Audit Management has a rich and storied history. The word “audit” derives from the Latin word “auditus” which means “to hear.” Audits, conducted in a manner recognizable today, began in the early 15th century. Auditing was defined as the official examination of accounts and was conducted orally due to limited literacy. One can easily picture a tonsured monk, bent over his book of accounts, sweating and stressed while reciting his calculations to the abbot. Paradoxically, what 15th-century audits lacked in paperwork trails, databases, SOPs and CAPAS, they no doubt equaled in the amount of preparation and worry as contemporary compliance or quality control audits.
No longer restricted to the monastery or master chamberlain’s office—audits are now ubiquitous across all types of businesses and industries. In fact, audits are increasing in frequency, due to the rising tide of regulations and compliance mandates, especially in life sciences firms. However, regulatory compliance isn’t the only reason why life sciences firms should invest resources into audits, the results of effective audit management can significantly impact an organization's ability to produce a quality product or service.
Audit Management: Walking Through the Process
Overall, two human-centered processes make up what organizations define as “audit management.” These are “being audited” and “auditing.” This distinction is important because highly regulated sectors participate in both internal and external audits. “Auditing” is to document findings, develop reporting and reconcile responses. “Being Audited” is the provision to auditor(s) of requested assets and documentation as well as the management of the investigation and the resolution of issues including continuous improvement activities. Both processes require the parties involved to essentially conduct interviews, capture data, run reports and share findings.
There’s a cadence to audits; the scenario generally plays out thusly:
- The auditor visits the premises, or in the case of an internal audit, the audit is commenced.
- The auditor interviews staff, reviews SOPs and requests evidence that they are being followed.
- The organization provides documents, process verifications and evidence of actions.
- The auditor determines the “gap”—essentially the activities that the organization actually conducts verses the activities documented in their SOPs and other quality guidelines and processes.
- The organization is provided with an audit report. They then must take corrective action—which must be documented.
While—unlike our monk—they are not being subjected to a recitation of activities—auditees are burdened with a great deal of work to provide the auditor with the information they require. Data and documents are often scattered in multiple systems, emails, formats and versions across theorganization. The auditor is also charged with sifting through and analyzing a great deal of documentation (and/or lack thereof). As you can imagine, chaos often ensues, and the result is an unsatisfactory audit. This scenario often results from an organization’s lack of a formalized information management strategy and system for audit management related information and processes.
The Great Leap Forward: Enterprise Information Management
Audits are proving to be fundamental to organizational success. If one views audits as a management tool to be used to verify objective evidence of process, effectiveness and success, it is obvious that, firstly, they are crucial and secondly they are worthy of investment.
More and more organizations are investing in technology to support this endeavor. In fact, it’s arguable that the greatest change in auditing over the centuries has been the convergence of technology and the auditing process. Many organizations, particularly in life sciences have significantly simplified and improved their auditing processes by implementing enterprise information management (EIM). Operatively using an EIM system can take life science companies from an unmanaged place of folders, documents and emails to a controlled environment to manage content, processes, tasks and workflows so that they can be tracked and verified by auditors.
Originally posted by Chris Davidson on September 27, 2015