It is best practice for life sciences companies to audit their medical affairs (MA) functions at least every two years—whether those services are provided in-house or by a 3rd party vendor. Audit frequency is risk-based and typical industry standard for a vendor/supplier audit is 3-5 years. Regulations do not specify timeframes, only that an audit is required.
Prior to COVID-19, audits were mostly conducted in person. The pandemic forced companies to look for other ways to meet their audit obligations, and a virtual (remote) approach was generally seen as preferable to delaying the audit. When designed properly, companies found that virtual MA audits, conducted live, produced the same depth and breadth of observations as in-person audits. The virtual approach is now firmly established as a viable alternative, even with the easing of COVID restrictions.
There are some inherent challenges with virtual audits, most of which can be addressed during the planning process:
- Establishing an effective auditor-auditee relationship. As at-home workers across the globe know, it is more difficult to establish working relationships via Teams or Zoom than it is when you can look someone in the eye and read their body language. While this is something to be aware of, auditor-auditee interactions by nature are collegial but not overly friendly and this is likely not a significant detriment.
- The lack of physical proximity requires additional planning. If there is more than one auditor, it is likely they are not in the same location. The same is true for those being audited. Communication channels, such as a group chat, need to be set up for private “sidebar” conversations (between auditors; between auditees) during the audit. Additionally, a separate Teams or Zoom meeting should be set up by each entity to converse during audit downtimes.
- The start and stop nature of the auditor-auditee communication. As with an in-person audit, an auditor will want time alone to review documents. This means that allparticipants will log in and out of the Teams or Zoom meeting multiple times. A way for the auditor to notify all participants that it’s time to return (e.g.; a group text) should be set up.
- The possibility of technical issues. An IT person from each organization should be on standby in case addressable issues occur. On a related note, at-home audit participants should be encouraged to set up their smartphone as a mobile hotspot in case of an internet outage.
Planning is key to a successful virtual audit:
- Determine the scope of the audit. The objective of any audit is to collect documented evidence that the auditee is following established procedures and is in compliance with all applicable regulations. Possible elements of a Medical Affairs audit include the handling of Medical Information inquiries, Medical Science Liaisons procedures, and the documentation and reporting of Adverse Events and Product Complaints.
- Identify primary contacts (auditor and auditee). These are the people who will maintain communication through all stages of the audit. (It is essential that participants on the auditee side are deeply knowledgeable of the processes being audited.)
- Create an audit plan to send to the main auditee contact. Typical audit plans include:
- Audit date(s)
- Start and end times (taking time zones into consideration)
- Purpose of audit
- Scope of audit
- Company began audited (if services are provided by a 3rd party vendor)
- Name, title, and contact information of the lead auditor (and co-auditor if applicable)
- Name, title, and contact information for the main contact (and other audit participants as provided by the main contact)
- Audit location (on-site or virtual)
- Outline and timing of audit prep activities, including documents requested in advance of the audit
- Agenda for the day(s) of the audit
- Outline and timing of post audit activities (the audit report; the response by the auditee)
- Test platforms and communication channels that will be used in the audit. This is best done two or more weeks prior to the audit start date.
- Identify an observer/scribe. Share expectations of the role and guidelines for effective audit notes.
With both in-person and virtual audits, the requested documents are typically shared in a PDF format through a private secured network. If the audit is of a 3rd party vendor, the auditor’s access is read-only (no printing or downloading of documents) and is only for a limited time. This approach is convenient for the auditor, allows the auditee to control access, and is environmentally friendly.
Permanent storage of documents should be in a private, secured, and validated repository that utilizes file indexing and OCR (Optical Character Recognition) for the easy retrieval of documents.
The most notable advantage of virtual audits is that they save time and money. Conducting an audit virtually eliminates travel expenses and reduces the time auditors need to devote to the audit activities.
Even though audits can be effectively performed virtually, in-person audits are not a thing of the past. If the services are being provided in a location geographically close to the auditor, an on-site audit eliminates the challenges associated with virtual audits. A hybrid approach can also be taken—in which the bulk of the auditor’s document review takes place remotely, and a site meeting is held for questions and answers.
Alena Galante, director, quality and compliance, and Denise Dixon, global chief operating officer; both with Diligent Health Solutions