RBQM Done Correctly Greatly Reduces Audit Findings
Audits and inspections are an inevitable part of life in the clinical research world and can be a source of fear for many. This post shows how implementing a robust Risk-based Quality Management system can greatly reduce potential findings in audits and inspections and also instill confidence in the inspectee that they have the right processes and procedures in place and the evidence to demonstrate this to the auditor or inspector.
It is often said that the best preparation for an audit or inspection is to do the job right from the beginning, but of course, we have to demonstrate this as well, which means we need evidence and documentation.
We could summarise this as follows:
- Do it right and…
- Document it correctly from…
- Day One
However, it’s impossible to achieve perfection in the real world – some things always go wrong. For example, people make mistakes; systems don’t work as we expected them to; procedures have flaws and gaps; equipment doesn’t function properly or breaks down; unforeseen circumstances impact our work.
What Risk-based Quality Management allows us to do, is to anticipate, measure, track and address these situations. Then when the auditor or inspector comes along, we have documentation to show that when things began to go wrong, we identified the issue quickly and put mitigations in place to address it. We can also show that we reviewed and assessed the effectiveness of our mitigations. To put this more simply: we found out quickly when something was wrong, we did something to put it right, and we checked that it had worked.
Risk assessment should identify and evaluate what could go wrong. Quality Tolerance Limits (QTLs) identify the critical risks which must be addressed across the organisation, programme, and trial; in other words, where deviation from perfection has the biggest impact.
Key Risk Indicators (KRIs) take that down to the trial, country, and site level. In the context of audit or inspection, we now have documented evidence that we are aware of what could go wrong. We then need to put in place risk-based quality management (RBQM) plans to act on our knowledge.
There will, of course, be unforeseen circumstances that, by definition, we can’t predict, but having RBQM in place allows us to address those much more quickly and efficiently.
By applying metrics to QTLs and KRIs, we make sure we know as soon as things begin to go wrong. As we record and review those metrics, we collect evidence that we had oversight of our GCP responsibilities.
Metrics on their own do not manage risk. We also need to review and track those metrics with a process for generating an alert when a KRI or QTL is in danger of being breached. Documenting that review, tracking, and alert system is another key way to demonstrate oversight and management of compliance to an auditor or inspector.
All of the above should lead to escalation and mitigation actions being taken when an alert is triggered. The process, responsibilities, and timelines for this must be included in the RBQM procedures, along with the appropriate means for documentation of action taken and effectiveness review.
Develop a Study-wide Audit Trail
In terms of an audit or inspection, this documented approach is the most critical part of the evidence we can present; anticipating, measuring, and tracking does nothing if we don’t act on that information.
In summary, auditors and inspectors won’t expect perfection; they know that things will always go wrong some of the time. If we have documented evidence to show that we were aware of the risks, measured and tracked them, and acted to get things back on track in a timely and effective manner, we can go into any audit or inspection with confidence.