On average, Kymanox conducts over 50 quality audits each year, the majority of which are supplier qualification audits or internal audits for our clients. We sat down with our auditing experts to determine in which areas of the auditing process could manufacturers improve. In this post, we explore six of the common mistakes seen in a CGxP quality audit and how our auditors recommend avoiding them.


1. Not Using Risk Management

In general, CGxP quality audits should be conducted every 1, 2, or 3 years depending on the type of audit and level of risk, while others can be done over the phone and via email (e.g., “paper” audit). For instance, an organization audits their Contract Manufacturing Organization (CMO) every 2 years, whereas their secondary packaging manufacturer is audited every 3 years. Some on-site audits are not necessary, and a simple risk assessment that is well documented can be a good substitute for a periodic on-site audit. Additionally, many suppliers are not permitting on-site audits, especially during the COVID pandemic, causing companies to pursue virtual auditing and increased risk monitoring. Kymanox employs risk management early in the audit planning process, saving a company both time and money. When implementing a risk-based approach to auditing, patient safety and product quality should be central to the strategy.


2. Using an Agenda or Checklist to Drive an Audit

An audit is a snapshot in time and a sampling process; it is imperative the materials reviewed and topics discussed are representative of the services provided by the auditee. To avoid missing critical information, Kymanox uses a detailed audit agenda or checklist as a guide on a wide array of audits. By reviewing the agenda prior to the audit and then referencing it occasionally during the audit, Kymanox is certain that no major matters are missed.

While agendas and checklists are useful tools for providing standardization to an audit program, sometime audits follow real-time data discovered during the audit. This “pulling the thread on the sweater” methodology, so to speak, works well for both Kymanox and our clients. Kymanox has found that a combination of a thorough audit agenda and the ability to follow audit findings in real-time results in the best outcomes for our clients. 


3. Inadequate Auditing Fundamentals Training

Even the best SOPs have little benefit without proper implementation and compliance, which is achieved through company-specific training. At Kymanox, we have conducted both train-the-trainer sessions and company-wide educational events that are customized and documented to fit your company’s requirements. We are committed to employing effective and motivational training techniques to help our clients have optimized programs. Some examples of training we have conducted include:

  • CGMP Annual Refresher 
  • Good Documentation Practices 
  • Investigations and Root Cause Analysis 
  • ISO 13485 – Medical Devices – Quality Management Systems
  • Data Integrity 


4. Lack of Planning and Preparation

The best audits are planned in advance, have a detailed agenda, and have significant pre-work completed prior to on-site arrival or audit execution. Kymanox meets with client product teams and SMEs to ensure the scope of services and products, areas of interest, and previous customer performance are evaluated during the audit. At Kymanox, we send audit notifications including detailed agendas and document requests. We also review company presentations, organizational charts, and master document indices in advance, when available. As real-time data is presented and based on actual audit findings, the audit may proceed differently than planned. Having a strategy and being prepared ensures a less stressful audit for everyone involved.


5. Findings are Not Categorized Properly

Delivering information regarding non-compliances is difficult, but one of Kymanox’s primary goals is to maintain integrity and prioritize issues based on the corresponding risk. Kymanox’s years of experience along with understanding of the current FDA, EMA, and other regulatory agency requirements ensures audit findings are categorized correctly. The four main categories are Critical, Major, Minor, and Recommendations / Opportunities for Improvement. If it is not certain as to which category a finding should be categorized, Kymanox uses a cross-functional, highly experienced team to act as a sounding board and provide appropriate direction based on recent agency responses to findings.


6. Time Management During Short Audits

The ability to complete reviews of the requested topics during the 1-2 day audit period can be a struggle from some auditors. Kymanox is skilled in risk-based tolerance, identifying issues that require further attention and understanding when non-compliance is not likely, in order to move on to the next topic in a timely manner. Any topics that are not able to be discussed during the audit are captured in the audit report to ensure they are reviewed during a subsequent audit.

You and your team are in great hands with Kymanox. For your next audit, be confident that the audit will be carried out to the highest standard. Kymanox provides turnkey global Quality Audit Services using our ASQ-certified personnel for your combination product, pharmaceutical, or medical device organization. Learn more about our services here.