Robust Audit Programs: A Key to Better Business Decisions

Transcription

1 INSIGHT BRIEF Robust Audit Programs: A Key to Better Business Decisions Executive Summary Good internal audit programs and auditing practices enable an organization to evaluate the effectiveness of its Quality Management System, and promote continuous improvement by uncovering opportunities for quality and product improvement. Great internal audit programs and practices do this, and they deliver an additional return on investment to the organization by providing insight into business decisions that influence manufacturing, supplier and contractor selection as well as product innovation. Unfortunately, many internal audit programs fall short of delivering recommendations for continuous improvement, let alone providing insights into better business decision making. clinica l com mercia l consu lting capita l

2 Good internal audit programs and auditing practices enable an organization to evaluate the effectiveness of its Quality Management System, and promote continuous improvement by uncovering opportunities for quality and product improvement. Great internal audit programs and practices do this, and they deliver an additional return on investment to the organization by providing insight into business decisions that influence manufacturing, supplier and contractor selection as well as product innovation. Unfortunately, many internal audit programs fall short of delivering recommendations for continuous improvement, let alone provide insights into better business decision making. Common Audit Program Deficiencies There are several reasons for audit program deficiencies. In addition to not having the resources to support the internal audit function, the following reasons also explain why audit programs suffer: > > Ineffective risk-based approach to prioritizing and scheduling audits: Resources (e.g., people, time) are not allocated to the facilities, suppliers and contractors that pose the most risk; audit focus is not dedicated to the quality/compliance areas that pose the most risk. > > Non-optimized, non-standardized procedures, forms, and work instructions: A harmonized audit program does not exist that would facilitate a continuous improvement environment. > > Auditor inconsistency: Variation exists in the way auditors approach and perform audits; identify, evaluate and categorize observations; and follow up. > > Auditor expertise is not always aligned to audit requirements: Skills and competencies for auditing resources are not consistently taken into account when assigning audits and auditrelated tasks; collaborative audit teams are formed but do not always consider each team member s auditing skill set. > > Auditor resource allocation is not always optimized: Auditors are not geographically located in strategic markets where a majority of audits happen; expectations for audit team roles (e.g., audit lead) are not well defined; and auditing workload is not appropriately shared among auditing resources. > > Lack of, or poor use of technology to support auditing processes: A computer system where all audit records are created, maintained, stored and shared, and observation follow-up details are recorded, updated and maintained does not exist. Also, ancillary systems that support the supply chain, product development, and quality systems are not integrated with the audit computer system. > > Inconsistent or nonexistent means to report and assess trends in audit findings and actions: It is difficult to optimize operations (the desired intent of internal auditing) if reporting, trending, and post-audit follow-up does not occur. > > Lack of a collaborative relationship between auditors and auditees: Audits are considered a policing exercise, as opposed to an opportunity for continuous improvement. 2

3 Optimized Audit Program An optimized audit program is one in which people, process and technology are connected to facilitate continuous improvement. Optimized audit programs deliver a return on investment to the supply chain and product development by enhancing manufacturing, supplier and contractor operational compliance, effectiveness, and efficiency. PROCESS Risk-based approach Standarized procedures PROCESS Continuous Improvement PEOPLE Consistent observation, identification, categorization and follow-up PEOPLE Optimized audit assignmnents Professional development opportunities Aligned audit expectations TECHNOLOGY Delivers a return on investment to the supply chain and product development by enhancing manufacturing, supplier and contractor operational compliance, effectiveness, and efficiency TECHNOLOGY Automated audit planning, scheduling, recording, tracking, trending and reporitng Linked to supply chain and product development systems as well as other quality management functions 3

4 Robust audit programs contain common elements that, when linked together, build a solid foundation for scalable auditing function globally. Elements of a Robust Audit Program Robust audit programs contain common elements that, when linked together, build a solid foundation for a scalable auditing function globally: > > Auditor Consistency: Auditors consistently identify, assess and categorize observations. Auditor expectations with respect to audit prep and planning, audit execution, audit follow-up and audit report writing exist and are consistently followed. Audit report reviewers are consistent in their approach to reviewing audit reports. > > Strategic Resource Allocation: Auditors are geographically located in strategic markets, and are assigned to audits that align with their expertise and/or professional development aspirations (also related to skills and competencies alignment). The appropriate amount of auditors is assigned to each audit, and each individual s auditing skill set is consider prior to assigning them to an audit team. Audit team roles (e.g., audit lead) are identified, and clear expectations exist for each role. The auditing workload is consistently and fairly shared among auditing resources. When appropriate, external contractor auditors are considered to complete audits on behalf of the organization. > > Optimized, Harmonized Procedures: Consistent, global procedures are defined that provide direction and facilitate alignment on auditing expectations. The procedures reflect actual practice, and are periodically reviewed and updated to include leading industry practice. > > Positive Auditor / Auditee Relationships: Mutual collaboration and esprit de corps exists between the auditor and auditee. Pre-audit planning is consistently performed. Auditor, auditee, and other vested parties (e.g., site lead or process owner) understand their role, expectations and responsibilities pre-, during and post-audit. > > Skills and Competencies Alignment: Resources and competencies are aligned to team needs and are taken into account when assigning audits and tasks. Methods for evaluating skill and competency level are consistently applied throughout the group. People have an opportunity to identify professional development opportunities (self- or manager-identified) and effort is made to provide instructive learning / professional development opportunities. > > Common Database: A universal computer system exists where all audit records are created, maintained, stored and shared. Observation follow-up details are recorded, updated and maintained within the system, and ancillary systems that support the supply chain and other related quality systems are integrated with the computer system that stores and shares audit records. The system has the ability to generate user-defined tracking and trending reports. > > Trending / Tracking Metrics: Consistent, defined reporting and trending processes exist. Reports and trends have a defined business purpose and value, audience and frequency and are used to improve operations. > > Risk-Based Audit Scope and Depth: Time is effectively allocated to the facilities, suppliers, and contractors that pose the most risk. During audits, audit focus is dedicated to the quality/ compliance areas that pose the most risk. 4

5 Robust Audit Program Elements Risk-Based Audit Scope & Depth Auditor Consistency (Observations & Reporting) Strategic Resource Allocation Trending & Tracking Metrics ROBUST GxP AUDIT PROGRAM Optimized, Harmonized Procedures Common Database Skills & Competencies Alignment Positive Auditor/Auditee Relationships In order to achieve an optimized and harmonized auditing program that promotes continuous improvement and delivers a return on investment, it is important to evaluate the current audit program and practices against these elements. When evaluating audit programs: 1. Identify the gaps between current practices and the robust audit program elements 2. Document recommendations for addressing each gap 3. Prioritize the recommendations, considering expected return to the organization Prior to audit program evaluation, it is important to identify audit outcome expectations. At a very basic level, an organization will want to ensure that they have a plan to audit their most risk-prone sites on a regular schedule. More advanced companies will want to define how audit outcomes will identify process improvement priorities and enable sustainable compliance. Best-in-class companies will have a vision for how audit outcomes will help to drive business decisions like where products should be manufactured and which suppliers and contractors are the best partners. In conclusion, well-run audit programs can be a valuable asset to an organization, particularly when they reveal insights that enable companies to make better business decisions. 5

6 About the Author Marie McDonald Senior Director, Quality & Compliance, Consulting at Quintiles Marie has extensive experience in business case development, program and project planning and execution, process improvement design, training, and business transformation. She has led or facilitated a wide range of projects, including quality systems evaluation, process improvement and technology implementation, as well as regulatory remediation and compliance improvement. She partners with global clients, and spent two years working and living in Ireland. Throughout Marie s career she has led project teams that developed and delivered technology enablement for GMP business processes including manufacturing, quality control, and quality assurance. She also created and executed quality system audits for business processes and information technology systems, helping clients confirm compliance with governing SOPs, GMPs, and to ensure data integrity. Marie holds a BS in Business Administration from Shippensburg University and an MS in Career and Technical Education from Virginia Polytechnic Institute and State University. She serves on the Board of Directors of the Greater Philadelphia Chapter of the Healthcare Businesswomen s Association (HBA). 6

7

8 Contact Us: On the web: Copyright 2012 Quintiles