Study protocols are selected for internal audits following a risk-based approach, random selection, and directed for-cause audit requests from compliance offices and leadership.
Audit Types
For-Cause Audits: Audits requested by the IRB Committee, IRB Chair, the HSPP Director, senior leadership or anyone who reports concerns about the conduct of research activities generally related to reported or suspected noncompliance.
Investigator-Initiated Audits: Audits requested by investigator or study team to ensure continuing compliance.
Routine Wellness Check: Reviews that are part of the University of Arizona plan and schedule.
Audit Findings
Critical Findings: Immediate Risk to Safety, Compliance, or Integrity
Major Findings: Significant System Failure or Regulatory Nonconformity
Minor Finding: Isolated Gap or Procedural Deviation
Observation: Noteworthy Condition Requiring Monitoring
Audit Visit Expectations:
Visits are conducted in person and/or remotely. Auditing activities are performed in accordance with the established plan to confirm compliance with the study protocol, regulatory and institutional requirement and in accordance with Good Clinical Practice (GCP) guidelines as applicable.
Scheduling Visits:
Once a study is selected or identified, the auditor will send a notification to the investigator and study team with appropriate advanced notice via email. The study team is expected to respond to the notification email within two (2) weeks of notification receipt to schedule or confirm the date(s) and confirm availability of sufficient space for the visit.
Visit Preparation:
The study team is expected to reserve necessary space for auditor(s) for in-person visits; grant auditor(s) access to electronically stored study systems (OnCore, REDCap, UA Box Health, encrypted data storage system, etc.); and schedule a meeting with the PI, auditor, and key study staff.
At the conclusion of the visit, the auditor will meet with the PI and key study staff for a close out meeting. The auditor will answer any questions and will present the preliminary audit finding to the t PI and study team. The auditor will provide recommendations and educational support on record retention and documentation, and other compliance related issues.
Audit Visit Follow-up:
The auditor will complete a formal internal audit summary report and will provide a copy to the PI and study team within two (2) weeks of completion of the visit. A Reportable New Information submission along with a CAPA plan may be requested.
The auditor will promptly report observations that raise the level of potentially serious and/or continuing non-compliance and/or other events that involve risk to subjects or others to the IRB and appropriate regulatory committees.
Audit Ratings
Acceptable: No significant deficiencies identified. Site demonstrates adequate compliance with protocol and regulatory requirements.
Acceptable with Recommendations: Minor deficiencies identified that require corrective action, but do not compromise subject safety or data integrity.
Needs Improvement: Major deficiencies identified requiring immediate corrective action. Continued participation may be at risk if issues are not resolved.
Unacceptable: Critical deficiencies pose immediate risk to subject safety, data integrity, or regulatory compliance. Site closure or significant remediation required.