The Audit is a fundamental process within a company concerned with quality because it allows the risks associated with compliance to be identified and the most appropriate corrective and preventive action to be taken.

Internal audits are carried out periodically and systematically within the Life Science company and allow an objective assessment of whether an activity complies with a specific standard.

Internal Audit Regulations and Guidelines:

Pharmaceutical

• Eudralex Volume IV – Chapter 1, 9 – Annex 16
• ICH Q7 Good manufacturing practice for active pharmaceutical ingredients
• Canadian Good Manufacturing Practice Guideline
• Japanese GMP Regulations

Medical Devices

• FDA CFR 820

10 Tips for carrying out an effective internal Audit

1- Frequency and Priority. Adopt a risk-based approach to the frequency and priority of audits. Have a minimum frequency for each area to ensure none are overlooked. In assessing frequency and priority, consider also the complexity of the operational activities and the severity of the risk to the patient and product in the area being inspected.

2- Training and Skills Updates. Train your audit team and keep them constantly updated on regulatory changes, observations received from external inspections, quality indicators (number of deviations, NC, etc.) for inspected sections, significant changes in processes, organisational changes in the section, assessments and risk areas. In the latter case, the use of a digital tool for centralised Quality Risk Management throughout the company helps to provide a comprehensive and up-to-date overview of the company.

3- Planning. Prepare a periodic audit programme, including who the auditor will be, the topics, processes and section of the company to be audited. Internal audits are carried out under the following circumstances: in accordance with the annual internal audit plan; for a specific reason; in preparation for a regulatory inspection; whenever required by management.

NB. Management of Internal Audits requires independence between the qualified inspector and the activity being audited.

4- Preparation. Once the audit programme has been planned, it should be communicated to the sections concerned well in advance. This will allow possible changes to be planned, as well as giving the section concerned the opportunity to prepare for the internal audit. The Lead Auditor should prepare and share an agenda that includes a list of records, processes and systems to be reviewed and a review of any open CAPAs arising from previous internal audits or external inspections with any changes made within the section.

5- Launch. If possible, organise a launch meeting with all operational sections at the start of the audit. An internal audit should not take the same form as an audit carried out by a regulatory authority. An internal audit should be a collaboration between the audited function and the auditor. It should be an open, honest, collaborative learning forum where operational sections have the opportunity to openly discuss concerns and problem areas.

6- Collaboration. During the internal audit, auditors should be direct and avoid questions that mislead people. Internal audits are an opportunity to instruct staff, explaining why certain questions are being asked and providing a regulatory explanation of the review being conducted. It is also important to listen carefully to staff responses and to adopt a friendly, non-confrontational tone with them. 

7- Participation. The people directly responsible for carrying out the operations usually have a deeper insight into what is going on and what needs to be improved. This is why it is essential to involve them in the internal audit process, so that critical issues come to light during the inspection and are not overlooked.

8- Conclusion. Organise a wrap-up meeting at the end of the audit to take stock of the situation and the next steps. There should be no surprises at this meeting, as all observations should already have been discussed during the day. 

9 – Documentation. All documentation produced in connection with conducting the audit (audit plan, audit report, follow-up, etc.) must be organised, filed and always available, whether on paper or in digital form. It may also be required during the regulatory inspection.

10- Monitoring . Internal audit observations may result in corrective and preventive actions that are not always easy to monitor and track, not least because it may take months before tasks are completed. We recommend using a digital system that monitors and sends notifications and alerts to the persons in charge of the tasks and that allows the Audit to be concluded only when all tasks have been completed.

11 Report. At the end of the audit, the Lead Auditor shall draw up a report, with the assistance of the Audit Team. The report should be shared with the team, managers of the departments involved (always including the QA manager), the plant manager and the person in charge.

Audit management with a digital system

Managing the audit process with a digital system allows you to:

• log internal and external audits received and carried out;
• continuously keep track of the progress of Observations generated throughout their life cycle;
• monitor the processes and tasks resulting from the observations, such as CAPA, non-compliance, Change Control, etc;
• send follow-up notifications to the people in charge in order to finish the tasks;
• conclude the Audit only when all actions to resolve observations have been completed;
• track and monitor the impacts of audits on processes and the organisation;
• archive and organise the documentation produced (audit plan, audit report, follow up, wrap-up documents) and make it available if requested during the audit;
• draw up and keep track of the Action Plan needed to resolve deficiencies;
• create a strong link between Processes: for example, a dedicated system allows a CAPA, Change or Non-Compliance process to be initiated directly from an Audit.

PRAGMA4U

PRAGMA-WFM is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports  and dossiers  that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.