We use cookies to ensure our website works properly and to personalise your experience. Cookies policy
Delonix Society’s Baramati College of Pharmacy, Barhanpur, Maharashtra, India.
In the pharmaceutical industry, regulatory compliance and pharmaceutical audits are crucial elements of quality assurance systems. They guarantee that pharmaceutical products are consistently produced, managed, and distributed in compliance with Good Manufacturing Practices (GMP) and established regulatory requirements. In order to confirm adherence to relevant standards and pinpoint areas in need of improvement, audits function as methodical, impartial assessments of quality systems, procedures, paperwork, facilities, and staff. Regulatory compliance entails following rules set forth by national and international regulatory bodies, such as the U.S. Food and Drug Administration (FDA), the World Health Organization (WHO), regulatory agencies, including the European Medicines Agency (EMA). Organizations can reduce regulatory risks, guarantee patient safety, maintain product quality, and promote continuous progress with the aid of effective audit processes. The types of pharmaceutical audits, audit processes, regulatory requirements, compliance issues, and the function of quality management systems in preserving regulatory compliance are all covered in this review article. It also emphasizes new developments, digital tools, and best practices that improve audit efficacy and foster a culture of quality in pharmaceutical companies.
In fact, quality audits are a vital part of pharmaceutical companies, helping to guarantee regulatory compliance and preserve the integrity of procedures and goods. An audit's primary goal is to evaluate how well a company controls and manages its operations and output while also verifying and guaranteeing the accuracy of the data. The basic standards and guidelines for conducting audits in pharmaceutical companies engaged in product development and manufacturing are provided by the FDA's current Good Manufacturing Practice (cGMP) guidelines. The purpose of these audits is to evaluate how well the company's quality systems are working.
An impartial assessment that happens on a regular basis is called a quality audit. It include checking records, procedures, actions, and other components of the quality system. To evaluate their compliance with quality standards such those established by the USFDA and GMP, the audit's. Observations, are. methodically, recorded. An audit is a methodical, independent, and recorded procedure for gathering audit evidence and impartially assessing it to ascertain the degree to which the verification criteria are satisfied, according to the International Organization for Standardization (ISO). This concept emphasizes how the audit process is methodical and objective. Joseph A quality audit is an independent assessment carried out to evaluate specific parts of quality performance with established standards for that performance, according to renowned quality management expert M. Juran. This description highlights how audits are comparative in nature, evaluating process and product performance in relation to pre-established criteria. (1)
Rather than viewing audits as problematic, pharmaceutical companies should see them as a quality control method. The decision-making process for batch release heavily relies on audits, including self-inspections. In the end, they protect patient safety and uphold product quality by making sure that the relevant quality standards and legal criteria are fulfilled.(1)
Principles of auditing
Dependency on several principles characterizes the audit. By offering guidance on how an organization might enhance its performance, these principles ought to contribute to the establishment of an audit as a dependable and efficient instrument to support management controls and policies. Following these guidelines is necessary to produce adequate and pertinent audit results and to enable auditors to operate independently of one another and arrive at comparable conclusions in comparable situations.
A) Integrity: is the cornerstone of professionalism. Both the auditors and the person in charge of an audit program are required to:-Perform their duties with integrity, diligence, and accountability;-Respect and abide by the relevant legal requirements; -Exhibit proficiency while performing their duties;-When performing an audit, be mindful of any potential influence on the decision.
B) Fair presentation: the duty to provide accurate and true information The audit's operations should be accurately and truly reflected in the audit's findings, conclusions, and reports. Unresolved disagreements between the audit team and the auditee as well as significant challenges faced during the audit should be mentioned. Truthfulness, accuracy, objectivity, timeliness, clarity, and completeness are all important aspects of communication.
c) Appropriate expert care: the application of diligence and judgment in auditing Auditors should be mindful of the significance of the work they do and the confidence that the audit client and other interested parties have in them. Being able to make well-reasoned decisions in any audit scenario is crucial to carrying out job with the appropriate professional attention.
d) Information security: confidentiality When using and safeguarding information obtained while doing their tasks, auditors should take caution. The legitimate interests of the auditee should not be harmed by the improper use of audit information for personal benefit by the auditor or the audit client. The appropriate handling of private or sensitive data is part of this idea.
e) Independence: the foundation for the audit's objectivity and impartiality Whenever feasible, the auditors should be impartial toward the activity they are auditing, and they should always act without bias or conflict of interest. Internal auditors need to be separate from the function's operational managers. To guarantee that audit findings and conclusions are only supported by audit data, auditors must remain impartial throughout the review process. Internal auditors may not be completely detached from the activity being audited in small businesses, but every attempt must be taken to eradicate prejudice and promote impartiality.
f) Evidence-based approach: the logical strategy for reaching trustworthy and repeatable audit findings in a methodical audit procedure Verifiable audit proof is required. Since an audit is carried out in a constrained amount of time and with constrained resources, it will typically be based on samples of the available data. Since sampling has a direct bearing on the level of confidence that may be included in the audit conclusions, it should be used appropriately.
Importance of Audit in Pharmaceutical Industry:
One of the most crucial factors in a pharmaceutical company's success nowadays is auditing. Regulatory bodies are crucial to pharmaceutical companies because they guarantee high-quality medications that are safe and effective for the general public.[4]Regulatory authorities around the world have the same standards for high-quality products. Whether the company follows GMP regulations and makes decisions that are supported by science determines quality. With the new GMP Systems strategy, improved internal auditing, and heightened regulatory awareness across the organization, pharmaceutical businesses are now adopting a proactive approach. Only when everyone collaborates to overcome the obstacle can quality be attained.
1. Because people's lives depend on medicinal products, they must be of the highest caliber. While testing samples from each batch at the conclusion of the production process is necessary, it is insufficient to guarantee quality.
2. All pharmaceutical firms must set up and operate an efficient pharmaceutical quality assurance system to guarantee the quality.
3. Self-inspection and other regulatory audits must be carried out to evaluate the efficacy of these QA systems and make sure they adhere to GMP.
4. Pharmaceutical companies frequently employ audits as a successful way to confirm GMP compliance.
5. The purpose of audits is to confirm that manufacturing control systems are in a state of control.
6. Potential issues can be found through audit, allowing for prompt rectification.
7. Audits can be used to determine with a high degree of confidence that management maintains an acceptable level of control. (3)
Various audit types
The three primary categories of the quality audit system are as follows:
1. Internal Audits
2. External Audits
3. Audits of Regulatory
A quality management system's efficacy is confirmed by quality audits.
Other names for this kind of audit include self-audit or first-party audit. Both the auditors and the audited are members of the same organization. Internal auditing is a professional activity that involves giving organizations advice on how to better accomplish their objectives. Internal audits employ a methodical approach to examine organizational issues or business processes and provide fixes. The following succinctly describes the primary goals of internal audits:
Internal auditing
1. To support the system of internal control.
2. An examination of the activities and policies of the organization.
3. Confirm the veracity and correctness of mistakes and scams.
4. Error and fault detection and prevention.
5. Protecting the resources
6. Accounting policies' applicability.
7. Aids in the internal check system's efficient operation.
When conducting an internal audit in a pharmaceutical facility, two primary items must be examined: the activities conducted by various departments and the documents these departments keep.
A detailed document list and department-specific questionnaire must be created for this purpose. (4)
Another name for this kind of audit is a second-party audit. It describes an audit that a client does on a contractor or supplier. Even so, this control is not subject to stringent legal standards. It is always advisable to assess the proficiency of the contractors who manufacture our goods, analyze our goods, or do any other GMP-compliant activity. Additionally, conducting these audits has significant business benefits.
External audits
Numerous suppliers to the pharmaceutical business hold ISO 9001 or ISO 9002 certifications, and their certifying organization conducts frequent audits. Pharmaceutical contract manufacturing and packaging firms will be subject to regulatory audits and licensing requirements. (4)
Third-Party Audit is another name for this kind of audit. This kind of audit is not carried out by suppliers or customers. A third-party audit is carried out by a regulatory authority or independent organization for the purposes of compliance, certification, or registration. such international regulatory organizations. These inspections are carried out by the Medicines and Healthcare Products Regulation Agency (MHRA), the United States Food and Drug Administration (USFDA), the Therapeutic Goods Administration (TGA), Australia, the Medicines Control Council (MCC), South Africa, and other organizations. The audit must be carried out by a diverse team from the company and audit inspectors.
Each of the following departments—production, quality control, warehousing, maintenance, administration/people, and marketing/sales—must have a representative. Because manufacturers must constantly adhere to GMPs, these audits can be carried out at any time (MHRA presently conducts about 10% of its inspections in the UK in this manner). Companies may also be audited by regulatory agencies in other nations where goods are sold (for example, the FDA audits European manufacturers).
All regulatory inspector possesses substantial training, competence, and professionalism. All MHRA inspectors are qualified professionals with at least five years of relevant production-related expertise; they will be listed in the registers of individuals competent to serve as lead auditors And qualified individuals. If a regulatory audit is not approved, production or import/export licenses may be restricted or revoked. (Recently, the FDA slapped "punitive consensus decrees" on financial firms that failed to comply with GMPs and respond appropriately to audit findings. As a result, it is crucial that businesses have clear procedures for handling audits and that employees have sufficient training to be audited. Internal audits can be a great way to get experience. [4]
Auditing Procedure:
The audit process consists of ten steps in total:
1. Notification: Notification is the first step in the audit process. The notification procedure informs the party to be audited of the procedure's date and time. The notification will also include a list of the papers that the order wants to examine in order to comprehend the company's structure.
2. Planning: Prior to the audit, the auditor identifies important risk and concern areas through planning.
3. Opening meeting: A gathering of the auditing team, administrative personnel, and senior management of the auditing target. The auditors will outline the procedure they will follow. The management will outline the employees' schedules that need to be consulted as well as any areas of concern.
4. Fieldwork: Fieldwork starts after the final audit plans are modified based on the meeting's outcomes. After learning about business procedures, interviewing key personnel, testing current business practices by sampling, reviewing the law, and testing internal rules and practices for reasonableness, employees are informed of the audit, schedules pertaining to the audit staff's activities are created, and the initial investigation gets underway.
5. Communication: To obtain access to records, explain procedures, and clarify processes, the audit team should regularly communicate with the corporate auditor.
6. Draft audit: After the audit is finished, the draft audit is created. The draft audit includes a list of concerns, a distribution list of parties to receive preliminary results, and a description of what was done and what was discovered.
7. Management response: Management is given the draft to examine, revise, and recommend modifications, as well as to look into any issues and fix any mistakes. The report is sent to management for the seventh phase, the management reaction, after the last adjustments have been made. In response to the report, management is asked to indicate whether they agree with the issues mentioned, how they intend to handle the issues, and when they anticipate that all of the problems will be resolved.
8. final meeting: The purpose of the last meeting is to discuss the management response, wrap up any outstanding issues, and discuss the audit's scope.
9. Report distribution: The final audit report is sent to the relevant officials both inside and outside the audit region during the ninth phase.
10. Feedback: The final stage is audit feedback, in which the reviewed organization puts the suggested changes into practice while the auditors examine and assess the effectiveness, quality, and adherence of the implemented changes. This keeps going until every issue is resolved and the subsequent audit cycle starts. (5)
Classifications of Compliance:
1. NAI (No Action Indication): Either no objectionable conditions or practices (such as breaches of 21 CFR Parts 50, 54, 56, 312, 511, and 812) were discovered during the inspection, or the importance of the documented disagreeable conditions discovered does not warrant additional FDA action. The FDA found no conditions or practices that were unacceptable.
2. VAI (Voluntary Actions Indicated): Although objectionable conditions were discovered and recorded, the Center is not ready to take or suggest any additional regulatory (administrative, judicial, or advisory) action because the objectionable conditions do not meet the threshold for regulatory action (i.e., regulatory violations discovered during the inspection are few and do not seriously impact subject safety or data integrity). Only when an FDA-483 has been obtained should a VAI classification be formed.
3. OAI (Official FDA Action Indicated): One of the following steps should be suggested if unacceptable conditions were discovered. In particular, repetitive or intentional regulatory violations that involve providing incorrect information to the FDA or the sponsor in any necessary report were discovered during the examination. The regulatory infraction found strong evidence for the conclusion that:
a) There is an unreasonable and substantial danger of disease or injury for subjects in the investigator's care
b) The rights of the subjects would be or have been gravely jeopardized.
c) Data dependability or integrity is or has been jeopardized. (6)
Preparing for an audit:
The audit team should examine previous audit outcomes or histories before beginning an audit. The audit team should examine any accessible regulatory inspection reports and any quality agreements when planning an audit for an outsourcing business or supplier. It is important to evaluate pertinent rules and procedures in advance of an internal audit. The audit reading processes should not waste time if they may be received and reviewed beforehand. If audit checklists are to be used, particular checklist items that concentrate on the particular operations to be audited should be prepared. Making an audit agenda is helpful since it offers a relevant timeframe for each audit participant. An agenda like this makes it easier to guarantee that staff, resources, and records are available at the right times. In order to examine and approve the planned agenda, it is often beneficial to begin the audit with a pre-planning meeting. The schedule should be set up to give time at the end of the audit to talk about findings and possible preventative and remedial measures. (7).
Conduct of Audits
As previously said, the audit team should follow the policies of the organization under audit since they are a visitor. The audit team should adhere to any area-specific gowning or hair-covering regulations. Safety regulations must always be adhered to. Respecting the privacy of other prospective clients of the outsourcing company is crucial while performing audits of its activities. Only the audit should evaluate logbooks and other records that might provide information about other customers. team following the outsourced representatives' evaluation and approval of the materials. When conducting an audit, the audit team should not interfere with business operations. Since audits frequently cause operational disruptions, every effort should be made to reduce them, including interfering with or diverting employees from their tasks .When you can, record certain observations. For instance, the name and lot number of the particular material should be noted if it is discovered to be improperly stored. Ask about observations as soon as they are made so that any explanations can be offered within the context of the situation rather than later, when the specifics might not be known. When making observations, don't make snap judgments. While it is crucial that
Even though an auditor has experience, it's crucial that they don't allow it to skew their findings. The auditor shouldn't think that the method he or she has always used is the only way to satisfy CGMP or quality system criteria because there are frequently other options. In (7)
Close-up and follow-up audits :
There should be a close-out meeting to go over the findings at the end of the audit. It might be feasible to secure agreements to take corrective action if management officials are present. Make sure that everyone is aware of the observations and any pledges to take corrective action. Timelines for the release of the audit report and the provision of answers to the observations should be specified. It is necessary to create timetables for finishing corrective activities. A follow-up audit can be required, depending on the observations made and the commitments to corrective steps. If a choice is made to not carry conduct a follow-up audit, the remedial measures ought to be examined in subsequent audits. Unless the audit procedure explicitly specifies when follow-up audits are or are not necessary, documentation of the justification for not performing a follow-up audit may be helpful for subsequent audits. Unfavorable observations should be addressed with both preventive and corrective measures. The goal of preventive measures is to enhance the quality system in order to avoid repeating the same negative findings. (7)
Communication and Documentation
The audit's findings ought to be recorded and shared with management. The procedure should specify the means of communication and documentation, including the confidentiality and security of the audit reports. It is crucial to keep in mind that everyone in charge of the audited operation, including supplier and outsourcing management, should always receive a copy of the report. When feasible, these reports should provide particular examples in addition to a clear description of the audit team's views. The report should contain any promises made to carry out corrective measures. Safety of audit reports should be strictly enforced, and the report's circulation should be restricted. As long as the observations are included, a portion of the internal audit report may be given to external sources like suppliers or outsourcing firms. In (7)
Review of Management
It is essential that management consider audit findings as part of their regular evaluation of the quality system if the audit's goal is to assess the efficacy of the quality management system. As part of the process of continuous improvement, management should examine the outcomes of both internal and external audits and take appropriate action. Any observations that have an impact on the quality system should be communicated to management, who is in charge of guaranteeing its efficacy. The following are listed by ICH Q10 as possible management review outcomes:
A "Plan-Do-Check-Act" approach for handling procedures in a quality management system is referred to as ISO 9001. There are two ways that this methodology can be used for audits. The audit itself can be thought of as a process in which one plans by creating an auditing procedure and audit schedule, conducts the audit, verifies that the audit process was successful, and then responds to any observations made throughout the audit process. Second, the Plan-Do-Check-Act methodology's checking stage can incorporate the auditing process. The corrective and preventative measures implemented as part of the audited process' ongoing improvement are known as the Act step. Audits should be seen positively by searching for chances for ongoing operational improvement rather than negatively as a way to identify flaws or issues.Naturally, audit results are only one aspect of the whole picture that management should take into account when conducting management reviews of operations, but they should be objective observations of areas that could be improved. (7)
Regulations and Standards :
The ISO 9000 protocol, which was released in 1987, increases developers' and commercial enterprises' interest in quality audits. ISO is recognized as the world's leading standard developer. Currently, recognized standards like ISO 9001: 2000, ISO 14001: 2004, and ISO 13485 (or the environmental management system in the case of ISO 14001: 2004) require internal audits. In accordance with these principles, audit acts as an intermediary for assessing and enhancing quality. The FDA has implemented a number of regulations that reflect similar principles. The cGMP21CFR sections 210-211 & 206 comprise the regular evaluation of quality standard requirements for pharmaceuticals, blood, and blood components.
The pharmaceutical industry and blood institutes also stress the significance of audits. For example, "Guidance for Industry Quality Systems Approach to Pharmaceutical cGMP Regulations" suggests supplier and internal assessment .The following components of ICH Q10 are necessary to justify conducting both internal and external audits.
CONCLUSION:
Any management system views an audit as a useful tool. Auditing is a crucial corporate practice that offers suggestions for an organization's improvement. A robust audit program can be crucial to product realization, process performance and quality monitoring, and continuous improvement within a quality management system as described in ICH Q10, even if regulations do not always require audits. A helpful tool for setting audit priorities is the application of risk management techniques as outlined in ICH Q9.
Through a variety of auditing processes, the primary goal of auditing is to ensure that the organizations fulfill the requirements outlined in ICH Q10. An efficient program will help supply essential elements that support the maintenance of product quality in a well-managed system of quality. Any kind of auditing, internal or external, should be discussed, and a written definition is required. These goals and protocols need to be approved well in advance.
Audits assess how well a company's quality system is working. The organization's management receives the final reports in order to raise their standards over time.
REFERENCES
Keshav Pawar, Gayatri Shelake, Pratiksha Gaikwad, Swati Burungale, Dr. Rajendra Patil, Pharmaceutical Audit and Regulatory Compliance, Int. J. of Pharm. Sci., 2026, Vol 4, Issue 7, 1808-1817. https://doi.org/10.5281/zenodo.21267315
10.5281/zenodo.21267315