Auditors responsibility

It is important to understand the limits of auditors responsibilities, a topie addressed at some length in the Cadbuiy Report (see Section 2.2.4). First of all, accounting standards permit the figures in the annual statements to be presented in a variety of different ways. The auditors responsibility is limited to certifying that the accounts have been prepared in accordance with these standards auditors have no authority to question whether the particular choices are the most appropriate for the company, provided that they are used... 

By being independent of the audited activities, the auditor is unaware of the pressures, the excuses, the informal instructions handed down and can examine operations objectively without bias and without fear of reprisals. It is for this reason that it was considered appropriate for the auditor to have no direct responsibility for the work being audited i.e. audits carried out by a manager, supervisor, or foreman of his/her own department or section do not qualify as internal quality audits in ISO 9001 1994. However, they will qualify under ISO 9000 2000. 

Auditors can be from the same department as the activities being audited, provided they are not responsible for the activities being audited. 

Examples of Quality Audit report forms are shown in Tables 9.5 and 9.6 at the end of this chapter. Table 9.5 shows Report Form 1 which includes a record of what has been examined, so that subsequent audits can examine other aspects of the laboratory s operations. Note that when improvement actions are required, the form records not only what needs to be done, but also by when it must be completed, as shown in Table 9.6 (Report Form 2). The form is signed by the auditor and the responsible person from the area being audited. In the UK, the accreditation body UKAS refers to the corrective action as improvement action . This further emphasizes the continual improvement aspect of the ISO/IEC 17025 and ISO 9001 Standards. The examples shown in Tables 9.5 and 9.6 will probably have to be modified to meet a laboratory s particular requirements. It should also be remembered that both report forms should indicate (usually as a footer or header) the title of the document, its issue date, issue number, who authorized the document, page number and total number of pages. 

An audit is a systematic, independent review to verify conformance with established guidelines or standards. An audit uses a well-defined review process to ensure consistency and allow the auditor to reach defensible conclusions. An audit evaluates the procedures, operations, and activities performed in the management and execution of a program in orderto verify conformity to established criteria. Such evaluations are intended to provide feedback to management and those responsible for the status of the audited program. 

As databases were automated that review function became increasingly problematic, and increasingly a concern of both outside FDA and internal QA auditors. As a response to the difficulty in tracking a data point change in an electronic file automated audit trails were developed, encouraged, and finally (in Part 11) required. 

But the FDA also has very important law enforcement responsibilities. The agency employs civil and criminal investigators, auditors, attorneys, and other enforcement professionals. One of the FDA s many enforcement functions is investigation, remediation, and prosecution of cGMP violations. 

Auditors should select the audit method most appropriate for their intended audit purpose. Initial quality system audits or regularly scheduled audits are likely candidates for the top-down approach, while audits conducted as part of a root cause analysis, for example, may best employ a bottom-up approach. The FDA employs a similar approach to inspections. Regular scheduled biennial inspections are more likely to employ a top-down methodology. For cause inspections conducted in response to a specific product issue such as a recall are more likely to employ a bottom-up approach. FDA investigators may employ a combination approach during biennial inspections if investigators are aware of specific quality problems that they wish to include in the inspection. 

The team s expertise should be compatible with the kind of audit to be conducted. Audits of certain programs may require the selection of specialists in electrical equipment, pressure vessels, maintenance, motor fleet activities, and other fields. Line managers of other units are excellent members of audit teams. They bring a different background to spot weaknesses. In addition, participation is a learning experience for the manager and increases the involvement of those responsible for results. It may also be helpful to have a previous auditor of the unit as one member of the audit team. 

An auditor or inspector s responsibility is to present and document the facts They do not invalidate studies, and they do not levy fines or penalties. 

Auditor In the context of configuration management, the auditor is the person responsible for reviewing the steps taken during a development or change management process, to ensure that the appropriate procedures have been followed. 

Assignment of a lead auditor to take responsibility for the audit Reference documents to be used in planning and performing the audit A company organizational chart—to help understand the organizational flow and determine the proper individuals required for interview during the audit... 

The formal audit report is the product of the audit. The lead auditor is responsible for the report content and accuracy and for submitting the formal report in a timely fashion. After completion of the audit, the work on the formal audit report should begin immediately, while audit details are still fresh. In addition, the longer the audit report is put off, the less interested the vendor will be in pursuing corrective actions. It is good practice to complete the final audit report within 2 weeks from the date of the audit. 

As a result of the audit, the vendor is responsible for developing a corrective action plan to address any weaknesses or deficiencies identified by the sponsor s auditors. It is the sponsor s responsibility to ensure that the corrective... 

There is an industry trend toward dedicating specific personnel to the function of internal audits and quality assessments. This approach allows the assessor or auditor to focus on the compliance of the company and its vendors and contractors as well as maintain an independent role allowing for impartial assessment of all areas, including the QA unit. Those companies whose assessors and auditors also perform QA responsibilities might seriously consider the regular use of an independent assessment group, such as corporate auditors or an independent consultant. A fresh pair of eyes, coupled with extensive exposure to multiple worldwide operations, makes using external auditors, preferably with some former FDA experience a tremendous asset to any company. 

Forward-thinking companies will put quality first and build a quality assessment team based on cross-functional knowledge and experience. A lead assessor or auditor should be responsible for coordination of the audit and ultimately responsible for the issuance of the report. Composition of the audit team should depend upon the scope of the audit and utilize personnel with pertinent knowledge. The lead assessor or auditor is responsible for resolving any differences of opinion and presenting a unified executive summary of the audit. 

Response and CA—Concise plan for implementing enhancements delineating who, when, how, and why, coupled with corresponding time lines. The lead auditor issues the report, making sure to incorporate information and commitments from area management. 

---