Trends in Internal Audits for Virtual Trials

Posted on digi By digi

Trends in Internal Audits for Virtual Trials

Published on 22/12/2025

Emerging Trends in Internal Audits for Virtual and Decentralized Trials

Why Internal Audit Strategies Must Evolve with Virtual Trials

Virtual or decentralized clinical trials (DCTs) are transforming the research landscape by replacing or supplementing traditional on-site activities with digital tools. While this enhances patient access and operational efficiency, it introduces new challenges for internal quality assurance teams—especially in planning and executing internal audits.

Unlike conventional audits that focus on physical documentation, face-to-face consent, and on-site PI oversight, audits in virtual trials must navigate electronic platforms, remote source data verification, and decentralized workflows. As a result, QA professionals must adapt audit checklists, SOPs, and risk assessment models to reflect the realities of hybrid and site-less models.

Regulatory authorities such as the FDA and EMA have recognized the shift and emphasized the importance of data integrity, participant safety, and audit traceability in these digital ecosystems.

See also  Using CAPA Systems to Address External Audit Issues

Audit Planning in the Era of Decentralized Operations

Internal audits for DCTs require a reimagined planning process. Key considerations include:

  • Digital Platforms: Identify all eClinical systems in use—eConsent, ePRO, eCOA, telemedicine portals, etc.
  • Data Sources: Determine where source data originates—patient mobile apps, wearable sensors, home nurses
  • Personnel Roles: Clarify
responsibilities when site activities are distributed (e.g., home nurses vs PI)
  • Accessibility: Ensure auditors have access to virtual systems, role-based permissions, and training

    • Pre-audit questionnaires and technology walkthroughs should be part of audit initiation. Where feasible, hybrid audit models can combine remote data review with physical visits for pharmacy or sample storage inspections.

    Common Internal Audit Findings in Virtual Trials

    As virtual trials grow, certain themes are emerging in audit observations:

    • Incomplete eConsent records: Missing timestamps, unverified identity, or version mismatches
    • PI oversight gaps: PIs unaware of remote activities delegated to third parties
    • Data integration issues: Wearable or app data not syncing with EDC, affecting traceability
    • Decentralized SOP confusion: Home care providers unaware of protocol deviations reporting
    • Audit trail limitations: eSource systems lacking change logs or user authentication logs

    To illustrate:

    During an internal audit of a virtual oncology study, the auditor discovered that the eConsent platform did not capture patient IP addresses or confirmation of identity. The PI assumed the vendor handled compliance, but no delegation document existed. This was classified as a Major finding under ICH E6(R2) 4.8.10.

    Redesigning Audit Checklists for DCTs

    Traditional audit checklists need to be updated to include virtual-specific checks. Suggested additions include:

    • ✅ Confirmation of eConsent process flow (identity verification, version control)
    • ✅ Remote delegation of duties logs (home nurse responsibilities)
    • ✅ Cross-system reconciliation (EDC, eCOA, wearables)
    • ✅ eSource validation (PDF exports, audit trail completeness)
    • ✅ Data privacy compliance (GDPR, HIPAA for telemedicine)

    Internal QA teams must validate that all systems used in the virtual workflow are either validated internally or come with vendor certification of compliance with GxP and 21 CFR Part 11 standards.

    Adaptations in Report Writing and Risk Categorization

    Report formats must reflect virtual environment constraints. Observations should describe:

    • ✅ Platform-specific issues (e.g., eConsent audit trail gap)
    • ✅ Participant-level data flow (e.g., wearable data mismatch in two systems)
    • ✅ Vendor oversight failures (e.g., third-party eCOA provider didn’t update version)

    Risk ratings should consider systemic impact—for example, missing consent data for 1 out of 100 subjects may be Minor, but missing audit trail for all eSource files is Critical.

    QA teams should document platform demos, data extracts, and screenshots as annexes to audit reports to support findings in virtual environments.

    CAPA Trends and Best Practices in Virtual Audit Remediation

    Corrective and Preventive Actions (CAPAs) for DCTs often involve multiple stakeholders, including vendors. Best practices include:

    • ✅ Formal vendor CAPA coordination process
    • ✅ Revalidation of impacted systems after configuration updates
    • ✅ Training refreshers for all virtual stakeholders
    • ✅ Version control alignment across systems
    • ✅ Enhancements to SOPs specific to DCT environments

    All CAPAs should be tracked with traceability to audit findings and stored within the sponsor QMS for inspection readiness.

    Conclusion

    Internal audits for virtual trials require more than remote access—they demand a rethinking of audit scope, tools, and techniques. As technology continues to reshape clinical research, QA professionals must evolve to maintain GCP compliance in the digital space. By incorporating platform checks, verifying decentralized delegation, and strengthening documentation practices, internal audits can remain robust, adaptive, and impactful in the virtual era.

    References:

    Internal Audits, Quality Assurance and Audit Management Tags:, , , , , , , , , , , , , , , , , , , , , , , ,