Blog Writer

Enhance Patient Safety with Efficient PV Audit Program Management.

Kamila Erbanova
Kamila Erbanova
Auditing & Quality Assurance Manager

Kamila is the Quality Audit Lead at Arriello and is an ISO 9001:2015 certified Lead Auditor.

An enthusiastic GVP QA professional, she has an in-depth knowledge of GVP requirements and legislation, and extensive experience in implementing and managing PV Quality Management System processes, including PV QA auditing with Local PV Service Providers globally and Full PV System audits.

She also has experience with vendor qualification and management, PSMF maintenance, validation activities, and she is responsible for preparing CAPA plans and managing the CAPA process within Arriello.


Each year, companies spend time developing their PV audit strategies but creating a compliant PV audit strategy is not enough on its own, we must be able to deliver on what we have planned for.

Arriello’s Kamila Erbanova provides us with some practical tips for ensuring adherence to your strategic plan.

If you are still working on your audit strategy, I recommend having a short look at our PV Audit Strategy Guide.

Assuming that the audit strategy has been drafted and endorsed by upper management you will know exactly which audits, both internal and external (business partners and vendors), you need to conduct in the coming year. To ensure consistency, each of these audits needs to be planned, executed, and completed using a uniform process including the steps outline below.

1. Announce the intention to audit.

The first, and one of the most important steps in successfully managing your audit program is the timely announcement of the audit to the respective auditees. Even though many Pharmacovigilance agreements include the requirement to announce the intention to audit the third party 30 or 60 days prior to the audit, it is recommended to announce the audit at the beginning of the year, or even before, if your audit plan has already been finalized. Whether the audit is planned to be conducted in Q1 or Q4, the sooner the audit is announced, the higher the assurance that the audit will happen as planned.

Third parties and service providers tend to receive many audits throughout the year, and they can often be overbooked with audits from other clients or partners, causing difficulty in scheduling audits that have been announced late and possibly leading to audits in your plan requiring rescheduling, also causing issues with resourcing on both sides.

It is important to inform all auditees of auditing intentions as soon as possible, agreeing a specific time that they can reserve for your audit. This will result in a lower number of rescheduled and postponed audits in your audit program.

If you outsource your audit program, it is important to ensure that your partner schedules your audits as early as possible, making sure that audit strategy execution is as efficient as possible.

2. Feasibility questionnaire.

If you want to be very efficient with audit program management, sending out some sort of feasibility questionnaire, together with the initial announcement is the best way to achieve this. Agree with the auditee how you will organize sharing of documents prior and during audit, get information regarding the language of their documentation, and if this is not English, discuss the possible translations or reach out to your audit service provider to propose an auditor with relevant language skills.

Ask also about the auditee’s staff language skills and agree translations for interviews, if necessary. Understand whether their system is paper based, or electronic.

In some cases, where the auditee only keeps hard copy documents, an on-site audit might be required. If the audit is remote, you can also enquire about any IT restrictions they might have in place and agree on the best and most feasible tool to be used for the audit interviews. You want to make sure that the auditee can use cameras, and share documents on screen, if requested by the auditor.

You can also read more about the challenges of remote auditing in our guide on Accelerating the future of Remote Auditing.  

3. Understand the scope.

Prior to assigning the right auditor, it is crucial to know what processes, vendors, and partners will be audited. Are you planning a full PV system audit? Or an internal audit of an EU QPPV function? Or a process audit, focused on signal management activities? And what type of business partners or vendors will you need to audit?

What are their responsibilities as per the effective agreements in place and what is their regional coverage? Is it a for-cause audit, with a focus on a particular risk? Answering the above questions will help you in identifying the right resources for conducting each audit.

4. Identify resources.

When you have identified the scope of the planned audit, you can proceed with identifying the right resources for performing these audits. Based on the complexity of the audit, decide if two auditors are required for any particularly “heavy” audits.

  • Do you need any special skill sets or expertise for some of the vendor audits?
  • What is the geographical reach which your auditors should have?
  • Do you have the resource availability and necessary experience internally, or will you need to reach out for external support?
  • Are your internal auditors truly independent of the system they need to audit?

Assigning the right auditor is crucial in making sure that the audit objectives are met, and that there is also added value from the audit for the auditee and the overall PV system.

5. Select auditors.

When the scope of the audits, the expertise required, the specific local legislation experience, language skills, and other special requirements are all understood, you can proceed with selecting the right auditor for each audit in your program.

Following the responses from the feasibility questionnaires, mentioned in step two, and confirmation of the proposed dates for the audits with the respective parties, it will also be clear which audits need to be conducted on-site and which will be performed remotely.

With all this information, matching the best auditor, who has the required qualifications and is available for the proposed dates agreed with the auditee, will not be difficult, particularly when dealing with internal resources.

However, as we all know, it is not always possible to resource all audits internally. Matching the external resources with the required qualifications and availability is more challenging.

At this point, having a single point of contact at your disposal from your audit service provider is key to smooth and efficient coordination and selection of external auditors. The single point of contact knows precisely which of their auditors are best suited to perform which audit, has a clear picture of their overall availability, and can provide several resourcing options, if required.

6. Confirmation, performance, and close-out of the audits.

Once you have assigned the auditors and confirmed the audit dates, your audits for the next year can now all be successfully booked in the respective calendars. For each audit in the audit program, ensure that the preparation is completed well in advance.

It is essential for the auditor to collate necessary documentation for review prior to the audit, to ensure that the interviews are targeted, and any potential risks are identified prior to the audit interviews, to achieve a truly risk-based audit. If the audit is on-site, book the accommodation and make any travel arrangements as soon as possible, to minimize the costs. Furthermore, it is important to think about resource back-up options, where an external audit service provider can come in very handy.

For a smooth conduct of the audit, keep close contact with the auditee to ensure all logistics, such as usage of the right tools for remote audit, and for on-site audits a smooth arrival at the site. Following a closing meeting, an audit report will be drafted by the auditor.

It is best practice to have the audit report peer reviewed, and a final version provided to you within timelines as per the applicable procedures. Ensure that the timelines for all audit steps in your procedure, including escalation of Critical findings, are realistic and feasible.

Finally, all observations from the audit shall be managed through a CAPA process, with assigned unique IDs, so that those can be tied back to the audit, and their effectiveness can be reviewed during the next audit.