OR WAIT null SECS
It is important that all stages of the audit be given an equal measure of attention.
One of the more important tools in the quality assurance (QA) toolbox when working with contract manufacturing organizations (CMOs) is the QA vendor audit. An audit can help identify appropriate service providers and ensure that current service providers are maintaining appropriate quality standards. An effective vendor audit covers four stages, including audit planning and preparation, conducting the audit, the audit report, and audit responses and follow up.
When using contract manufacturing organizations (CMOs), one of the key concerns of the quality assurance (QA) department of the company contracting out the work is how to demonstrate adequate oversight of the activities at the CMO. Additionally, the contract giver must have demonstrated assurance that the CMO has adequate facilities, personnel, and systems to deliver the services for which they have been contracted in compliance with current good manufacturing practices (cGMPs). This requirement is even more prevalent in today's climate with the proliferation of "virtual" companies and startups, which do not have manufacturing capability of their own.
Adam Gault, Getty Images
When working with CMOs, the QA vendor audit is an important tool, because it ensures that current service providers are maintaining appropriate quality standards.
There are a number of stages in conducting an effective vendor audit. For the purposes of this article they have been grouped into four sections, following the chronological path:
It is important that all stages of the audit be given an equal measure of attention. Too often, all the effort is loaded toward the middle of the process (the execution), without adequate attention to planning or ensuring timeliness with respect to reporting. This often is combined with a laissez-faire attitude toward responses once received. When that happens, corrective and preventative actions (CAPAs) produced in the original audit often are not acted on until the next CMO audit is scheduled.
There are several key questions to ask when planning an audit, the answers to which will drive the focus, extent, and scope of the audit preparation. These include:
When should you audit?
The "when" mainly depends on the purpose of the audit, and this can be one of or even a combination of the following: to identify a suitable service provider; to conduct a routine audit of an active service provider; to perform a cause audit, resulting from a significant compliance problem; or to validate readiness for process validation or a pre-approval inspection (PAI).
How long should the audit last?
Most quality or technical agreements provide for an annual two-day audit of the relevant facility. It is also expected that an audit to assess the suitability of a service provider would not exceed two days. However, in the case of a mock PAI or an audit designed to assess readiness, it would be appropriate to request a longer duration. When significant travel is involved, it is common to see an audit length of two and a half days to allow for a full two days for the actual audit, followed by final discussions and a close-out meeting the morning of the third day.
What is be the ideal audit team size?
The size of the audit team should, wherever possible, be kept to a minimum. The ideal team consists of two experienced auditors with complementary backgrounds to facilitate coverage of the major areas of concern or interest. However, when there is a significant scope to be covered, we recommend a team of three with varying specialities (identified when the purpose of the audit is determined and during preparations).
Audit preparation should involve the whole team, who should agree on the focus and purpose of the audit, based on any previous audit reports and other available data.
The proposed audit agenda should then be drafted and agreed upon by the team before being communicated to the auditee along with the request to audit. A typical audit agenda includes the following:
It is essential that before the audit, a lead auditor is chosen, who will be responsible for organizing the audit and collating the observations raised. Also, the lead auditor usually is the most appropriate person to be the primary author of the audit report.
The Introductory Meeting
An introductory meeting is an essential and useful part of the audit because it gives the audit team an overview of the company and facility that are being audited. This meeting will set the tone of the audit, so it is essential that this meeting be given its due importance and not be seen as something to be endured before the "real" audit. There is often important and useful information to be gleaned from this initial meeting of the respective parties.
The Facility Tour
During the facility tour, the audit team can get an early impression of the strengths and weaknesses of the company's procedures and its commitment to quality. It is critical that the audit team listen carefully to what the staff ask and have to say, and also to take the time to observe the condition and status of rooms and equipment, as this is often an indicator of the status of the relevant systems in place at the facility.
The facility tour is sets the scene for the rest of the audit and its value should not be underestimated.
Conducting the Audit
As mentioned earlier, the audit team should comprise members with complementing areas of expertise, and following the facility tour, they may split their focus to match their areas of expertise as well as to follow up on any observations identified during the tour.
It is the responsibility of the lead auditor to manage the audit so that where possible, the majority, if not all, of the critical items on the audit agenda are covered. However, if a critical or significant observation is noted, this should be followed up, even if it is to the detriment of completing an inspection of all items on the original agenda.
It is inevitable that most auditors will at some point in their career find that their observations place them in a position of conflict with an auditee. These situations must be managed carefully, and it is important for the auditor to take into consideration any regional (e.g., EU versus US) differences in expectations, as well as the company policies of the auditee. It is always beneficial to resolve any conflict by discussion. The use of factual examples for demonstrating an auditor's points of view are often key to defusing any potential conflict.
Another key point is to ensure that every observation is clearly raised during the audit. This allows the auditee time to investigate the issue and provide additional data, and may mitigate the impact of the observation or in many instances close out the issue before the audit is complete.
Before the final close-out meeting, the auditing team should meet in private and agree on the following content of the feedback:
It is recommended that the close-out meeting begin with any positive observations noted during the conduct of the audit. All observations should be clearly expressed and the response of the host taken into consideration. This is essential because the close-out meeting will often include senior members of the CMO who have not been involved in the actual audit process.
This also is the time to be clear about expected timelines for responses related to any critical observations and the complete response to the audit report once it has been received by the CMO.
Most organizations have internal standards that state the timelines for the delivery of audit report. Every effort should be made to write and approve the report within 10 working days of audit completion.
The report should be structured and written clear and unambiguous language. Typically, the report should include an introduction, summary, observations, and conclusion.
The introduction should include reference to the standards audited against and a brief description of the facility being audited, as well as the audit team's composition and a copy of reference to the audit agenda (this may be added as an appendix). In this section, it would be appropriate to include definitions of the categorizations used for the audit findings because these may differ from organization to organization. This section also should include a list of the individuals interviewed or involved in the audit.
The summary should be a high-level summary of the audit findings (e.g., number and categorization of observations) and should also list or refer to the documentation reviewed during the audit.
The observations section should be well structured and concise. It can be structured by classification of observation or by area or quality system component (e.g., documentation, facilities, etc.). It also is common to include recommendations for actions to be taken in response to observations. However, doing so is neither necessary nor, in all cases, appropriate.
The conclusion section should clearly state the timeline requirements for responses and the conclusions of the auditors with reference to the purpose of the audit.
Responses and follow-up to an audit are often inadequate because once responses are received, little follow-up is done by the auditing organization and the main follows up often takes place at the next scheduled audit. This is not a best practice and does not deliver the value to the auditing company that an effective and well-managed audit should.
The lead auditor should be in regular contact with the auditee to ensure receipt of responses according to established timelines. In some cases, the final audit report is not issued by the audit team until adequate responses have been received. This may be when the auditing process feeds into the CAPA system of the CMO, and can be a useful tool for the audit team when tracking the close-out of observations.
When assessing the adequacy of responses (including proposed timelines), several factors should be taken into account, including the category of observation, the complexity of CAPAs required, and the number of observations requiring actions.
Effective auditing depends on a number of factors including clear identification of the purpose of the audit, comprehensive audit preparation, the composition of the audit team, clarity of reporting and monitoring of observations, and an assessment of responses and follow-up to the audit.
D. Howe is a QA validation manager at Renovo, Manchester, UK, +44 (0)161 276 7100, firstname.lastname@example.org and L. Winberry, PhD, is a senior consultant at Biologics Consulting Group.