Although audits, assessments and corporate compliance investigations are not something most executives get excited about, they are critical to ensuring your FDA-regulated business is ready for any and all types of review by the FDA, Department of Justice or other regulator. Audits, Assessments, Corporate Compliance Investigations and (one additional item) Mock Inspections are generally defined as follows:
- Audit: A formal, often-privileged, structured, in-depth review of a company’s regulated operation for the purpose of determining deficiencies and deviations from established and understood regulatory standards. Audits are often “scored” for purposes of determining performance of an operation against accepted standards.
- Assessment: A formal, not-privileged, and loosely structured review of a company’s regulated operation for purposes of determining issues, deviations from regulatory standards, opportunities for improvement, best practices and readiness for audit or inspection.
- Corporate Compliance Investigation: A for-cause investigation, generally performed at the direction of the Company CEO, General Counsel, or Chief Compliance Officer, possibly subject to privilege if authorized and executed properly, and focused on confirming, or disproving, allegations of illegal conduct or violations of a company’s code of conduct, procedures, policies or other mandates. Corporate compliance investigations must conform to the highest standards of critical review to ensure discretion, confidentiality, comprehensive assessment and legal analysis are performed properly.
- Mock Inspection: An audit performed by someone posing as an FDA Investigator for the purposes of determining operational readiness for a real FDA or other health authority inspection. Mock Inspections are both a readiness and training tool and provide significant value to an organization when performed properly.
Each of the foregoing can vary in intensity and rigor in accordance with the needs of the organization. Depending on the amount of time spent, each of these can be more or less rigorous (and correspondingly more or less expensive) depending on what level of risk and confidence each organization possesses.
For small and medium-size organizations seeking to proactively assess compliance, Compliance Architects® recommends a three-day review activity. For medium to large size organizations seeking to proactively assess compliance, we recommend a week to two-week review activity. Where corporate compliance investigations are indicated, specialized planning and cooperation with the Chief Executive and counsel are typically indicated.