Vol. 34, No. 2
By: Susan J. Schniepp and Steven J. Lynn
With appropriate planning and the proper use of technology, remote auditing can be as effective and informative as in-person auditing.
The audit function of a pharmaceutical company is one cornerstone of an effective and efficient quality management system. There are several types of audits that comprise a robust auditing program including supplier audits, internal audits, and regulatory audits. Each of these specific audits requires preparation to make sure the audit is productive and accomplishes its intended purpose, which, in the manufacturing world, is to ensure facilities are manufacturing fit-for-use products in full adherence (hopefully more) to current good manufacturing practice (CGMP) requirements.
Supplier audits are performed to confirm that the suppliers of raw materials, packaging, and labeling components, etc., are able to provide a continuous, uninterrupted supply of materials that are compliant with CGMPs. Regulatory authorities perform inspections to determine if the manufacturing company is providing materials that comply to CGMPs. Internal audits are performed by the company as a self-assessment for the purpose of identifying areas/issues that might affect their compliance status.
Looking to conduct an Audit? Contact Us Now →
Pre-pandemic, preparing for a supplier or regulatory audit typically consisted of the regulatory inspector or the auditor for supplier/internal audits providing the facility being audited with an agenda listing the areas to be toured (e.g., incoming raw material area, quality control [QC] chemistry and microbiology laboratories, manufacturing, etc.) and a list of documents to review (e.g., quality manual, list of standard operating procedures, open deviations, and corrective and preventive actions [CAPAs) and any additional supporting evidence the auditor chooses to review. This information helps auditing authorities assess and decide the compliance status of the facility.
Performing external audits during a pandemic
The documentation that would have been reviewed on-site pre-pandemic is the same documentation that is needed for review during and post the COVID-19 pandemic. The documentation and supporting evidence review conducted pre-pandemic would most likely have occurred at the facility. However, audits conducted during the pandemic require the documents and supporting evidence to be shared electronically to the auditor using secure electronic systems. This electronic exchange helps make time more efficient for both the auditor and the facility being audited. The documentation can be reviewed by the auditor, and questions can be communicated to the audit manager via email or conference/video calls. While this may not be ideal, because it eliminates the in-person interaction, it is still an effective way to conduct an audit when there are conditions prohibiting face-to-face interaction.
Touring the facility is challenging when a virtual audit is conducted during a pandemic, but challenges can be overcome with some flexibility and ingenuity. Live video feed could be streamed to the auditor while the company’s audit manager and/or subject matter experts are available to answer questions that might arise during the live feed. Additionally, operations could be recorded, and that recording could be provided to the auditor, again with the understanding that the audit manager would be available to answer any questions posed by the auditor upon the review of the video. While the recorded version of the tour is probably not the most ideal, because the auditor needs to see things in as real time as possible, it does allow for the auditor to pause and go back to review a specific operation in more detail if warranted.
Internal audits during a pandemic
Preparing for an internal audit requires the same discipline as preparing for supplier and regulatory audits. During the COVID-19 pandemic, many companies reduced the number of employees allowed at the site, and many of the quality personnel that conducted audits were allowed to work remotely. Internal audits are part of management responsibilities (1–3) and must continue to be performed, even during a pandemic.
Conducting an internal audit is different from the other audit types, whether it is pre-, during, or post-pandemic. If designed and implemented appropriately, the value of the internal audit is that it allows the company to find vulnerabilities in their systems and remediate them before they are discovered by an external auditor. Internal audits can provide valuable information that can be used to prevent issues before they become compliance concerns. If these issues can’t be completely remediated before an external audit, a plan to correct them can be established and action taken to mitigate them. Having corrective actions in place before others identify the issue may lessen the impact of the observation and instill confidence that your quality system is under control and there is a process in place for continuous improvement. In addition, the internal audit can be used for training staff and communicating valuable information to the organization.
The ideal tone for an internal audit should be a collaborative team-oriented activity that is instructive, informative, open, honest, and inclusive. There are several factors that help contribute to establishing this tone, even during a pandemic. One way to set the proper tone is to publish the audit schedule/agenda in advance and make sure the functional areas personnel are informed of the schedule. During a pandemic, the agenda takes on another level of importance because it ensures that the site can have the proper documents ready to go and upload them either before or during the audit. Prior planning precludes poor performance in this area.
The auditors should work with the functional area and talk with as many employees as possible to identify the issues of concern. Individuals who are responsible for performing the day-to-day activities often have the best insight as to what is working and what needs to be improved. Excluding them from participating in the audit process might result in overlooking a serious issue that could come up during a regulatory inspection or inadvertently lead the auditor to think the site is hiding something. To be able to get the most valuable information about the potential compliance issues facing the organization, internal audits should not be judgmental or antagonistic, or have a ‘check the box’ mentality in execution.
Auditors should be direct and avoid asking questions designed to intentionally stump people. Another important behavior is the ability of the auditor to listen to the answers personnel give and refrain from judging. The exact same behavior defined for the auditor should also be the exact same behavior displayed by the auditees. Auditees should be direct and avoid deflecting or obfuscating answers and take the time to explain why they do things the way they do them. They should be proactive and point out things of concern and seek advice on how to remediate them. Both parties need to remember they are not enemies, rather they are the partners in improving their organization together.
Conducting audits during the pandemic has presented a multitude of challenges. The pandemic has allowed the industry to creatively utilize technology-based applications to communicate and perform an effective audit. The documentation and supporting evidence review can be conducted remotely, and confidentiality can be maintained. After reviewing the documentation and supporting evidence, the auditor can request interviews with various personnel, which can then be scheduled via video conferencing.
With appropriate planning and the proper use of technology, remote auditing can be as effective and informative as in-person auditing. The post-pandemic sweet spot will likely be balancing remote and in-person audits.
1. 21 CFR 820.20, Management Responsibility.
2. European Commission, EudraLex, Volume 4, Chapter 1, Pharmaceutical Quality System (EC, January 2013).
3. International Council for Harmonization, Q10 Pharmaceutical Quality System (ICH, April 2009).
About the Authors
Steven J. Lynn is executive vice-president, pharmaceuticals for Regulatory Compliance Associates, Inc., and Susan J. Schniepp is a distinguished fellow for Regulatory Compliance Associates, Inc.
When referring to this article, please cite it as S. J. Lynn and S.J. Schniepp, “Conducting Effective Audits During and Post Pandemic,” BioPharm International 34 (2) 2021.