Auditing for quality assurance purposes or for an independent quality assessment has become a necessity for GxP Professionals in the highly regulated life sciences industry. Many companies have highly developed SOPs for auditors but there is no consensus on the basic behaviors of auditors. In this Guest Commentary veteran GxP Consultants Emma Barsky and Len Grunbaum offer their perspectives on how auditors should behave when conducting audits that can easily impact people’s jobs and reputations. I firmly believe that auditors should take their approach very seriously. Recent experiences of my own indicate it is a topic well worth review.
GxP Perspectives will be taking a break for a few weeks. Everyone should take a break now and then.
Guest Commentary by Emma Barsky & Len Grunbaum
As consultants in the life science industry, we often serve in the capacity of audit hosts for companies and, as such, have a greater exposure than most to various audit behaviors. We therefore are rarely surprised by inappropriate audit conduct.But even our eyebrows were raised when a third-party auditor, who was representing a company doing business with our client, started the audit with, “I put three people in jail.” Was she showing off and justifying her credentials? Was she trying to intimidate our client and us? Both? The result was that no one in the room was impressed or made nervous by such an introduction. If anything, her attitude provided the inspiration for this blog Guest Commentary.
In light of having to conform to technical and ethical standards of one’s profession, an auditor represents himself/herself and group/department he/she belongs to for sure. More importantly, however, the auditor also represents his/her company as a whole, even if representing the auditing company in the role of a consultant. Given that the auditor is often viewed as the company’s due diligence “eyes and ears,” every word and every move that the auditor makes is a reflection on the company he/she represents and on the employees of that company.
So what should one consider when it comes to the audit preparation, conduct and follow-up? Based on our experience (both good and bad), the following tips regarding audit etiquette, if put into practice, will usually leave the auditee with positive impressions regarding the auditor and the company he/she represents, irrespective of the audit’s outcome:
• Be prepared – learn as much as you can in advance about the company you will be auditing. At a minimum, this can be accomplished through:
1) reading about the company on its website,
2) having a discussion with those groups and/or individuals who intend to use the company to be audited,
3) doing an internet search to see if there is anything of interest regarding the company to be audited (e.g., warning letters, legal actions), and
4) reviewing previous audit reports if applicable and available.
1) demonstrate the auditor’s understanding of the nature of the auditee’s actual and/or potential support as it relates to the auditor’s company,
2) be indicative of the fact that there is no hidden agenda on the part of the auditor, and
3) set the tone for the auditor’s own expectations regarding thoroughness of the auditee’s preparation for the audit.
• Be timely – if possible (e.g., you are not conducting a “for cause” audit or an investigation), send the audit agenda to the auditee at least two (2) weeks in advance of the audit. While a company should be prepared for an audit at all times, a timely agenda:
1) allows the auditee time to gather correct and complete information in advance of the audit,
2) permits the auditee to identify and schedule the appropriate individuals who will provide information during the audit, and
3) establishes the auditor’s own standard regarding timeliness for the auditee to provide requested information.
• Dress appropriately – while many companies have a casual dress code, we believe that an auditor should always be dressed in a suit because this is a sign of respect and professionalism even in today’s “less than formal” work environment.• Avoid surprises – information regarding the number of people attending the audit should be communicated to the auditee as far in advance as possible. More than once, we have seen instances where more people than expected showed up for an audit without warning. Even if the number of people to be hosted changes at the last second, it is the auditor’s responsibility to let the auditee know about it. Anything less than that is viewed as unprofessional.
• Be sensitive – recognize the fact that audits are stressful in that they take away from the auditee’s ability to do billable work. Therefore, to maximize on your own effort while being conscious of the auditee’s availability, have all of your questions prepared in advance of interviews (e.g., after reading SOPs or other documents so the questions can be detailed and specific) to minimize the interview time and be flexible if the times for the interviews have to be changed on the spot.
• Be fair – sometimes issues are very complicated and overlap multiple processes and/or organizational groups. Thus it is only fair to split the responsibility for misunderstandings/miscommunication and activities “going amiss” between the auditee and the company on behalf of which the audit is being performed.From what we have observed, the auditees often get all the blame, even though the fault may not be entirely theirs. If you position yourself as someone who takes no sides and listen to all parties involved, you will be in a better position to identify the root cause of the issue(s) and, as a result, help the company you represent to resolve/mitigate them no matter whose fault it is.
• Know your stuff – be well-versed with respect to the applicable regulations and be versatile in how regulations can be applied operationally, while still maintaining compliance, in the areas you are auditing.
• Be open-minded – if you have not seen a regulation being addressed in a certain way, it does not mean that it presents a regulatory compliance problem. If it ever happens, your only job is to determine whether the unconventional approach, chosen by an auditee, may result in potential data integrity issues.• Be polite and tactful – is essential. And, therefore, the usage of language becomes a critical part of the audit conduct. Not only should one stay away from inappropriate introductions (such as that described above), but also from 1) arguments, 2) accusations and 3) exhibiting lack of patience. Even if you think the company you are auditing is wrong, stay away from heated discussions. Instead, include your point of view and an explanation, along with the auditee’s position, in the audit report and let the company’s “Operations” deal with the rest.
Also, the auditor’s authority should not be misused – we have seen cases where, due to the auditor’s lack of understanding, the auditees were wrongly charged with something they have not done.
• Be open – audit observations and potential audit findings should be discussed with the audit host throughout the audit, rather than just at the close-out meeting or even worse yet, mentioned only in the audit report that the auditee has to respond to.Transparency throughout the audit will give the auditee a chance to present additional documentation, provide clarifications and collect supplementary evidence before the end of the audit. Not only will such an approach prevent the auditee from feeling “cheated” or “blind-sided,” but it will also give you, the auditor, a much better idea regarding where the auditee really stands.
• Be sensible – unlike many seem to believe, “minimal or no observations” is not necessarily a reflection on your competency. So don’t be afraid to walk out of the audit with “no findings” where findings are not warranted. Remember that even the FDA itself is comfortable to close-out its inspections with no FDA-483s. Furthermore, there should also be a clear difference between auditor’s preferences (e.g., recommendations) and findings that present deviations from the regulations and have a potential impact on the quality of the product and/or process(es).
• Be factual – when writing observations, provide enough facts and details to substantiate your findings. It is best to stay away from ambiguities and generalities when describing an issue because nothing frustrates an auditee more than all-encompassing statements that make the issue look worse than it really is.• Be responsive – just like you expect the auditee to respond within thirty (30) calendar days (or business days, depending on the individual company’s requirements) to the audit findings, the auditee is also expecting reasonably prompt feedback from you regarding the audit findings and feedback to the respective auditee’s responses. Therefore, the audit findings, audit responses and any follow-ups should be sent out and/or reviewed in a timely fashion. Not letting the auditee know what the audit status is, even if responses are acceptable, is not an option because contracts often depend on the auditee successfully passing the audit.
The “morale of the story” is that the auditor has a big responsibility towards the company he/she represents and towards the company he/she is auditing. In our opinion, the biggest compliment and validation that the auditor can get is for the auditee to say “you were fair,” findings notwithstanding. In this case, everyone wins.
The Practical Solutions Group, LLC
FDA has announced a new draft guidance document. Public comment is due by 25 July 2011:
Guidance for Clinical Investigators, Industry, and FDA Staff: Financial Disclosure by Clinical Investigators
Please join GxP Perspectives on LinkedIn at:
GxP Audit Techniques & Etiquette- Please Comment