4. ISO 9000
“ A systematic, independent and documented
process for obtaining audit evidence and evaluating
it objectively to determine the extent to which audit
criteria are fulfilled”
5. “An examination of a product, process, service, or
installation or their design and determination of its
conformity with specific requirements or, on the
basis of professional judgment, with general
requirements (ISO/IEC 17000 definition).”
6. Wikipedia
“Quality audit is the process of systematic examination of
a quality system carried out by an internal or external quality
auditor or an audit team”
Generalized
“Quality audit is defined as a systematic and independent
examination to determine whether activities and related results
comply with planned arrangements and whether these
arrangements are implemented effectively and are suitable to
achieve objectives “
8. Inspection: Focuses on an “ACTION”
Audit: Focuses on “PROCESS”
Definition of Process
“a set of interrelated or interacting activities that
transforms inputs into outputs.”(ISO)
14. Chapter 9: Personnel
Key Personnel (9.12; authorized person)
Chapter 15: Documentation (15.1 General principles)
Chapter 9: Personnel
Key Personnel (9.14; the person approving batch for
market has to ensure that)
15. To verify conformance to standard (i.e; cGMP, DRAP
regulations, ISO 9001:2015 etc)
To verify effectiveness of quality management system
To verify objective evidence showing conformance to
the required processes.
To assess how successfully processes have been
implemented
16. To verify conformance to standard (i.e; cGMP, DRAP
regulations, ISO 9001:2015 etc)
To verify effectiveness of quality management system
To verify objective evidence showing conformance to
the required processes.
To assess how successfully processes have been
implemented
17. To judge the effectiveness of achieving any
defined target levels
To provide evidence concerning reduction and
elimination of problem areas and
A hands-on management tool for achieving
continual improvement in an organization
To fulfill customer requirements
18. Pharmaceutical manufacturers commonly use
audits as an effective mechanism to verify
compliance with GMP regulation. GMP audits
are done with two important goals:
to verify that manufacturing and Control systems
are operating under a state of control.
Audits permit timely correction of potential
problems.
19. Audits can be used to establish a high
degree of confidence to remain under an
adequate level of control by managements
Any failure in their proper implementation
may be published publicly and may lead to
a revocation of quality certification/
registration/ licensing (loss of business/loss
of reputation)
21. Also called “First Party Audit”
“An audit conducted by the organization itself of
its own management system and procedures”
Objective: To ensure compliance with
established criteria, performance reviews and
continual improvement
22. Also called “Second Party 'Audit”/ “Supplier’s Audit”
“An audit conducted by parties having an interest in the
organization”
Objective:
To perform assessment of suppliers by customers or by
any other party
To appraise performance of suppliers/customers
Capability verification
23. Also called “Third Party Audit”
“An audit conducted by independent auditing
organization for review or issuance of certificates”
Objective:
To verify organization’s compliance with requirements
of standard.
25. 1-Scope
2-Normative references
3-Terms & definitions
4-Principles of auditing
5-Managing an audit program
6-Performing an audit
7-Competence & evaluation of auditors
26.
27.
28.
29.
30.
31. Six principles to be followed:
1. Integrity
2. Fair Presentation
3. Due Professional Care
4. Confidentiality
5. Independence
6. Evidence Based Approach
33. 2. Fair Presentation: the obligation to report
truthfully and accurately
Audit findings, audit conclusions and audit
reports should reflect truthfully and accurately
the audit activities.
Significant obstacles during audit and unresolved
diverging opinions between audit team & auditee
should be reported.
The communication should be truthful, accurate,
objective, timely, clear and complete
34. 3. Due Professional Care: the application of
diligence and judgment
4. Confidentiality: security of information
5. Independence: the basis for impartiality of
audit and objectivity of the audit conclusion
6. Evidence based approach: the rational method
for reaching reliable and reproducible audit
conclusions in a systematic audit process
36. To be performed prior to audit:
1. Establish initial contact with auditee
2. Document review
a. Review of manuals & procedures
b. Websites, pre audit reports etc
c. Audit plan
d. Audit checklist
e. Observations
f. Feasibility
3. Audit team formation (Roles & responsibilities)
37. To be performed during audit i.e; on audit site:
1. Meeting with top management
2. Conduct opening meeting
3. Collecting evidence
a. Interview
b. Observation
c. Document review
4. Generating audit evidence
5. Verification of audit evidence with criteria
39. To be performed after audit:
1. Audit report
2. Verification of activities by physical visit or
document review (Follow up audit)
3. Close out of audit findings
40. 1. Establish initial contact with auditee:
a. Communication with auditee
b. Confirmation of authority to audit
c. Requesting information on audit scope, objectives, methods and
audit team
d. Request documentation & records
e. Proposed timings
f. Arrangements of auditing
g. Agree on attendance of observers
h. Any area of concern or interest
i. Any rules & regulations
41. Audit Scope:
“Extent & boundaries of audit”
It is defined in terms of physical location, organizational units,
activities & processes to be audited & time or duration of audit
Audit Criteria:
“Set of policies, procedures or requirements used as reference
against which audit evidence is compared”
DRAP regulations, FDA GMP, WHO GMP, ISO standards,
company policies, manuals, SOPs, specifications, work
instructions are examples of audit criteria
42. Audit team:
Should be selected based on skills & competence needed to
achieve audit objectives within the defined scope.
Members:
One or more auditors
Technical expert
Team leader
Team leader
Assigns duties & responsibilities to team members
Plans, directs & controls the activities of audit
In some cases he may alone perform all the activities
43. Auditor
Responsible to perform activities as assigned by team leader
Technical expert
Also called “Sector Expert” who has special experience & knowledge of
audit area
Interpreter
May be required where language or cultural difference are faced
Arbitrator
To resolve any dispute or issues during the audit due to conflict of interest
Guide
To assist or guide the auditor during audit
Observers
Trainee auditors from junior management or from audit organiation who
pursue their career in auditing
44. Audit Plan: To be developed by team leader
It should include or reference following items:
Audit objectives
Audit scope
Audit criteria & reference documents
Location
Total time duration
Audit team members
description of sites, activities and processes & allocation
of resources
45. Audit Plan: To be developed by team leader
It my also include:
Names of auditees
Audit language
Roles & responsibilities of team members
Audit report topics
Classification of CARs/NCRs
Logistics
Issues related to confidentiality
Any arrangements for audit follow-up actions
46. Audit Checklist
To be prepared by audit members
Series of questions on audit
An aid or guide during audit
Think “What to look at” & “What to look for”
47. Advantages of Checklist
Gives an aid or guide
Helps to control the pace of audit
Tool to record response of auditee
Helps maintain guided sequence
Nothing is forgotten
Sets priorities of questions
Reduces workload during audit
Reflects auditor’s professionalism
Provides space to write audit notes
48. Disadvantages of Checklist
Items/questions not written are left over
Confinement to checklist items
Prevents auditor from observations and open mindness
It may become a tick list
If it has many questions, it may irritate auditee
May stifle initiative and process analysis
49. Prepare a logically effective and efficient audit plan, showing
a documented list of activities that the team would perform
during on-site auditing, showing:
Areas/departments of company to be covered
All timings and activities of the audit team for duration of the
audit
The activities of the plant where the audit would commence
The progression from the first activity to the next, and so on, until
complete
50. Prepare an audit checklist and any other work
documents that you feel are necessary or
appropriate for use during the audit; use any of 3
chapters of WHO GMP as audit criteria. Prepare
maximum of 10 questions
Compose an audit team stating the roles of
members
51. 1. Meeting with top management
Keep top management aware of the audit activities
Points to be audited for top management
Commitments of top management
Continual improvement
Implementation and communication of quality policy
Monitoring & measurement of quality objectives
Provision of resources
Compliance with legal & other requirements
KPIs monitoring
Commitment towards customer satisfaction
52. 2. Opening Meeting
Objective:
Establishment of communication with auditee
Confirmation of agreement on audit
Confirmation of audit objectives
Explanation of audit plan
To be done by lead auditor
53. 2. Opening Meeting
Activities:
Introduction of all participants
Attendance
Agenda distribution
Audit plan distribution
Open meeting by explaining the purpose of audit
Explanation of responsibilities of lead auditor,
auditor, observer & guide
Briefing auditee about audit
Confirm audit objectives
54. 2. Opening Meeting
Activities:
Confirm scope of audit
Confirm audit criteria
Confirm audit language
Confirm availability of resources & facilities
Discuss professional conduct/confidentiality
Confirmation of auditing methods & strategies
Confirmation of time table
Solving auditee’s conflict/response
55. 2. Opening Meeting
Activities:
Explanation of conditions where audit can be
terminated
Explanation of appeal system
Discussion on audit report
Audit follow-up actions
Confirmation of time of closing meeting
Give opportunity to auditee to ask any questions
56. 3. Collecting evidences
What is audit evidence
“Records, statements of facts or other
information which are relevant to audit
criteria & verifiable” (ISO 19011)
“Pieces of information collected by auditor
to determine whether the system being
audited is in accordance with the
established audit criteria”
57. 3. Collecting evidences
A variety of methods may be used:
Interviews
Observations
Review of documents & records
58. Interviews
Select the right person
Interview persons that manage, perform, and verify
activities with responsibility & authority for work
Conduct interviews at the agreed time & location
Explain the reason for interview
Record the response & important information
obtained for future reference
Explain the reason for interview
60. Observations
Must be highly observant
Must keep eyes & ears open
Record any evidence collected by observation; it can
be used later by the audit team to report any non
conformance
61. Review documents & records
One of the best tool for collecting evidence
Check if document is approved, current , controlled
& relevant?
Check if records are properly maintained &
controlled?
62. Review documents & records
Examples of documents & records
Policies, objectives, manuals
SOPs. Work instructions
Soft & paper data
Purchase records
Storage & dispensing records
Manufacturing records
Cleaning records
Validations
Stability data etc etc
63. Audit trail
“Set of records, or activities that follow a particular
sequence or chronological order”
During interviews, observations & questioning auditor can
build an audit trail by asking questions which are interrelated
or in a sequence to identify any observation
64. Audit sampling
Samples are audited; it is not practical to observe
every function, area, process, documents or records
2 methods of audit sampling:
Judgment based sampling
Knowledge
Skill
experience
Statistical sampling
Statistical techniques e.g; probability, attributes based or
variable based sampling
65. Controlling the audit
Dos
Ask open ended questions
Be on time
Be prepared
Be impartial
Be composed
Listen
Talk to the right person
Remain focused
66. Controlling the audit
Dos
Build audit trail
Be honest, fair, professional
Be knowledgeable
Try not to be biased
Be polite & calm
Give compliments
67. Controlling the audit
Don’ts
Don’t panic
Don’t be rude
Don’t be aggressive
Don’t be timid
Don’t ask duplicate questions
Don’t rely on guides & auditee
Don’t rely on statements only
68. Controlling the audit
Don’ts
Don’t ask leading questions
Don’t ask close ended questions
Don’t nit-pick
Don’t trust on memory
Don’t be biased
Don’t compare with other sections or
companies
69. Controlling the audit
Don’ts
Don’t ask tricky question
Don’t assume or presume anything
Don’t shower too many questions
Don’t let auditee lead the audit
Don’t act superior
Don’t talk down
Don’t talk to irrelevant persons
70. Controlling the audit
Be mentally prepared for
Aggressive auditees
Timid auditees
Missing people
Missing documents
Missing keys
Prepared samples
Special cases
Local issues & cultural customs
71. Audit finding
“Result of evaluation of the collected audit
evidence against audit criteria” (ISO 19011:2011)
Audit finding may be non-conformity or conformity
Non-conformity: “The non-fulfillment of a requirement”
Non conformity and its objective evidence must be
recorded.
72. Writing statement of non-conformity
Brief overview of non-conformity
Failure in the system
Audit evidence
State the requirement (e.g; applicable GMP/ISO clause
and description)
“Management review meeting was no conducted last year as per
schedule No. 123. No evidence of conducting management review
meetings as per management review meeting schedule.
9.3. Management Review, the management shall review the
organization’s QMS at planned intervals
73. Corrective action report (CAR)/NCR
Major NCR where,
Total breakdown of a process or procedure which is
critical to QMS or product or service
Total absence of a requirement mentioned in standard .
A number of minor lapses in system, which when taken
together suggest a total or important breakdown in the
process
74. Corrective action request (CAR)/NCR
Minor NCR where,
A lack has been identified in a process, activity, product
or service in the operation of QMS but its severity is not
high
There is a minor non-compliance in a system which is
not affecting the process or quality.
75. Corrective action report (CAR)/NCR
*Opportunity for improvement (OFI) where,
Areas which are in compliance but may further be
improved
Concerns are not yet serious enough to issue NCR/CAR
Deficiencies are seen in which there is a doubt
* these are also called “Observations” or “Comments”
76. Audit review meeting
To be conducted by lead auditor team memebres
after completion of audit
During this meeting:
All of the observations, evidences gathered are reviewed by
audit team leader
Audit conclusion is made for presentation to client
Decisions are taken on grading NCs as major, minor or OFI
77. Closing meeting
To be conducted by lead auditor on auditee’s
premises
Participants may include:
Responsible people from department, functions or processes
which are audited
Other interested parties
Top management representative
78. Closing meeting
Items of closing meeting
Attendance sheet
Purpose, scope and objectives of audit
Thanks giving to auditee for cooperating
Method of audit reporting
Describe strengths & weakness
Explain NCRs, OFIs
Distribute NCR/CAR forms
Explain the process of closeout of NCs
79. Closing meeting
Items of closing meeting
State final decision & conclusion
Explain confidentiality
Tell time duration of submission of audit report
Explain audit follow up process
Thanks to client/management
Quick fixes should not be accepted
Any conflict/objection by auditee should be managed tactfully &
respectfully.
81. Critical NC
A deficiency which has produced, or leads to a
significant risk of producing either a product which
is harmful to the human or veterinary patient or a
product which could result in a harmful residue in a
food producing animal.
82. Critical NC
A critical deficiency also occurs when it is observed
that the manufacturer has engaged in fraud,
misinterpretation or falsification of products or data.
83. Critical NC
May consist of several related deficiencies, none of
which on its own may be critical, but which may
together represent a critical deficiency or systems
failure and should be explained and reported as such
84. Major NC
A deficiency that is not a critical deficiency which
has produced or may produce a product, which does
not comply with its marketing authorisation; OR
does not ensure effective implementation of the
required GMP control measures; OR
indicates a major deviation from the terms of the
marketing authorisation; OR
85. Major NC
A deficiency that is not a critical deficiency which
indicates a failure to carry out satisfactory
procedures for release of batches or a failure of the
authorised person to fulfil his/her required duties;
OR
86. Major NC
A deficiency that is not a critical deficiency which
indicates a failure to carry out satisfactory
procedures for release of batches or a failure of the
authorised person to fulfil his/her required duties;
OR
87. Major NC
A deficiency that is not a critical deficiency which
consist of several “other” related deficiencies, none of
which on its own may be major, but which may
together represent a major deficiency or systems
failure and should be explained and reported as such.
88. Minor NC
A deficiency which cannot be classified as either
critical or major, but which indicates a departure
from good manufacturing practice.
(A deficiency may be “other” either because it is
judged as minor, or because there is insufficient
information to classify it as major or critical)
89. Use of subjective words (should be avoided)
“Very Bad/Poor”
“Disappointing”
“I think”
“My opinion”
“Careless”
“No where”
90. Overstating the deficiency (should be
confined to sampled problem)
“Many of the SOPs were not approved”
“Majority of workers were untrained”
“A few of analysts know calibration procedure”
“Most of the areas were dirty”
91. Exclamation words (should be avoided)
“Regretfully”
“Amazingly”
“Like ever”
“Hopefuly”
92. Lack of Clarity (should be clear)
“The purified water hose not hung to hook”
“The opening to the manometer in the wall had been
covered with adhesive tape.
The lid of stainless steel container showed adhesive
tape remainder
93. Lack of Clarity (should be clear)
“The purified water hose not hung to hook”
“The opening to the manometer in the wall had been
covered with adhesive tape.”
“The lid of stainless steel container showed adhesive
tape remainder”
94. Operating beyond audit criteria (remain within
criteria)
“Surrounding of the factory was dirty”
“Flow of sections was not unidirectional”
95. Repetition of deficiencies (Remain
comprehensive)
1- “Procedure of training was not being followed;
assessment was done on unapproved format”
2- “Schedule of training was not prepared as per SOP
of training”
96. Merging deficiencies of different
clauses/groups in one
“Operator was not wearing mask and was mixing
batch without supervision”
97. Over emphasizing
“The requirements of clause abc and xyz relating to
calibration of equipment had not been met as several
calibrations had not been completed:”
a.Temperature and humidity recorders had not been calibrated
b.Calibration due dates have passed on some balances.
c.Pressure testing equipment was out of calibration date and
did not have a warning sign
98. Non-conformity
The non-fulfillment of a specified requirement
Non-conformance:
A deficiency in a characteristic, product specification,
process parameter, record, or procedure that renders the
quality of a product unacceptable, indeterminate, or not
according to specified requirements
99. Deviation
Departure from an approved instruction or established
standard.
Discrepancy:
Departure from an approved instruction or established
standard.
Incident:
Operational event which is not part of standard
operation
100. Readout the case studies & find out
the non-conformity (if any), classify
the NC and mention the applicable
GMP clause.
101.
102.
103.
104.
105.
106.
107. Audit report
Verification of activities by physical visit or
document review
Closeout of audit findings
108. Audit report
It is a summary of audit conclusion,
findings, and other audit activities
performed during audit
It is prepared by auditor team member or
lead auditor
It must provide a clear, concise, complete, and
accurate record of the actual audit
109. Audit report may include:
Audit objectives
Audit scope & criteria
Auditee information (names, designation etc)
List of audit team members & other
participant
Dates and location
Executive summary
Stengths & weakness of auditee
110. Audit report may include:
Audit findings
Evidences (documents, records etc)
NCRs
OFIs
Audit conclusion
Statement on the degree on fulfillment of
audit criteria
111. Audit report may also include:
List of reference standards, documents used
during audit
Any exclusions or areas not covered
Agreed follow up plans
Distribution list of audit report
112. Audit report distribution:
Should be timely
Any delay must be communicated
Be distributed to auditee, management,
regulatory bodies (where applicable), client or to
certification body