Clinical Pharmacology & Biopharmaceutics
Open Access

Quality audits; ISO; Regulatory standards

A major development in Operations Management over the past two decades has been the use of quality audits to gauge the effectiveness of quality management systems in manufacturing and service organizations. Quality is defined as the ensemble of features and attributes which characterize a product or a service, and indicate its capacity to provide an implicit or explicit need (Quality means degree or level of excellence). The word “audit” comes from the Latin and means “the act of hearing”. These audits provide an independent assessment of conformance and the effectiveness of the organization’s operating systems against predefined standards such as the ISO 9001- 2000 quality standard [1].

A quality system is the organizational structure, the lines of responsibility, the procedures, the processes and the resources used to manage the quality. It’s a management approach and a system of guidelines which intends to satisfy all the demands, needs, and requirements of the customers, in a process of continuous improvement. Planned and integrated actions for gradual improvement of processes in the organization designed to increase the satisfaction of internal and external customers. The main goal of a quality system is to assure that the requirement and services will be provided with efficiency and quality, which conform to the requirements. Auditing or inspections have long been a recognized part of quality practices. The American Society for Quality (ASQ), founded in 1946, includes onsite surveys or audits as part of its quality philosophy. The concept of audits is now well established as an important tool to assure regulatory compliance and to furnish management an objective view of operations.

Auditing programs go a long way toward helping assure that changes and improvements are in fact made in a timely manner to keep the facility up to date and efficient, that applicable regulations are being followed, and that what management thinks is being done is in fact being done. In the pharmaceutical industry, audits are virtual means for assessing compliance with the established objectives defined in the quality system and thus paving the way for the continuous improvement program by providing feedback to management. A company that produces drugs today must be able to demonstrate that it does so with absolute reliability, in optimal conditions and with extreme uniformity that allows accurate reproduction. In food and drug administration (FDA) and ISO environments, auditing of both compliance and performance is essential. Pharmaceutical audit experience includes the drafting and revision of validation policies, guidelines and standard operating procedures (SOP) from project qualification to performance evaluation phases.

Definition

The audit in simple terms could be defined as the inspection of a process or a system to ensure that it meets the requirements of its intended use. International organization for standardization (ISO) defines the audits as “Systematic, independent and documented process for obtaining audit evidence and evaluating them objectively to determine the degree to which the verification criteria are met”.

The contemporary definition of audit is to examine officially or to test against established standards. The International Standard ISO 10011-1 (1990) defines the “Quality Audit” as: “A systematic and independent examination to determine whether quality activities and results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving objectives” [2].

Audit is an independent, systematic and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled and also work done in the organization are in the given standards.

Goals

• An audit will evaluate the strengths and weaknesses of quality control and quality assurance processes, the results of which will help us to improve processes and build a better system for the benefit of the company.

• Every product manufactured by a pharmaceutical company has characteristics that must be quantified or qualified by laboratory tests.

• Quality control and quality assurance are the necessary processes that play the role of control and balance system in pharmaceutical industry.

• The simple goal of this complex process is to evaluate existing activities and documentation and determine if they meet the established standards.

• With proper preparation and planning, the audit itself must easily achieve the intended purpose.

• Effective auditing and proper compliance with standards will help build brand reputation and avoid the negative effects of non-compliance, such as fines, bad public relations and court proceedings.

• To maximize the benefit of auditing process, findings can be categorized and summarized to allow for trend analysis to provide a clear view on status of compliance and identify opportunities for improvement.

• Effective auditing and proper compliance with the standards will help in building the brand reputation and avoiding the adverse effects of non-compliance like fines, bad PR, prosecution [3].

• The Audit & Compliance Management can help in ensuring and demonstrating compliance with internal and external standards, codes of conduct and procedures while providing real-time visibility of the compliance profile of an organization.

• It also improvement scheduling, planning, and conducting of audits/assessments which in turn help us in identifying non-conformances and leading to triggering and tracking of recommendations for improvement.

Objectives

Audit objectives may include

• Evaluating conformity of requirements to ISO 9001.

• Evaluating conformity of documentation to ISO 9001.

• Judging conformity of implementation to documentation.

• Determining effectiveness in meeting requirements and objectives.

• Meeting any contractual or regulatory requirements for auditing.

• Providing an opportunity to improve the quality management system.

• Permitting registration and inclusion in a list of registered companies.

• Qualifying potential suppliers.

Benefits

• Managing a quality management system.

• Detecting in advance weak points, through identification of unsatisfactory trends or situations.

• Preventing quality failures, on the basis of quality data reviewing.

• Informing Senior Management about the quality level of facilities and/or operations.

• Standardizing audits will optimize the output, the quality level of audits will increase (and therefore the quality of products and services) which will finally lead to a continuous improvement loop.

• Theauditee will understand that audits are not created to control and criticize his work, but will improve the company’s performance. This will lead to a higher acceptance of the auditas. He will see audits as a chance to educate and improve his knowledge in terms of quality related aspects [4-6].

• Combining audits of quality, safety, and environmental matters will reduce the number of audits significantly which will give a greater acceptance to the auditee and will save his time.

• Additional benefits can be achieved by pooling audits, for example, Shared Third Party Audits.

• By establishing a high-quality audit system throughout the industry, the level of compliance will increase. Mutual confidence building and an improved relationship between the partners will be the result of these efforts.

• Remove barriers to continuous improvement.

• Shift activities from reactive to proactive.

• Gather data for improvements in quality systems.

Audits and regulatory standards

The ISO, a global leader in the development of international standards, is instrumental in boosting interest in quality audits among manufacturers and other types of businesses when it published the ISO 9000 standards in 1987. Today, popular standards such as ISO 9001:2000, ISO 14001:2004, and ISO 13485 all requiring internal audits of the quality system (or the environmental management system in the case of ISO 14001:2004).Under these standards, audit serves as a mechanism for evaluating and improving quality. The same principle is reflected in a number of regulations enforced by the Food and Drug Administration. Under the Quality System Regulation (21 Code of federal regulations [CFR] Part 820), medical device manufacturers are required to conduct audits to ensure that the quality system is compliant (Sec.820.22). The current good manufacturing practice (CGMP) regulations for pharmaceuticals (21 CFR Parts 210-211) and for blood and blood components (21 CFR Part 606) include general requirements for regular evaluation of quality standards. Guidance for the pharmaceutical industry and blood establishments also emphasize the importance of audits [7].

For example, the “Guidance for Industry Quality Systems Approach to Pharmaceutical CGMP Regulations” recommends internal audits and supplier audits. The “Guidelines for Quality Assurance in Blood Establishments” call for a comprehensive audit of the quality assurance program [8].

Principles of Auditing

The audit is characterized by dependence on a number of principles. These principles should help to establish audit as an effective and reliable tool to support management policies and controls, by providing information on what an organization can act to improve its performance. Adherence to these principles is a prerequisite in order to provide relevant and sufficient audit conclusions and allow auditors to work independently from each other, to reach similar conclusions in similar circumstances [9].

Integrity: the basis of professionalism

The auditors and the person who administers an audit program must:

• Carry out their work with honesty, diligence, and responsibility;

• Observe and comply with applicable legal requirements;

• Demonstrate their competence while carrying out their work;

• Be sensitive to any influence that can be exercised on the judgment while conducting an audit.

Fair presentation: the obligation to report truthfully and accurately

The audit findings, audit conclusions and audit reports should truthfully and accurately reflect the activities of the audit. Significant obstacles encountered during the audit and unresolved diverging opinions between the audit team and the auditee should be reported. The communication should be truthful, accurate, objective, timely, clear and complete.

Due professional care: the application of diligence and judgment in auditing

Auditors should pay due attention to the importance of the task they perform and the trust placed in them by the audit client and other interested parties. An important factor in the execution of work with due professional attention is having the ability to express reasoned judgments in all audit situations.

Confidentiality: security of information

Auditors should exercise discretion in the use and protection of information acquired in the course of exercising their duties. Audit information should not be used inappropriately for personal gain by the auditor or the audit client, or in a manner detrimental to the legitimate interests of the audited. This concept includes the correct management of sensitive or confidential information.

Independence: the basis for the impartiality of the audit and the objectivity of the audit conclusions

The auditors should be independent of the activity audited wherever possible, and in all cases, they should act in a manner that is free from prejudice and conflicts of interest. For internal audits, auditors must be independent of the operational managers of the function being audited. Auditors must maintain objectivity throughout the review process to ensure that audit findings and conclusions are based only on audit evidence [10].

For small organizations, internal auditors may not be totally independent of the activity being audited, but all efforts must be made to eliminate bias and encourage objectivity.

Evidence-based approach: the rational method for achieving reliable and reproducible audit conclusions in a systematic audit process

Audit evidence must be verifiable. In general, it will be based on samples of available information, since an audit is conducted in a limited period of time and with limited resources. An appropriate use of sampling should be applied, as it is closely related to the confidence that can be included in the audit conclusions.

Types of Audits

The quality audit system mainly classified in three different Categories:

• Internal Audits

• External Audits

• Regulatory Audits

Quality audits are performed to verify the effectiveness of a quality management system.

Internal audit

This type of audit is also known as First-Party Audit or self-audit.

The chartered institute of management accountants, UK (CIMA) defines Internal Audit as: An independent appraisal activity established within an organization as a service to it. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls; a management tool which analyses the effectiveness of all parts of an organizations operations and management. The institute of internal auditors (IIA) also defines Internal Audit on similar lines as: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations [11]. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”. Internal audit is a professional activity that consists of advising organizations on how to achieve their goals in a better way. The internal audit involves the use of a systematic methodology to analyze business processes or organizational problems and recommend solutions.

The main objectives of internal audits can be summarized as follows:

• To assist the internal control system.

• Review of organizational policies and their operations.

• Verify the accuracy and authenticity of errors and frauds.

• Detection and prevention of errors and faults.

• Safeguarding the assets.

• Applicability of accounting policies.

• Helps in smooth functioning of the internal check system.

Internal audits are of two types:

• Internal System Audits

• Internal Performance Audits

Internal System Audits: The simplest type of internal system audit consists of an ongoing supervisory surveillance of the quality assurance practices of subordinates. Supervisors are ordinarily responsible for assuring that GLPs, GMPs and SOPs are followed and a systematic procedure to ascertain this may be considered as an internal audit. It should also be ascertained that all required records are kept in a satisfactory and readily understandable fashion [12].

Internal Performance Audits: It essentially consists of reviewing the ongoing quality assessment program of a laboratory. Its objective should be to evaluate the accuracy of all data. Control charts may be reviewed to assure that they are up-to-date and that control samples are being measured at specific intervals. The status of reference materials can also be checked [13].

Purpose of Internal Audits: Through, internal audits, industry can identify and detect deficiencies and weaknesses in manufacturing, packaging and quality assurance operations and arrange for corrective steps.

The main purpose of studying one’s own operations through audits is to identify problems so that corrective actions can be taken, thus avoiding regulatory actions.

By helping assure excellence in product quality, the image of the firm is enhanced consumers, the trade and health care professionals are more likely to be satisfied, costly recalls with attendant negative publicity can be avoided and the likelihood of product liability issues arising is minimized [14].

Examples of some areas subjects to internal audits:

• Building construction, size, and location

• Adequacy of lighting, ventilation, screening

• Dust collection (where appropriate)

• Temperature, humidity control (where appropriate)

• Microbiologic controls

• Personnel washing, locker, and toilet facilities

• Adequate space for equipment and materials

• Equipment design, capacity, construction, location

• Equipment contact parts that will not react, add to, or be absorptive

• Lubricants or coolants cannot contaminate products

• Equipment construction and location facilities cleaning, maintenance, and adjustments

• Equipment cleaning and sanitation; logs

• Weighing and measuring equipment of suitable accuracy

• Utensils and in-process containers constructed to permit thorough cleaning

• Responsible personnel approve equipment

External audits

This type of audit is also known as Second-Party Audit. It refers to a customer conducting an audit on a supplier or contractor. Although there are no strict legal requirements for this control. It is always advisable to evaluate the competence of the contractors in which we produce our products or carry out the analysis of our products or any other activity according to GMP [15].

Performing these audits also offers important commercial advantages:

• Develop knowledge and confidence in the partnership agreement.

• Ensures that requirements are understood and met

• Allow the reduction of some activities (e. g. in-house quality • Control (QC) testing of starting materials)

• Reduce the risk of failure (and, by implication, its costs)

Many pharmaceutical industry suppliers are ISO 9001 or ISO 9002-certified and are regularly audited by their certification body. Pharmaceutical contract manufacturing or packaging companies will need to be licensed and will be subject to regulatory audits. External audits are conducted by an organization on a quality system which is neither retained under its direct control nor within its organizational structure and in the outcome of which it has no interest. External quality audits should follow essentially the format described for internal audits. Ordinarily they will be conducted to ascertain compliance with rules, regulations or criteria for certification, and will have a higher degree of formality than the former.

External auditors ordinarily want to see the records of internal audits, especially if they are required in a mandatory quality assurance programme. Well maintained records can inspire the confidence of external auditors as well as facilitate and increase the effectiveness of external audits. Auditors also want to review the control charts maintained by a laboratory. The ease with which important records and information can be retrieved is a criterion for judgment of the management practices of a laboratory [16-20].

Regulatory audits

This type of audit is also known as Third-Party Audit. A regulatory agency or independent body conducts a third party audit for compliance or certification or registration purposes. International regulatory bodies such as; Medicines and healthcare products regulatory agency (MHRA), UK, United States food and drug administration (USFDA), Therapeutic goods administration (TGA), Australia, Medicines control council (MCC), South Africa, etc. are responsible for carrying out these checks. There is a team to perform the audit; it must be composed of audit inspectors and a multidisciplinary company team. All regulatory inspectors are extensively trained, competent and professional. All MHRA inspectors are professionally qualified and have a minimum of five years of appropriate experience in a production operation; they will be in the registers of persons eligible to act as qualified persons and lead auditors [21].

Standard Operating Procedure (SOP) for Audits:

A written SOP covering audit should be prepared

• To spell out company policy regarding audits

• A statement of the purpose and scope of audits

• Composition of audit team together with an outline of their

• Authority and responsibility

• Areas subjected to auditing

• Frequency of audits

• Written records on audits including their distribution.

• Corrective action to be taken as a result of deficiencies uncovered during audits including timetables and provisions for follow-ups and specific responsibilities for achieving corrections when required and provision for re-audits when appropriate.

Auditor: Qualifications

Qualifications include a good working knowledge of GMP regulations, familiarity with the firm and its operations, good communication skills, good listening skills and diplomacy an analytical approach, consistent good judgment and a proper sense of perspective in order to sort out what is important and significant from that which is not. This is obviously a difficult assortment of skills that makes the selection of auditors critical. Clearly, only a limited number of individuals qualify as good auditors.

Auditor’s responsibility:

The auditor has the following responsibilities:

• Assist in the selection of the team and inform the team

• Responsibility to plan and manage all phases of the audit

• Represent the audit team with the auditee

• Control conflicts and manage difficult situations

• Direct and control all meetings with the team and the auditee

• Make decisions about audit issues and the quality system

• Report the results of the audit without delay

• Report the main obstacles encountered

• Report critical non-conformances immediately

• Possesses effective communication skills

Audit Plan: The auditor should develop an audit plan for the audit in order to reduce audit risk to an acceptably low level. The audit plan is more detailed than the overall audit strategy and includes the nature, timing, and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. Documentation of the audit plan also serves as a record of the proper planning and performance of the audit procedures that can be reviewed and approved prior to the performance of further audit procedures [22].

The steps in planning an audit include (Planning Procedures):

• Basic discussions with the client about the nature of the engagement are performed first, and the auditor meets the key employees or new employees of a continuing client. The overall audit strategy or the timing of the audit may also be discussed.

• Review of audit documentation from previous audits performed by the accounting firm or a predecessor auditor (if the latter makes these audit documentation available) will assist in developing an outline of the audit program.

• Ask about recent developments in the company such as mergers and new product lines which will cause the audit to differ from earlier years.

• Non-audit personnel of the accounting firm who have provided services (such as tax preparation) to the client should be identified and consulted to learn more about the client.

• Staffing for the audit should be determined and a meeting held to discuss the engagement.

• Timing of the various audit procedures should be determined

• Outside assistance needs should be determined, including the use of a specialist as required and the determination of the extent of involvement of the internal auditors of the client.

• Pronouncements on accounting principles and audit guides should be read or reviewed to assist in the development of complete audit programs fitting the unique needs of the industry.

• Interim financial statements are analyzed to identify accounts and transactions that differ from expectations (based on factors such as budgets or prior periods). The performance of such analytical procedures is mandatory in the planning of an audit to identify accounts that may be misstated and that deserve special emphasis in the audit program.

• Scheduling with the clients is needed to coordinate activities.

The Internal audits work plan would generally include:

• Audit title

• Functional and Operational Area to be covered

• Director and manager responsible

• Type and scope of internal audit

• The benefit expected by the audit procedure

• Resources allocation for the purpose of the audit

• Proposed duration and timelines for completion

Auditing Procedure

There are total 10 steps of the audit process:

• Notification: Audit process begins with notification. The notification process alerts the party to be audited of the date and time of the process. The notification also will list the documents that the order wishes to review in order to understand the organization of the company.

• Planning: Planning is the steps the auditor takes, before the audit, to identify key areas of risk and areas of concern.

• Opening meeting: Meeting between the auditing staff and senior management of the auditing target as well as administrative staff. The auditors will describe the process they will undertake. Management will describe areas of concern to them and the schedule of the employees that must be consulted.

• Fieldwork: Fieldwork begins after the results of the meeting are used to adjust the final audit plans. Employees are notified of the audit, schedules are drawn up regarding the activities of the audit staff, and an initial investigation begun after learning of business procedures, interviewing key staff, testing current business practices by sampling, reviewing the law and testing internal rules and practices for reasonableness.

• Communication: The audit team should consistently be in contact with the corporate auditor to clarify processes, gain access to documents and clarify procedures.

• Draft audit: At the completion of the audit, the next step, the draft audit, is prepared. The draft audit detail what was done and what was found, a distribution list of parties to receive preliminary results, and a list of concerns.

• Management response: The draft is given to management to review, edit and suggest changes, probe areas of concern and correct errors. Upon making final corrections, the report is given to management for the seventh step, the management response. Management is requested to answer the report by stating whether they agree with the problems cited, the plan to correct noted problem and the expected date by which all issues will have been addressed.

• Final meeting: The final meeting is designed to close loose ends, discuss the management response and address the scope of the audit.

• Report distribution: The ninth step is the report distribution, where the final audit report is sent to appropriate officials inside and outside the audit area.

Feedback: The last step is the audit feedback whereby the audited company implements the recommended changes and the auditor’s review and test the quality, adherence and effects of the adopted changes. This continues until all issues are adopted and the next audit cycle begin (Figure 1).

Figure 1: Format of audit report.

Audit report format

Defects

Major defect: Major defects found during the internal audit can reduce the usability or stability of a product, but without causing harm to the consumer.

The possible source of a major defect

• Major equipment not calibrated or out of calibration.

• Inadequate segregation of quarantine components.

• Inadequate evaluation of production process outside of action levels.

• Process deviations not properly documented or investigated.

• Operator not trained in or familiar with the standard operating procedures.

• Preventive maintenance on a critical water system not conducted according to schedule [23].

• Lack of standard operating procedures for cleaning equipment.

• Audits of a contract manufacturer not conducted.

Minor defect: Minor defects have a low probability of affecting the quality or usability of the product which can help in regulatory compliance [24-27].

Possible source of the minor defect

• Failure to complete all batch record entries.

• Warehouse not cleaned according to schedule.

• Cracks in wall surfaces.

• Failures to correct documentation errors properly.

• Operator uniform not properly worn.

• Standard operating procedure review is overdue.

• Adhesive tape used on manufacturing equipment.

• Laboratory buffer solutions are obsolete.

A quality systems approach calls for audits to be conducted at planned intervals to evaluate effective implementation and maintenance of the quality system and to determine if processes and products meet established parameters and specifications Auditing in the pharmaceutical sector serves two different categories: regulatory compliance and business needs. When employees and managers begin to see audits as opportunities to improve, they begin to see auditors not as police officers but as productive members of the organization. Audits are very much essential to verify the existence of evidence showing conformance to required processes, to assess how successfully processes have been implemented, for judging the effectiveness of any defined target levels and are a hands-on management tool for achieving continual improvement in an organization. When employees and managers begin to see audits as opportunities to improve, they begin to see auditors not as police officers but as productive members of the organization. The Quality audit can act as an additional lever to make changes that are needed but are constrained in some way. Quality improves and strength of the organization increases with quality audit. Audits are essential to maintain and improve quality and must be performed and received as positive events. They should be viewed as ‘improvement opportunities’.

1. Khar RK, Vyas SP (2017) Lachman/Lieberman’s the theory and practice of “Industrial Pharmacy”4th edn. CBS Publication pp:1073-1136.
2. https://books.google.co.in/books/about/Pharmaceutical_Quality_Assurance.html?id=12wCVaiK0DAC
3. Kumar S, Tanwar D, Arora N (2013) The role of regulatory GMP audit in pharmaceutical companies. Int J Res Dev Pharm Life Sci 2:493-498.

Google Scholar   

4. http://pharmapathway.com/quality-audit-introduction-types-and-procedure/
5. https://isoconsultantkuwait.com/2019/05/07/1546/
6. Bernacchi T (1999) The pharmacy audit: what is it and are you prepared? J Managed Care Pharm 5:94-98.

Indexed at        Google Scholar  

7. http://www.pharmatips.in/Articles/Quality-Audit-A-Tool-For-Continuous-Improvement-And-Compliance.aspx
8. http://icmai.in/upload/Institute/Comments_Invited/ED-IA-Pharma.pdf
9. Vedanabhlata S, Gupta VN (2013) A review on audits and compliance management. Asian J Pharm Clin Res 6:43-5.

Google Scholar      

10. Sharma S, Kohli S, Potdar M (2017) Current good manufacturing practices: Audit.
11. http://qic-eg.com/wp-content/uploads/2015/08/BS-EN-ISO-19011-2011.pdf
12. http://www.icanig.org/documents/ATSWA_PRINCIPLES_OF_AUDITING.pdf
13. https://kfknowledgebank.kaplan.co.uk/audit-and-assurance
14. https://accounting.uworld.com/blog/cpa-review/10-steps-planning-audit/
15. Choudhary A, Bake A (2013) Checklist for Internal audit or self-inspection defects and regulatory compliance. Pharmaceutical guidelines.

Google Scholar    

16. Power D, Terziovski M (2007) Quality audit roles and skills: Perceptions of non-financial auditors and their clients. J Opera Manag 25:126-147.

Indexed at        Google Scholar       Crossref

17. Ehrmeyer SS, Laessig RH (2008) Can auditing save us from a quality disaster? Accred Qual Assur 13:139-144.

Google Scholar       Crossref

18. International Standards Organization (1990) Guidelines for Quality Auditing Systems. p:3.
19. https://www.philadelphia.edu.jo/academics/ajaber/uploads/0510552-Chapter%201.pdf
20. Ingman LC (1991) The quality audit. Pulp and Paper 65:125-127.
21. Charboneau H, Webster G (1997) Industrial quality control. Prentice Hall, Englewood Cliffs, New Jersey, pp:17-25.
22. James S (1988) In Encyclopedia of Pharmaceutical Technology. Marcel Dekker, New York 1:383-392.

Google Scholar     

23. WHO (1997) Quality Assurance of Pharmaceuticals: A Compendium of Guidelines and related Materials. Geneva 2:53-54.

Google Scholar     

24. Beeler DL (1999) Internal Auditing: The Big Lies. Quality Progress, pp:73-78.

Google Scholar    

25. Bhatti MI, Awan HM (2004) The Role of Quality Auditing in the Continuous Improvement of Quality: Lessons from Pakistani Experience. Int J Audit 8:21-32.

Indexed at         Google Scholar       Crossref

26. Brillaud AR, Kaser WE (1984) Internal Auditing. In Proceedings Pharm Tech Conference 84, New Brunswick, New Jersey, pp:20-25.
27. Schmitz AJ (1979) The auditing Function in the total control of Quality. In: Cooper MS (edn) Quality Control in the Pharmaceutical Industry, Academic Press, New York 3:106-138.