Published on 25/12/2025
Common Audit Findings in Decentralized Clinical Trials (DCTs)
Introduction: Why DCTs Pose New Audit Challenges
Decentralized Clinical Trials (DCTs) are reshaping clinical research by shifting trial activities from traditional investigator sites to patient-centric and technology-driven models. Features such as eConsent, remote monitoring, direct-to-patient IMP delivery, and telemedicine visits have introduced new compliance risks. Regulatory agencies like the FDA, EMA, and MHRA increasingly focus on how sponsors and CROs adapt their oversight and quality systems for DCTs.
Audit findings from recent DCT inspections reveal recurring issues with data integrity, patient confidentiality, SAE reporting, and Trial Master File (TMF) completeness. Because DCTs often involve multiple vendors, ensuring effective sponsor oversight and CAPA systems is critical for inspection readiness.
Regulatory Expectations for DCTs
Authorities expect sponsors and CROs to apply the same rigor to DCTs as to traditional site-based trials:
- Maintain complete and contemporaneous TMF documentation, including remote monitoring reports and eConsent records.
- Ensure SAE and SUSAR reporting timelines are met despite remote trial structures.
- Implement validated electronic systems with audit trails
The Japan Registry of Clinical Trials reinforces global expectations for transparency and quality in both traditional and decentralized trials.
Common Audit Findings in DCTs
1. Incomplete TMF Documentation
Auditors frequently cite missing remote monitoring reports, telemedicine logs, or eConsent documentation in TMFs.
2. SAE and SUSAR Reporting Delays
Delays in follow-up reports are common when multiple vendors manage pharmacovigilance systems without sponsor oversight.
3. Data Integrity and Audit Trail Gaps
Electronic systems used in DCTs often lack robust audit trails, raising concerns about unauthorized changes.
4. Vendor Oversight Deficiencies
Sponsors are often cited for failing to document oversight of logistics partners or telemedicine vendors.
5. Patient Confidentiality Risks
Findings frequently highlight insufficient encryption or weak safeguards in digital platforms managing patient data.
Case Study: EMA Audit of a Decentralized Oncology Trial
In a hybrid oncology trial, EMA inspectors identified major deficiencies in eConsent documentation and incomplete TMF archiving of telemedicine logs. Although corrective actions were promised, RCA was superficial, attributing issues to “vendor oversight gaps” without systemic solutions. As a result, the sponsor faced delays in regulatory review and was required to implement new SOPs and electronic tracking systems.
Root Causes of Audit Findings in DCTs
Recurring deficiencies in DCT audits often result from:
- Weak SOPs that do not address decentralized workflows or vendor oversight.
- Superficial RCA attributing issues to vendor error without addressing systemic sponsor responsibilities.
- Lack of validated electronic platforms with complete audit trails.
- Poor coordination between multiple vendors managing trial activities.
- Failure to integrate CAPA outcomes into sponsor quality management systems.
Corrective and Preventive Actions (CAPA)
Corrective Actions
- Reconcile incomplete TMF records by obtaining missing monitoring and telemedicine reports.
- Conduct retraining of CRO and vendor staff on SAE and SUSAR reporting requirements.
- Upgrade eConsent and eSource platforms to include robust audit trail functionalities.
Preventive Actions
- Develop SOPs specific to decentralized and hybrid trial models, covering vendor oversight and data security.
- Implement electronic CAPA tracking integrated with sponsor quality systems.
- Verify CAPA effectiveness through mock inspections and internal audits of decentralized workflows.
- Require vendors to provide compliance certifications and participate in sponsor-led oversight reviews.
- Adopt encryption and cybersecurity measures to protect patient data in decentralized platforms.
Sample DCT Audit Findings Tracking Log
The following dummy table demonstrates how DCT audit findings can be tracked:
| Finding ID | Audit Date | Observation | Root Cause | Corrective Action | Preventive Action | Status |
|---|---|---|---|---|---|---|
| DCT-001 | 12-Jan-2024 | Missing telemedicine logs in TMF | Vendor oversight gaps | Reconcile TMF | Quarterly oversight audits | Closed |
| DCT-002 | 20-Feb-2024 | Delayed SAE reporting | Poor PV coordination | Re-train staff | Automated SAE database | At Risk |
| DCT-003 | 05-Mar-2024 | No audit trail in eConsent | Unvalidated system | Upgrade platform | Implement validation SOP | Open |
Best Practices for Decentralized Clinical Trial Audits
Organizations can strengthen compliance in DCTs by adopting the following practices:
- Ensure TMF completeness by including remote monitoring, eConsent, and telemedicine records.
- Implement validated systems with robust audit trails for all electronic platforms.
- Establish SOPs specific to decentralized workflows, vendor oversight, and data integrity.
- Conduct sponsor-led audits of CROs and vendors supporting decentralized models.
- Promote continuous training on DCT compliance expectations for sponsor, CRO, and site staff.
Conclusion: Preparing DCTs for Regulatory Inspections
Audit findings in decentralized clinical trials highlight systemic risks in documentation, safety reporting, data integrity, and vendor oversight. Regulators expect sponsors and CROs to adapt quality systems to address the complexities of decentralized models.
By adopting structured RCA, CAPA tracking systems, and validated electronic platforms, organizations can prevent recurring audit findings and ensure inspection readiness. Strengthening DCT compliance not only supports regulatory trust but also enhances patient safety and trial efficiency.
For more guidance, see the NIHR Be Part of Research, which emphasizes regulatory expectations for decentralized and patient-centric clinical research.