HOW TO CONDUCT AN

EFFECTIVE
INTERNAL QUALITY AUDIT?

Seetharam Kandarpa
ASQ-
ASQ-CPGP & ASQ-
ASQ-CQA

1
 Index
• Introduction to Internal Quality Audit Program
• Principles of Auditing
• Competence and Evaluation of Auditors
• Managing an Internal Quality Audit Program
• Performing an Internal Quality Audit
• Current Issues: Trends of Regulatory Inspections
• Way Forward towards Effective Internal Quality
Audit Program

2
 INTRODUCTION
TO
INTERNAL QUALITY AUDIT
PROGRAM

Back to INDEX 3
 Audit
• Audit
– Systematic, independent and documented process for
obtaining audit evidence and evaluating it objectively to
determine the extent to which the audit criteria are fulfilled.

• Types of Audit
– First Party Audit (Internal audit)
– Second Party Audit (conducted by parties having an interest
in the organization, such as customers, or by other persons
on their behalf).
– Third Party Audit (conducted by independent auditing
organizations, such as regulators or those providing
certification.

4
 Internal Audit
• Internal Audit

– Internal audits, sometimes called first party audits, are

conducted by the organization itself, or on its behalf, for
management review and other internal purposes (e.g. to
confirm the effectiveness of the management system or to
obtain information for the improvement of the management
system).

– Internal audits can form the basis for an organization’s self

declaration of conformity.

– In many cases, particularly in small organizations,

independence can be demonstrated by the freedom from
responsibility for the activity being audited or freedom from
bias and conflict of interest.

5
 Audit Methods
• System Audit
– The quality system audit addresses the who, what, where,
when and how of the quality system used to produce its
product.
– Think of the quality system audit in terms of "an inch deep
but a mile wide" i.e., broad and general in nature rather than
narrow and limited in scope.

• Process Audit
– Where the quality system audit is general in nature, the
process audit is much more narrowly defined. Unlike the
system audit, the process audit is "an inch wide but a mile
deep“.
– It revolves around verification of the manner in which: 1)
people; 2) material; 3) machines, etc., mesh together to
produce a product.

6
 Audit Methods
• Product Audit
– A detailed inspection of a finished product performed prior to
delivering the product to the customer. It is a test of both
attribute and variable data.
– Results of product audits often provide interesting bits of
information regarding the reliability and effectiveness of the
overall quality system.

• Compliance Audit
– During a compliance audit, the auditor examines the written
procedures, work instructions, contractual obligations, etc.,
and attempts to match them to the actions taken by the
auditee to produce the product.
– In essence, it is a "say what you do” and ”do what you
say" type of audit.

7
 Reference (Regulatory/ Others)
• India CDSCO: ScheduleM (15. Self Inspection and Quality audit)

• WHO: Annex 2, TRS 986 (8. Self-inspection, quality audits and

suppliers’ audits and approval)
• EU: EU GMP- EUDRALEX VOLUME 4 (Chapter 9 Self
Inspection)
• USFDA: Quality Systems Approach to Pharmaceutical cGMP
Regulations (IV D 2)
• Japan PMDA: JAPAN PMDA GMP

• Health Canada: HEALTH CANADA GUIDE

• UK MHRA: MHRA GMP

• Australia TGA: TGA GMP

• PIC/S: PIC/S GMP GUIDE

• Excipients IPEC: IPEC_PQG_GMP_Guide_2006

• API GMP (ICH Q7) : ICH Q7 GMP FOR APIs
• ISO 9001:2008 : Quality Management Systems – Requirements
• ISO 19011: 2011 : Guidelines for Auditing Management Systems

8
 Audit Related Terms & Definitions
• Audit criteria
– Set of policies, procedures or requirements used as a
reference against which audit evidence is compared.
– If the audit criteria are legal (including statutory or regulatory)
requirements, the terms “compliant” or “noncompliant” are
often used in an audit finding.

• Audit evidence
– Records, statements of fact or other information which are
relevant to the audit criteria and verifiable.
– Audit evidence can be qualitative or quantitative.

9
 Audit Related Terms & Definitions
• Audit findings
– Results of the evaluation of the collected audit evidence
against audit criteria.
– Audit findings indicate conformity or nonconformity.
– Audit findings can lead to the identification of opportunities for
improvement or recording good practices.
– If the audit criteria are selected from legal or other
requirements, the audit finding is termed compliance or non-
compliance.

• Audit conclusion
– Outcome of an audit, after consideration of the audit
objectives and all audit findings.

10
 Audit Related Terms & Definitions
• Audit client
– Organization or person requesting an audit.
– In the case of internal audit, the audit client can also be the
auditee or the person managing the audit programme.
Requests for external audit can come from sources such as
regulators, contracting parties or potential clients.

• Auditee
– Organization being audited.

• Auditor
– Person who conducts an audit.

11
 Audit Related Terms & Definitions
• Audit team
– One or more auditors conducting an audit, supported if
needed by technical experts.
– One auditor of the audit team is appointed as the audit team
leader.
– The audit team may include auditors-in-training.

• Technical expert
– Person who provides specific knowledge or expertise to the
audit team.
– Specific knowledge or expertise is that which relates to the
organization, the process or activity to be audited, or
language or culture.
– A technical expert does not act as an auditor in the audit
team.

12
 Audit Related Terms & Definitions
• Observer
– Person who accompanies the audit team but does not audit.
– An observer is not a part of the audit team and does not
influence or interfere with the conduct of the audit.
– An observer can be from the auditee, a regulator or other
interested party who witnesses the audit.

• Guide
– Person appointed by the auditee to assist the audit team.

• Audit programme
– Arrangements for a set of one or more audits planned for a
specific time frame and directed towards a specific purpose.

13
 Audit Related Terms & Definitions
• Audit scope
– Extent and boundaries of an audit.
– The audit scope generally includes a description of the
physical locations, organizational units, activities and
processes, as well as the time period covered.

• Audit plan
– Description of the activities and arrangements for an audit.

• Competence
– Ability to apply knowledge and skills to achieve intended
results.
– Ability implies the appropriate application of personal
behaviour during the audit process.

14
 Audit Related Terms & Definitions
• Conformity
– Fulfilment of a requirement.

• Nonconformity
– Non-fulfilment of a requirement.

• Management system
– System to establish policy and objectives and to achieve
those objectives.
– A management system of an organization can include
different management systems, such as a quality
management system, a financial management system or an
environmental management system.

Back to INDEX 15
PRINCIPLES OF AUDITING

Back to INDEX 16
 Principles of Auditing
Integrity

Evidence- Fair
based
Approach Presentation

Auditing
Principles

Due
Independence Professional
Care

Confidentiality

17
 COMPETENCE AND
EVALUATION OF AUDITORS

Back to INDEX 18
 General
• Confidence in the audit process and the ability to
achieve its objectives depends on the competence of
those individuals who are involved in planning and
conducting audits, including auditors and audit team
leaders.

• Competence should be evaluated through a process

that considers personal behaviour and the ability to
apply the knowledge and skills gained through
education, work experience, auditor training and audit
experience.

19
 General
• This process should take into consideration the needs
of the audit programme and its objectives.

• It is not necessary for each auditor in the audit team to

have the same competence; however, the overall
competence of the audit team needs to be sufficient to
achieve the audit objectives.

• The evaluation of auditor competence should be

planned, implemented and documented in accordance
with the audit programme, including its procedures to
provide an outcome that is objective, consistent, fair
and reliable.

20
 General
• The evaluation process should include four main
steps, as follows:

– a) determine the competence of audit personnel

to fulfil the needs of the audit programme;

– b) establish the evaluation criteria;

– c) select the appropriate evaluation method;

– d) conduct the evaluation.

21
 Determining Auditor Competence
• Personal behaviour

– Auditors should possess the necessary qualities to enable

them to act in accordance with the principles of auditing.

– Auditors should exhibit professional behaviour during

the performance of audit activities, including being:
• ethical, i.e. fair, truthful, sincere, honest and discreet;
• open-minded, i.e. willing to consider alternative ideas or points of
view;
• diplomatic, i.e. tactful in dealing with people;
• observant, i.e. actively observing physical surroundings and
activities;
• perceptive, i.e. aware of and able to understand situations;
• versatile, i.e. able to readily adapt to different situations;
• tenacious, i.e. persistent and focused on achieving objectives;

Cont…
22
 Determining Auditor Competence
• Personal behaviour (Contd.)
• decisive, i.e. able to reach timely conclusions based on logical
reasoning and analysis;
• self-reliant, i.e. able to act and function independently whilst
interacting effectively with others;
• acting with fortitude, i.e. able to act responsibly and ethically,
even though these actions may not always be popular and may
sometimes result in disagreement or confrontation;
• open to improvement, i.e. willing to learn from situations, and
striving for better audit results;
• culturally sensitive, i.e. observant and respectful to the culture of
the auditee;
• collaborative, i.e. effectively interacting with others, including
audit team members and the auditee’s personnel.

23
 Determining Auditor Competence
• Knowledge and skills
– Auditors should possess the knowledge and skills necessary
to achieve the intended results of the audits they are expected
to perform.
– All auditors should possess generic knowledge and skills and
should also be expected to possess some discipline and
sector-specific knowledge and skills.
– Audit team leaders should have the additional knowledge and
skills necessary to provide leadership to the audit team.

• Audit team leaders

– An audit team leader should have acquired additional audit
experience to develop the knowledge and skills described
above.
– This additional experience should have been gained by
working under the direction and guidance of a different audit
team leader.
24
 Auditor Evaluation
• Selecting the appropriate auditor evaluation
method

25
 Maintaining and Improving
Auditor Competence
• Auditors should maintain their auditing competence
through regular participation in management system
audits and continual professional development.
• Continual professional development involves the
maintenance and improvement of competence. This
may be achieved through means such as additional
work experience, training, private study, coaching,
attendance at meetings, seminars and conferences or
other relevant activities.

• The person managing the audit programme should

establish suitable mechanisms for the continual
evaluation of the performance of the auditors, and
audit team leaders.
Back to INDEX 26
 MANAGING AN
INTERNAL QUALITY AUDIT
PROGRAM

Back to INDEX 27
 PDCA Cycle
“It would be better if
everyone would work
together as a system,
(1900-1993) with the aim for
everybody to win.”

PDCA Cycle

28
 Process Flow for Management of
an Audit Program
Establishing the Audit Program
Objectives

PLAN

Establishing the Audit Program

Competence and
Evaluation of Auditors
Implementing the Audit Program DO
Performing an Audit

Monitoring the Audit Program CHECK

Reviewing and Improving the Audit

Program ACT

29
 Establishing the
Audit Programme Objectives
• The top management should ensure that the audit
programme objectives are established to direct the
planning and conduct of audits and should ensure the
audit programme is implemented effectively.
• Audit programme objectives should be consistent with
and support management system policy and
objectives.
• These objectives can be based on consideration of the
following:
– a) management priorities;
– b) commercial and other business intentions;
– c) characteristics of processes, products and projects, and
any changes to them;
Cont…
30
 Establishing the
Audit Programme Objectives
• These objectives can be based on consideration of the
following: (Contd.)

– d) management system requirements;

– e) legal and contractual requirements and other requirements
to which the organization is committed;
– f) need for supplier evaluation;
– g) needs and expectations of interested parties, including
customers;
– h) auditee’s level of performance, as reflected in the
occurrence of failures or incidents or customer complaints;
– i) risks to the auditee;
– j) results of previous audits;
– k) level of maturity of the management system being audited.

31
 Establishing the Audit Programme
• Roles and responsibilities of the person managing the
audit programme

• Competence of the person managing the audit

programme

• Establishing the extent of the audit programme

• Identifying and evaluating audit programme risks

• Establishing procedures for the audit programme

• Identifying audit programme resources

32
 Implementing the Audit Programme
• Defining the objectives, scope and criteria for an individual
audit

• Selecting the audit team members

• Assigning responsibility for an individual audit to the audit

team leader

• Managing the audit programme outcome

• Managing and maintaining audit programme records

33
 Monitoring the Audit Programme
• Monitor implementation of the Audit Programme
considering the need to:
– a) evaluate conformity with audit programmes, schedules and audit
objectives;
– b) evaluate the performance of the audit team members;
– c) evaluate the ability of the audit teams to implement the audit plan;
– d) evaluate feedback from top management, auditees, auditors and other
interested parties.

• Factors may determine the need to modify the audit

programme
– audit findings;
– demonstrated level of management system effectiveness;
– changes to the client’s or the auditee’s management system, standards,
requirements and other requirements to which the organization is
committed;

34
 Reviewing and improving
the Audit Programme
• Review the audit programme to assess whether its
objectives have been achieved.
• Lessons learned from the audit programme review should
be used as inputs for the continual improvement process for
the programme.

• Review should consider the following:

– results and trends from audit programme monitoring;
– conformity with audit programme procedures;
– evolving needs and expectations of interested parties;
– audit programme records;
– alternative or new auditing methods;
– effectiveness of the measures to address the risks associated with the audit
programme;
– confidentiality and information security issues relating to the audit
programme.
35
 PERFORMING AN
INTERNAL QUALITY AUDIT

Back to INDEX 36
 Typical Audit Activities
Initiating the Audit

Preparing Audit Activities

Conducting the Audit Activities

Preparing and Distributing the

Audit Report

Completing the Audit

Conducting audit follow-up

(if specified in the audit plan)

37
 Initiating the Audit
• Establishing initial contact with the auditee

– When an audit is initiated, the responsibility for conducting the

audit remains with the assigned audit team leader until the audit
is completed.

– The initial contact with the auditee can be informal or formal and
should be made by the audit team leader.

• Determining the feasibility of the audit

– To provide reasonable confidence that the audit objectives can

be achieved.

38
 Preparing Audit Activities

• Performing document review in preparation for the audit

• Preparing the Audit Plan

• Assigning Work to the Audit Team

• Preparing Work Documents

39
 Conducting the Audit Activities
• Conducting the opening meeting
– The purpose of the opening meeting is to:
• a) confirm the agreement of all parties (e.g. auditee, audit team) to
the audit plan;
• b) introduce the audit team;
• c) ensure that all planned audit activities can be performed.

• Performing document review while conducting the

audit
• Communicating during the audit
– The audit team should confer periodically, as needed, to:
• exchange information;
• assess audit progress;
• reassign work between the audit team members.

40
 Conducting the Audit Activities
• Collecting and verifying information
Source of Information

Collecting by means of appropriate Sampling

Audit Evidence

Evaluating against Audit Criteria

Audit Findings

Reviewing

Audit Conclusions
Corporate Quality Assurance 41
 Conducting the Audit Activities
• Generating audit findings

– Audit evidence should be evaluated against the audit criteria in

order to determine audit findings.

– Audit findings can indicate conformity or nonconformity with audit

criteria.

– Nonconformities
• along with their supporting audit evidence should be recorded.
• may be graded.
• should be reviewed with the auditee in order to obtain
acknowledgement that the audit evidence is accurate, and that the
nonconformities are understood.

– The audit team should meet as needed to review the audit findings
at appropriate stages during the audit.
42
 Conducting the Audit Activities
• Preparing audit conclusions
– The audit team should confer prior to the closing meeting in
order to:
• review the audit findings, and any other appropriate information
collected during the audit, against the audit objectives;
• agree on the audit conclusions, taking into account the uncertainty
inherent in the audit process;
• prepare recommendations, if specified by the audit plan;
• discuss audit follow-up, as applicable.

• Conducting the closing meeting

– A closing meeting, facilitated by the audit team leader, should be
held to present the audit findings and conclusions.

43
 Preparing and Distributing
the Audit Report
• Preparing the audit report
– The audit team leader should report the audit results in
accordance with the audit programme procedures.
– The audit report should provide a complete, accurate, concise and
clear record of the audit.

• Distributing the audit report

– The audit report should be issued within an agreed period of time.
If it is delayed, the reasons should be communicated to the
auditee and the person managing the audit programme.
– The audit report should be dated, reviewed and approved, as
appropriate, in accordance with audit programme procedures.
– The audit report should then be distributed to the recipients as
defined in the audit procedures or audit plan.

44
 Completing the Audit
• The audit is completed when all planned audit activities
have been carried out, or as otherwise agreed with the
audit client.

• Documents pertaining to the audit should be retained or

destroyed in accordance with audit programme
procedures and applicable requirements.

• If disclosure of the contents of an audit document is

required, the audit client and auditee should be informed
as soon as possible.

• Lessons learned from the audit should be entered into the

continual improvement process.
45
 Conducting Audit Follow-up
• The conclusions of the audit can, depending on the audit
objectives, indicate the need for corrections, or for
corrective, preventive or improvement actions.

• Such actions are usually decided and undertaken by the

auditee within an agreed timeframe.

• As appropriate, the auditee should keep the person

managing the audit programme and the audit team
informed of the status of these actions.

• The completion and effectiveness of these actions should

be verified. This verification may be part of subsequent
audit.
Back to INDEX 46
 CURRENT ISSUES:
TRENDS OF REGULATORY
INSPECTIONS

Back to INDEX 47
 USFDA Inspection
FY 2014 Inspectional Observation Summaries

• Number of 483s Issued from the System* (Inspections ending

between 10/1/2013 12:00:00 AM and 9/30/2014 12:00:00 AM)
Center Name 483s Issued
Foods 2476
Devices 972
Drugs 645
Veterinary Medicine 337
Bioresearch Monitoring 297
Biologics 146
Human Tissue for Transplantation 115
Parts 1240 and 1250 70
Radiological Health 16
Sum Product Area 483s from System* 5074
Actual Total in System 483s** 4943

48
 USFDA Inspection
FY 2014 Inspectional Observation Summaries (Contd.)
• Most Frequent Observations- Drugs
Cite Reference
Short Description Long Description Frequency
Id Number
21 CFR Procedures not in The responsibilities and procedures applicable to the quality
1105 145
211.22(d) writing, fully followed control unit are not [in writing] [fully followed]. Specifically, ***
Laboratory controls do not include the establishment of
scientifically sound and appropriate [specifications]
[standards] [sampling plans] [test procedures] designed to
21 CFR Scientifically sound
3603 assure that [components] [drug product containers] [closures] 109
211.160(b) laboratory controls
[in-process materials] [labeling] [drug products] conform to
appropriate standards of identity, strength, quality and purity.
Specifically, ***
There is a failure to thoroughly review [any unexplained
21 CFR Investigations of discrepancy] [the failure of a batch or any of its components
2027 94
211.192 discrepancies, failures to meet any of its specifications] whether or not the batch
has been already distributed. Specifically, ***
There are no written procedures for production and process
21 CFR Absence of Written controls designed to assure that the drug products have the
1361 87
211.100(a) Procedures identity, strength, quality, and purity they purport or are
represented to possess. Specifically, ***
"Written procedures are not [established] [followed] for the
21 CFR Written procedures not cleaning and maintenance of equipment, including utensils,
1215 72
211.67(b) established/followed used in the manufacture, processing, packing or holding of a
drug product. Specifically, *** "

49
 USFDA Inspection
FY 2014 Inspectional Observation Summaries (Contd.)
• Most Frequent Observations- Drugs (Contd.)
Cite Reference
Short Description Long Description Frequency
Id Number
Procedures designed to prevent microbiological
21 CFR Procedures for sterile
1451 contamination of drug products purporting to be sterile are 72
211.113(b) drug products
not [established] [written] [followed]. Specifically, ***
Testing and release of drug product for distribution do not
21 CFR Testing and release for include appropriate laboratory determination of satisfactory
1883 64
211.165(a) distribution conformance to the [final specifications] [identity and strength
of each active ingredient] prior to release. Specifically, ***
Equipment and utensils are not [cleaned] [maintained]
21 CFR Cleaning / Sanitizing / [sanitized] at appropriate intervals to prevent [malfunctions]
1213 63
211.67(a) Maintenance [contamination] that would alter the safety, identity, strength,
quality or purity of the drug product. Specifically, ***
Routine [calibration] [inspection] [checking] of [automatic]
21 CFR Calibration/Inspection/C [mechanical] [electronic] equipment is not performed
1274 54
211.68(a) hecking not done according to a written program designed to assure proper
performance. Specifically, ***

21 CFR Lack of written stability There is no written testing program designed to assess the
1914 51
211.166(a) program stability characteristics of drug products. Specifically, ***

50
 USFDA Inspection
• USFDA Observations on Internal Quality Audit
Program
– 483’s/ Warning Letter
• GlaxoSmithKline Consumer Healthcare has received an FDA Form 483 for not
conducting internal audits at its Saint Louis, Mo., plant as often as required by
company protocol. During an Oct. 19 to Nov. 2, 2011, inspection, the FDA
found audit schedules were not followed for stability, packaging, tableting and
quality of incoming supplies, the form states.
• Hospira: Procedures for quality audits have not been adequately established.
• Failure to conduct quality audits to assure that the quality system is in
compliance with the established quality system requirements and to determine
the effectiveness of the quality system.
• Failure to establish and maintain adequate procedures for quality audits and to
conduct such audits to assure that the quality system complies with
established quality system requirements and to determine the effectiveness of
the quality system. These quality audits shall be conducted by individuals who
do not have direct responsibility for the matters being audited.

51
 UK MHRA Inspection
• Detail of Site Types with Major/Critical Deficiencies in
2013

52
 UK MHRA Inspection
• Most Common Findings in 2013

Corporate Quality Assurance 53

 UK MHRA Inspection
• Deficiency Category Trends Over Previous Five Years

54
 Health Canada Inspection
• Most Common Observations Cited (Fiscal Year: April 1,
2012 to March 31, 2013) Bar chart showing the top ten sections of the Food and
Drug Regulations as a percentage of the total number of
observations cited during drug GMP inspections
conducted between April 1, 2012 and March 31, 2013.
C.02.013 - 15 Quality control department = 35.5%
C.02.011 -12 Manufacturing control = 19.2%
C.02.020 - 24 Records = 7.0%
C.02.005 Equipment = 6.5%
C.02.006 Personnel = 6.2%
C.02.004 Premises = 4.4%
C.02.018-19 Finished product testing = 4.4%
C.02.007 - 8 Sanitation = 4.3%
C.02.029 Sterile products = 4.2%
C.02.027 - 28 Stability = 4.2%

Pie chart showing the number and percentage of

observations categorized as Risk 1, 2, and 3 during drug
GMP inspections conducted between April 1, 2012 and
March 31, 2013.
Risk 3 = 51% (1751 observations)
Risk 2 = 48% (1681 observations)
Risk 1 = 1% (34 observations)

55
 Health Canada Inspection
• Most Common Observations Cited (Fiscal Year: April 1,
2012 to March 31, 2013) (Contd.)

56
WHO Inspection

57
WHO Inspection

58
WHO Inspection

59
WHO Inspection

60
WHO Inspection

61
WHO Inspection

62
 WAY FORWARD
TOWARDS
EFFECTIVE INTERNAL
QUALITY AUDIT PROGRAM

Back to INDEX 63
 Way Forward
• Internal audits are an important part of all management
systems. They demonstrate whether your routines and
procedures are effective.

• Effective audits make you aware of potential problems and

risks at an early stage before they lead to deviations,
complaints, incidents and other undesirable situations.

64
 Way Forward
Tips for Effective Internal Quality Audit Program

1. Ensure systems and processes are clear

2. Choose the right auditor
3. Enter the area with respect
4. Get employees talking
5. Focus on the right issues
6. Embrace non-conformance
7. Shift the focus towards how to improve
8. Measure and track key areas of the business
9. Be a customer
10. Renew periodically

65
 Make Excellence a Habit

Whether you are looking to improve customer satisfaction, operational

excellence, product quality performance, information security or reduce
risk of business disruption, a well-run INTERNAL QUALITY AUDIT process
can become a key performance tool to make EXCELLENCE a habit.

Back to INDEX 66
 Thanks

Back to INDEX 67