For course details click on the subject areas shown in menu below. To contact us: +44 1635 866699 info@inspiredpharma.com

The Focus of Audits – Have we got it right?

by | Sep 12, 2022

Auditing

Most people will have some involvement with being audited.  In general audits are classified into one of three different types; namely first party, second party and third party.

First party audits are often called internal audits or self-inspections.  Here you are audited by others from your own site.  Second party audits are either you auditing a supplier or a customer (of which you are a supplier) auditing you.  This leaves third party audits whereby you are audited by a Regulatory Authority or external body.  This also leave the notion of corporate audits; audits by people from within the same organisation but from another site.  There is a case for classifying these as either 1st, 2nd or 3rd party audits – a discussion we will save for another day!

As a pharmaceutical trainer, auditor and consultant I meet a lot of auditors and look at audit mechanisms a great deal.  The following appears to be the case in most pharmaceutical manufacturing sites.

First party audits:

We do these because we have to!  Often seen as a regulatory necessity!  Areas are often only audited once a year (if that) with limited time given to perform the audits.  These audits are often moved “when something more important comes up”, are poorly planned and prepared for, the audit programme is often not adhered to, reports are completed late and non-conformities/ corrective actions highlighted during the audit are rarely completed.  Evidence to support that true corrective actions have been taken (that proves that the problem has been sorted for good) are rarely seen.

Second party audits:

These are generally done OK.  We like doing these.  If it involves us performing supplier audits then it gets us out of the office, involves travel and allows us to meet new people.  If it’s us being audited by a customer it gives us an opportunity to show them what we can do and how good we are.  This article is not really about this type of audit – we will re-visit these another day.

Third party audits:

These are dealt with completely differently from first party audits.  As soon as a site knows that the Regulatory Authority is coming all holidays are cancelled.  Teams of people will meet every week to plan the audit, all documentation and records will be re-reviewed and put in a (war) room with an armed guard at the door!  There will be none of that “we’ll deal with any non-conformities in due course” with these audits – people are re-trained, procedures are re-issued and facilities repaired whilst the audit is still going on!

Now, I am generalising here, and I am trying to bring an element of fun and humour into this article, so please don’t be offended by this.  However – here is the general lesson.  We generally pay a bit of lip-service to the first party (internal) audit and take the third party (regulatory) audit much more seriously.  And here is where the focus is wrong.  Surely if we gave the first party audits much more focus and priority (after all it’s the prime way of evaluating your system) then wouldn’t second and third party audits be much easier to prepare for and be more successful?

I know that having a bad third party audit is a disaster for any site, so they do need to be well prepared for and managed.  However giving more focus and effort to our own first party audits pays dividends.  This can be summed up with my final thought.  Aren’t non-conformities raised at third party audits telling you something about your first party audits?  Surely the first party audits should be picking up findings ourselves before the Regulatory Authority finds them!

Of course what I say above involves a lot of generalisation, it does however appear to be generally agreed by people who I meet.  If this is not the case in your own organisation then this is great news, and I would be delighted to hear from you in a comment below.

Please feel free to comment.  For details of our courses in this area select this link: QMS Courses

THIS ARTICLE WAS FIRST PUBLISHED IN 2012 AND MOST RECENTLY UPDATED IN SEPTEMBER 2022.

Related Articles

Find out about our course ranges

GMP Training

 

More details

QMS Training

 

More details

GDP/RP Training

 

More details

GMP Compliance

 

More details

QP Training

 

More details

GDP Compliance

 

More details

Free Taster courses

To try a free taster of our online courses to see if they are of interest visit this page.

7 Comments

  1. Gareth on February 9, 2012 at 8:22 am

    Hi Dominic – really interesting post. I’s like to interview you on this topic for in-Pharmatechnologist.com. Drop me a line if you are interested.

    Hope to hear from you

    Gareth

    Reply
  2. Arie Menachem on February 12, 2012 at 1:41 am

    I think that the way to deal with the disparity you mention is to ensure that those of us who perform second or third party audits is to focus very carefully on the site’s internal audit program. This is important for a few reasons – firstly to understand how risks are handled on site for the 360 or so days there is not a third party / corporate audit (and in the case of a second party / supplier audit – the number of days is usually at least double that) and secondly to impress upon the local leadership that they are held accountable for the effectiveness of their audit program. In one of the companies I worked at, if we made a finding that was understood and managed by the site, this was given a lot less weight than one that hadn’t been discovered by the site or had been known by the site but inadequately managed. If that kind of system is implemented – it incentivizes the site to implement a robust internal audit program.

    Reply
  3. amit on February 13, 2012 at 3:46 am

    Is First Party audits is a general practice among big pharmaceutical companies like Amgen, Genetech etc. Do they use same teams for GMP and GLP validation audits.

    Reply
  4. Andy Nichols on February 13, 2012 at 10:42 pm

    So what can be done to improve the way internal audits are perceived and performed? Any clues?

    Reply
    • Ron Orme on February 14, 2012 at 7:51 am

      I think Dominic’s point is that the same importance and approach needs to be adopted for internal audits as for third party and external audits.

      Reply
    • Dominic Parry on February 14, 2012 at 8:53 am

      More focus and buy in from Top Management generally is needed.

      Reply
  5. Peter Lavis [Lead Auditor] on February 14, 2012 at 2:20 pm

    What is absolutely essential here is the integration of ‘business’ requirement [ie. the pursuit of organisational efficiency] with the requirements set down through GMP [ie. effectiveness]. Thus the perception of Internal Audits will change – they will then be seen as a ‘value-adding’ activity rather than simply a ‘necessary evil’, a mechanism put in place to satisfy Chapter 9. The key to this is to ensure that process interface, internal customer requirements and continual improvement issues etc are being addressed during Internal Audit and that ‘Managers’ see themselves as Process Owners, rather than owners of functional silos. In this way the requirements of GMP and the ‘whole business’are being addressed through the Internal Audit process – and we employ best business practice [as seen through ISO 9001] alongside the requirements of GMP – and this ties in very nicely with the ISO 9001 / GMP article. This way of thinking is coming the Pharma-way, in part via ICH Q10, and in part through economic necessity. The Pharmaceutical Industry needs effective and efficient organisations – not just effective ones.

    Reply

Let us know what you think

This site uses Akismet to reduce spam. Learn how your comment data is processed.