Approaching the Response to Audit Observations



Similar documents
Approaching The Response To Audit Observations

Edwin Lindsay Principal Consultant. Compliance Solutions (Life Sciences) Ltd, Tel: + 44 (0) elindsay@blueyonder.co.

EMS Example Example EMS Audit Procedure

Title:: Effective GMP AUDITS for APIs and Formulation Pharma Companies By G.Sundar-Director/Consultant PharmQA Compliance solutions

Preparing for Unannounced Inspections from Notified Bodies

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

FDA Inspection Observations The FDA 483 and Beyond. Objectives

Module 17: EMS Audits

1

Empowering the Quality and Regulatory Compliance Functions

There is no Silver Bullet to complying with the US FDA GMPs by Alan Schwartz

FDA BEGINS INSPECTING CONVENIENCE STORES. Agency Seeking to Ensure Compliance with Tobacco Regulations

Making SOP Training More Effective

Quality Thinking in other Industries. Dominic Parry Inspired Pharma Training. WEB GMP BLOG inspiredpharmablog.

Quality Management System

Compliance Focused Preapproval Preparation Program. By Mike Ronningen, RAC

ISO/IEC QUALITY MANUAL

Guidance for Industry

PHARMACEUTICAL TRAINING GUIDELINE

POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW

New York City Department of Buildings

LabGuide 71. Incident Management: Developing a Plan

Quality Manual. DuraTech Industries, Inc Commerce Street La Crosse, WI MANUAL SERIAL NUMBER 1

Company Quality Manual Document No. QM Rev 0. 0 John Rickey Initial Release. Controlled Copy Stamp. authorized signature

QUALITY ASSURANCE MANUAL JPM OF MISSISSIPPI, INC.

Optimizing Quality Control / Quality Assurance Agents of a Global Sourcing / Procurement Strategy

COMPLIANCE BY DESIGN FOR PHARMACEUTICAL QUALITY CONTROL LABORATORIES INSIGHT FROM FDA WARNING LETTERS

Quality Management Systems. Compliance Driven or Quality Driven?

TRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS. LEC (Company Audit) Guidance Notes

Annex 7 Guidelines on pre-approval inspections

NABL NATIONAL ACCREDITATION

Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria

European Forum for Good Clinical Practice Audit Working Party

November 2009 Report No An Audit Report on The Department of Aging and Disability Services Home and Community-based Services Program

WHITE PAPER Seven Guiding Principles of Data Center Migration Success

Implementing ISO 9001

Preparation for a Software Quality Audit

GC GUIDANCE ON INHERENTLY GOVERNMENTAL FUNCTIONS

Steps to ISO/IEC Accreditation

John Keel, CPA State Auditor. An Audit Report on Inspections of Compounding Pharmacies at the Board of Pharmacy. August 2015 Report No.

Developing Supplier Quality Auditor Training Programs

AS 9100 Rev C Quality Management System Manual. B&A Engineering Systems, Inc Business Park Drive, Suite A-1 Costa Mesa, CA 92626

NORTH AMERICA OPERATIONS. (Fairmont and Montreal Facilities) QUALITY MANUAL. Prepared to comply with the requirements of ISO 9001:2008

ORACLE CONSULTING GROUP

AUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?

Quality Management System General

Optimizing Regulatory Compliance: Nine Strategies for Success

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

YOUR RIGHTS AS A SECTION 8 TENANT:

How quality assurance reviews can strengthen the strategic value of internal auditing*

A Guide To Understanding Your 360- Degree Feedback Results

GLP vs GMP vs GCP Dominique Pifat, Ph.D., MBA The Biologics Consulting Group

White paper: FDA Guidance for Industry Update Process Validation

ICH guideline Q10 on pharmaceutical quality system

Row Manufacturing Inc. Quality Manual ISO 9001:2008

Incident Management: Developing a Plan

Following up recommendations/management actions

GxP Process Management Software. White Paper: Ten Most Common Reasons for FDA 483 Observations and Warning Letter Citations

AD-AUDITING ACCOUNTANT, SENIOR

Combination Products. Presented by: Karen S. Ginsbury For: IFF March PCI Pharma

City of Raleigh Public Utilities Department. Wastewater EMS Manual

UNCONTROLLED COPY FOR REFERENCE ONLY

Property Room. Records Management System

Cost of Poor Quality:

Information Sheet Guidance For IRBs, Clinical Investigators, and Sponsors

BBB Rules of Non-Binding Arbitration for Extended Service Plans/Extended Service Coverage Naming BBB as Administrator

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES

White paper. Corrective action: The closed-loop system

Toronto Maintenance Management System Application Review. the exercise to harmonize business practices is completed;

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS

SUPPLIER QUALITY MANAGEMENT SYSTEM QUESTIONNAIRE

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

STANDARD PDCA P2-04 THIRD PARTY INSPECTIONS: QUALIFICATIONS, RESPONSIBILITIES, AND PROCEDURES

Aligning Quality Management Processes to Compliance Goals

Audit of the Trusted Traders Programs

Camber Quality Assurance (QA) Approach

QUALITY MANAGEMENT SYSTEM (QMS) ASSESSMENT CHECKLIST

Operations Integrity Management System

Audits must be conducted with due concern for employee safety and environmental protection.

ISO 9001:2000 AUDIT CHECKLIST

ISO 9001:2008 STANDARD OPERATING PROCEDURES MANUAL

Edwin Lindsay Principal Consultant. Compliance Solutions (Life Sciences) Ltd, Tel: + 44 (0) elindsay@blueyonder.co.

Best Practice In A Change Management System

COMBINE. Part B. Manual for Marine Monitoring in the. Programme of HELCOM. General guidelines on quality assurance for monitoring in the Baltic Sea

How to Prepare For an Agency Inspection

CITY UNIVERSITY OF HONG KONG. Information Security PUBLIC Internal Assessment Standard

Corrective and Preventive Action Background & Examples Presented by:

ISO 9001:2008 Audit Checklist

The Global Guideline for GCP Audit

Eastbourne Borough Council Environmental Health Division Food Safety Enforcement Policy

Hiring Winners for your Dental Team

HIRING A QUALIFIED OFFICE STAFF

ONTIC UK SUPPLIER QUALITY SURVEY

Code of Business Conduct and Ethics. With Special Message for Senior Business and Finance Leaders

State of New Jersey Department of Community Affairs. Community Development Block Grant- Disaster (Irene) Recovery Program.

Off-the-Shelf Software: A Broader Picture By Bryan Chojnowski, Reglera Director of Quality

Introduction to PhD Research Proposal Writing. Dr. Solomon Derese Department of Chemistry University of Nairobi, Kenya

COTS Validation Post FDA & Other Regulations

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS

Creating an Effective Mystery Shopping Program Best Practices

Transcription:

Introduction Approaching the Response to Audit Observations One of the first things consistently drilled into my collective memory was the statement that we should always be prepared for an audit. It was a number one priority prevailing over our activities as a quality unit. The reason was simple always being prepared prevents (or at least minimizes) the peaks and valleys of audit preparation. This can be demonstrated by the graphic below: Audit complete company at a high state of compliance Audit Announced Cycle Repeats! Low Level of Compliance Now that the audit is over, we can get back to some real work Overtime, extra help, replace items, conduct training RUSH, RUSH High Level of Compliance As experience was gained not only at the front end (audit preparation) but at the back end (audit response), it was evident that if Always be Prepared was a number one priority, then a number two priority was Respond Systemically to any observation. If done properly, systemic resolution to issues should eliminate the peaks and valley syndrome outlined above. Quality should be built into the process and auditing alone cannot be relied upon to ensure quality. Your actions before, during and after the audit will ultimately determine your level of compliance. Compliance Insight, Inc. 2014 Page 1 of 15

Some Definitions Before proceeding further, it is always best to define some of the main points being discussed. Without a base of understanding for these points, misunderstandings and confusion is bound to happen. Audit Planned, independent and documented assessments to determine whether agreed upon requirements are met. Compliance Affirmative indication or judgment that the supplier of a product or service has met requirements. Conformance An affirmative indication or judgment that a product or service has met the requirements of the specs or regulations Observation An item of objective evidence found during an audit Quality Audit A systemic and independent examination and evaluation to determine whether quality activities and results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives. Note: This last section of underlined text is very important to understand if one is to respond systemically to an audit finding. The auditor is looking for current implementation of programs AND how you plan to implement corrective actions to observations. Systemic Audit A means of conducting an audit that evaluates the systems implemented by a firm to control their operations. Although the auditor or firm may divide their systems into various classifications, a good standard is provided by the US FDA (attachment I). Compliance Insight, Inc. 2014 Page 2 of 15

Understand Your Observations It is essential that the observations be understood and evaluated in the context in which they were given. Personnel involved with the audit should have input into the reasoning behind the issue. Hopefully, the auditor will provide feedback either when the observation was made or on a daily basis. This is an opportunity to understand the point being made. Typically, the last prospect for obtaining feedback directly from an auditor is during the close-out meeting. The close-out meeting is a review of the observations made by the auditor. For the US FDA, if a Form 483 is issued, the firm will receive it during this close-out. For the MHRA, the firm will receive a verbal list of observations. The written list will follow in about two weeks. For internal, corporate or external auditors, there is usually a verbal close-out meeting followed shortly thereafter with a formal report. During the close-out meeting (especially during formal or governmental audits), it is important to have the appropriate personnel in attendance. These people usually represent Quality Assurance, Regulatory Affairs, Operations and a member of senior management. It is important to keep the number of personnel in attendance to a reasonable level. Too many people and the auditor may become uncomfortable. Too few, it may seem that you are not taking the audit seriously. Decide in advance how you are going to approach the close-out meeting. Will you question every observation and attempt to get them removed analogous to a Scorched Earth Policy? Will you accept every observation even if there are errors present? Who will comment on the observations everyone? Will people debate or disagree with valid observations? A good approach is typically one that abides by the following outline: The head of quality is the one who hosts the audit and will be the representative during the close-out. That person alone will be the one who questions any observation unless a person hears a point that is blatantly in error. The head of quality can, and often does, ask for assistance from other key representatives of the group. Review each item with the auditor. Understand what they are citing. Don t guess or speculate your response could be far off target if this is the case. If errors are present, comment on them. Ask for clarification. Auditors are human and make mistakes. Compliance Insight, Inc. 2014 Page 3 of 15

If you have already made corrections decide if you will indicate that fact during the close-out. There is a concern that should be noted on this point If the firm has a knee-jerk reaction and implements corrective actions too quickly, the auditor may be concerned that you are reacting without truly evaluating the systemic nature of the observation. If the points are minor or easily rectified, you could make the comment that actions have already been implemented to correct the problem but be cautious with this approach. Many questions can be raised such as How did you get the change control implemented so quickly?, Did you train personnel already?, Did you evaluate all the systems? or That s not what I meant by the observation. If there are true points of contention, discuss them but don t argue directly with the auditor. You should not argue every point or even a large percentage of them. It should be understood that these observations are simply points made during an inspection by an auditor. The firm has an ample amount of time to respond to the issue in a written format, citing examples of compliance, references, guides, testimony, etc. Be cautious in committing to anything during the close-out. The auditor is taking notes and will indicate that the firm committed to a particular action or time frame. This is particularly important during a governmental audit and may result in further actions. There are other means of gaining an understanding of the observations, including, but not limited to, obtaining the EIR (Establishment Inspection Report) or contacting the inspector directly for questions. The Response Re-establishing Credibility Once observations are given, particularly critical or major points, the firm has a limited amount of time to respond. Generally the response must be received by the auditor within 15 days from the date of the 483. The firm should have a policy in place and adhere to it diligently. This is the firms chance to re-establish credibility with the auditing body client, potential client, MHRA, etc. The last thing an auditor or auditor body wants to do is chase down a firm for corrective actions or to conduct extensive follow-up. Any issues with the response such as lack of clarity or detail will only result in a request for further information, followed by more details, followed by another review, etc. This loss of time in Compliance Insight, Inc. 2014 Page 4 of 15

obtaining a conclusion to the audit can result in delays in contracts or governmental approvals. An approach for formulating a response on each observation is recommended as follows: 1. Evaluate the current state of compliance in light of the audit observation. If possible, indicate what is compliant. 2. Review prior commitments. Are any issues a repeat observation or a repeat observation for the same type system issue? This is critical to know and understand. If you have made a commitment in the past regarding an observation but the corrective actions were not implemented or did not resolve the issue, the inspecting body will evaluate the current observations in a more critical light. Repeat observations also greatly increase the likelihood of further regulatory actions. 3. Relate each observation to the appropriate Quality System. Understand the area of impact of the issue in relation to the functions impacted by that system. 4. Identify the root cause of the issue, as appropriate. Understand how the firm will resolve the issue systemically. This is a fundamental principle in the FDA s view of systemic audits and is certainly used widely in Europe as a format for inspections. 5. Develop a corrective action plan around the entire scope of the issue(s) noted. 6. Secure the required resources needed to complete the job in the time frame indicated. DO NOT underestimate the forces needed to complete a job within schedule let alone evaluating the outcome of the work. 7. Verify that responsibilities are assigned to key people and make them accountable. Assignments given to departments or groups of people are almost doomed to failure. Someone has to be in charge, assign work, track and modify the assignment as needed. Just as important, a single key individual, typically the head of quality, will need to be responsible for the overall work. Compliance Insight, Inc. 2014 Page 5 of 15

Note that in the steps provided above, points 1 through 6 are directly related to formulating a response to the observation. It is critical to understand that points 5 and 6 directly relate to the response letter in that these actions determine the time frame in which actions can be accomplished. Without knowledge of the requirements needed to complete the actions, the events following the response will fall into one of three categories: I. Actions needed to finish the task will be completed significantly earlier than the date indicated in the response. The risk here is that the reader of the response will know that it does not take that long and will consider your reaction inappropriate. II. Actions needed to complete the task are performed prior to the date indicated in the response. This position can be great if planned out and performed in a compliant manner. As some have discovered, much to their chagrin, some response time frames are not that well thought out and in order to complete the task necessary, monumental actions have to be taken. This may include significant overtime, hiring temporary staff, not completing routine activities or completing the task with shortcuts or in a non-compliant manner. III. Actions needed to complete the task are performed after the date indicated in the response. Most audit bodies (even governmental auditors) understand that things happen and sometimes tasks cannot be completed in the time indicated. The audit body should be notified immediately (best time is BEFORE the due date of the action). Explain the situation, what has happened, the tasks completed and the new due date. That being said if missed commitments are frequent enough or happen not once but two or three times, the audit body may become concerned and inquire into the situation further. An overview of the process for responding is provided in Graph I and subsequent actions are provided in Graph II. Compliance Insight, Inc. 2014 Page 6 of 15

Graph I Process for Responding to Observations Analyze Observations Determine the Timeline Review and Re-write Write the Response Letter Graph II Post-Audit Action Flow Systemic Verification Audit Observations are received at this point Systemic Analysis Systemic Execution of the Plan Systemic Implementation Plan Response to the audit observations is made at this point Compliance Insight, Inc. 2014 Page 7 of 15

Writing The Response There are several basic rules that can be established regarding writing a response letter. Many or all of these rules may apply depending upon the particular situation of the firm e.g. lengthy list of observations from a governmental body, client audit, warning letter pending, etc. 1. Someone in a high level in the Quality Department should write the response. 2. Personnel copied on the response should include high-level management. This shows that management at the firm is aware of the issues and the commitments being made. 3. Include a cover letter or opening statement. Thank the auditor(s) for being professional, providing insight or other appropriate remarks as warranted. State the site address of the audit and the dates. 4. Always remember that you are writing the response to the auditors management governmental auditing bodies as well as clients. Do not assume that the person reading the report understands the context of the observation or your reply. 5. Re-state the observation and reference number in the response. Typically, the observation goes directly above the response. 6. If possible, indicate the related compliant systems. This shows that you are in control and that some operations were functioning within acceptable GMP parameters. 7. If the action item is going to take some time to implement, state what will be done in the interim to be compliant with GMPs. Don t simply indicate that actions will be taken in six months to correct the issue in which you are currently out of compliance without addressing what you will do to be compliant from the current date until the corrections are implemented. 8. If corrective actions have already taken place, indicate the following: a. Dates implemented b. Training performed (copies of training sign-up sheets included) c. Copies of Purchase Orders, installation work, etc. d. Copies of updated SOPs indicating what was changed. Compliance Insight, Inc. 2014 Page 8 of 15

9. Define how enhancements will prevent recurrence of the issue observed. Don t assume that the reader will understand this fact. 10. Explain what will be done to expand, enhance or streamline the compliance system. 11. Don t forget about training. Allow sufficient time to implement changes to incorporate training that may include proficiency testing. 12. Describe how the firm will monitor the progress and effectiveness of the corrective actions. 13. It may be helpful to explain that despite the issues noted, there has never been an issue. It is not advisable to use this response tactic each time but it can be advantageous for critical observations to state something on the order of the product has always met predetermined quality parameters 14. Revise, Revise, Revise. Allow other people not directly involved with the audit to review and comment on the response. They may have insight on response wording that would assist in clarification or strengthening of points. When initially formulating a response, a 4-Stage Inspection Approach may be helpful to develop perceptive on the format of the response and contribute to a better understanding of what actually needs to be implemented to be compliant. This approach includes the following steps: 1) Restate the Observation 2) Define Root Cause 3) Indicate Corrective Actions 4) Develop a Due Date If the 4-Stage Inspection Approach is completely followed, any corrective actions will be systemic as they should address the root cause(s) defined. This will also aid in the development of due dates as the firm will be more informed as to what actually need to be accomplished. Response Strategies to Avoid Although the information below is not an exhaustive list, there are some strategies taken by firms that indicate the firm s unwillingness to change or inability to make appropriate corrective actions to an auditor. If a firm does not have the capability, Compliance Insight, Inc. 2014 Page 9 of 15

time or experience to respond appropriately to an audit (especially a government audit), a prime directive should be to seek outside assistance. Pathways to Disaster: 1. During the closeout or in the response letter, argue every point in that they are not appropriate or we have never had an issue with this point from other auditors. This is called a scorched earth policy and will ensure that the auditor has a strong message of non-compliance to the auditor body. 2. State that the corrective actions being requested will put the firm out of business or drive jobs to a foreign country. It is a scare tactic that has been used for at least 20 years and has not proven to be the case. 3. The rain forest or overwhelming response. Include massive amounts of data that is not warranted with the hopes that the reviewer will be impressed with the work. This type of response sends an immediate warning signal to the auditor that issues are being glossed over. 4. Implement changes immediately. Either during the closeout meeting or with a quick response, all changes have been implemented for complex issues. If the issue is simple, great no problem. However, for complex observations, a rapid response indicates that the firm has taken a knee-jerk reaction and implemented corrective actions without thinking of the root cause. 5. Not responding to the audit. Actions may be taken but no formal letter is sent indicating what was performed. This approach indicates that the firm does not take the audit seriously. 6. The enigmatic response. The firm indicates that actions are going to be taken but does not address what these actions include. Such an example would include: Actions Taken Records were updated. When? How were they updated? 7. Promise without substance. Similar to the enigmatic response, this approach does not indicate any specifics. An example includes: Deficiency Detailed investigation not performed in a timely manner. Response Investigations will be carried out in a timely manner. Compliance Insight, Inc. 2014 Page 10 of 15

Managements Role The role of management cannot be understated in its importance with a successful audit outcome. The auditor must get the impression that management is informed of issues and is vested to resolve issues. Some of the roles include: Hosting the inspection. Up front, this will be the first impression that an auditor receives of how the firm actually operates. If no one from management is available or even attempts to participate in the audit, there is a lost opportunity to indicate that the firm is willing to listen and learn from the experience of the auditor. Management does not have to be present during the entire audit, but should be there during the opening and to discuss any key observations. Participate in the exit meeting. This will indicate that the firm s management is accountable for decisions being made and actions taken. Should be aware of or participate in the response letter. Indication of copy of the response letter should be included. The most critical role of management after the audit is the commitment of resources to accomplish the task in the allotted time frame. This could range from more money to more people. Beyond the Context of the Direct Observations A systemic response to any audit observations must equate to a systemic resolution to any issues within the firm. This action requires further evaluation than just actions in a system at a company site. The FDA in particular will require that all company sites implement corrective actions along the same plan of action. Failure to do so may result in further regulatory actions. Programs need to be established which require any observations and the responses to be circulated for evaluation within a company to determine if other areas are non-compliant. Graph III illustrates this approach. Compliance Insight, Inc. 2014 Page 11 of 15

Graph III Approach to CAP Evaluation Departmental Corrective Actions on a Specific Observation Departmental Corrective Actions on Other Points in Relation to the Specific Observation Site Wide Corrective Actions on a Specific Observation Contract Firms, Third Parties, Vendors Site Wide Corrective Actions on Other Points in Relation to the Specific Observation Corporate Wide Evaluation Helpful Hint #1: EIR Evaluation The FDA will write an EIR (Establishment Inspection Report) on the audit. This report along with any observations and the response are submitted to FDA Management for final inspection conclusions and closeout (or further action from the District). It is highly recommended that the EIR be obtained by the auditee and evaluated for correctness/accuracy. Any discrepancies should be diplomatically handled via a letter to the auditor. Compliance Insight, Inc. 2014 Page 12 of 15

Helpful Hint #2: Prepare to be Re-inspected After the audit, there is a tenancy to drift back into an operational mode. Along with other daily issues, some commitments can be dropped and forgotten. It is QA s role to assure that the firm has met their commitments in the anticipation of a re-inspection. During this re-inspection, the auditors will almost consistently verify actions taken and timeline adherence. QA should substantiate GMP compliance by assuring the resolutions encompassed root cause, were systemic/comprehensive and actually worked to resolve any issues. Conclusion Although sometimes comprehensive and seemingly overwhelming, the audit response can be accomplished successfully. This report offers a wide variety of points and options for success. The firm should consider these options when addressing all audit observations and systemically concentrate on any actions. If completed, the firm and auditor are both in a win-win scenario whereby the firm resolves root cause problems and the auditor has fewer repeat observations. Compliance Insight, Inc. 2014 Page 13 of 15

Attachment I FDA Systemic Approach Production Production Resources Procedures Maintain Validation Controls Training Facility/Equipment Resources Procedures Maintain Qualify Controls Training Calibrate Clean Packaging/Labelling Control Resources Procedures Maintain Qualify Training Quality Control Procedures Disposition Authority Investigate (CAPA) Material Training Control Resources Qualify Laboratory Resources Control Procedures Procedures Training Disposition Authority Qualify Maintain Calibrate Resources Training Compliance Insight, Inc. 2014 Page 14 of 15

Reference: US FDA, Guidance for Industry, Quality Systems Approach to Pharmaceutical Current Good Manufacturing Practice Regulations, Final Guidance, September 2006 Compliance Printing, Preparing for Audit and The Quality Audit, Operational Booklets, 2012. Compliance Insight, Inc. 2014 Page 15 of 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information