is performing based on its established parameters (GMPs) and the policies and procedures (SOPs) set forth in their internal policies.The purpose of performing an internal audit as per WHO GMPs (Annex 4) as well as EU GMP Chapter 9 is for trained, impartial staff to regularly conduct an audit to confirm the functionality of a company's quality management systems.
Through the use of an internal audit, a company can work towards the following goals:
- Identify any non-compliance prior to inspections being conducted by regulatory authorities.
- Verify that all processes are in compliance with 21 CFR Part 211, EU-GMP and Schedule M.
- Evaluate and find opportunities for further improvement.
- Support a positive culture of compliance.
Having a good internal audit program will enable a company to be in “inspection readiness” at all times.
2. Establish a Structured Audit Schedule
The audit schedule and frequency of audits depend upon several factors including the criticality of the company activities, the compliance history of the company (number of previous observations) and if there have been any changes in the processes or any equipment has been recently introduced. The regulatory priorities that require more audits (sterile areas, data integrity etc.) will also influence the frequency of audits.Following best practices should be taken into account during development and implementation of a structured audit schedule.
1. Create an annual audit calendar that includes all of the departments including production, QA, QC, warehousing, engineering and validation.
2. Audit each department at least once per year and audit critical departments such as sterile manufacturing more frequently than once per year as required.
3. Allow flexibility in the audit schedule to accommodate for any unplanned audits that may need to occur as a result of deviation, complaints or recalls.
A properly planned and implemented audit schedule will prevent any department from being missed and will facilitate the even distribution of the audit workload over the audit calendar year.
3. Define Clear Audit Scope and Objectives
It is important to define the audit scope and objectives when you are preparing for an internal audit. The scope of audit indicates the areas audit will cover and the objectives describe the results to achieve through the audit. For example:Scope - Audit of HVAC system qualification and maintenance records.
Objective - To confirm environmental conditions meet ISO-14644 requirements and that they are documented appropriately.
By clearly defining the auditor’s boundary they will focus on their job and eliminate the potential for duplicate auditing. You also enable the auditor to prepare their checklists and reference materials before the audit.
4. Use Comprehensive Audit Checklists
As a methodical approach for auditors, audit checklists serve as a roadmap to help guide auditors through the auditing process.Audit checklists should be:
A. Detailed: Checklist should cover detailed review of the Good Manufacturing Practice (GMP) elements, including documentation, equipment, testing, training and data integrity.
B. Dynamic: Checklist should be subjected to continual review for updates based on regulatory changes or revisions to internal standard operating procedures (SOPs).
C. Customized: It should be designed specifically for each department or system like a laboratory audit checklist and a warehouse audit checklist.
Examples of audit checklists might include:
- Documentation practices (good documentation practice (GDP) and record control)
- Calibration and maintenance records
- Cleaning and sanitation records
- Change control and CAPA management
- Training records and competency assessments
- Batch manufacturing and testing records
Audit checklists ensure uniformity across multiple audits by a variety of auditors at numerous sites.
5. Train and Qualify Auditors
A good audit cannot succeed without excellent auditors.Auditors should possess the right balance of technical skills, objectivity and communication.
Training will include:
- The current regulations and principles of GMP.
- Techniques to perform internal audits.
- Methods to observe and to interview.
- Evaluation of root cause analysis and CAPA.
- The ability to present and communicate audit findings.
Ensure auditors has independent view and the internal audit team must be separate from the audited area. This means QA employees may audit production or QC but not their own department. Also, to keep auditors up to date on changes in regulations, internal audit personnel should be regularly re-qualified.
6. Conduct Risk Based Audits
Conducting risk based audits is also necessary, as we know not all systems present the same amount of risk. Risk based audits utilize resources where they will be the most effective.The following is a general overview of risk based auditing:
A. Identify high risk areas: Sterile production, data Integrity, deviations and complaints are high risk areas.
B. Prioritize the frequency of audits: Audit high risk areas and systems with higher frequency.
C. Evaluate product quality: Focus on systems or areas during audits that affect critical quality attributes (CQAs).
By applying the use of risk companies are able to utilize their resources more effectively in conducting audits and achieve greater compliance overall.
7. Encourage Open Communication During Audits
Auditing is intended to promote enhancement and not determine blame or fault.Auditors should:
- Keep the atmosphere professional and cooperative.
- Use open-ended questions (“Can you help us with how this process is documented?”)
- Listen carefully to what staff has to say.
- Provide a point of information to staff without interruption to their daily tasks.
When auditors promote a culture of open communications during audits, they allow for easier audit experiences for both the auditor and the audit staff and give staff more opportunities to be open regarding any problems and possible non-compliance.
8. Document Findings Clearly and Objectively
All observations made by the auditor during their review should be captured accurately and objectively. There should not be any unclear language and each observation should contain:Observation: What was observed or reviewed.
Requirement: The specific SOP, regulation or guidance according to which it is non-compliant.
Impact: How this could potentially impact product quality or compliance.
Evidence: References for the information above with examples like batch number, a record ID or location.
For example:
Observation: Refrigerator #2's temperature log was not available for the date of 15 July.
Requirement: Schedule M, Clause 4.3 states, "temperature logs need to be documented for all controlled storage areas."
Impact: The lack of a temperature log raises the possibility of losing traceability of raw materials regarding temperature-controlled storage conditions.
Evidence: Logbook itself.
When all findings have been fully documented, QA and management can address identified issues with priority, thus preventing any miscommunications regarding the plan of action taken to resolve those issues.
9. Ensure Timely CAPA Implementation
An internal audit's real value comes from the actions taken after audit to address the audit's findings.Corrective and preventive action (CAPA) must be assigned to all internal audit findings to address the root cause and systemic issues
Some best practices concerning the implementation of CAPAs:
- Use 5 Whys or fishbone diagrams for root cause analysis tools.
- Assign responsibility and due dates for CAPAs.
- Track and record progress of CAPA in logs or through electronic quality management system (QMS).
- Re-verify effectiveness of CAPA during follow-up internal audits.
If there are delays in implementing CAPA or providing only superficial responses, the audit system will lose credibility. Quality assurance (QA) leads should closely monitor implementation of all CAPAs.
10. Conduct Audit Trend Analysis
Audit data collected over time shows patterns and trends that identify problems and systemic weaknesses.The process of evaluating audit trend data on a continuous basis can provide following information:
- Determining any ongoing discrepancy gaps.
- Effectiveness of corrective and preventive actions (CAPA).
- Adjusting audit frequency of high risk areas.
- Faster management review decisions.
11. Review and Improve the Audit Program Regularly
In order to maintain effectiveness, the internal audit function must be assessed regularly.Management reviews should include assessments of:
- Actual audit completion versus originally planned schedules.
- Timely closure of corrective and preventive action (CAPA).
- Recurring audit findings.
- Auditor performance and any training required.
Incorporating information from previous audits allows the evolution of the internal audit function into a more robust compliance improvement tool.
12. Use Technology for Audit Management
More pharmaceutical companies have begun to utilize technology based solutions that allow them to manage self-inspections.What you gain by utilizing tech to manage audits:
- Centralized audit scheduling and recording
- Automatic tracking of CAPAs and provision of escalation alerts
- Integration with modules of quality management systems including deviation processes and change control processes
- Easy access to audit evidence for FDA or WHO inspections.
Utilizing a technology based solution allows you to have increased transparency, accountability and traceability in the audit process.
Internal audit system of a company is an indication of the extent to which it has developed a culture of quality to support its goal of becoming compliant with Good Manufacturing Practice (GMP) through an on-going process of internal audit through a relationship-based model of risk-based thinking and use of digital technology. The internal audit process goes beyond compliance with regulatory requirements. The internal audit process provides an opportunity for learning, prevention and improvement.
Companies have the opportunity to establish an internal audit system that enhances their quality at every stage, while also developing a reputation for quality through using structured audit planning, training, risk-based thinking and utilizing digital tools.
Having a solid and effective internal audit system means that an organization is capable of preventing issues before they occur, as opposed to only identifying problems after they have occurred.
Frequently Asked Questions (FAQs) on Internal Audits
Q1. What is an internal audit in pharmaceuticals?
Answer: Internal audits are self-auditing the facility and in the pharmaceutical industry these are performed to validate compliance with GMP and identify areas for improvement.Q2. How often should internal audits be conducted?
Answer: Each pharmaceutical department should perform an internal audit at a maximum interval of once a year but high-risk areas must be audited more frequently.Q3. Who can perform an internal audit?
Answer: Internal audit personnel must be qualified and trained to do the audit and cannot have been involved in prior work for that specific department.Q4. What are common audit focus areas?
Answer: Common internal audit areas encompass documentation practices, validation of cleaning procedures, calibration activities, employee training records, corrective actions and maintaining data integrity.Q5. Why is CAPA important after an audit?
Answer: CAPAs are put in place to ensure that the findings of internal audits are corrected and will not recur by means of continued application of a proper root cause analysis process.Q6. How do you maintain objectivity during audits?
Answer: An auditor cannot conduct an audit of their own department and they must follow predefined checklists and evaluation criteria for audits.Q7. What are the benefits of risk-based auditing?
Answer: A risk-based audit approach has a focus on high-risk areas and processes to maximize GMP efficiency, improving product quality and patient safety.Q8. How can digital systems help in audit management?
Answer: Digital systems are used to automate processes such as audit scheduling, recordkeeping and following up on the corrective action so they promote transparency and adherence to regulatory compliance.
Get documents for Audit preparation in MS-Word FormatView List
No comments:
Post a Comment
Please don't spam. Comments having links would not be published.