The purpose of an audit is to review, inspect, and verify the integrity of data collected, the adherence to research protocols, the compliance with institutional, state and federal regulations and guidance, and to ensure the ethical conduct of human subject research. Most audits involve the inspection and review of informed consents, documentation of the consenting process, regulatory records, source documentation, reported data, and if applicable, drug accountability records and storage temperature logs. Internal Standard Operating Procedures (SOPs) for conducting human subjects research may also be requested and provided to the auditors as well as copies of the research team’s credentials and documentation of training to ensure the appropriate delegation of specific research tasks. There are different types of audits: FDA, sponsor, routine monitoring visits or internal audits which will all have similar research protocol information examined and evaluated.
Types of Audits
- Internal, Not-For Cause or For-Cause Audit
Internal audits are conducted through the Office of Clinical research to ensure Good Clinical Practice (GCP) standards are being met and followed. The Office will communicate with the research team if a study is scheduled to be audited. Selection for a routine audit is not an indication that there is a known or suspected compliance issues. All studies are eligible for routine audits.
As part of the George Washington Office of Clinical Research (GW OCR) and the GWU Human Research Protection Program, for-cause audits are conducted when there are discrepancies in data, or concerns about possible noncompliance or the conduct of the study by the Principal Investigator. For-cause audits can be initiated various ways, including by the sponsor, a subject, or a report to the Office of Regulatory and Compliance or the OCR. A for-cause audit conducted by George Washington University will have the same items reviewed similar to those conducted during a routine audit as well as a root cause analysis of conduct within the study. The FDA can conduct a full audit if any complaints are brought to their attention.
According to federal regulatory requirements, the Office of Regulatory and Compliance and the Office of Clinical Research may request a for-cause audit to:
- respond to any unanticipated problems involving risks to participants or others;
- investigate whether or not serious or continuing noncompliance with federal and IRB policies is occurring;
- determine if suspension or termination of the protocol is needed; and
- to identify what required remedial actions are required by the Principal Investigator (PI) to remedy the problems identified by the audit [(45 CFR 46.113), (21 CFR 56.113) & (38 CFR 16.113)].
Additionally, the for-cause audit may be used to determine if further information is required to be submitted at the time of continuing review from an independent source to verify the ongoing safety of a protocol and to assist the Institutional Review Board (IRB) in the decision as to whether the protocol requires more than an annual review. The audit report will be sent to the Dean of Clinical Research and it will be determined if the study should continue to be conducted under current practices discovered during the for-cause audit.
The Office of Regulatory and Compliance will reach out the day before the for-cause audit is to take place, notifying research staff as to the reason why an audit is going to take place and the documentation that is required to be provided to the auditors for inspection and verification.
As part of the George Washington Office of Clinical Research (GW OCR) and the GWU Human Research Protection Program, not-for-cause audits are conducted to review all research which is conducted at GWU or where GWU is a clinical site. The not-for-cause audit will help to identify areas of concern and will also ensure that all staff involved in clinical research record keeping are aware of the relevant requirements and ensure efficiency, compliance and professionalism in the conduct of clinical research.
The aim of a not-for-cause audit is to take a proactive approach and inspect the regulatory elements of the research and address any areas for potential non-compliance to ensure the ethical conduct of human subjects research and adherence to applicable institutional policies, state and federal guidances and regulations. The objective of a not-for-cause audit are:
- To evaluate if research record keeping is consistent with applicable clinical research compliance requirements.
- To identify any areas of concern within the clinical research record keeping.
- To identify areas of concern regarding informed consent and data collection practices
- To identify gaps or areas for future training.
- Sponsor Audit
Sponsor audits can be initiated due to compliance concerns and are often conducted before a potential FDA audit. A follow-up report is not generally shared by the sponsor, but they will have a monitor follow-up with the site on any issues that were noted during the audit.
- FDA Audit
Any studies submitted to the FDA under an IND (Investigational New Drug), IDE (Investigational Device Exemption), or NDA (New Drug Application) are subject to be inspected and audited by the FDA so that inspectors can ensure the integrity and quality of the information submitted to them. Pivotal trials that are instrumental in the attempt to prove the safety and efficacy of a product for FDA approval are more likely to be not-for cause audited. Sites are often contacted with minimal notice by the FDA inspector, however the FDA has the authority to conduct an unexpected audit at any time. FDA findings can include protocol noncompliance, failure to appropriately obtain informed consent, untimely reporting of SAEs to sponsors and IRBs, enrollment of ineligible subjects, inappropriate delegation of research tasks to non or under-qualified research staff and failure to update or list all sub-investigators on the 1572. The findings will be discussed with the research team at the conclusion of the audit visit. The FDA inspector will then send the audit findings to headquarters and an official letter will be sent to the principal investigator. The official letter will have detailed information as to whether a response from the investigator is warranted or if any other action will be required.
Preparation for an Audit
Operationally, you should always be in a state of being “audit ready”. Those involved in research at GWU should always be prepared for a potential audit as well as be aware of proper audit etiquette and present themselves in a calm and professional manner. It is crucial that there are written, approved, and enforceable institutional or departmental policies and SOPs for how the study team conducts human subject research as well as have present all appropriate credentials and adequate, well-documented training on key policies and processes.
A Document Request list will be sent with the Initial Audit Letter to aid the research team on outlining what documents should be present and made available for review. The Initial Audit letter will be sent to all key members of the research team, the Office of Clinical Research and department administrators and include the date, location, and tentative schedule of the audit.
To prepare for an upcoming audit, it is helpful to review all research charts, consents, regulatory documents and source documents for accuracy and completeness. This will allow the team to be prepared for any deviations that the auditors may note during their review. A room should be reserved in advance for the auditors, if possible.
All necessary research charts, medical records, access to electronic medical records and regulatory documents should available upon the day of the audit for inspection. All records and charts should be organized in a similar manner to allow for easy review. It is in the research team’s best interest to have everything as organized as possible, allowing for the records to speak for themselves.
During the Visit
When the auditors arrive, they should be escorted to a private area where the audit will be conducted and oriented to the location and organization of all pertinent documents and files. Key study staff should be available to answer question or address any concerns at the time of the visit and be available for the close out meeting at the conclusion of the audit when the auditor will go over key findings.
After the Audit
A follow-up report will be generated by auditors, allow at least two weeks for the receipt of the document. The follow-up report will have in writing the key findings, whether they were major or minor findings, and corrective actions. Depending on the nature of the audit and the findings, the report will be shared with the dean of clinical research, the office of research integrity, the office of clinical research and the IRB who will determine the next steps.
OCR Lead Audit Timeline
Depending on the type of audit, the timeline may vary.
For-cause audits: a letter will be sent to the Principal Investigator the day before an audit is to take place.
For Routine, not for-cause audits: a member of the GWU Regulatory Department will reach out 2 weeks to a month before an audit is to be conducted in order for research staff to prepare and have all members available, including the Principal Investigator.
It can take anywhere from a day to a week to complete a full audit depending on the amount of information provided to the auditors, schedules of research staff, and the number of available auditors.
Once an audit it complete, a thank you letter will be sent out within 24 hours of the audit. Please allow at least 2 weeks for a follow-up report to be generated and sent out detailing the findings and corrective actions. If more information is needed, the Regulatory and Compliance Office will reach out. Depending on the nature of the findings, the Office of Clinical Research, the Office of Research Integrity, and the IRB could be brought in to evaluate the gravity of the situation and will notify research staff what the next steps are.