• Share
  • Email
  • Embed
  • Like
  • Private Content
Auditing in Today's Changing Environment

Auditing in Today's Changing Environment



1. What does today’s clinical environment look like? ...

1. What does today’s clinical environment look like?
2. Remember, data is our first product!
3. Key principles and considerations regarding risk planning before planning an audit
4. Typical factors affecting risk
5. Some risk factors often overlooked
6. Leveraging Quality Auditing best practices to mitigate risk to data, systems and services



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Auditing in Today's Changing Environment Auditing in Today's Changing Environment Presentation Transcript

    • DATATRAK Auditing in Today’s Changing Environment Walt Townsend International Director Quality Assurance
    • Disclaimer 7/16/2013 2DATATRAK Confidential www.datatrak.com The views and opinions expressed in the following PowerPoint slides are those of the individual presenter and should not be attributed to Drug Information Association, Inc. (“DIA”), its directors, officers, employees, volunteers, members, chapters, councils, Communities (formerly known as SIACs) or affiliates, or any organization with which the presenter is employed or affiliated. These PowerPoint slides are the intellectual property of the individual presenter and are protected under the copyright laws of the United States of America and other countries. Used by permission. All rights reserved. Drug Information Association, Drug Information Association Inc., DIA and DIA logo are registered trademarks. All other trademarks are the property of their respective owners.
    • Key Topics: Focus on Data • What does today’s clinical environment look like? • Remember, data is our first product! • Key principles and considerations regarding risk planning before planning an audit • Typical factors affecting risk • Some risk factors often overlooked • Leveraging Quality Auditing best practices to mitigate risk to data, systems and services 7/16/2013 3DATATRAK Confidential www.datatrak.com
    • Clinical Trial Electronic Data Environment 7/16/2013 4DATATRAK Confidential www.datatrak.com Protocol Development Site Selection Data Collection Tool Development IRB Review & Approval Subject Enrollment Subject Visit & Data Collection Data Analysis Clinical Study Report Submission High-level View
    • Data is Our First Product • Electronic data are the fastest growing segment of the pharmaceutical industry’s information resources • Electronic data systems, services, and processes are growing in number and complexity • The importance of electronic data requires the incorporation of data as a “product” in a pharmaceutical company’s QMS 7/16/2013 5DATATRAK Confidential www.datatrak.com
    • Critical Considerations • Software is a foundational component of processes used to manage products and services • Software enables functionality • Software facilitates business operations • Software fuels the engine of globalization 7/16/2013 6DATATRAK Confidential www.datatrak.com
    • But There are Some Risks Steady increase in the relative risk to data • System size and complexity • Outsourcing and the use of un-vetted software supply chain (COTS) • Sophistication of attack • Software and data re-use • Number of vulnerabilities and incidents 7/16/2013 7DATATRAK Confidential www.datatrak.com
    • Bad Data Can’t Hide – Or Can It? • Vulnerabilities increase if the underlying quality of software, data, data capture/production processes, and data storage is defective – Unchecked, these vulnerabilities allow bad data to hide or systems to be exploited – The cost of bad data can be extreme • Delayed product launch • Non-approval • Adverse safety impact 7/16/2013 8DATATRAK Confidential www.datatrak.com
    • Data Risks in a Changing Environment • With today’s technology and cloud-based computing, traditional approaches to system development and validation may not fully address risks posed exploitable software • Risk mitigation requires a deeper understanding of all suppliers’ practices, processes and products • What is the supplier’s acquisition process? • Does the supplier have a vendor audit/assessment process? How effective is it? • Supplier assessment must go broader and deeper • Effective auditing becomes ever more critical 7/16/2013 9DATATRAK Confidential www.datatrak.com
    • Integrated Quality Processes Risk Management is a component of overall Quality Management System (ICH Q9) • Develop appropriate documentation (SOPs, etc.) • Determine and implement training and education • Identify, evaluate, communicate quality to facilitate risk communications and determine appropriate action • Develop and implement comprehensive internal and external audit/inspection process 7/16/2013 10DATATRAK Confidential www.datatrak.com
    • Focus of Audit Program • Existing legal requirements • Overall compliance status • Robustness of quality risk management activities • Complexity of site, processes, products, systems • Number and significance of quality defects • Results of previous audits/inspections • Major changes of building, equipment, processes, key personnel 7/16/2013 11DATATRAK Confidential www.datatrak.com
    • Risk Factors Often Overlooked • Impact of technology changes – Processes – Training – Organizational structure • Impact of growth – Process quality and effectiveness – Training – Resources 7/16/2013 12DATATRAK Confidential www.datatrak.com
    • Criticality as a Dimension of Risk ICH Q9 defines risk as the combination of the probability of occurrence of harm and the severity of that harm – Assessing the criticality of processes, tools and systems to prevent harm and strengthen quality provides a framework for measuring risk 7/16/2013 13DATATRAK Confidential www.datatrak.com
    • Risk & Criticality Assessment 7/16/2013 14DATATRAK Confidential www.datatrak.com
    • Quality Auditing Best Practices • Audit Preparation and Planning • Conducting the Audit • Audit Reporting • Audit Follow-up and Closure 7/16/2013 15DATATRAK Confidential www.datatrak.com
    • Audit Preparation and Planning • Define the Purpose and Scope – Informed by Risk and Criticality Assessment • Identify the audit team – Responsibilities – Task distribution • Develop a risk-based audit plan – In an environment of increasing complexity, focus is key • Develop an audit agenda/timeline • Identify/define data collection methods 7/16/2013 16DATATRAK Confidential www.datatrak.com
    • Audit Preparation and Planning • Identify audit-related documentation – Current QMS documents • Policies, manuals, procedures, work-instructions – Records • Training, validation, problem resolution – Quality history • Previous audit reports, • Understand previously noted strengths and deficiencies 7/16/2013 17DATATRAK Confidential www.datatrak.com
    • Key Areas to Consider for Auditing • Configuration Management • Quality attributes of requirements • Traceability – From requirements to training materials • Testing – Robust, multi-tiered, failures and resolution • Defect Management – When are defects discovered • Metrics gathering and reporting 7/16/2013 18DATATRAK Confidential www.datatrak.com
    • Conducting the Audit Basic activities performed during audit – Meeting the auditee – Understanding the process and system controls • Complexities, risks – Verifying that controls and processes are appropriate and executed consistently • Do they produce consistent quality outputs? – Communicating with representatives of auditee organization – Communicating with audit team members 7/16/2013 19DATATRAK Confidential www.datatrak.com
    • Organization of Audit Activities • Opening Meeting • Data Collection and Analysis – Documentation review, record review, observation of work activities, interviews, tours, physical examination • Maintain Working Papers – Planning documents, checklists, audit /attendance logs • Objective Evidence – Physical, testimonial, documentary, observations • Close-out meeting 7/16/2013 20DATATRAK Confidential www.datatrak.com
    • Audit Reporting • Communicates audit results • Correct, clear, concise, accurate – Aid to management in addressing important organization issues • Identify system deficiencies – Focus on risk and criticality 7/16/2013 21DATATRAK Confidential www.datatrak.com
    • Audit Closure and Follow-up • Begins after the formal report is issued – Corrective Actions: assignment, evaluation, verification – Effectiveness check – Implementation of strategies for when corrective action is not done, or is ineffective – Establishment of criteria for audit closure – Audit closure/follow-up audit • Continuous Correcting is not Continuous Improvement! 7/16/2013 22DATATRAK Confidential www.datatrak.com
    • Keys to Success • Integrate Quality Risk Management into Overall Quality Management • Use proactive risk assessment and audit execution as management/decision support tools • Avoid continuous correction and evolve to continuous improvement • Identify and analyze trends – Although each audit stands alone, audit results can indicate key quality trends. 7/16/2013 23DATATRAK Confidential www.datatrak.com
    • Thank You! Walt Townsend International Director of Quality Assurance DATATRAK International walter.townsend@datatrak.net 7/16/2013 24DATATRAK Confidential www.datatrak.com