IU Research Compliance Audits (internal to the University) are conducted by CRCO staff, either a Human Subjects Research Auditor or Quality Assessment and Improvement Officer. These audits are conducted in accordance with the IU Standard Operating Procedures for Auditing Human Subjects Research and are categorized as either for-cause (directed) or not-for-cause (scheduled) which are described below:
- For-cause (directed): Audits that are directed by an IRB, IRB Chair, the Director of the Human Research Protection Programs, or Executive Director of Research Compliance in circumstances that require an on-site record review generally related to reported or suspected noncompliance.
- Not-for-cause (scheduled): Part of the IU Human Subjects Research Audit Plan and Schedule. The criteria used to select studies for a not-for-cause audit include the following: 1) clinical studies opened by a new PI or an existing clinical study that has been transferred to a new PI, 2) the PI holds the Investigational New Drug (IND) or Investigational Device Exemption (IDE), 3) involve factors that indicate study subjects may be at increased risk (i.e. PIs with a high volume of studies with minimal or no external oversight, inclusion of vulnerable populations, past or present subject safety or noncompliance issues, involvement of investigational drugs or devices). Investigators may also request to be on the schedule for a not-for-cause audit to ensure continuing compliance in their research studies by contacting the CRCO office. CRCO staff members make every effort to include these requested audits on the schedule, but do have to prioritize based on current workload and risk assessment. Participating in a scheduled audit can provide valuable education for all research staff as well as principal investigators. It is also an excellent opportunity to prepare for any anticipated external audits.
There are several different entities who may audit research studies. These include the sponsor or sponsor designee and federal agencies such as the Food and Drug Administration (FDA) and Office of Human Research Protection (OHRP).
Most audits, regardless of type, generally follow a similar process as described below:
- Site notification: Investigator is notified that the audit will be conducted. Details of when, where, who and what are established.
- Site and auditor preparation: The time between notification and the visit should be used by both the site personnel and auditor to prepare for the visit. For site personnel, this would mean ensuring all records are available and organized for the auditor. The auditor reviews available study information (protocol, amendments, etc).
- Site visit: The auditor meets with appropriate research team members for orientation of the records and processes. The auditor conducts the review of the specified research records, conducts interviews of involved staff (as appropriate) and asks questions as they arise. A closeout meeting with appropriate study staff is conducted. Any findings are presented and the research team is encouraged to ask questions or clarify the information presented.
- Audit report: A report containing any findings is later sent to the investigator at which time a response is usually required.
The best way to prepare for an audit is to ensure compliance from the beginning of the study and then perform periodic self-audits. It should be verified that all members of the research team are appropriately educated in research compliance initially and on an ongoing basis (maintaining all training documentation, either general or study specific). All documentation related to the research should be organized and easy to follow. All records relating to a particular research subject must have an audit trail (documentation that allows reconstruction of the course of events relating to creation, modification and deletion of data).
Upon notification of the audit, as much as possible, ensure the intent and expectations of the audit are known so that preparation can be done accordingly. Make sure to inform all applicable involved parties of the details of the upcoming audit (i.e., research team, IU Human Subjects Office or Clinical Research Compliance Office, investigational pharmacy, laboratory, etc). If time permits, complete a self-audit of the records to identify any potential issues that can be rectified prior to the audit.
It is expected that most studies will have at least a few items requiring some amount of attention after an audit. Any issues related to protocol deviations or noncompliance should be handled according to institutional policies and procedures. CRCO staff will be able to offer guidance in reporting these issues if they arise.