Effective Auditing of CMOs

It is important that all stages of the audit be given an equal measure of attention.
Apr 02, 2010

Abstract

One of the more important tools in the quality assurance (QA) toolbox when working with contract manufacturing organizations (CMOs) is the QA vendor audit. An audit can help identify appropriate service providers and ensure that current service providers are maintaining appropriate quality standards. An effective vendor audit covers four stages, including audit planning and preparation, conducting the audit, the audit report, and audit responses and follow up.


Adam Gault, Getty Images
When using contract manufacturing organizations (CMOs), one of the key concerns of the quality assurance (QA) department of the company contracting out the work is how to demonstrate adequate oversight of the activities at the CMO. Additionally, the contract giver must have demonstrated assurance that the CMO has adequate facilities, personnel, and systems to deliver the services for which they have been contracted in compliance with current good manufacturing practices (cGMPs). This requirement is even more prevalent in today's climate with the proliferation of "virtual" companies and startups, which do not have manufacturing capability of their own.

When working with CMOs, the QA vendor audit is an important tool, because it ensures that current service providers are maintaining appropriate quality standards.

There are a number of stages in conducting an effective vendor audit. For the purposes of this article they have been grouped into four sections, following the chronological path:

  • audit planning and preparation
  • conducting the audit
  • the audit report
  • audit responses and follow up.

It is important that all stages of the audit be given an equal measure of attention. Too often, all the effort is loaded toward the middle of the process (the execution), without adequate attention to planning or ensuring timeliness with respect to reporting. This often is combined with a laissez-faire attitude toward responses once received. When that happens, corrective and preventative actions (CAPAs) produced in the original audit often are not acted on until the next CMO audit is scheduled.

Audit Planning and Preparation

There are several key questions to ask when planning an audit, the answers to which will drive the focus, extent, and scope of the audit preparation. These include:

When should you audit?

The "when" mainly depends on the purpose of the audit, and this can be one of or even a combination of the following: to identify a suitable service provider; to conduct a routine audit of an active service provider; to perform a cause audit, resulting from a significant compliance problem; or to validate readiness for process validation or a pre-approval inspection (PAI).

How long should the audit last?

Most quality or technical agreements provide for an annual two-day audit of the relevant facility. It is also expected that an audit to assess the suitability of a service provider would not exceed two days. However, in the case of a mock PAI or an audit designed to assess readiness, it would be appropriate to request a longer duration. When significant travel is involved, it is common to see an audit length of two and a half days to allow for a full two days for the actual audit, followed by final discussions and a close-out meeting the morning of the third day.

What is be the ideal audit team size?

The size of the audit team should, wherever possible, be kept to a minimum. The ideal team consists of two experienced auditors with complementary backgrounds to facilitate coverage of the major areas of concern or interest. However, when there is a significant scope to be covered, we recommend a team of three with varying specialities (identified when the purpose of the audit is determined and during preparations).

Audit preparation should involve the whole team, who should agree on the focus and purpose of the audit, based on any previous audit reports and other available data.

The proposed audit agenda should then be drafted and agreed upon by the team before being communicated to the auditee along with the request to audit. A typical audit agenda includes the following:

  • tour of facilities and QC laboratories
  • regulatory inspection history
  • site validation master plan
  • site master file
  • follow-up on previous audits
  • CAPAs and trending
  • qualification of equipment used in manufacturing drug substance
  • water systems validation
  • water testing results and trending
  • change controls or engineering change orders
  • quality management system
  • training (QC and manufacturing)
  • raw materials suppliers
  • vendor qualification and technical agreements
  • utilities and gases
  • environmental monitoring program
  • environmental monitoring results and trending
  • equipment, qualification, maintenance, and calibration
  • annual reports process
  • customer complaints
  • storage and distribution
  • labeling and packaging.