FDA Audit Program – What You Need To Know
FDA Audit Program – What You Need To Know
What is an FDA audit program (audit plan)?
An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations.
The goal of an audit program is to create a framework that is detailed enough for any outside auditor to understand what official examinations have been completed, what conclusions have been reached and what the reasoning is behind each conclusion. The framework should explain the audit’s objectives, its scope and its timeline. The audit program should also describe how working papers — the documented evidence of the audit — will be collected, reviewed and reported.
Objectives of audit programs
When developing an audit program, the internal auditor and its associated audit team should start with outlining the audit’s objectives, goals and obligations.
Audit program objectives help direct planning of the audit report and are based on the policies, procedures and guidelines unique to the company. These objectives may relate to and outline how the auditors will maintain efficiency, professionalism and a specific code of conduct during audit procedure.
In addition to relevant regulatory compliance mandates, objectives for audit programs should consider aspects such as management priorities, business intentions, system requirements, business structure, legal and contractual mandates, the expectations of customers and other interested parties, potential risk management vulnerabilities, and any corrective action taken based on previous audits.
Preparing an audit program
Audit program details are specific to individual organizations based on their unique needs, but audit plan preparation will consider the audit’s relevant regulatory deadlines, staff requirements and reporting structure, and overall goals. In particular, these goals will consider how the company will maintain regulatory compliance via risk assessment and management procedures. The audit program should also include a timeline detailing when specific aspects of the audit program should take place and how they should be prioritized.
Audit program planning is usually a continual and iterative process. During audit planning and development, companies can build on lessons learned from previous audits by implementing newly learned best practices that alleviate risk and maintain compliance. Audit development guidelines and best practices vary by industry, but local and regional auditing certifications are available, as are internationally recognized audit certifications. These certifications include Certified Internal Auditor and Certified Information Systems Auditor, and membership in the International Register of Certificated Auditors.
Types of audit programs
Different types of audit programs include standardized audit programs, tailored audit programs and compliance audit programs. Standardized audit programs, which are available for many different industries, can be used proactively to help an organization create its own internal compliance framework and internal audit program. For example, the International Federation of Accountants publishes financial audit standards called the International Standards on Auditing. A standardized audit program is different than a fixed audit program, which is defined as an audit program that cannot be changed during the course of an audit.
Tailored audit programs are different from standardized audit programs in that they cater audit procedures to match specific needs of the auditing entity. These audit programs are “tailored” to reference specific areas such as business procedures, legal documents and assets. By targeting these specific requirements through tailored audit programs, the company can more quickly identify potential compliance lapses and develop internal controls to offset these vulnerabilities.
A compliance audit program outlines how an organization will adhere to regulatory guidelines. The details of compliance audit program will vary depending upon factors such as whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, Sarbanes-Oxley Act requirements state that electronic communication must be backed up and secured with disaster recovery infrastructure, while financial services companies that transmit credit card data are subject to Payment Card Industry Data Security Standard (PCI DSS) requirements. In the Unites States, publicly traded companies must report results of internal control audits to the Securities and Exchange Commission (SEC). In each case, an organization’s audit program outlines how the company will maintain compliance with regulatory compliance rules.
Medical Device Single Audit Program (MDSAP)
The International Medical Device Regulators Forum (IMDRF)External Link Disclaimer recognizes that a global approach to auditing and monitoring the manufacturing of medical devices could improve their safety and oversight on an international scale. At its inaugural meeting in Singapore in 2012, the IMDRF identified a work group to develop specific documents for advancing a Medical Device Single Audit Program (MDSAP).
The Medical Device Single Audit Program allows an MDSAP recognized Auditing Organization to conduct a single regulatory audit of a medical device manufacturer that satisfies the relevant requirements of the regulatory authorities participating in the program.
International partners that are participating in the MDSAP include:
- Therapeutic Goods Administration of Australia
- Brazil’s Agência Nacional de Vigilância Sanitária
- Health Canada
- Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency
- The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs)Programme and the European Union (EU) are Official Observers
From 01 January 2014 to 31 December 2016, FDA, alongside its international partners, participated in a Medical Device Single Audit Program Pilot. On 29 June 2017, a report was generated summarizing the outcomes of prospective “proof-of-concept” criteria established to confirm the viability of the Medical Device Single Audit Program. The outcomes documented in the Final MDSAP Pilot Report are based on data generated during the three (3) year pilot.
Based on its evaluation of the MDSAP Final Pilot Report, the MDSAP Regulatory Authority Council (the international MDSAP governing body) determined that the MDSAP Pilot had satisfactorily demonstrated the viability of the Medical Device Single Audit Program.
FDA will continue to accept MDSAP audit reports as a substitute for routine Agency inspections. Firms with activities related to the Electronic Product Radiation Control (EPRC) provisions of the Act will continue to be subject to FDA inspections for the EPRC activities.
The Medical Device Single Audit Program (MDSAP) is transitioning to full implementation by January 1, 2017. In anticipation, FDA has set up 10 medical device education modules to help companies learn more about MDSAP. Available in the CDRH Learn section of the FDA website, the modules cover the following areas surrounding MDSAP:
- Introduction to MDSAP
- MDSAP management
- Device marketing authorization and facility registration
- Measurement, analysis and improvement
- Adverse events and advisory notices reporting
- Design and development
- Production and service controls
MDSAP was developed by FDA with regulatory agencies from Australia, Brazil, Canada and Japan. The program enables device companies to contract with an MDSAP-authorized auditing organization to conduct a single audit against relevant device regulatory requirements.
Types Of Audit Program
Audit program can be classified into the following two groups:
1. Fixed Audit Program
Generally, auditor prepares audit program on the suggestions and recommendation of assistant staff but such a program can not be changed during the course of audit which is known as fixed audit program. Such program, due to the pace of time or change in the situation and size of the client needs to change even though it can not be changed. Fixed audit Program can be used in all the organizations.
Advantages Of Fixed Audit Program
- Fixed audit programs are prepared once and program is used in all the organization. So, it saves time and cost.
- All the works are completed within the stipulated time because auditor does not change such program on the request of assistant staff.
- Audit program fixes the responsibility of assistant staff. So, they know their responsibility and complete their work in time which helps to prepare and present reports in time.
Disadvantages Of Fixed Audit Program
- Such program is rigid. So, it cannot be used in all organizations because nature and size of all the businesses do not remain the same.
- Same program will not be useful in the big and small organizations.
- PROMOTED CONTENTMgid
- Fixed audit program is unscientific and impractical because it does not incorporate the changes caused by time and situation.
- Fixed audit program harasses the staff because intelligent staff cannot use their skill and knowledge.
2. Flexible Audit Program
An audit program which can be changed as per the need, time, nature of business and auditing standard is known as flexible audit program. Such program should be reviewed on the recommendations and suggestions of assistants. Such change can be made due to change in number of work, nature of business, change in management and their feelings. It is just taken as helping part but assistants can use their knowledge, caliber and intelligence.
Advantages of Flexible Audit Program
- Auditing remains effective because it can be changed if the change is made in the nature and size of business.
- Assistant staff remain happy because such programs are prepared incorporating to the problems of assistant staff.
- Flexible audit program remains effective because it incorporates to the change made due to time and situation.
Sorry, there were no replies found.