Planning and Conducting the Audit
The inspection itself is a formal process that should follow a written procedure that is part of your quality management system.
The basic objective of the audit is to confirm the presence of the quality systems that are claimed to be in place, and to
assess the capabilities of the firm's facilities. It is then necessary to measure these systems and facilities against the
required standards and establish the extent of compliance with regulatory requirements.
The audit should be seen as a risk assessment. The questionnaires or memory aids mentioned above are useful in planning the
audit and to help ensure that all the relevant areas are covered and assessed. Questionnaires may also lend themselves to
the risk assessment process, because each question may be assigned a numerical score on a sliding scale of risk. By such means,
it may be possible to score assessment outcomes, and this can be useful in justifying the approval of provider.
An audit agenda is an essential tool to allow the most efficient planning and conduct of the audit. Even in a comprehensive
cGMP audit, it may not be possible or practical to look at every aspect of a facility or process, so it becomes necessary
to establish the critical points which have the greatest risk of failure or impact on the safety of the product and ensure
that these are inspected and assessed.
It is often helpful to divide the inspection into two parts: 1) an evaluation of the existing quality system, including process-specific
documents, and 2) the on-site inspection of the facility to confirm the level of operational compliance with the systems and
processes described in the documents. During the first part, the documents evaluated should include the quality manual, standard
operating procedures, training records, facility equipment records (including qualification, validation, maintenance, and
calibration histories), manufacturing specifications, and any record identified as relevant (e.g., out-of-specification results
and subsequent investigations). It is often during the review of quality documents that the selection of what is to be inspected
can be made, and a basic understanding of the processes can lead to a much more focussed audit.
The on-site inspection will then be carried out in the presence of representatives of the provider. It is important to ensure
that all necessary safety precautions are observed. There may be a safety policy document, which should be acknowledged. As
the inspection progresses, any observations should be made known as they are encountered. This will allow feedback from the
provider's representatives and ensure that no misunderstandings or errors are made by either the auditor or the audited firm.
Communication is a vital element of the audit process, and the attitude and approach of both parties during the inspection
can have a significant impact on the success of the audit and the ultimate outsourcing relationship. The audit process should
be seen as the start of a working relationship, so part of the auditor's role is to facilitate good communication and, subject
to the success of the audit, begin the establishment of a working partnership. Clear lines of communication will be essential
in such a relationship to ensure the smooth and problem-free provision of services.
At the end of the audit day or days, depending on the scale of the outsourcing requirement, there should be a close-out meeting
between the auditor and facility management during which any observations can be reported and discussed. This is an opportunity
to summarize the audit inspection process. There should be no surprises at this point because all the concerns will have been
raised throughout the audit and clarified between the auditor and the audited. At this stage, the auditor should state the
outcome of the audit. The management of the outsourcing firm should be given an opportunity to respond, but this should be
limited to clarification and agreement on any observations that may require corrective action.
Audit Report and Approval
Following the completion of the audit, a written report should be produced summarizing the process, listing any observations,
and stating the outcome of the inspection (i.e., approved, not approved, or approved subject to a satisfactory response to
any observations made). The report should accurately reflect the audit carried out, and it is common to issue a draft report
to the provider to identify any potential inaccuracies. The report should be issued within a defined time scale to the designated
outsourcing contact and the to auditors' facility management. A target date should be set for any responses required and a
tracking system should be used to follow up on any consequent action plan. Once each item has been completed, the audit will
be formally closed.