# Standard Operating Procedure: Internal Audit

| Document ID | SOP-004 |
|-------------|---------|
| Title | Internal Audit |
| Revision | 1.0 |
| Effective Date | [DATE] |
| Author | [AUTHOR] |
| Approved By | [APPROVER] |
| Department | Quality Assurance |

---

## 1. Purpose

To establish a process for conducting internal audits to verify compliance with the Quality Management System, pediatric research regulations, and study protocols, and to identify opportunities for improvement.

## 2. Scope

This procedure applies to:
- Planned audits of QMS processes and procedures
- Study-specific audits of pediatric clinical trials
- Site audits of research facilities
- Supplier/vendor audits (if applicable)
- For-cause audits triggered by quality concerns
- Pre-study readiness assessments

## 3. Definitions

| Term | Definition |
|------|------------|
| Internal Audit | Systematic, independent examination of activities and documents |
| Auditor | Qualified individual conducting the audit |
| Auditee | Individual or department being audited |
| Audit Finding | Observation of noncompliance or deficiency |
| Observation | Opportunity for improvement not constituting noncompliance |
| Critical Finding | Issue that poses immediate risk to child safety or data integrity |

## 4. Responsibilities

### 4.1 Quality Assurance Manager
- Develops annual audit program
- Selects and qualifies auditors
- Reviews and approves audit reports
- Tracks corrective actions
- Reports audit results to management
- Ensures pediatric-specific requirements audited

### 4.2 Auditors
- Conduct audits per plan and procedure
- Maintain independence and objectivity
- Document findings accurately
- Verify corrective actions
- Maintain confidentiality
- Understand pediatric research regulations

### 4.3 Auditee
- Cooperate with audit activities
- Provide requested documentation
- Respond to findings within timeframe
- Implement corrective actions
- Verify effectiveness

### 4.4 Management
- Support audit program
- Provide resources for corrective actions
- Review audit summaries
- Address systemic issues

## 5. Procedure

### 5.1 Annual Audit Program

1. Quality Assurance develops annual audit schedule considering:
   - All QMS processes audited at least annually
   - Risk-based prioritization
   - Previous audit results
   - Regulatory inspection history
   - Active pediatric studies
   - Changes to regulations or processes
   - Sponsor/customer requirements

2. Audit schedule includes:
   - QMS processes (Document Control, CAPA, Training)
   - Clinical operations (protocol compliance, safety reporting)
   - Regulatory affairs (submissions, communications)
   - Data management
   - Pediatric-specific processes (assent, parental permission, age-appropriate procedures)

3. Schedule approved by management

4. Schedule flexible to accommodate for-cause audits

### 5.2 Auditor Qualification

Auditors must demonstrate:
- Knowledge of QMS standards and regulations
- Understanding of pediatric research regulations (45 CFR 46 Subpart D, 21 CFR 50 Subpart D, ICH E11)
- Current GCP certification
- Audit training completion
- Independence from audited area
- Previous audit experience (for lead auditors)

### 5.3 Audit Planning

1. Assign auditor(s) and lead auditor

2. Ensure auditor independence (no audit own work)

3. Develop audit plan including:
   - Audit objectives and scope
   - Areas/processes to be audited
   - Audit criteria (regulations, SOPs, protocols)
   - Audit dates and estimated duration
   - Personnel to be interviewed
   - Documents to be reviewed
   - Special pediatric considerations

4. Notify auditee at least 2 weeks in advance (except for-cause audits)

5. Request documents for pre-review:
   - SOPs and work instructions
   - Training records
   - Study protocols and amendments
   - Informed consent/assent documents
   - Safety reports
   - Regulatory correspondence

### 5.4 Audit Execution

#### 5.4.1 Opening Meeting
1. Introduce audit team
2. Confirm audit scope and schedule
3. Explain audit process
4. Answer questions
5. Establish logistics (workspace, access)

#### 5.4.2 Document Review
Review documents for:
- Compliance with regulations and SOPs
- Completeness and accuracy
- Proper approvals and signatures
- Traceability
- Pediatric-specific requirements:
  - Age-appropriate consent/assent forms
  - Proper parental permission
  - Adherence to 45 CFR 46.408 categories
  - Pediatric safety monitoring
  - Growth/development assessments

#### 5.4.3 Interviews
- Interview key personnel
- Assess knowledge of procedures
- Verify training on pediatric requirements
- Evaluate understanding of child protection principles
- Assess competence in age-appropriate communication

#### 5.4.4 Observation
- Observe processes in action where possible
- Assess compliance with procedures
- Evaluate facility suitability for pediatric research
- Assess child-friendly environment

#### 5.4.5 Finding Documentation
For each finding, document:
- Specific noncompliance or deficiency
- Regulatory or procedural reference
- Objective evidence
- Risk level (Critical, Major, Minor)
- Location and date observed

Critical findings (immediate child safety risk):
- Report immediately to management and Principal Investigator
- Document interim actions taken
- Escalate per safety procedures

### 5.5 Closing Meeting

1. Present preliminary findings

2. Discuss observations

3. Clarify any misunderstandings

4. Establish timeframe for corrective action response

5. Thank auditee for cooperation

### 5.6 Audit Report

1. Lead auditor prepares audit report including:
   - Executive summary
   - Audit scope and criteria
   - Areas audited
   - Documents reviewed
   - Personnel interviewed
   - Findings (Critical, Major, Minor)
   - Observations (opportunities for improvement)
   - Positive practices noted
   - Conclusion and overall compliance assessment

2. Report issued within 10 business days

3. Report distributed to:
   - Auditee
   - Auditee management
   - Quality Assurance Manager
   - Executive management (for critical findings)
   - Principal Investigator (for study audits)

### 5.7 Corrective Action Response

1. Auditee submits CAPA response within:
   - Critical findings: 3 business days
   - Major findings: 10 business days
   - Minor findings: 15 business days

2. Response includes:
   - Root cause analysis
   - Immediate corrective actions
   - Long-term preventive actions
   - Responsible person
   - Target completion date
   - Effectiveness verification plan

3. Quality Assurance reviews and approves response

4. If inadequate, response returned for revision

### 5.8 Follow-up Verification

1. Auditor verifies corrective action implementation

2. Verification methods:
   - Document review
   - Follow-up audit
   - Process observation
   - Records sampling

3. Verify effectiveness of actions

4. Document verification results

5. Close findings when satisfactorily addressed

6. If not effective, finding remains open and escalated

### 5.9 Audit Metrics and Reporting

Quality Assurance tracks and reports:
- Audits completed vs. planned
- Findings by type and severity
- Open vs. closed findings
- Overdue corrective actions
- Trends by area/process
- Repeat findings
- Pediatric-specific findings trends

## 6. Special Considerations for Pediatric Research

### 6.1 Assent and Consent Verification
- Review sample informed consent/assent forms
- Verify age-appropriate language
- Check IRB approval documentation
- Verify version control and participant records match
- Confirm proper signatures obtained

### 6.2 Pediatric Safety Monitoring
- Review adverse event documentation
- Verify growth and development monitoring
- Check pediatric-specific assessments completed
- Review DSMB reports if applicable
- Verify expedited reporting timelines met

### 6.3 Participant Protection
- Assess child-friendly environment
- Review child abuse reporting procedures
- Verify staff training on child protection
- Check privacy protections for minors
- Review parental permission documentation

### 6.4 Age-Appropriate Procedures
- Verify procedures modified for pediatric population
- Check age-specific normal ranges used
- Review accommodation for family participation
- Assess minimization of participant burden

## 7. Related Documents

- FRM-006 Audit Checklist
- FRM-007 Audit Report Template
- SOP-002 CAPA
- SOP-PED-001 Pediatric Assent Process
- SOP-SAF-001 Pediatric Safety Monitoring

## 8. References

- ICH-GCP E6(R2) Section 5.19 (Monitoring and Auditing)
- 45 CFR 46.103 (Assurance of Compliance)
- 21 CFR 312.56 (Review of Ongoing Investigations)
- ISO 19011:2018 (Guidelines for Auditing Management Systems)

---

## Revision History

| Rev | Date | Description | Author |
|-----|------|-------------|--------|
| 1.0 | [DATE] | Initial release | [AUTHOR] |