6 October, 2015 Beth Pedersen, Marketing Communications Specialist, MasterControl
If your organization is GxP-regulated or ISO-certified, you are no stranger to the burdens of audit. The regulations and standards that govern your operations change often, and yet you must somehow manage to understand and comply with them – and be able to clearly demonstrate your compliance – at all times.
|When it comes to public health and safety,
quality is the only way.
In the flurry of keeping pace with changing regulatory demands and preparing for impending audits, you might lose sight of the value an audit can bring to your organization. It comes down to a simple yet very important question: if you don’t observe and evaluate, how can you improve?
Audit is a powerful word that seldom invokes positive associations. An audit – by its nature and in any context -- can uncover problems, and problems can warrant penalties, sometimes very serious and costly ones. The headaches involved with preparing for an audit include managing a vast amount of documents, gathering evidence, collecting signatures and signoffs, training employees, coordinating stakeholders, and the list goes on and on.
Considering the implications of an audit gone wrong, it’s understandable that even the thought of an audit can be downright frightening. Walt Murray, the director of Quality and Compliance Consulting (QCC) Services at MasterControl, has performed 442 audits throughout his more than 25 years in quality and regulatory professions, and has seen his share of audit nightmares.
This article is related to the White Paper:
Quality Audit - A Tool for Continuous Improvement and Compliance.
To get the full details, please download your free copy.
In one such instance, the company under audit was contracted to produce a new two-phase, over-the-counter cosmetic product from its existing facility and needed to achieve compliance with 21 CFR Part 211 prior to starting production. The purpose of the audit was to evaluate the company’s planning, engineering, manufacturing and cleaning activities related to production of the new product. When the auditee could not produce any objective evidence or documentation of these activities, Murray knew the company was incapable of meeting the stipulations of the audit.
To make matters worse, the operation area was unsuitable for production. With absolutely no planning documents to demonstrate how the company intended to rectify the situation, Murray was forced to stop the audit before it even started. The result? The customer contracting with the auditee to produce its new cosmetic product withdrew the arrangement, and several people lost their jobs.
Believe it or not, the vast majority of audits that Murray has been involved in have had positive outcomes, even if they don’t start out with a positive situation. Usually, something has to be changed, altered or improved as a result of the audit. According to Murray, when it comes right down to it, the source of audit-related anxiety lies in one particular aspect of the process.
“Most people dread an audit because they don’t know where an auditor is going to go,” Murray said. “They’re always being cautious, trying to understand where the holes are in their ability to comply and conform.”
Setting a Course for Quality
Since 1987, when the International Organization for Standardization (ISO) brought quality audit to the forefront for manufacturers and other businesses by publishing its ISO 9000 standards, audit continues to grow in importance with ISO, the U.S. Food and Drug Administration (FDA) and other regulatory bodies. Today, many more standards and regulations exist under which audit serves as a mechanism for evaluating and improving quality: ISO 9001, ISO 14001, ISO 13485, 21 CFR Part 820, 21 CFR Parts 210-211 and 21 CFR Part 606, OECD Principles of Good Laboratory Practice and ICH Q7 Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients, to name a few.
At its core, audit means to make a systematic attempt to observe something, to evaluate it and ultimately, to make a decision about it. The focus of an audit can be a product, service, study, process or system. Of particular relevance to GxP-regulated and ISO-certified companies are compliance audit and performance audit. The former assesses whether activities, processes or systems meet certain requirements, and the outcome is directly tied to compliance or certification. The latter looks at an organization’s compliance with a set of rules, the effectiveness of those rules and the suitability of those rules for achieving the specific goals of the organization.
The ultimate outcome of an audit—whether first-party, second-party or third-party—is a report containing the auditor’s observations, patterns (also called findings) and conclusions about the focus of the audit, whether a product or service, a single activity or a system of related processes. This report indicates whether what you are doing is good or if improvements can be made; in other words, when things are wrong, audit is your chance to make them right.
Compared to other quality tools such as non-conformance reporting, quality control testing, customer complaint processing or deviation handling which are mostly reactive in nature, audit allows management to be proactive and make informed decisions. As such, more and more organizations recognize that audit doesn’t have to be a source of dread but rather an opportunity for continuous improvement.
Audit is an important management, compliance and quality tool because it allows you to improve your company’s processes by assessing them and understanding additional procedures that may not be required but would be beneficial to have. Passing a compliance or performance audit is top priority for any GxP-regulated or ISO-certified company, but don’t simply consider performing a quality audit as a way to avoid penalties and stay off of the FDA watch list. Consider it one of the most effective means for improvement that your company can implement.
Read more about MasterControl's Quality and Compliance Consulting (QCC) Services here.
Beth Pedersen is a marketing communications specialist at the MasterControl headquarters in Salt Lake City, Utah. Her technical and marketing writing experience in the enterprise software space includes work for Microsoft, Novell, NetIQ, SUSE and Attachmate. She has a bachelor’s degree in life sciences communication from the University of Wisconsin-Madison and a master’s degree in digital design and communication from the IT University of Copenhagen.