Professional Documents
Culture Documents
EFFECTIVE
INTERNAL QUALITY AUDIT?
Seetharam Kandarpa
ASQ-
ASQ-CPGP & ASQ-
ASQ-CQA
1
Index
• Introduction to Internal Quality Audit Program
• Principles of Auditing
• Competence and Evaluation of Auditors
• Managing an Internal Quality Audit Program
• Performing an Internal Quality Audit
• Current Issues: Trends of Regulatory Inspections
• Way Forward towards Effective Internal Quality
Audit Program
2
INTRODUCTION
TO
INTERNAL QUALITY AUDIT
PROGRAM
Back to INDEX 3
Audit
• Audit
– Systematic, independent and documented process for
obtaining audit evidence and evaluating it objectively to
determine the extent to which the audit criteria are fulfilled.
• Types of Audit
– First Party Audit (Internal audit)
– Second Party Audit (conducted by parties having an interest
in the organization, such as customers, or by other persons
on their behalf).
– Third Party Audit (conducted by independent auditing
organizations, such as regulators or those providing
certification.
4
Internal Audit
• Internal Audit
5
Audit Methods
• System Audit
– The quality system audit addresses the who, what, where,
when and how of the quality system used to produce its
product.
– Think of the quality system audit in terms of "an inch deep
but a mile wide" i.e., broad and general in nature rather than
narrow and limited in scope.
• Process Audit
– Where the quality system audit is general in nature, the
process audit is much more narrowly defined. Unlike the
system audit, the process audit is "an inch wide but a mile
deep“.
– It revolves around verification of the manner in which: 1)
people; 2) material; 3) machines, etc., mesh together to
produce a product.
6
Audit Methods
• Product Audit
– A detailed inspection of a finished product performed prior to
delivering the product to the customer. It is a test of both
attribute and variable data.
– Results of product audits often provide interesting bits of
information regarding the reliability and effectiveness of the
overall quality system.
• Compliance Audit
– During a compliance audit, the auditor examines the written
procedures, work instructions, contractual obligations, etc.,
and attempts to match them to the actions taken by the
auditee to produce the product.
– In essence, it is a "say what you do” and ”do what you
say" type of audit.
7
Reference (Regulatory/ Others)
• India CDSCO: ScheduleM (15. Self Inspection and Quality audit)
8
Audit Related Terms & Definitions
• Audit criteria
– Set of policies, procedures or requirements used as a
reference against which audit evidence is compared.
– If the audit criteria are legal (including statutory or regulatory)
requirements, the terms “compliant” or “noncompliant” are
often used in an audit finding.
• Audit evidence
– Records, statements of fact or other information which are
relevant to the audit criteria and verifiable.
– Audit evidence can be qualitative or quantitative.
9
Audit Related Terms & Definitions
• Audit findings
– Results of the evaluation of the collected audit evidence
against audit criteria.
– Audit findings indicate conformity or nonconformity.
– Audit findings can lead to the identification of opportunities for
improvement or recording good practices.
– If the audit criteria are selected from legal or other
requirements, the audit finding is termed compliance or non-
compliance.
• Audit conclusion
– Outcome of an audit, after consideration of the audit
objectives and all audit findings.
10
Audit Related Terms & Definitions
• Audit client
– Organization or person requesting an audit.
– In the case of internal audit, the audit client can also be the
auditee or the person managing the audit programme.
Requests for external audit can come from sources such as
regulators, contracting parties or potential clients.
• Auditee
– Organization being audited.
• Auditor
– Person who conducts an audit.
11
Audit Related Terms & Definitions
• Audit team
– One or more auditors conducting an audit, supported if
needed by technical experts.
– One auditor of the audit team is appointed as the audit team
leader.
– The audit team may include auditors-in-training.
• Technical expert
– Person who provides specific knowledge or expertise to the
audit team.
– Specific knowledge or expertise is that which relates to the
organization, the process or activity to be audited, or
language or culture.
– A technical expert does not act as an auditor in the audit
team.
12
Audit Related Terms & Definitions
• Observer
– Person who accompanies the audit team but does not audit.
– An observer is not a part of the audit team and does not
influence or interfere with the conduct of the audit.
– An observer can be from the auditee, a regulator or other
interested party who witnesses the audit.
• Guide
– Person appointed by the auditee to assist the audit team.
• Audit programme
– Arrangements for a set of one or more audits planned for a
specific time frame and directed towards a specific purpose.
13
Audit Related Terms & Definitions
• Audit scope
– Extent and boundaries of an audit.
– The audit scope generally includes a description of the
physical locations, organizational units, activities and
processes, as well as the time period covered.
• Audit plan
– Description of the activities and arrangements for an audit.
• Competence
– Ability to apply knowledge and skills to achieve intended
results.
– Ability implies the appropriate application of personal
behaviour during the audit process.
14
Audit Related Terms & Definitions
• Conformity
– Fulfilment of a requirement.
• Nonconformity
– Non-fulfilment of a requirement.
• Management system
– System to establish policy and objectives and to achieve
those objectives.
– A management system of an organization can include
different management systems, such as a quality
management system, a financial management system or an
environmental management system.
Back to INDEX 15
PRINCIPLES OF AUDITING
Back to INDEX 16
Principles of Auditing
Integrity
Evidence- Fair
based
Approach Presentation
Auditing
Principles
Due
Independence Professional
Care
Confidentiality
17
COMPETENCE AND
EVALUATION OF AUDITORS
Back to INDEX 18
General
• Confidence in the audit process and the ability to
achieve its objectives depends on the competence of
those individuals who are involved in planning and
conducting audits, including auditors and audit team
leaders.
19
General
• This process should take into consideration the needs
of the audit programme and its objectives.
20
General
• The evaluation process should include four main
steps, as follows:
21
Determining Auditor Competence
• Personal behaviour
Cont…
22
Determining Auditor Competence
• Personal behaviour (Contd.)
• decisive, i.e. able to reach timely conclusions based on logical
reasoning and analysis;
• self-reliant, i.e. able to act and function independently whilst
interacting effectively with others;
• acting with fortitude, i.e. able to act responsibly and ethically,
even though these actions may not always be popular and may
sometimes result in disagreement or confrontation;
• open to improvement, i.e. willing to learn from situations, and
striving for better audit results;
• culturally sensitive, i.e. observant and respectful to the culture of
the auditee;
• collaborative, i.e. effectively interacting with others, including
audit team members and the auditee’s personnel.
23
Determining Auditor Competence
• Knowledge and skills
– Auditors should possess the knowledge and skills necessary
to achieve the intended results of the audits they are expected
to perform.
– All auditors should possess generic knowledge and skills and
should also be expected to possess some discipline and
sector-specific knowledge and skills.
– Audit team leaders should have the additional knowledge and
skills necessary to provide leadership to the audit team.
25
Maintaining and Improving
Auditor Competence
• Auditors should maintain their auditing competence
through regular participation in management system
audits and continual professional development.
• Continual professional development involves the
maintenance and improvement of competence. This
may be achieved through means such as additional
work experience, training, private study, coaching,
attendance at meetings, seminars and conferences or
other relevant activities.
Back to INDEX 27
PDCA Cycle
“It would be better if
everyone would work
together as a system,
(1900-1993) with the aim for
everybody to win.”
PDCA Cycle
28
Process Flow for Management of
an Audit Program
Establishing the Audit Program
Objectives
PLAN
Competence and
Evaluation of Auditors
Implementing the Audit Program DO
Performing an Audit
29
Establishing the
Audit Programme Objectives
• The top management should ensure that the audit
programme objectives are established to direct the
planning and conduct of audits and should ensure the
audit programme is implemented effectively.
• Audit programme objectives should be consistent with
and support management system policy and
objectives.
• These objectives can be based on consideration of the
following:
– a) management priorities;
– b) commercial and other business intentions;
– c) characteristics of processes, products and projects, and
any changes to them;
Cont…
30
Establishing the
Audit Programme Objectives
• These objectives can be based on consideration of the
following: (Contd.)
31
Establishing the Audit Programme
• Roles and responsibilities of the person managing the
audit programme
32
Implementing the Audit Programme
• Defining the objectives, scope and criteria for an individual
audit
33
Monitoring the Audit Programme
• Monitor implementation of the Audit Programme
considering the need to:
– a) evaluate conformity with audit programmes, schedules and audit
objectives;
– b) evaluate the performance of the audit team members;
– c) evaluate the ability of the audit teams to implement the audit plan;
– d) evaluate feedback from top management, auditees, auditors and other
interested parties.
34
Reviewing and improving
the Audit Programme
• Review the audit programme to assess whether its
objectives have been achieved.
• Lessons learned from the audit programme review should
be used as inputs for the continual improvement process for
the programme.
Back to INDEX 36
Typical Audit Activities
Initiating the Audit
37
Initiating the Audit
• Establishing initial contact with the auditee
– The initial contact with the auditee can be informal or formal and
should be made by the audit team leader.
38
Preparing Audit Activities
39
Conducting the Audit Activities
• Conducting the opening meeting
– The purpose of the opening meeting is to:
• a) confirm the agreement of all parties (e.g. auditee, audit team) to
the audit plan;
• b) introduce the audit team;
• c) ensure that all planned audit activities can be performed.
40
Conducting the Audit Activities
• Collecting and verifying information
Source of Information
Audit Evidence
Audit Findings
Reviewing
Audit Conclusions
Corporate Quality Assurance 41
Conducting the Audit Activities
• Generating audit findings
– Nonconformities
• along with their supporting audit evidence should be recorded.
• may be graded.
• should be reviewed with the auditee in order to obtain
acknowledgement that the audit evidence is accurate, and that the
nonconformities are understood.
– The audit team should meet as needed to review the audit findings
at appropriate stages during the audit.
42
Conducting the Audit Activities
• Preparing audit conclusions
– The audit team should confer prior to the closing meeting in
order to:
• review the audit findings, and any other appropriate information
collected during the audit, against the audit objectives;
• agree on the audit conclusions, taking into account the uncertainty
inherent in the audit process;
• prepare recommendations, if specified by the audit plan;
• discuss audit follow-up, as applicable.
43
Preparing and Distributing
the Audit Report
• Preparing the audit report
– The audit team leader should report the audit results in
accordance with the audit programme procedures.
– The audit report should provide a complete, accurate, concise and
clear record of the audit.
44
Completing the Audit
• The audit is completed when all planned audit activities
have been carried out, or as otherwise agreed with the
audit client.
Back to INDEX 47
USFDA Inspection
FY 2014 Inspectional Observation Summaries
48
USFDA Inspection
FY 2014 Inspectional Observation Summaries (Contd.)
• Most Frequent Observations- Drugs
Cite Reference
Short Description Long Description Frequency
Id Number
21 CFR Procedures not in The responsibilities and procedures applicable to the quality
1105 145
211.22(d) writing, fully followed control unit are not [in writing] [fully followed]. Specifically, ***
Laboratory controls do not include the establishment of
scientifically sound and appropriate [specifications]
[standards] [sampling plans] [test procedures] designed to
21 CFR Scientifically sound
3603 assure that [components] [drug product containers] [closures] 109
211.160(b) laboratory controls
[in-process materials] [labeling] [drug products] conform to
appropriate standards of identity, strength, quality and purity.
Specifically, ***
There is a failure to thoroughly review [any unexplained
21 CFR Investigations of discrepancy] [the failure of a batch or any of its components
2027 94
211.192 discrepancies, failures to meet any of its specifications] whether or not the batch
has been already distributed. Specifically, ***
There are no written procedures for production and process
21 CFR Absence of Written controls designed to assure that the drug products have the
1361 87
211.100(a) Procedures identity, strength, quality, and purity they purport or are
represented to possess. Specifically, ***
"Written procedures are not [established] [followed] for the
21 CFR Written procedures not cleaning and maintenance of equipment, including utensils,
1215 72
211.67(b) established/followed used in the manufacture, processing, packing or holding of a
drug product. Specifically, *** "
49
USFDA Inspection
FY 2014 Inspectional Observation Summaries (Contd.)
• Most Frequent Observations- Drugs (Contd.)
Cite Reference
Short Description Long Description Frequency
Id Number
Procedures designed to prevent microbiological
21 CFR Procedures for sterile
1451 contamination of drug products purporting to be sterile are 72
211.113(b) drug products
not [established] [written] [followed]. Specifically, ***
Testing and release of drug product for distribution do not
21 CFR Testing and release for include appropriate laboratory determination of satisfactory
1883 64
211.165(a) distribution conformance to the [final specifications] [identity and strength
of each active ingredient] prior to release. Specifically, ***
Equipment and utensils are not [cleaned] [maintained]
21 CFR Cleaning / Sanitizing / [sanitized] at appropriate intervals to prevent [malfunctions]
1213 63
211.67(a) Maintenance [contamination] that would alter the safety, identity, strength,
quality or purity of the drug product. Specifically, ***
Routine [calibration] [inspection] [checking] of [automatic]
21 CFR Calibration/Inspection/C [mechanical] [electronic] equipment is not performed
1274 54
211.68(a) hecking not done according to a written program designed to assure proper
performance. Specifically, ***
21 CFR Lack of written stability There is no written testing program designed to assess the
1914 51
211.166(a) program stability characteristics of drug products. Specifically, ***
50
USFDA Inspection
• USFDA Observations on Internal Quality Audit
Program
– 483’s/ Warning Letter
• GlaxoSmithKline Consumer Healthcare has received an FDA Form 483 for not
conducting internal audits at its Saint Louis, Mo., plant as often as required by
company protocol. During an Oct. 19 to Nov. 2, 2011, inspection, the FDA
found audit schedules were not followed for stability, packaging, tableting and
quality of incoming supplies, the form states.
• Hospira: Procedures for quality audits have not been adequately established.
• Failure to conduct quality audits to assure that the quality system is in
compliance with the established quality system requirements and to determine
the effectiveness of the quality system.
• Failure to establish and maintain adequate procedures for quality audits and to
conduct such audits to assure that the quality system complies with
established quality system requirements and to determine the effectiveness of
the quality system. These quality audits shall be conducted by individuals who
do not have direct responsibility for the matters being audited.
51
UK MHRA Inspection
• Detail of Site Types with Major/Critical Deficiencies in
2013
52
UK MHRA Inspection
• Most Common Findings in 2013
54
Health Canada Inspection
• Most Common Observations Cited (Fiscal Year: April 1,
2012 to March 31, 2013) Bar chart showing the top ten sections of the Food and
Drug Regulations as a percentage of the total number of
observations cited during drug GMP inspections
conducted between April 1, 2012 and March 31, 2013.
C.02.013 - 15 Quality control department = 35.5%
C.02.011 -12 Manufacturing control = 19.2%
C.02.020 - 24 Records = 7.0%
C.02.005 Equipment = 6.5%
C.02.006 Personnel = 6.2%
C.02.004 Premises = 4.4%
C.02.018-19 Finished product testing = 4.4%
C.02.007 - 8 Sanitation = 4.3%
C.02.029 Sterile products = 4.2%
C.02.027 - 28 Stability = 4.2%
55
Health Canada Inspection
• Most Common Observations Cited (Fiscal Year: April 1,
2012 to March 31, 2013) (Contd.)
56
WHO Inspection
57
WHO Inspection
58
WHO Inspection
59
WHO Inspection
60
WHO Inspection
61
WHO Inspection
62
WAY FORWARD
TOWARDS
EFFECTIVE INTERNAL
QUALITY AUDIT PROGRAM
Back to INDEX 63
Way Forward
• Internal audits are an important part of all management
systems. They demonstrate whether your routines and
procedures are effective.
64
Way Forward
Tips for Effective Internal Quality Audit Program
65
Make Excellence a Habit
Back to INDEX 66
Thanks
Back to INDEX 67