When it comes to GCP audits and inspections, low-hanging fruit says a lot about the tree.

Welcome to the mind of an auditor/inspector. I’m going to share the thought process auditors and inspectors commonly use while reviewing job descriptions, CVs, and organizational (org) charts. Ensuring these documents are in tip-top shape is a no-brainer given the high odds they will be requested and reviewed. While establishing excellent processes for SOP and training documentation and maintenance can be complex, updating job descriptions, CVs, and org charts is perhaps one of the simplest processes within the quality system.

So why do we come across so many companies that do not have them updated? Many companies don’t understand or value the role of these documents in establishing compliance with ICH E6 R2, 2.8 which states:

“Each individual involved in conducting a trial should be qualified by education, training, and experience to perform his or her respective task(s).”

ICH E6 has long been globally recognized as the essential guide for GCP compliance. There is no regulatory body on Earth that does not require and/or expect that individuals conducting clinical trials to be qualified to perform their assigned duties. So how can we, as auditors and inspectors, be assured that your employees meet this requirement? We essentially do this through conducting interviews and reviewing CVs, job descriptions, and org charts in conjunction with SOPs and training records. We need to understand what each person is responsible for and why they are qualified. Then we assess their outputs.

Many employers and companies seem to believe that giving employees the right titles seals the deal and don’t worry too much more about it, given all the much more complex tasks, documentation, etc. they must focus on to ensure data integrity and patient safety. While this is understandable when companies must prioritize, leaving the low-hanging fruit untouched can lead to many a headache. It can create easily avoided issues and inaccurate perceptions. It opens rabbit holes that we feel compelled to crawl into and creates strings that we’ve been trained to follow.

Companies should have updated CVs and job descriptions for each employee. These should dovetail with the SOPs followed by the individual. For example, if an SOP states that the clinical operations manager is responsible for x, y, and z, the job description for clinical operations manager should include x, y, and z. Further, responsibility for x, y, and z should be included in the CVs of anyone who has the title of clinical operations manager. Sounds simple, right? Yes, but lack of coordination of these items is something we see over and over again.

In my experience, the five most common issues related to CVs and job descriptions are:

1. Employee positions at the company being audited or inspected are not included in CVs.

I’ve heard various justifications for this, including that the company did not want to make it too easy for their employees to send out their CV when contacted by a recruiter. They felt that if the employee had to take the time to update the CV, they might be discouraged from providing it. Of course, many times, the company does want/require the current position to be added; however, the employee has not updated their CV. I’ve seen quite a few CVs where the most recent position was more than 10 years ago. How are we supposed to know what that person was doing for the last 10 or more years? For example, if an employee was a data management associate 10 years ago and now is the director of IT, we cannot understand how that happened and why they are qualified to be the director of IT.

2. Position and experience descriptions on CVs do not match the corresponding job description.

Lack of coordination between the CV and job description can be particularly concerning when an employee has a primary function but also oversees other seemingly unrelated areas. For example, in many companies, directors and senior directors oversee various departments. If the director of clinical development also oversees data management according to their job description, yet this is not reflected in their CV, the next step we may take is to search within their CV for data management experience. If it’s not there, we take an even deeper look at that individual’s training records. Hopefully, we will see adequate training in data management regulations and processes that, coupled with their management and overall industry experience, provides appropriate justification for the role they have been given. It’s surprising how many times evidence that the director of clinical development is adequately experienced and trained to oversee data management is missing. This is a red flag that leads to a closer focus on data management to ensure all is in order. Further, if SOPs are unclear as to who is responsible for overseeing data management, the entire picture begins to appear disorganized.

3. CVs do not reflect the level of experience expected given the employee’s job title.

This is a similar, tricky one, especially for smaller companies. Perhaps you have a sharp employee who can take on additional responsibilities. They are a fast learner and do excellent work. Why not promote and train them to take on increasing responsibilities and new tasks? Of course, this is a great approach. However, in these scenarios it’s important to ensure that the employee’s CV somehow reflects why they are responsible for all these new and higher-level tasks you’ve entrusted them with. This is especially important if the new tasks are not at all closely related. For example, perhaps a senior admin was promoted to senior manager of IT. This jumps out at us as odd, and you should expect to be questioned. Perhaps the explanation is that the senior admin was actually working with the IT group for the last three years and this wasn’t reflected in her CV. Or perhaps she just completed a master’s degree that somehow supports this move. Lastly, perhaps on the side, she has been working with another company doing IT work for five years or builds computers at home as a hobby, has written a book about it, and has been trying to move into IT. Whatever it is, it needs to be explained. If there is no explanation, the rabbit hole opens wider. We think it’s best to take a serious look at IT in this company. Why is IT being managed by someone who has been an admin to the VP of finance for the last 10 years?

Responding to Clinical Observations: Developing Robust Audit & Inspection CAPAs

Don’t find yourself prepared for your audit or inspection then unprepared for the aftermath.  This course will teach you how to use  SMART (Specific, Measurable, Achievable, Results Oriented, and Time-Bound) goals as a framework to draft submission-ready CAPAs that not only adequately address observations, but also make sense for your organization.

4. The roles and responsibilities documented in in the job descriptions do not correspond with those included in SOPs.

I often see a mismatch between roles and responsibilities documented in job descriptions versus SOPs. A common response is that the SOP includes “or designee.” While this is a good practice, it should be clear who is generally responsible for process aspects and steps. The “or designee” is theoretically supposed to capture situations where a backup is needed, or perhaps a direct report of the person responsible completes the task. If an SOP states that the director of clinical development or designee is responsible for steps 1 through 10 and we learn that steps 1 through 5 are completed by the manager of IT and steps 6 through 10 are completed by the director of human resources, questions surface, and a rabbit hole opens. If, however, the steps are completed by the manager of clinical development, who reports to the director, we move on.

5. Job titles throughout the documents do not match.

If a job description is for the Manager, Regulatory Affairs and the CV includes the title of Manager of Regulatory Affairs, we notice this but will likely not comment; however, if the job description includes the title of Manager 5, Regulatory and Medical Affairs, there will be a question. If we then review the company org chart and find Manager 3, Regulatory and Medical Affairs, and the business card in front of us includes the title of Manager 2, Regulatory Affairs, we’ve already decided there’s most likely a finding in all of this and will want to know how all of these documents are managed and by whom. We’ll want to get clarity on what exactly this person is responsible for and take a closer look at their experience and training. What if we then find that they have completed required training for regulatory but not medical affairs tasks? We need an explanation.

The items above are real examples intended to relay how an auditor/inspector’s mind typically works and why these documents are important in not only assuring that employees are qualified to perform their assigned tasks but also how these aspects of the quality system are managed. These are often the first documents looked at during audits and inspections. It helps us to better understand how the company and/or organization is structured, who is involved in what aspects, who they may be speaking with later, and also what type of quality systems is or isn’t in place. The goal is to hopefully get this out of the way, so we can move on to all of those data integrity and patient safety-related aspects that you worked so hard to prepare.

The five scenarios above can drag out the early focus on this low-hanging fruit and create rabbit holes that target a deeper dive into areas of data integrity and patient safety. They can create a negative first impression and set the tone for the rest of the audit/inspection. Sometimes companies get the idea that the disconnects noted in job descriptions, CVs, and org charts will be overlooked or discounted once we see the stellar compliance of all the truly important stuff. However, this in itself suggests a particular mindset that raises a red flag.

Don’t let the low-hanging fruit get rotten while trying to figure out how to pick the fruit that requires a more complex process to reach. It’s all fruit. Issues at the bottom can make the entire tree look ill.

About The Author:

Penelope Przekop, MSQA, RQAP-GCP, is a quality management systems, assurance, and compliance consultant with 25+ years of experience in pharmaceutical GxP global quality systems with a key focus on clinical development, data management, and pharmacovigilance. Her areas of expertise include quality systems, quality assurance, regulatory compliance, inspection readiness, training, and strategic planning.

Przekop earned a B.S. in biological sciences from Louisiana State University and an M.S. in quality assurance/systems engineering from Kennesaw State University. She has held leadership positions in both Big Pharma and CROs, including Johnson & Johnson, Wyeth Pharmaceuticals, Novartis, and Covance.

Leave a Reply