Author: Jeanne Macarro, senior business/industry technical adviser, UL Solutions
Your company has an audit scheduled for next Monday. What will the auditor ask to review? What will the auditor request from you? Will you be prepared to provide clear, concise, accurate training information? Can you ensure easy, quick retrieval of training data during the audit?
Any audit, whether done by an internal resource, a customer or by the Food and Drug Administration (FDA), will expect your data to be reliable and accurate. Data integrity – the completeness, consistency and accuracy of data – is a critical component of the pharmaceuticals industry’s responsibility to ensure the safety, efficacy and quality of drugs.
In this article, we will hear from three pharmaceutical companies about their approach to reporting when their companies are faced with an audit. We will look at each company’s standard practices and some recommendations for other companies to follow. We’ll also provide some recommendations you can implement for your audit to run smoothly.
The ComplianceWire® system provides you with audit trails in multiple places. Their purpose is to provide you with support documentation and history that you can use to authenticate operational actions or events. The reporting functionality in ComplianceWire® provides you with the ability to pull this support documentation and history out of your system.
There may be as many as 32 different reports available in your ComplianceWire® Production environment — with more on the way. There are many key features, including the ability to personalize reporting, use robust filtering, save, schedule and share the custom reports you create, and edit saved reports. Let’s look at how three companies use the ComplianceWire® system to support their audits.
Pharmaceutical company A is a company with 21,000 users and multiple global sites. The Global System Administrator recommends the following reports:
- Assignment report by user/training
- Completion report by user/training
- Curriculum qualification matrix report
- Recurring assignment definition with completion status report
Another recommendation is using the reports shared in the ComplianceWire® Job Aid “How Do I Generate the Right Reports for Audits.” This job aid includes 11 common audit questions and provides the appropriate report to answer them accurately.
The Global System Administrator states it’s also important to provide reports to auditors in a format that is not editable. Reports should either be downloaded as a PDF or, if downloaded as Excel, saved, or printed to PDF. Lastly, while company A’s administrators are responsible for providing the reporting for audits, individual sites can also delegate a reporting security role to other users on-site who are responsible for providing reports for audits. By setting up a security role with basic reporting rights, users can be assigned this role on a temporary basis.
Pharmaceutical company B is a global company with 1,700 users and manufacturing sites in six countries. This company has identified specific system administrators at each site that are highly involved in audits.
The European manufacturing site interviewed for this article stated that it could have as many as 10 internal audits in a year. They can also expect audits from customers — three to five a year — and audits from regulatory bodies at one per year.
Company B has been using ComplianceWire® for two years, and while the system administrators find their ability to prepare before the audit is limited, they can anticipate some questions. Are employees trained on the Data Integrity curriculum? What employees have not completed their assigned GMP training?
Because pharmaceutical company B’s site has restricted areas, the system administrators expect that auditors will ask for records of employees who have completed and not completed training related to controlled access. In addition, they continually address any overdue and incomplete training for all employees at the site.
Company B’s administrators recommend being familiar with creating reports. Practice running reports that provide information on completions and incompletions. Know how to add and adjust columns, as well as filters. Information is provided to auditors in PDF format. The system administrators will also show the auditor the information directly in ComplianceWire®, if requested.
Pharmaceutical company C is a small pharmaceutical company with 600 users. They implemented ComplianceWire® in 2022, and while they have not had any audit opportunities at this time, they have taken a proactive approach by designating an administrator as the point person for audits. They have also created a “reporting only” security role. This role grants non-administrators the ability to run reports if needed. Training is provided to any employee with this security role. An internal Job Aid with basic reporting concepts has been created specifically for this non-administrative role. Organization administrators are available to support any audits.
Let’s define some steps you can take to ensure your audit runs smoothly.
- Identify the administrators that will be responsible for providing reports for the audit. These administrators should be trained and experienced in running system reports. “Winging it” should not be an option when your company is faced with an audit.
- Define the format in which reports will be provided. Confirm if the auditor wants a PDF provided in print. (Some companies require a confidential stamp on paper copies.) Does the auditor want the files on a flash or thumb drive?
- Prior to your audit, develop some practice questions in anticipation of an audit. Ask an internal auditor for some suggestions.
- Refer to the Job Aid ‘How do I Generate the Right Reports for Audits’. This job aid explains which reports to run based on the audit question posed.
- Refer to previous audits to determine questions that have been asked. This can give you an idea of what to expect from an auditor.
- Consider developing a standard operating procedure for managing the inspections. This can help to keep.
Any audit, especially an FDA audit, can be challenging. It is important to be as prepared as possible.
Practice before an audit happens so you’re not scrambling for information. Learn what options are available to you within the different reports. Your subject matter experts (SMEs) should know ahead of time how to create a robust report so they’re prepared if asked to support an audit. Be familiar with how reports are created, saved, scheduled, shared and printed.
You may find it beneficial to create a standard with specific columns and filters. Your company may create a procedure or a work instruction detailing those columns and filters to include for specific reports.
Make use of the information within your ComplianceWire® system. Within Platform Documentation, there is a lengthy Reports Administrator Guide (008). This 120-page guide lists all available reports and walks you through the creation of these reports. Under Job Aids, review the examples in the “How Do I Generate the Right Reports for Audits” PDF. This job aid explains which reports to run based on the audit question that is asked by an auditor.
By taking the right steps to be prepared for your next audit, you can be assured that the right data is presented by the right people.
Get connected with our sales team
Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.