Robust Audit Programs: A Key to Better Business Decisions

Similar documents
Moving Towards Integrated Operational Excellence Matthew Littlefield President and Principal Analyst

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

RSA ARCHER AUDIT MANAGEMENT

Internal Auditing Guidelines

EMS Example Example EMS Audit Procedure

RSA ARCHER OPERATIONAL RISK MANAGEMENT

ACL Audit Management Software Helps Demonstrate Audit Value to Leadership Team

Addressing Risk in Partner / Contractor Selection and Onboarding. Michael Davidson VP Quality Systems and Compliance March 2014

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

Computer System Configuration Management and Change Control

Harnessing vital data to inform an optimal market access strategy in the UK

Business Process Services. White Paper. Automating Management: Managing Workflow Effectively

Transforming your Audit Department through Technology. Marilynn Kesslar Consultant National Accounts- TeamMate

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION

Computer System Configuration Management and Change Control

Product Lifecycle Management in the Food and Beverage Industry. An Oracle White Paper Updated February 2008

John Keel, CPA State Auditor. An Audit Report on The Dam Safety Program at the Commission on Environmental Quality. May 2008 Report No.

Simply Sophisticated. Information Security and Compliance

Title:: Effective GMP AUDITS for APIs and Formulation Pharma Companies By G.Sundar-Director/Consultant PharmQA Compliance solutions

How To Manage A Public Safety Department Risk Management Program

Information Security Management System for Microsoft s Cloud Infrastructure

ICH Q10 - Pharmaceutical Quality System

Guidance for Industry. Q10 Pharmaceutical Quality System

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Disaster Recovery & Strategic Planning: How alignment can reduce risk and cost

Let the Potential of Your Business Emerge. Paragon Solutions Inc. Proprietary

A proven 5-step framework for managing supplier performance

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

INTERNAL AUDIT SOFTWARE BUYER S GUIDE

Auditing as a Component of a Pharmaceutical Quality System

FREQUENTLY ASKED QUESTIONS

The Value of Optimization in Asset Management

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

APICS INSIGHTS AND INNOVATIONS UNCOVERING CHRONIC DISRUPTION IN SUPPLY CHAIN AND OPERATIONS MANAGEMENT

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Metrics That Matter Security Risk Analytics

Supply Chain: improving performance in pricing, planning, and sourcing

IAESB STAFF QUESTIONS & ANSWERS July 7, Staff Questions and Answers on the Implementation of a Learning Outcomes Approach

Current Challenges in Managing Contract Lifecycle Management

A new paradigm for EHS information systems: The business case for moving to a managed services solution

Bringing Safe and Cost Effective Products to Market

Preparing for Unannounced Inspections from Notified Bodies

Implementing a Third-Party Management Solution: 5 Steps for Success

3 rd Party Vendor Risk Management

Services Providers. Ivan Soto

A Quality and Compliance Training Road Map for Emerging FDA-Regulated Companies

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

Leadership Competency Self Assessment

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

IT Governance Charter

Business Performance & Data Quality Metrics. David Loshin Knowledge Integrity, Inc. loshin@knowledge-integrity.com (301)

Establishing a Mature Identity and Access Management Program for a Financial Services Provider

9 Things you need to know about Continuous Monitoring Systems in FDA-Regulated Environments

Chair of the Board Marie Ehrling s speech at the Annual General Meeting April 2, 2014

Department of Audit and Compliance. Quality Self-Assessment

Module 17: EMS Audits

EHS Auditing at Pfizer

ITIL. Lifecycle. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

Application of Software Tools During Audits. Martin Lejsal September 2012

Human Capital Management

Effective Internal Audit in the Financial. Services Sector. Non Executive Directors (NEDs) and the Management of Risk

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Audit of Human Resources Management Planning

One similarity among most successful organizations is strong leadership with a topdown

The PNC Financial Services Group, Inc. Business Continuity Program

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Enhancing Sales and Operations Planning with Forecasting Analytics and Business Intelligence WHITE PAPER

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Internal Audit Practice Guide

Enterprise Risk Management

RETAIL AUDIT FORUM - AUDITING BUSINESS CONTINUITY

Developing a Proactive Compliance Monitoring Program

A discussion of information integration solutions November Deploying a Center of Excellence for data integration.

Regulatory Asset Management: Harmonizing Calibration, Maintenance & Validation Systems

Internal Audit Quality Assessment Framework

Information Technology Security Review April 16, 2012

Management Update: The Cornerstones of Business Intelligence Excellence

Utility Supply Chain Talent Management

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Quality Takes Lead in MOM Software Deployments and Performance Benefits

Using the ISPE s GAMP Methodology to Validate Environmental Monitoring System Software

Strategies for assessing cloud security

Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability

HSCIC Audit of Data Sharing Activities:

QUICK FACTS. Facilitating Application Packaging on Behalf of a Global Professional Services Company

Ten Ways to Generate Higher Returns from Your Innovation Investments

Establish Collaborative Strategies to Better Manage a Global Vendor Network Devise a Proper Float Plan

ASSE On-Site Seminar Course Selections

SHARED SERVICES. An Enabler for Managing Risk. Steve Tracy, Principal Consultant, ISG.

WHITE PAPER Third-Party Risk Management Lifecycle Guide

ISTQB - Certified Tester Advanced Level - Test Manager

Imperative. Tim Mohn Industry Principal Sparta Systems

Microsoft s Compliance Framework for Online Services

PM Services. Portfolio Strategy, Design and Build

Software Industry KPIs that Matter

IBM Security QRadar Risk Manager

Physician Enterprise The Importance of Charge Capture, Business Intelligence and Being a Data Driven Organization

Transcription:

INSIGHT BRIEF Robust Audit Programs: A Key to Better Business Decisions Executive Summary Good internal audit programs and auditing practices enable an organization to evaluate the effectiveness of its Quality Management System, and promote continuous improvement by uncovering opportunities for quality and product improvement. Great internal audit programs and practices do this, and they deliver an additional return on investment to the organization by providing insight into business decisions that influence manufacturing, supplier and contractor selection as well as product innovation. Unfortunately, many internal audit programs fall short of delivering recommendations for continuous improvement, let alone providing insights into better business decision making. clinica l com mercia l consu lting capita l

Good internal audit programs and auditing practices enable an organization to evaluate the effectiveness of its Quality Management System, and promote continuous improvement by uncovering opportunities for quality and product improvement. Great internal audit programs and practices do this, and they deliver an additional return on investment to the organization by providing insight into business decisions that influence manufacturing, supplier and contractor selection as well as product innovation. Unfortunately, many internal audit programs fall short of delivering recommendations for continuous improvement, let alone provide insights into better business decision making. Common Audit Program Deficiencies There are several reasons for audit program deficiencies. In addition to not having the resources to support the internal audit function, the following reasons also explain why audit programs suffer: > > Ineffective risk-based approach to prioritizing and scheduling audits: Resources (e.g., people, time) are not allocated to the facilities, suppliers and contractors that pose the most risk; audit focus is not dedicated to the quality/compliance areas that pose the most risk. > > Non-optimized, non-standardized procedures, forms, and work instructions: A harmonized audit program does not exist that would facilitate a continuous improvement environment. > > Auditor inconsistency: Variation exists in the way auditors approach and perform audits; identify, evaluate and categorize observations; and follow up. > > Auditor expertise is not always aligned to audit requirements: Skills and competencies for auditing resources are not consistently taken into account when assigning audits and auditrelated tasks; collaborative audit teams are formed but do not always consider each team member s auditing skill set. > > Auditor resource allocation is not always optimized: Auditors are not geographically located in strategic markets where a majority of audits happen; expectations for audit team roles (e.g., audit lead) are not well defined; and auditing workload is not appropriately shared among auditing resources. > > Lack of, or poor use of technology to support auditing processes: A computer system where all audit records are created, maintained, stored and shared, and observation follow-up details are recorded, updated and maintained does not exist. Also, ancillary systems that support the supply chain, product development, and quality systems are not integrated with the audit computer system. > > Inconsistent or nonexistent means to report and assess trends in audit findings and actions: It is difficult to optimize operations (the desired intent of internal auditing) if reporting, trending, and post-audit follow-up does not occur. > > Lack of a collaborative relationship between auditors and auditees: Audits are considered a policing exercise, as opposed to an opportunity for continuous improvement. 2

Optimized Audit Program An optimized audit program is one in which people, process and technology are connected to facilitate continuous improvement. Optimized audit programs deliver a return on investment to the supply chain and product development by enhancing manufacturing, supplier and contractor operational compliance, effectiveness, and efficiency. PROCESS Risk-based approach Standarized procedures PROCESS Continuous Improvement PEOPLE Consistent observation, identification, categorization and follow-up PEOPLE Optimized audit assignmnents Professional development opportunities Aligned audit expectations TECHNOLOGY Delivers a return on investment to the supply chain and product development by enhancing manufacturing, supplier and contractor operational compliance, effectiveness, and efficiency TECHNOLOGY Automated audit planning, scheduling, recording, tracking, trending and reporitng Linked to supply chain and product development systems as well as other quality management functions 3

Robust audit programs contain common elements that, when linked together, build a solid foundation for scalable auditing function globally. Elements of a Robust Audit Program Robust audit programs contain common elements that, when linked together, build a solid foundation for a scalable auditing function globally: > > Auditor Consistency: Auditors consistently identify, assess and categorize observations. Auditor expectations with respect to audit prep and planning, audit execution, audit follow-up and audit report writing exist and are consistently followed. Audit report reviewers are consistent in their approach to reviewing audit reports. > > Strategic Resource Allocation: Auditors are geographically located in strategic markets, and are assigned to audits that align with their expertise and/or professional development aspirations (also related to skills and competencies alignment). The appropriate amount of auditors is assigned to each audit, and each individual s auditing skill set is consider prior to assigning them to an audit team. Audit team roles (e.g., audit lead) are identified, and clear expectations exist for each role. The auditing workload is consistently and fairly shared among auditing resources. When appropriate, external contractor auditors are considered to complete audits on behalf of the organization. > > Optimized, Harmonized Procedures: Consistent, global procedures are defined that provide direction and facilitate alignment on auditing expectations. The procedures reflect actual practice, and are periodically reviewed and updated to include leading industry practice. > > Positive Auditor / Auditee Relationships: Mutual collaboration and esprit de corps exists between the auditor and auditee. Pre-audit planning is consistently performed. Auditor, auditee, and other vested parties (e.g., site lead or process owner) understand their role, expectations and responsibilities pre-, during and post-audit. > > Skills and Competencies Alignment: Resources and competencies are aligned to team needs and are taken into account when assigning audits and tasks. Methods for evaluating skill and competency level are consistently applied throughout the group. People have an opportunity to identify professional development opportunities (self- or manager-identified) and effort is made to provide instructive learning / professional development opportunities. > > Common Database: A universal computer system exists where all audit records are created, maintained, stored and shared. Observation follow-up details are recorded, updated and maintained within the system, and ancillary systems that support the supply chain and other related quality systems are integrated with the computer system that stores and shares audit records. The system has the ability to generate user-defined tracking and trending reports. > > Trending / Tracking Metrics: Consistent, defined reporting and trending processes exist. Reports and trends have a defined business purpose and value, audience and frequency and are used to improve operations. > > Risk-Based Audit Scope and Depth: Time is effectively allocated to the facilities, suppliers, and contractors that pose the most risk. During audits, audit focus is dedicated to the quality/ compliance areas that pose the most risk. 4

Robust Audit Program Elements Risk-Based Audit Scope & Depth Auditor Consistency (Observations & Reporting) Strategic Resource Allocation Trending & Tracking Metrics ROBUST GxP AUDIT PROGRAM Optimized, Harmonized Procedures Common Database Skills & Competencies Alignment Positive Auditor/Auditee Relationships In order to achieve an optimized and harmonized auditing program that promotes continuous improvement and delivers a return on investment, it is important to evaluate the current audit program and practices against these elements. When evaluating audit programs: 1. Identify the gaps between current practices and the robust audit program elements 2. Document recommendations for addressing each gap 3. Prioritize the recommendations, considering expected return to the organization Prior to audit program evaluation, it is important to identify audit outcome expectations. At a very basic level, an organization will want to ensure that they have a plan to audit their most risk-prone sites on a regular schedule. More advanced companies will want to define how audit outcomes will identify process improvement priorities and enable sustainable compliance. Best-in-class companies will have a vision for how audit outcomes will help to drive business decisions like where products should be manufactured and which suppliers and contractors are the best partners. In conclusion, well-run audit programs can be a valuable asset to an organization, particularly when they reveal insights that enable companies to make better business decisions. 5

About the Author Marie McDonald Senior Director, Quality & Compliance, Consulting at Quintiles Marie has extensive experience in business case development, program and project planning and execution, process improvement design, training, and business transformation. She has led or facilitated a wide range of projects, including quality systems evaluation, process improvement and technology implementation, as well as regulatory remediation and compliance improvement. She partners with global clients, and spent two years working and living in Ireland. Throughout Marie s career she has led project teams that developed and delivered technology enablement for GMP business processes including manufacturing, quality control, and quality assurance. She also created and executed quality system audits for business processes and information technology systems, helping clients confirm compliance with governing SOPs, GMPs, and to ensure data integrity. Marie holds a BS in Business Administration from Shippensburg University and an MS in Career and Technical Education from Virginia Polytechnic Institute and State University. She serves on the Board of Directors of the Greater Philadelphia Chapter of the Healthcare Businesswomen s Association (HBA). 6

Contact Us: On the web: Email: consulting@quintiles.com Copyright 2012 Quintiles. 14.15.13-042012

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information