Although audits, assessments and corporate compliance investigations are not something most executives get excited about, they are critical to ensuring your FDA-regulated business is ready for any and all types of review by the FDA, Department of Justice or other regulator. Audits, Assessments, Corporate Compliance Investigations and (one additional item) Mock Inspections are generally defined as follows:
- Audit: A formal, often-privileged, structured, in-depth review of a company’s regulated operation for the purpose of determining deficiencies and deviations from established and understood regulatory standards. Audits are often “scored” for purposes of determining performance of an operation against accepted standards.
- Assessment: A formal, not-privileged, and loosely structured review of a company’s regulated operation for purposes of determining issues, deviations from regulatory standards, opportunities for improvement, best practices and readiness for audit or inspection.
- Corporate Compliance Investigation: A for-cause investigation, generally performed at the direction of the Company CEO, General Counsel, or Chief Compliance Officer, possibly subject to privilege if authorized and executed properly, and focused on confirming, or disproving, allegations of illegal conduct or violations of a company’s code of conduct, procedures, policies or other mandates. Corporate compliance investigations must conform to the highest standards of critical review to ensure discretion, confidentiality, comprehensive assessment and legal analysis are performed properly.
- Mock Inspection: An audit performed by someone posing as an FDA Investigator for the purposes of determining operational readiness for a real FDA or other health authority inspection. Mock Inspections are both a readiness and training tool and provide significant value to an organization when performed properly.
Each of the foregoing can vary in intensity and rigor in accordance with the needs of the organization. Depending on the amount of time spent, each of these can be more or less rigorous (and correspondingly more or less expensive) depending on what level of risk and confidence each organization possesses.
For small and medium-size organizations seeking to proactively assess compliance, Compliance Architects® recommends a three-day review activity. For medium to large size organizations seeking to proactively assess compliance, we recommend a week to two-week review activity. Where corporate compliance investigations are indicated, specialized planning and cooperation with the Chief Executive and counsel are typically indicated.
For additional information on audits, assessments and investigations, contact Jack Garvey at john.garvey@compliancearchitects.com, or visit: www.compliancearchitects.com
Jack-
Good article. Brief and to the point, well structured, good content. Question: Who is conducting the different types of audits/inspections you listed…internal by your company or external reg agency? Are they performed in-house -or, by an external agency, or by FDA?
Great question. All of these types of activities can be performed by internal personnel, if sufficiently qualified, or, by external resources that have deep experience in these types of review activities. The Corporate Compliance Investigation can present significant risk to the corporation if not performed properly, and it is recommended that these be performed, at a minimum, under the direction of Counsel to maintain privilege, if appropriate. Audits and assessments should be performed by internal company personnel on a regular schedule, and, most companies can benefit from a third-party consultant performing these from time to time due to the fresh set of eyes that we bring to the table. Finally, unless you have personnel that are deeply knowledgeable of FDA inspection conduct, I strongly recommend using a third-party resource for Mock Inspections — these should be done periodically to keep your operation fresh, and can be extremely powerful training opportunities.