1. INTERNAL AUDIT AND
DOCUMENT RETENTION
Guided By :
Prof. G. B. Patil Sir
Department of Quality
Assurance
Presented By :
Sanchita S. Mahale
Department of Quality
Assurance
H. R. Patel Institute of Pharmaceutical Education And
Research, Shirpur.
2. CONTENT :
INTERNAL AUDIT
Introduction
Definition
Objectives of Internal Audit
Difference Between IA & EA
Role of Internal Audit
Need of Internal Audit
Principle of Internal Audit
Approaches of Internal Audit
Planning of IA & Audit Program
Audit evidence
Report writing & audit report
Benefits of Internal Audit
DOCUMENT RETENTION
Storage And Retention of
Documents
Retrieval of Documents
Conclusion
References
25/09/2014 1
4. INTRODUCTION1,2,3 :
To monitor process of cGMP a system is required & this is possible
only through a well designed & implemented quality audit system.
Audits are designed to seek out any shortcomings in the
manufacturing activities that may result in non-compliance with
the standards laid down by regulatory agencies as well as in-house
specifications.
25/09/2014 INTERNAL AUDIT 3
5. Quality Audit :
“A systematic and independent examination to determine
whether activities and related results comply with planned
arrangements, and whether these arrangements are
implemented effectively and are suitable to achieve the desired
objectives”
The quality audit system may be classified in different categories.
1. Internal Audit
2. External Audit
3. Regulatory Audit
25/09/2014 INTERNAL AUDIT 4
6. DEFINITION1 :
INTERNAL AUDIT :
‘Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an
organisation's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management,
control, and governance processes.’
-The Institute of Internal Auditors (IIA)
25/09/2014 INTERNAL AUDIT 5
7. Objectives Of Internal
Audit1 :
To assist the internal control system.
Review of organizational policies & their operations.
Verify the accuracy & authenticity of errors & faults.
Detection & prevention of errors & faults.
Safeguarding the assets.
Right disposal of assets.
Helps in smooth functioning of internal check systems.
Turns a ‘have to’ compliance culture into a ‘want to’
25/09/2014 INTERNAL AUDIT 6
8. Difference between Internal
and External Audit4 :
Sr.
No.
Internal Audit External Audit
1. Auditors' are part of the organization. Auditors are not part of the organization,
but are engaged by it.
2. Auditors focus on future events as a
result of their continuous review and
evaluation of controls and processes.
Primary mission of auditors is to provide
an independent opinion on the
organization's financial statements,
annually.
3. Independent from the audited
activities.
Independent from its client, the
organization, its independence being
specific to liberal professions.
25/09/2014 INTERNAL AUDIT 7
9. Sr.
No.
Internal Audit External Audit
4. IA regards all the aspects regarding the
organization’s internal control system.
EA regards the internal control system
only from the materiality perspective,
which permits them to eliminate those
errors that aren’t significant, because
they don’t have influences over the
financial results.
5. IA performs during the entire year. EA is an activity with a yearly
frequency, as a rule, at the end of the
year.
6. Internal audit is concerned about the
frauds from all activities from the
organization.
External audit is concerned only about
the fraud from financial areas.
25/09/2014 INTERNAL AUDIT 8
10. Role Of Internal Audit5 :
Role in Internal Control
Role in Risk Management
Role in Corporate Governance
Role in Fraud Detection
Role in Financial Reporting
25/09/2014 INTERNAL AUDIT 9
11. Need Of Internal Audit5 :
To ensure authenticity and
reliability of data generated.
To avoid duplication of data.
To verify the source, the
quantum and the reliability of
all records.
To ensure implementation of
control and continuous
monitoring of systems being
followed.
25/09/2014 INTERNAL AUDIT 10
12. Principles Of Internal
Audit5 :
Guidelines or standards for undertaking an IA Function.
The essentials of an internal audit are ;
a. Independence and Integrity
b. Terms of engagement
c. Strategy and approach
d. Planning of internal audit
e. Staffing and Training
f. Evaluation of Internal Systems
and Risk Assessments
g. Evidence and Analytical
Procedures
h. Report Writing, Presentation
and Follow-up
25/09/2014 INTERNAL AUDIT 11
13. Approaches To Internal
Audit5 :
Involve a combination of audit approaches and techniques.
These include ;
a. Interviews
b. Document Reviews
c. Sampling
d. Testing Of Controls
e. Analysis Of Transaction
f. Processes and Management Information.
25/09/2014 INTERNAL AUDIT 12
14. The audit approaches selected should be the most time and
cost-effective given the objectives and scope of the audit.
The aim is to collect sufficient, reliable, relevant and useful
evidence to enable the internal auditor to come to well-founded
conclusions about the program or activity under
review and to make appropriate recommendations.
25/09/2014 INTERNAL AUDIT 13
15. Planning of IA & Audit
Program5 :
Planning an internal audit selection of audit coverage, priority
of the internal audit and estimating resources of time and
costs for the entire internal audit function.
Internal audit planning generally involves:
• The internal audit strategy and
• An Internal Audit work plan.
25/09/2014 INTERNAL AUDIT 14
17. The internal audit work plan include:
1. Audit title
2. Functional and Operational Area to be covered
3. Director and manager responsible
4. Type and scope of internal audit
5. The benefit expected by the audit procedure
6. Resources allocation for the purpose of the audit
7. Proposed duration and timelines for completion
25/09/2014 INTERNAL AUDIT 16
18. The key stakeholders of internal audit :
Chief Executive
Board of Directors
Audit Committee
Senior management
External auditor
Other reviewers
25/09/2014 INTERNAL AUDIT 17
19. Audit Evidence5 :
Any information used by the auditor to determine whether the
information being audited is stated in accordance with
established criteria and to arrive at the conclusions on which
the audit opinion is based.
Internal Audit Evidence includes any data, information,
process flows, vouchers, bills, memos, contracts or
transactions.
25/09/2014 INTERNAL AUDIT 18
20. The internal audit evidence collected would be dependent on
the following:
1. Audit procedures to use –specific procedures should be
spelled out for instruction during the audit.
2. Sample size –how many items should be tested for each
audit procedure.
3. Items to select –determine which items in the population
should be selected.
4. Timing –timing can vary from beginning of the accounting
period to closure of it.
25/09/2014 INTERNAL AUDIT 19
21. Report Writing and
Audit Report5 :
Internal Audit reports should be accurate, objective,
constructive, clear, concise, and timely.
Each Audit Report should include an overall internal control
rating based on the audit findings.
Commonly accepted ratings are as follows:
i. Satisfactory
ii. Needs Improvement
iii. Unsatisfactory
25/09/2014 INTERNAL AUDIT 20
22. An Internal Audit Report should
ideally include the following :
1. Audit Name and Report Issuance Date.
2. Audit Report Addressee(s).
3. Report Distribution List.
4. Scope and Objective of the Audit.
5. Auditor’s Conclusions and Internal Control Rating.
6. Narrative overview.
7. List and detailed explanation of various findings.
8. Internal Auditor's Recommendation.
9. Management Response.
10. Target Completion Date.
11. Comment Owner.
25/09/2014 INTERNAL AUDIT 21
23. Benefits Of Internal Audit6 :
It identifies the areas for improvement and strengthening
controls
Understanding and assessing risks.
Ensuring proper and timely identification of problems to avoid
any big problem.
Continuous improvement.
Achieve better allocation of resources
25/09/2014 INTERNAL AUDIT 22
25. Storage And Retention of
Documents7 :
Except where legislation require longer retention periods, the
complete records pertaining to each batch, should be retained
for at least ONE year after expiry date of each batch.
OR
Where there is no expiry date, for SIX years after the date of
manufacture or batch.
Master documents should be properly secured against theft
loss and alteration of information.
25/09/2014 DOCUMENT RETENTION 24
26. Records may be retained on microfilms. The responsibility for
photo reduction should be delegated to specific person and
following procedures adopted.
i. Ensure that all documents have been photo reduced.
ii. Ensure that photo reduced copies showing all information
present in original documents.
iii. Ensure that all photo reduced records should be available
as readable.
iv. All the photo reduced records should be retained for
specified period of time.
Papers or films records should be stored to restricted access
area.
Records may be retained by computer storing systems.
25/09/2014 DOCUMENT RETENTION 25
27. Retrieval of Documents7
All the documents should be stored in such manner that their
retrieval is easy.
A total list (preferably alphabetical) of documents should be
made.
The list shows –name of document, location availability etc.
Retrieval of any important document should be possible only
on proper authorization.
The expired documents must be destroyed by QA manager
with proper records by a suitable method.
25/09/2014 DOCUMENT RETENTION 26
28. CONCLUSION :
Internal Audit Findings are the combination of observations,
recommendations and results that the internal audit team
collects in the course of audit and by the conclusion of the
investigation and audit.
The internal audit can help to identify, review, and provide
recommendations for key controls associated with the project.
Records should be kept for each delivery. They should include
the description of the goods, quality, quantity, supplier,
supplier’s batch number, the date of receipt, assigned batch
number and the expiry date.
Permanent information, written or electronic, should exist for
each stored material or product indicating recommended
storage conditions, any precautions to be observed and retest
dates.
25/09/2014 27
29. REFERENCES :
1. Manohar A. Potdar, “cGMP-current Good Manufacturing Practices for pharmaceuticals”,
Pharmaceutical Press, Page Nos. : 727 &728.
2. D. H. Shah, “Q A manual”, Business Horizons, First edition, pharmaceutical publisher, Page Nos. :
183-184.
3. Frank M. Gryna, Richard C. H. Chua, Joseph A. DeFeo, “Juran’s Quality Planning And Analysis – For
Enterprise Quality”, Tata McGraw Hill Education Private limited, Fifth Edition, Page Nos. : 520-522
& 526.
4. Atanasiu Pop, Cristina Boţa-Avram, Florin Boţa-Avram, “The Relationship Between Internal And
External Audit”, Page Nos. : 5 & 6.
5. J.K. Budhiraja, “Exposure Draft - Guidance Note On Internal Audit Of Pharmaceutical Industry”,
Page Nos. : 2-8, 13-20, 28-32,37, 57 & 60.
6. Elizabeth Prichard ,Vicki Barwick, “Quality assurance in analytic chemistry”, Willey publication, page
No. : 234.
7. Manohar A. Potdar, “Pharmaceutical Quality Assurance”, Nirali Prakashan, Second edition, Page
Nos. : 7.4 & 7.5
25/09/2014 28