Sunday, January 9, 2011

Internal Quality Audits: Valuable or False Security?

Most pharmaceutical companies have an internal CGMP auditing program administered at the site and corporate levels of the organization. Auditors are typically part of the Quality Assurance or Regulatory Compliance function, and the usual approach is to examine the data trail to determine whether company policies and procedures are followed.

But is this enough to tell you what you really need to know about the state of your Quality Management System (QMS)?

In my opinion—no. After all, there are many pharma companies under an FDA Warning Letter that have internal audit programs.

Why is this?

In my opinion, internal quality audit programs fail because:

1.    Consideration is given only to the system in-place, not whether the system complies with current industry practice and FDA expectations.
2.    Auditors have been in the job too long and have acclimated to what is in-place, not what should be in-place.
3.    Auditors tread too lightly in politically sensitive areas.
4.    Audit responses fall short of the true root cause, particularly when it involves company culture.
5.    Associated CAPAs are not effective, and repeated observations are tolerated.
6.    Senior management does not adequately support the audit program as a priority.

I truly believe that the internal auditing process has tremendous potential to serve the organization. However, the internal auditing program and its auditors need to step out of their classic methodology and venture into new ways of adding value to the company.

In my opinion, a powerhouse for ensuring an effective Quality Management System (QMS) would be created if internal quality auditors were to compliment the QMS “ownership” concept.

I won’t repeat myself here about Quality System “Ownership.” (Please see The QA Pharm 12/18/10.) Suffice it to say that the independent role of the auditor assessing whether the features of quality system “ownership” are present and effective would add much more value to the organization.

Rather than publishing a list of typical observations, auditors would assess the strength of the backbone of the compliance sustainability strategy—“ownership and accountability.”

Thus audit observations—for supplier quality system, as an example—would read more like:

1.    Ownership for the supplier quality system has not been established since John Doe was transferred out of the role nine months ago.
2.    The planned versus executed supplier audits is behind for critical suppliers by six audits. This metric was presented at the management review, but no action was indicated or taken.
3.    The quality performance metrics for the supplier quality system indicate an upward trend in the number of suppliers with overdue audit responses. This metric has not been reported to the Quality Council as required by the management review procedure.
4.    Employees in the incoming inspection department have not been trained on the supplier quality audit procedure as required by their training curriculum. A role is defined for incoming inspection personnel in the supplier quality procedure.

Get the idea? The “Auditor” supports the “Owner” by assessing whether the “ownership behaviors” are effective.

The result is an audit report that not only points to the compliance issues, but also reflects on the state of ownership and accountability.

We really need this in pharma. Lack of ownership and accountability is endemic.

John Snyder
The QA Pharm

The QA Pharm is a service of John Snyder & Company, Inc.

John Snyder & Company, Inc., provides consulting services to companies regulated by the Food and Drug Administration. We help our clients to build an effective Quality Management System to enable reliable supply of quality products to their patients. We also help our clients to develop corrective action plans to address regulatory compliance observations and communication strategies to protect against accelerated enforcement action.

Contact us at


  1. I read the post twice, but I'm not sure I understand what you're trying to say.

    My experience in auditing has been one where I selected a process e.g. non-conforming material management, and evaluated whether

    - the documented process met the requirements of a given standard or regulation

    - records identified in the documented process were being kept & were complete

    - the owner/operator was executing the process as it was documented

    Gaps identified in these areas are treated as non-compliances that then lead to some sort of a CA/PA requirement. This, of course, requires a root cause analysis to define factors that led to the non-compliance.

    What is missing here? Your post suggests I should be doing something more. Hope to learn some more :)

  2. Thank you, Shrikant, for your comment and question.

    I am coming from the perspective where companies in significant regulatory trouble are doing exactly as you described---and asking myself: How can this be? Something--some factor--seems to still be missing that is not detected by an internal quality audit program.

    I believe the answer, or part of the answer, is in what I call "ownership behaviors" that need to go far beyond an assigned responsibility/role for a step in a procedure.

    In my 12/18/10 post, I describe some of these "ownership behaviors" that I find fundamentally missing in troubled companies. In my opinion, if auditors were to weave into their methodology a consciousness of whether these behaviors are solidly in place, a novel dimension of value would be added that affects system sustainability.

    So the logic goes something like this: If system ownership behaviors are important for quality system sustainability, and if quality auditors paid attention to these behaviors as an addition to their approach, then the quality system program would be of further value to the organization.

    Thank you, Shrikant, for participating in the discussion.

    The QA Pharm