Q: I am in charge of the internal audit program at my company and am wondering if you have any suggestions on how I can make this activity more valuable for my company?
A: Internal audits are part of management responsibilities (1–3) and can provide valuable information and offer many benefits to an organization. The information obtained during the audit can be used in many ways to help your organization grow and continually improve its operations. How you approach the internal audit function will help the organization understand the advantages of supporting an effective, well-run internal audit program.
Internal Audit Design
If designed and implemented appropriately, internal audits can provide valuable information that can be used to prevent issues before they become compliance concerns during a regulatory inspection.
Issues can be identified and corrected before the regulatory authorities or current/potential clients identify them. If these issues can’t be completely remediated before an external audit, a plan to correct them can be established and action taken to mitigate them.
Having corrective actions in place before others identify the issue may lessen the impact of the observation and instill confidence that your quality system is under control and there is a process in place for continuous improvement. In addition, the internal audit can be used for training staff and communicating valuable information to the organization.
Internal Audit Strategy
The strategy behind an internal audit is not to pretend to be the regulatory authority and show up unannounced but rather to work in cooperation with your colleagues to identify and solve potential issues. An effective program establishes a partnership between the audit function and the departments being audited. The ideal tone for an internal audit should be a team-oriented activity that is instructive, informative, open, honest, and inclusive.
There are several factors that help contribute to establishing this tone. One way to set the proper tone is to publish the audit schedule in advance and make sure the functional areas are informed of the schedule. The audit itself should be forward thinking and unlimited in scope. The auditors should work with the functional area and talk with as many employees as possible to identify the issues of concern.
Internal Audit Process
Individuals who are responsible for performing the day-to-day activities often have the best insight as to what is working and what needs to be improved. Excluding them from participating in the audit process might result in overlooking a serious issue that could come up during a regulatory inspection. To be able to get the most valuable information about the potential compliance issues facing the organization, internal audits should not be judgmental or antagonistic, or have a ‘check the box’ mentality in execution. They should also avoid looking retrospectively in lieu of looking forward.
Certified Lead Auditor
The behavior of the auditors during the audit is also important to obtaining valuable information. Auditors should be direct and avoid asking questions designed to stump people. The auditors should take this opportunity to teach by explaining why they are asking particular questions and providing the regulatory citation for the inquiry.
One of the most important audit procedures must be followed by the mock inspector. It is important their behavior includes the ability to listen to the answers to the questions and refrain from judging. The auditor should adopt a proactive approach to the audit and look at items that are infrequently assessed. Above all else, the auditor needs to be friendly.
The exact same behavior defined for the auditor should also be the exact same behavior displayed by the auditees. Auditees should be direct and avoid deflecting or obfuscating answers. They also need to be instructive and take the time to explain why they do things the way they do them.
Leadership needs to listen to the auditor’s concerns and not overreact to the question being asked. They should be proactive and point out things of concern and seek advice on how to remediate them. Both parties need to remember they are not the enemies, rather they are the partners.
Internal audits are a valuable tool for identifying issues before others identify them. The information obtained during the audit can be used to improve your processes, and the audit process itself can be another tool to help train employees.
If you consider the internal audit as a gap analysis for your processes and set a tone of partnership and cooperation, you will find that the audit program and the information obtained from it will become a valuable resource for the organization rather than an unwanted intrusion into operations.
Vol. 41, No. 4
About Regulatory Compliance Associates
Regulatory Compliance Associates (RCA) provides regulatory compliance consulting to the following industries for resolution of compliance and regulatory challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.
As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
- Founded in 2000
- Headquartered in Wisconsin (USA)
- Expertise backed by over 500 industry subject matter experts
- Acquired by Sotera Health in 2021
About Sotera Health
The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.
Sotera Health Company, along with its three best-in-class businesses – Sterigenics®, Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.
We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.
To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.