Executive Summary
Good internal audit programs and auditing practices enable an organization to
evaluate the effectiveness of its Quality Management System, and promote
continuous improvement by uncovering opportunities for quality and product
improvement. Great internal audit programs and practices do this, and they deliver
an additional return on investment to the organization by providing insight into
business decisions that influence manufacturing, supplier and contractor selection
as well as product innovation.
Unfortunately, many internal audit programs fall short of delivering
recommendations for continuous improvement, let alone providing insights into
better business decision making.
Robust Audit Programs:
A Key to Better
Business Decisions
Good internal audit programs and auditing practices enable an organization to evaluate the
effectiveness of its Quality Management System, and promote continuous improvement by uncovering opportunities for quality and product improvement. Great internal audit programs and practices do this, and they deliver an additional return on investment to the organization by providing insight into business decisions that influence manufacturing, supplier and contractor selection as well as product innovation.
Unfortunately, many internal audit programs fall short of delivering recommendations for continuous improvement, let alone provide insights into better business decision making.
Common Audit Program Deficiencies
There are several reasons for audit program deficiencies. In addition to not having the resources to support the internal audit function, the following reasons also explain why audit programs suffer:
>
>Ineffective>risk-based>approach>to>prioritizing>and>scheduling>audits: Resources (e.g., people,
time) are not allocated to the facilities, suppliers and contractors that pose the most risk; audit focus is not dedicated to the quality/compliance areas that pose the most risk.
>
>Non-optimized,>non-standardized>procedures,>forms,>and>work>instructions: A harmonized audit
program does not exist that would facilitate a continuous improvement environment.
>
>Auditor>inconsistency: Variation exists in the way auditors approach and perform audits; identify,
evaluate and categorize observations; and follow up.
>
>Auditor>expertise>is>not>always>aligned>to>audit>requirements: Skills and competencies
for auditing resources are not consistently taken into account when assigning audits and audit-related tasks; collaborative audit teams are formed but do not always consider each team member’s auditing skill set.
>
>Auditor>resource>allocation>is>not>always>optimized: Auditors are not geographically located
in strategic markets where a majority of audits happen; expectations for audit team roles (e.g., audit lead) are not well defined; and auditing workload is not appropriately shared among auditing resources.
>
>Lack>of,>or>poor>use>of>technology>to>support>auditing>processes: A computer system – where
all audit records are created, maintained, stored and shared, and observation follow-up details are recorded, updated and maintained – does not exist. Also, ancillary systems that support the supply chain, product development, and quality systems are not integrated with the audit computer system.
>
>Inconsistent>or>nonexistent>means>to>report>and>assess>trends>in>audit>findings>and>actions: It
is difficult to optimize operations (the desired intent of internal auditing) if reporting, trending, and post-audit follow-up does not occur.
>
>Lack>of>a>collaborative>relationship>between>auditors>and>auditees: Audits are considered
Optimized Audit Program
An optimized audit program is one in which people, process and technology are connected to facilitate continuous improvement. Optimized audit programs deliver a return on investment to the supply chain and product development by enhancing manufacturing, supplier and contractor operational compliance, effectiveness, and efficiency.
PROCESS
• Risk-based approach • Standarized procedures
• Consistent observation, identification, categorization and follow-up
PEOPLE
• Optimized audit assignmnents
• Professional development opportunities • Aligned audit expectations
TECHNOLOGY
• Automated audit planning, scheduling, recording, tracking, trending and reporitng • Linked to supply chain and product development systems as well as other quality management functions
Delivers a return on investment to the supply chain and product development by enhancing manufacturing,
supplier and contractor operational compliance, effectiveness, and efficiency
Continuous
Improvement
T
EC
HN
OLO
G
Y
PR
O
CE
SS
P
E
O
PL
E
Elements of a Robust Audit Program
Robust audit programs contain common elements that, when linked together, build a solid foundation for a scalable auditing function globally:
>
>Auditor>Consistency: Auditors consistently identify, assess and categorize observations. Auditor
expectations with respect to audit prep and planning, audit execution, audit follow-up and audit report writing exist and are consistently followed. Audit report reviewers are consistent in their approach to reviewing audit reports.
>
>Strategic>Resource>Allocation: Auditors are geographically located in strategic markets, and are
assigned to audits that align with their expertise and/or professional development aspirations (also related to skills and competencies alignment). The appropriate amount of auditors is assigned to each audit, and each individual’s auditing skill set is consider prior to assigning them to an audit team. Audit team roles (e.g., audit lead) are identified, and clear expectations exist for each role. The auditing workload is consistently and fairly shared among auditing resources. When appropriate,
external contractor auditors are considered to complete audits on behalf of the organization.
>
>Optimized,>Harmonized>Procedures: Consistent, global procedures are defined that provide
direction and facilitate alignment on auditing expectations. The procedures reflect actual practice, and are periodically reviewed and updated to include leading industry practice.
>
>Positive>Auditor>/>Auditee>Relationships: Mutual collaboration and esprit de corps exists
between the auditor and auditee. Pre-audit planning is consistently performed. Auditor, auditee, and other vested parties (e.g., site lead or process owner) understand their role, expectations and responsibilities – pre-, during and post-audit.
>
>Skills>and>Competencies>Alignment: Resources and competencies are aligned to team needs
and are taken into account when assigning audits and tasks. Methods for evaluating skill and competency level are consistently applied throughout the group. People have an opportunity to identify professional development opportunities (self- or manager-identified) and effort is made to provide instructive learning / professional development opportunities.
>
>Common>Database: A universal computer system exists where all audit records are created,
maintained, stored and shared. Observation follow-up details are recorded, updated and maintained within the system, and ancillary systems that support the supply chain and other related quality systems are integrated with the computer system that stores and shares audit records. The system has the ability to generate user-defined tracking and trending reports.
>
>Trending>/>Tracking>Metrics: Consistent, defined reporting and trending processes exist. Reports
and trends have a defined business purpose and value, audience and frequency and are used to improve operations.
>
>Risk-Based>Audit>Scope>and>Depth: Time is effectively allocated to the facilities, suppliers,
and contractors that pose the most risk. During audits, audit focus is dedicated to the quality/ compliance areas that pose the most risk.
Robust audit programs contain common elements that, when
linked together, build a solid foundation for scalable auditing
function globally.
In order to achieve an optimized and harmonized auditing program that promotes continuous improvement and delivers a return on investment, it is important to evaluate the current audit program and practices against these elements. When evaluating audit programs:
1. Identify the gaps between current practices and the robust audit program elements
2. Document recommendations for addressing each gap
3. Prioritize the recommendations, considering expected return to the organization
Prior to audit program evaluation, it is important to identify audit outcome expectations. At a very basic level, an organization will want to ensure that they have a plan to audit their most risk-prone sites on a regular schedule. More advanced companies will want to define how audit outcomes will identify process improvement priorities and enable sustainable compliance. Best-in-class
companies will have a vision for how audit outcomes will help to drive business decisions like where products should be manufactured and which suppliers and contractors are the best partners. In conclusion, well-run audit programs can be a valuable asset to an organization, particularly when they reveal insights that enable companies to make better business decisions.
Robust Audit Program Elements
Strategic Resource Allocation Auditor Consistency (Observations & Reporting) Risk-Based Audit Scope & Depth Trending & Tracking Metrics Common Database Skills & Competencies Alignment Optimized, Harmonized Procedures Positive Auditor/Auditee Relationships
ROBUST
GxP AUDIT
PROGRAM
Marie McDonald
Senior Director, Quality & Compliance, Consulting at Quintiles
Marie has extensive experience in business case development, program and project planning and execution, process improvement design, training, and business transformation. She has led or facilitated a wide range of projects, including quality systems evaluation, process improvement and technology implementation, as well as regulatory remediation and compliance improvement. She partners with global clients, and spent two years working and living in Ireland. Throughout Marie’s career she has led project teams that developed and delivered technology enablement for GMP business processes including manufacturing, quality control, and quality assurance. She also created and executed quality system audits for business processes and information technology systems, helping clients confirm compliance with governing SOPs, GMPs, and to ensure data integrity. Marie holds a BS in Business Administration from Shippensburg University and an MS in Career and Technical Education from Virginia Polytechnic Institute and State University. She serves on the Board of Directors of the Greater Philadelphia Chapter of the Healthcare Businesswomen’s Association (HBA).
