Audit and Compliance Process in Pharmaceutical Industry
Why is audit important for pharma MSMEs?
Auditing is an absolute necessity for a pharmaceutical company as it helps to review and evaluate the quality system of the organisation. International Organisation for Standardisation (ISO) defines audits as "Systematic, independent and documented process for obtaining audit evidence and evaluating them objectively to determine the degree to which the verification criteria are met". In simple terms audit can be defined as an inspection wherein an organisation ensures that their processes and system meet the requirements of its intended use.
Every pharmaceutical organisation should have Good Manufacturing Practice (GMP) compliance regulations to ensure safety of the product. A quality control team consisting of experienced and skilled members should be formed who will focus on improving quality and compliance with GMP regulations. Their main aim will be to analyse and identify problems, its root cause and develop appropriate improvement measures. The best way to ensure GMP compliance is to educate and train the staff on the importance of GMP.
What are the types of audits?
An audit is characterised by various principles such as integrity, fair presentation, due professional attention, confidentiality, independence of the activity and evidence-based approach. These principles help to establish audit as an effective and reliable tool by providing information on how an organisation can improve its performance. These are the three main types of audits that are usually conducted by organisations:
- Internal audit: An internal audit of every department gives you an idea about the activities carried out in a facility and the level of GMP compliance. The findings of the audit will help identify the real sources of non-compliance and appropriate measures needed to curb the situation before it depreciates. This type of audit is also known as first part audit. An organisation should have a Standard Operating Procedure (SOP) to carry out the internal audit process.
- External audit: Apart from internal audit, there are two more types of audits - external audit and regulatory audit. External audit, also known as second party audit, is carried out by a company on the supplier to ensure that they meet the requirement specified in their contract and are GMP compliant.
- Regulatory audit: Also known as third party audit, this is carried out by a regulatory agency for the purpose of compliance or certification or registration. All regulatory inspectors are extensively trained and competent. Failure to pass a regulatory audit can result in revocation of import/export licence. To avoid this situation, an organisation should have a defined process and system in place along with trained staff. Internal audits can provide valuable opportunities to face regulatory audits.
What is remote auditing?
The coronavirus pandemic has forced organisation into remote auditing due to safety issues, facilities closures to visitors and social distancing measures. Remote audits are also referred as distant audits, virtual audits, online audits, desktop audits, or e-Audits. The purpose of a remote audit is same as that of an on-site audit i.e. to evaluate and obtain evidence to determine if the established quality and processes are effectively supporting the organisation’s quality objectives. Remote auditing requires fully electronic document management system.
On-site audits take place on the site while remote audits utilise different techniques and technology to evaluate organisation’s processes, systems, and procedures remotely. Remote auditing has proven to be a valid way of doing things for many reasons like saving money and hassle, cutting down on travel and allowing audits to be run efficiently. Communication skill is of paramount importance to support an effective remote audit. But there are some disadvantages of remote auditing like maintenance data security, time zone difference, poor Wi-Fi connections and the lack of a personal touch. It is not an option for site certification audits; also, it is not accepted by all health authorities. If a company can overcome these problems, then remote auditing is the best method for future audits.
What are the ten steps in the pharma audit process?
- The first step of audit process is notification. The date and time of the audit is notified by the auditor to the party to be audited. The notification will also provide the list of documents list which the auditor wishes to review.
- Planning is the second step where the audit will identify the key areas of risk and concerns.
- The next step is the opening meeting that takes place between the auditing staff and senior management and administrative staff of the auditing organisation.
- Then, field work begins with notifying the employees about the audit. The activities of the audit staff are scheduled, investigation begins by studying the organisation’s procedures, interviewing the key staff members, and reviewing the various rules and practices followed in the organisation.
- The audit team consistently remains in contact with the auditor to clarify processes and procedure, and to provide documentation proofs.
- The next step is to prepare the draft audit report which details the audit finding and furnishes a list of concerns.
- The report is handed over to the management for their review, to suggest changes and to probe the area of concerns. Management is requested to respond to the audit report by stating whether they agree with the issue mentioned in the report, plans for corrective actions and the expected time by which all issues will be addressed.
- Then, a final meeting is conducted to close loose ends and to discuss the response of the management.
- Distribution of report is the next step of the audit process. The final audit report is distributed among the appropriate officials inside and outside the audit area.
- The last step is audit feedback whereby the audited company implements the changes recommended by the auditor and these changes are again reviewed by the auditor. This cycle continues until all the issues raised are addressed and the next audit process cycle begins.