Proving the Effectiveness of Mock FDA Audits
Obstacle:
Regulatory authority audits have resulted in multiple and repeated observations.
Tip:
A mock U.S. Food and Drug Administration (FDA) audit can be conducted by an internal team of employees qualified by experience in regulatory compliance or by an external team with previous FDA work experience. Incorporating routine mock FDA audits can help your organization prepare for a FDA audit as well as reduce the number of audit observations and repeat observations received from regulatory authorities.
To make this happen, you have the responsibility to properly design and manage the execution of the mock audit. The design and management of the mock audit can be mapped out as follows:
- Define the intent and strategy of the mock audit.
- Identify how to measure reportable data during the mock audit.
- Define what constitutes a mock audit observation, including the data and context.
- Recognize how to effectively communicate the mock audit conclusions to employees across your organization.
- Monitor corrective action and preventive action (CAPA) efforts.
- Re-evaluate the state of compliance of people, processes and products within your organization.
Mock Audit Intent and Strategy
A successful mock audit will create an accurate assessment of your employees’ performance during a regulatory agency audit that carries high stakes. When well-managed, a mock audit can result in significant improvements in both the performance level and compliance level within your organization’s employees, processes and products.
Identifying How to Measure Reportable Data
Many factors can determine how successful you are in demonstrating the compliance of your organization’s processes and products. Measuring reportable data in relation to the information presented to the auditor should include the following:
- The section or topic the auditor is currently inspecting (i.e., design controls)
- The corresponding regulation being audited against (i.e., FDA 21 CFR 820.30)
- Applicable company processes, procedures, forms and work instructions
- Identification number of the record being audited
- Feedback from the auditor of any observed or potential compliance issue
To view the full details, please download your free Toolkit.
What Constitutes a Mock Audit Observation?
When the information presented to the auditor falls under the following circumstances, it should be documented in the mock audit records and flagged for a possible observation:
- Regulatory requirements are not being met
- Products are no longer meeting safety or performance criteria
- Documentation is not accurate as compared to what is being done in practice
Assessments on the performance of personnel should at a minimum include the employees that interact directly with the auditor and the individuals responsible for the documentation or items that were audited. During the audit, when an employee’s behavior meets the following measures, it should be documented in mock audit records and flagged for a possible observation:
- There is confusion or a lack of understanding of what the auditor is requesting
- Requested information can’t produced or takes an unreasonable amount of time to obtain
- An employee provides an incorrect or incomplete response to the auditor
- An employee reacts unfavorably when pressured by the auditor
Effectively Communicating Mock Audit Conclusions
Your responsibility in communicating the results of the mock audit to the company includes the formal observations and indicators of employee performance. Unacceptable performance by personnel involved with the mock audit typically includes:
- Providing extra information or documents the auditor is not entitled to receive
- Answering questions without the necessary information
- Opening the door to new issues
- Agitated, flustered or disrespectful behavior
Monitor Corrective Action and Preventive Action (CAPA) Efforts
A risk-based approach is an effective way to prioritize the corrective and preventive actions (CAPA) that result from the mock audit. The mock audit observations can be ranked in order from greatest to least regarding the potential jeopardy the observation has on the total audit outcome. As resources allow, each observation should be addressed by management.
Re-evaluating the State of Compliance
You can categorize the output of the mock audit to demonstrate that improvements have been completed to the overall state of compliance within your organization:
- Corrections that were mandatory to ensure the safety and effectiveness of the products
- Corrections that were mandatory to eliminate hazards that existed within the processes
- Corrections that were mandatory for the organization’s documentation to be truthful and to achieve data integrity
Patricia Santos-Serrao is director of product strategy at MasterControl. She is a self-motivated, goal-oriented life sciences subject matter expert and industry solutions product manager with over two decades of experience in the pharmaceutical and biologics industry specializing in software solutions for quality management, regulatory affairs and clinical research business processes.
Patricia entered the life sciences industry working in regulatory and clinical operations at Schering-Plough and Boehringer Ingelheim Pharmaceutical and later transitioned into the solutions provider sector assisting small and large global life sciences organizations implementing various business process solutions during her time at CDC Solutions, Liquent, CSC and QUMAS. She has taken leadership roles in transitioning various organizations business processes around from paper to electronic systems for various business functions (including quality, manufacturing, regulatory and clinical).
She is a member of Regulatory Affairs Professional Society (RAPS) and has also earned her Regulatory Affairs Certification (RAC) from RAPS and the Regulatory Affairs Certification Board (RACB). She is also a member of the Drug Information Association (DIA) and a member of the TMF Reference Model Working Group (sponsored by DIA). She may be reached at pserrao@mastercontrol.com.