how to conduct an effective internal quality audit?
TRANSCRIPT
HOW TO CONDUCT AN EFFECTIVE INTERNAL QUALITY AUDIT?
1
Seetharam Seetharam Seetharam Seetharam Kandarpa Kandarpa Kandarpa Kandarpa
ASQASQASQASQ----CPGP & ASQCPGP & ASQCPGP & ASQCPGP & ASQ----CQACQACQACQA
Index
• Introduction to Internal Quality Audit Program
• Principles of Auditing
• Competence and Evaluation of Auditors
• Managing an Internal Quality Audit Program
• Performing an Internal Quality Audit
• Current Issues: Trends of Regulatory Inspections
• Way Forward towards Effective Internal Quality
Audit Program
2
INTRODUCTION TO TO
INTERNAL QUALITY AUDIT PROGRAM
3Back to INDEX
Audit• Audit
– Systematic, independent and documented process forobtaining audit evidence and evaluating it objectively todetermine the extent to which the audit criteria are fulfilled.
• Types of Audit– First Party Audit (Internal audit)– First Party Audit (Internal audit)– Second Party Audit (conducted by parties having an interest
in the organization, such as customers, or by other personson their behalf).
– Third Party Audit (conducted by independent auditingorganizations, such as regulators or those providingcertification.
4
Internal Audit
• Internal Audit
– Internal audits, sometimes called first party audits, areconducted by the organization itself, or on its behalf, formanagement review and other internal purposes (e.g. toconfirm the effectiveness of the management system or toobtain information for the improvement of the managementsystem).system).
– Internal audits can form the basis for an organization’s selfdeclaration of conformity.
– In many cases, particularly in small organizations,independence can be demonstrated by the freedom fromresponsibility for the activity being audited or freedom frombias and conflict of interest.
5
Audit Methods• System Audit
– The quality system audit addresses the who, what, where,when and how of the quality system used to produce itsproduct.
– Think of the quality system audit in terms of "an inch deepbut a mile wide" i.e., broad and general in nature rather thannarrow and limited in scope.
• Process Audit– Where the quality system audit is general in nature, the
process audit is much more narrowly defined. Unlike thesystem audit, the process audit is "an inch wide but a miledeep“.
– It revolves around verification of the manner in which: 1)people; 2) material; 3) machines, etc., mesh together toproduce a product.
6
Audit Methods• Product Audit
– A detailed inspection of a finished product performed prior todelivering the product to the customer. It is a test of bothattribute and variable data.
– Results of product audits often provide interesting bits ofinformation regarding the reliability and effectiveness of theoverall quality system.
• Compliance Audit– During a compliance audit, the auditor examines the written
procedures, work instructions, contractual obligations, etc.,and attempts to match them to the actions taken by theauditee to produce the product.
– In essence, it is a "say what you do” and ”do what yousay" type of audit.
7
Reference (Regulatory/ Others)
• India CDSCO: ScheduleM (15. Self Inspection and Quality audit)
• WHO: Annex 2, TRS 986 (8. Self-inspection, quality audits and suppliers’ audits and approval)
• EU: EU GMP- EUDRALEX VOLUME 4 (Chapter 9 Self Inspection)
• USFDA: Quality Systems Approach to Pharmaceutical cGMP Regulations (IV D 2)
• Japan PMDA: JAPAN PMDA GMP
8
• Health Canada: HEALTH CANADA GUIDE• UK MHRA: MHRA GMP
• Australia TGA: TGA GMP
• PIC/S: PIC/S GMP GUIDE
• Excipients IPEC: IPEC_PQG_GMP_Guide_2006• API GMP (ICH Q7) : ICH Q7 GMP FOR APIs• ISO 9001:2008 : Quality Management Systems – Requirements• ISO 19011: 2011 : Guidelines for Auditing Management Systems
Audit Related Terms & Definitions
• Audit criteria– Set of policies, procedures or requirements used as a
reference against which audit evidence is compared.– If the audit criteria are legal (including statutory or regulatory)
requirements, the terms “compliant” or “noncompliant” areoften used in an audit finding.
• Audit evidence– Records, statements of fact or other information which are
relevant to the audit criteria and verifiable.– Audit evidence can be qualitative or quantitative.
9
Audit Related Terms & Definitions• Audit findings
– Results of the evaluation of the collected audit evidenceagainst audit criteria.
– Audit findings indicate conformity or nonconformity.– Audit findings can lead to the identification of opportunities for
improvement or recording good practices.– If the audit criteria are selected from legal or other
requirements, the audit finding is termed compliance or non-requirements, the audit finding is termed compliance or non-compliance.
• Audit conclusion– Outcome of an audit, after consideration of the audit
objectives and all audit findings.
10
Audit Related Terms & Definitions• Audit client
– Organization or person requesting an audit.– In the case of internal audit, the audit client can also be the
auditee or the person managing the audit programme.Requests for external audit can come from sources such asregulators, contracting parties or potential clients.
• Auditee• Auditee– Organization being audited.
• Auditor– Person who conducts an audit.
11
Audit Related Terms & Definitions• Audit team
– One or more auditors conducting an audit, supported ifneeded by technical experts.
– One auditor of the audit team is appointed as the audit teamleader.
– The audit team may include auditors-in-training.
• Technical expert• Technical expert– Person who provides specific knowledge or expertise to the
audit team.– Specific knowledge or expertise is that which relates to the
organization, the process or activity to be audited, orlanguage or culture.
– A technical expert does not act as an auditor in the auditteam.
12
Audit Related Terms & Definitions• Observer
– Person who accompanies the audit team but does not audit.– An observer is not a part of the audit team and does not
influence or interfere with the conduct of the audit.– An observer can be from the auditee, a regulator or other
interested party who witnesses the audit.
• Guide• Guide– Person appointed by the auditee to assist the audit team.
• Audit programme– Arrangements for a set of one or more audits planned for a
specific time frame and directed towards a specific purpose.
13
Audit Related Terms & Definitions• Audit scope
– Extent and boundaries of an audit.– The audit scope generally includes a description of the
physical locations, organizational units, activities andprocesses, as well as the time period covered.
• Audit plan• Audit plan– Description of the activities and arrangements for an audit.
• Competence– Ability to apply knowledge and skills to achieve intended
results.– Ability implies the appropriate application of personal
behaviour during the audit process.
14
Audit Related Terms & Definitions• Conformity
– Fulfilment of a requirement.
• Nonconformity– Non-fulfilment of a requirement.
• Management system• Management system– System to establish policy and objectives and to achieve
those objectives.– A management system of an organization can include
different management systems, such as a qualitymanagement system, a financial management system or anenvironmental management system.
15Back to INDEX
PRINCIPLES OF AUDITINGPRINCIPLES OF AUDITING
16Back to INDEX
Principles of Auditing
Auditing
Integrity
Fair
Presentation
Evidence-based
Approach
17
Auditing Principles
Due Professional
Care
Confidentiality
Independence
COMPETENCE AND
EVALUATION OF AUDITORS
18Back to INDEX
General
• Confidence in the audit process and the ability to
achieve its objectives depends on the competence of
those individuals who are involved in planning and
conducting audits, including auditors and audit team
leaders.
• Competence should be evaluated through a process• Competence should be evaluated through a process
that considers personal behaviour and the ability to
apply the knowledge and skills gained through
education, work experience, auditor training and audit
experience.
19
General
• This process should take into consideration the needs
of the audit programme and its objectives.
• It is not necessary for each auditor in the audit team to
have the same competence; however, the overall
competence of the audit team needs to be sufficient to
achieve the audit objectives.achieve the audit objectives.
• The evaluation of auditor competence should be
planned, implemented and documented in accordance
with the audit programme, including its procedures to
provide an outcome that is objective, consistent, fair
and reliable.
20
General
• The evaluation process should include four main
steps, as follows:
– a) determine the competence of audit personnel
to fulfil the needs of the audit programme;
– b) establish the evaluation criteria;– b) establish the evaluation criteria;
– c) select the appropriate evaluation method;
– d) conduct the evaluation.
21
Determining Auditor Competence
• Personal behaviour
– Auditors should possess the necessary qualities to enablethem to act in accordance with the principles of auditing.
– Auditors should exhibit professional behaviour duringthe performance of audit activities, including being:
• ethical, i.e. fair, truthful, sincere, honest and discreet;• ethical, i.e. fair, truthful, sincere, honest and discreet;
• open-minded, i.e. willing to consider alternative ideas or points of
view;
• diplomatic, i.e. tactful in dealing with people;
• observant, i.e. actively observing physical surroundings and
activities;
• perceptive, i.e. aware of and able to understand situations;
• versatile, i.e. able to readily adapt to different situations;
• tenacious, i.e. persistent and focused on achieving objectives;
Cont…22
Determining Auditor Competence
• Personal behaviour (Contd.)
• decisive, i.e. able to reach timely conclusions based on logical
reasoning and analysis;
• self-reliant, i.e. able to act and function independently whilst
interacting effectively with others;
• acting with fortitude, i.e. able to act responsibly and ethically,
even though these actions may not always be popular and may
sometimes result in disagreement or confrontation;sometimes result in disagreement or confrontation;
• open to improvement, i.e. willing to learn from situations, and
striving for better audit results;
• culturally sensitive, i.e. observant and respectful to the culture of
the auditee;
• collaborative, i.e. effectively interacting with others, including
audit team members and the auditee’s personnel.
23
Determining Auditor Competence
• Knowledge and skills– Auditors should possess the knowledge and skills necessary
to achieve the intended results of the audits they are expectedto perform.
– All auditors should possess generic knowledge and skills andshould also be expected to possess some discipline andsector-specific knowledge and skills.
– Audit team leaders should have the additional knowledge and– Audit team leaders should have the additional knowledge andskills necessary to provide leadership to the audit team.
• Audit team leaders– An audit team leader should have acquired additional audit
experience to develop the knowledge and skills describedabove.
– This additional experience should have been gained byworking under the direction and guidance of a different auditteam leader.
24
Auditor Evaluation
• Selecting the appropriate auditor evaluationmethod
25
Maintaining and Improving Auditor Competence
• Auditors should maintain their auditing competence
through regular participation in management system
audits and continual professional development.
• Continual professional development involves the
maintenance and improvement of competence. This
may be achieved through means such as additional
work experience, training, private study, coaching,
attendance at meetings, seminars and conferences or
other relevant activities.
• The person managing the audit programme should
establish suitable mechanisms for the continual
evaluation of the performance of the auditors, and
audit team leaders.26Back to INDEX
MANAGING AN
INTERNAL QUALITY AUDIT
PROGRAM
27Back to INDEX
PDCA Cycle
“It would be better if
everyone would work
together as a system,
with the aim for
everybody to win.”(1900-1993)
PDCA Cycle
28
Process Flow for Management of
an Audit Program
Establishing the Audit Program Objectives
Establishing the Audit Program
Competence and
Evaluation of Auditors
PLAN
29
Implementing the Audit Program
Monitoring the Audit Program
Reviewing and Improving the Audit Program
Evaluation of Auditors
Performing an Audit
DO
CHECK
ACT
Establishing the
Audit Programme Objectives• The top management should ensure that the audit
programme objectives are established to direct the
planning and conduct of audits and should ensure the
audit programme is implemented effectively.
• Audit programme objectives should be consistent with
and support management system policy andand support management system policy and
objectives.
• These objectives can be based on consideration of the
following:– a) management priorities;– b) commercial and other business intentions;– c) characteristics of processes, products and projects, and
any changes to them;Cont…
30
Establishing the
Audit Programme Objectives• These objectives can be based on consideration of the
following: (Contd.)
– d) management system requirements;– e) legal and contractual requirements and other requirements
to which the organization is committed;– f) need for supplier evaluation;– g) needs and expectations of interested parties, including– g) needs and expectations of interested parties, including
customers;– h) auditee’s level of performance, as reflected in the
occurrence of failures or incidents or customer complaints;– i) risks to the auditee;– j) results of previous audits;– k) level of maturity of the management system being audited.
31
Establishing the Audit Programme
• Roles and responsibilities of the person managing the
audit programme
• Competence of the person managing the audit
programme
• Establishing the extent of the audit programme• Establishing the extent of the audit programme
• Identifying and evaluating audit programme risks
• Establishing procedures for the audit programme
• Identifying audit programme resources
32
Implementing the Audit Programme
• Defining the objectives, scope and criteria for an individual
audit
• Selecting the audit team members
• Assigning responsibility for an individual audit to the audit
team leaderteam leader
• Managing the audit programme outcome
• Managing and maintaining audit programme records
33
Monitoring the Audit Programme
• Monitor implementation of the Audit Programmeconsidering the need to:– a) evaluate conformity with audit programmes, schedules and audit
objectives;
– b) evaluate the performance of the audit team members;
– c) evaluate the ability of the audit teams to implement the audit plan;
– d) evaluate feedback from top management, auditees, auditors and other
interested parties.interested parties.
• Factors may determine the need to modify the auditprogramme– audit findings;
– demonstrated level of management system effectiveness;
– changes to the client’s or the auditee’s management system, standards,
requirements and other requirements to which the organization is
committed;
34
Reviewing and improving
the Audit Programme• Review the audit programme to assess whether its
objectives have been achieved.
• Lessons learned from the audit programme review should
be used as inputs for the continual improvement process for
the programme.
• Review should consider the following:• Review should consider the following:– results and trends from audit programme monitoring;
– conformity with audit programme procedures;
– evolving needs and expectations of interested parties;
– audit programme records;
– alternative or new auditing methods;
– effectiveness of the measures to address the risks associated with the audit
programme;
– confidentiality and information security issues relating to the audit
programme.
35
PERFORMING AN
INTERNAL QUALITY AUDIT
36Back to INDEX
Typical Audit Activities
Initiating the Audit
Preparing Audit Activities
Conducting the Audit Activities
37
Preparing and Distributing the Audit Report
Completing the Audit
Conducting audit follow-up(if specified in the audit plan)
Initiating the Audit
• Establishing initial contact with the auditee
– When an audit is initiated, the responsibility for conducting theaudit remains with the assigned audit team leader until the auditis completed.
– The initial contact with the auditee can be informal or formal andshould be made by the audit team leader.should be made by the audit team leader.
• Determining the feasibility of the audit
– To provide reasonable confidence that the audit objectives canbe achieved.
38
Preparing Audit Activities
• Performing document review in preparation for the audit
• Preparing the Audit Plan
• Assigning Work to the Audit Team
• Preparing Work Documents
39
Conducting the Audit Activities
• Conducting the opening meeting– The purpose of the opening meeting is to:
• a) confirm the agreement of all parties (e.g. auditee, audit team) to
the audit plan;
• b) introduce the audit team;
• c) ensure that all planned audit activities can be performed.
• Performing document review while conducting the• Performing document review while conducting theaudit
• Communicating during the audit– The audit team should confer periodically, as needed, to:
• exchange information;
• assess audit progress;
• reassign work between the audit team members.
40
Conducting the Audit Activities
• Collecting and verifying information
Source of Information
Collecting by means of appropriate Sampling
Audit Evidence
Corporate Quality Assurance 41
Evaluating against Audit Criteria
Audit Findings
Reviewing
Audit Conclusions
Conducting the Audit Activities
• Generating audit findings
– Audit evidence should be evaluated against the audit criteria inorder to determine audit findings.
– Audit findings can indicate conformity or nonconformity with auditcriteria.
– Nonconformities• along with their supporting audit evidence should be recorded.
• may be graded.
• should be reviewed with the auditee in order to obtain
acknowledgement that the audit evidence is accurate, and that the
nonconformities are understood.
– The audit team should meet as needed to review the audit findingsat appropriate stages during the audit.
42
Conducting the Audit Activities
• Preparing audit conclusions– The audit team should confer prior to the closing meeting in
order to:• review the audit findings, and any other appropriate information
collected during the audit, against the audit objectives;
• agree on the audit conclusions, taking into account the uncertainty
inherent in the audit process;
• prepare recommendations, if specified by the audit plan;• prepare recommendations, if specified by the audit plan;
• discuss audit follow-up, as applicable.
• Conducting the closing meeting– A closing meeting, facilitated by the audit team leader, should be
held to present the audit findings and conclusions.
43
Preparing and Distributing
the Audit Report• Preparing the audit report
– The audit team leader should report the audit results inaccordance with the audit programme procedures.
– The audit report should provide a complete, accurate, concise andclear record of the audit.
• Distributing the audit report– The audit report should be issued within an agreed period of time.– The audit report should be issued within an agreed period of time.
If it is delayed, the reasons should be communicated to theauditee and the person managing the audit programme.
– The audit report should be dated, reviewed and approved, asappropriate, in accordance with audit programme procedures.
– The audit report should then be distributed to the recipients asdefined in the audit procedures or audit plan.
44
Completing the Audit
• The audit is completed when all planned audit activities
have been carried out, or as otherwise agreed with the
audit client.
• Documents pertaining to the audit should be retained or
destroyed in accordance with audit programme
procedures and applicable requirements.procedures and applicable requirements.
• If disclosure of the contents of an audit document is
required, the audit client and auditee should be informed
as soon as possible.
• Lessons learned from the audit should be entered into the
continual improvement process.
45
Conducting Audit Follow-up
• The conclusions of the audit can, depending on the audit
objectives, indicate the need for corrections, or for
corrective, preventive or improvement actions.
• Such actions are usually decided and undertaken by the
auditee within an agreed timeframe.
• As appropriate, the auditee should keep the person
managing the audit programme and the audit team
informed of the status of these actions.
• The completion and effectiveness of these actions should
be verified. This verification may be part of subsequent
audit.46Back to INDEX
CURRENT ISSUES:
TRENDS OF REGULATORY
INSPECTIONS
47Back to INDEX
USFDA Inspection
FY 2014 Inspectional Observation Summaries
• Number of 483s Issued from the System* (Inspections ending between 10/1/2013 12:00:00 AM and 9/30/2014 12:00:00 AM)
Center Name 483s Issued
Foods 2476
Devices 972
48
Devices 972
Drugs 645
Veterinary Medicine 337
Bioresearch Monitoring 297
Biologics 146
Human Tissue for Transplantation 115
Parts 1240 and 1250 70
Radiological Health 16
Sum Product Area 483s from System* 5074
Actual Total in System 483s** 4943
USFDA Inspection
FY 2014 Inspectional Observation Summaries (Contd.)
• Most Frequent Observations- Drugs Cite Id
Reference Number
Short Description Long Description Frequency
110521 CFR
211.22(d)
Procedures not in
writing, fully followed
The responsibilities and procedures applicable to the quality
control unit are not [in writing] [fully followed]. Specifically, ***145
360321 CFR
211.160(b)
Scientifically sound
laboratory controls
Laboratory controls do not include the establishment of
scientifically sound and appropriate [specifications]
[standards] [sampling plans] [test procedures] designed to
assure that [components] [drug product containers] [closures] 109
49
211.160(b) laboratory controls[in-process materials] [labeling] [drug products] conform to
appropriate standards of identity, strength, quality and purity.
Specifically, ***
202721 CFR
211.192
Investigations of
discrepancies, failures
There is a failure to thoroughly review [any unexplained
discrepancy] [the failure of a batch or any of its components
to meet any of its specifications] whether or not the batch
has been already distributed. Specifically, ***
94
136121 CFR
211.100(a)
Absence of Written
Procedures
There are no written procedures for production and process
controls designed to assure that the drug products have the
identity, strength, quality, and purity they purport or are
represented to possess. Specifically, ***
87
121521 CFR
211.67(b)
Written procedures not
established/followed
"Written procedures are not [established] [followed] for the
cleaning and maintenance of equipment, including utensils,
used in the manufacture, processing, packing or holding of a
drug product. Specifically, *** "
72
USFDA Inspection
FY 2014 Inspectional Observation Summaries (Contd.)
• Most Frequent Observations- Drugs (Contd.) Cite Id
Reference Number
Short Description Long Description Frequency
145121 CFR
211.113(b)
Procedures for sterile
drug products
Procedures designed to prevent microbiological
contamination of drug products purporting to be sterile are
not [established] [written] [followed]. Specifically, ***
72
188321 CFR
211.165(a)
Testing and release for
distribution
Testing and release of drug product for distribution do not
include appropriate laboratory determination of satisfactory
conformance to the [final specifications] [identity and strength 64
50
211.165(a) distribution conformance to the [final specifications] [identity and strength
of each active ingredient] prior to release. Specifically, ***
121321 CFR
211.67(a)
Cleaning / Sanitizing /
Maintenance
Equipment and utensils are not [cleaned] [maintained]
[sanitized] at appropriate intervals to prevent [malfunctions]
[contamination] that would alter the safety, identity, strength,
quality or purity of the drug product. Specifically, ***
63
127421 CFR
211.68(a)
Calibration/Inspection/C
hecking not done
Routine [calibration] [inspection] [checking] of [automatic]
[mechanical] [electronic] equipment is not performed
according to a written program designed to assure proper
performance. Specifically, ***
54
191421 CFR
211.166(a)
Lack of written stability
program
There is no written testing program designed to assess the
stability characteristics of drug products. Specifically, ***51
USFDA Inspection
• USFDA Observations on Internal Quality AuditProgram
– 483’s/ Warning Letter• GlaxoSmithKline Consumer Healthcare has received an FDA Form 483 for not
conducting internal audits at its Saint Louis, Mo., plant as often as required by
company protocol. During an Oct. 19 to Nov. 2, 2011, inspection, the FDA
found audit schedules were not followed for stability, packaging, tableting and
quality of incoming supplies, the form states.quality of incoming supplies, the form states.
• Hospira: Procedures for quality audits have not been adequately established.
• Failure to conduct quality audits to assure that the quality system is in
compliance with the established quality system requirements and to determine
the effectiveness of the quality system.
• Failure to establish and maintain adequate procedures for quality audits and to
conduct such audits to assure that the quality system complies with
established quality system requirements and to determine the effectiveness of
the quality system. These quality audits shall be conducted by individuals who
do not have direct responsibility for the matters being audited.
51
UK MHRA Inspection
• Detail of Site Types with Major/Critical Deficiencies in 2013
52
UK MHRA Inspection
• Most Common Findings in 2013
Corporate Quality Assurance 53
UK MHRA Inspection
• Deficiency Category Trends Over Previous Five Years
54
Health Canada Inspection
• Most Common Observations Cited (Fiscal Year: April 1,
2012 to March 31, 2013) Bar chart showing the top ten sections of the Food and
Drug Regulations as a percentage of the total number of
observations cited during drug GMP inspections
conducted between April 1, 2012 and March 31, 2013.
C.02.013 - 15 Quality control department = 35.5%
C.02.011 -12 Manufacturing control = 19.2%
C.02.020 - 24 Records = 7.0%
C.02.005 Equipment = 6.5%
C.02.006 Personnel = 6.2%
C.02.004 Premises = 4.4%
55
C.02.004 Premises = 4.4%
C.02.018-19 Finished product testing = 4.4%
C.02.007 - 8 Sanitation = 4.3%
C.02.029 Sterile products = 4.2%
C.02.027 - 28 Stability = 4.2%
Pie chart showing the number and percentage of
observations categorized as Risk 1, 2, and 3 during drug
GMP inspections conducted between April 1, 2012 and
March 31, 2013.
Risk 3 = 51% (1751 observations)
Risk 2 = 48% (1681 observations)
Risk 1 = 1% (34 observations)
Health Canada Inspection
• Most Common Observations Cited (Fiscal Year: April 1,
2012 to March 31, 2013) (Contd.)
56
WHO Inspection
57
WHO Inspection
58
WHO Inspection
59
WHO Inspection
60
WHO Inspection
61
WHO Inspection
62
WAY FORWARD TOWARDS
EFFECTIVE INTERNAL EFFECTIVE INTERNAL QUALITY AUDIT PROGRAM
63Back to INDEX
Way Forward
• Internal audits are an important part of all management
systems. They demonstrate whether your routines and
procedures are effective.
• Effective audits make you aware of potential problems and
risks at an early stage before they lead to deviations,
complaints, incidents and other undesirable situations.
64
complaints, incidents and other undesirable situations.
Way Forward
Tips for Effective Internal Quality Audit Program
1. Ensure systems and processes are clear2. Choose the right auditor3. Enter the area with respect4. Get employees talking5. Focus on the right issues
65
5. Focus on the right issues6. Embrace non-conformance7. Shift the focus towards how to improve8. Measure and track key areas of the business9. Be a customer10. Renew periodically
Make Excellence a Habit
66
Whether you are looking to improve customer satisfaction, operational
excellence, product quality performance, information security or reducerisk of business disruption, a well-run INTERNAL QUALITY AUDIT processcan become a key performance tool to make EXCELLENCE a habit.
Back to INDEX
Thanks
67Back to INDEX