Mastering Document Review Techniques During Internal Clinical Audits

The Importance of Document Review in Internal Audits

Document review is a cornerstone of any internal audit in clinical trials. Whether verifying compliance with ICH-GCP or assessing protocol adherence, auditors rely on source records, essential documents, and SOPs to evaluate the integrity and reliability of a site’s operations. Unlike observational audits, documentation reviews provide permanent, inspectable evidence of conduct and decisions made throughout the trial.

GCP-compliant documentation enables traceability, accountability, and reproducibility—three principles heavily emphasized by regulatory bodies like the FDA and EMA. Internal audits aim to detect gaps in real time and mitigate risks before external inspections.

For example, during a site-level internal audit of a cardiovascular trial, the QA team uncovered an expired CV in the Investigator Site File (ISF), which would have been a protocol violation. The issue was corrected immediately with a retrospective signature and new documentation, avoiding a future finding.

Key Document Categories to Prioritize in GCP Audits

Auditors must review a diverse range of documents during internal audits. While the Trial Master File (TMF) or ISF contains most essential records, not all documents hold equal risk or compliance significance. Focus areas include:

• ✅ Protocols and amendments – check version control, signatures
• ✅ Informed consent forms (ICFs) – verify version, completion dates, subject IDs
• ✅ Delegation logs – confirm up-to-date signatures, authorized roles
• ✅ Investigator CVs and GCP certificates – validate currency and filing
• ✅ Monitoring visit reports – review observations, follow-ups
• ✅ Adverse Event (AE/SAE) forms – verify completeness, timelines
• ✅ Drug accountability logs – reconcile inventory and dispensation

Less obvious but equally important documents include IRB communications, lab certifications, equipment calibration logs, and temperature monitoring charts.

Systematic Approach to Document Review

Use a structured framework to ensure consistency and thoroughness. Follow these steps:

1. Pre-Audit Preparation: Review the audit plan and document request list. Identify key protocol requirements.
2. Segregate Critical Documents: Group by categories—regulatory, safety, data integrity, investigational product.
3. Checklist-Based Review: Use checklists to verify mandatory document presence and version control.
4. Traceability Check: Select sample subjects and trace their data across ICF, CRF, source documents, and safety logs.
5. Deviation Review: Identify discrepancies such as missing dates, mismatched entries, or conflicting records.

Consider this sample tracking table:

Templates and tools for document review checklists are available on PharmaSOP.in.

Common Red Flags and Issues Found During Document Review

QA auditors should stay alert to typical red flags that could signal deeper systemic issues:

• ✅ Missing ICF pages or unsigned consent lines
• ✅ Inconsistent version numbers between files and logs
• ✅ Investigational product reconciliation gaps
• ✅ AE forms lacking causality or severity assessments
• ✅ CVs without signatures or expiry updates
• ✅ Monitoring reports with unresolved queries
• ✅ Source data untraceable to CRFs

Even formatting issues—such as hand corrections without dated initials—can be flagged by inspectors. Every audit should identify both minor (e.g., filing errors) and major (e.g., informed consent non-compliance) findings.

Refer to real-world CAPA case studies on ClinicalStudies.in for examples of findings raised during internal audits.

Ensuring Document Version Control and Audit Trail Integrity

Document control and audit trails are fundamental to good documentation practice. Auditors must verify:

• ✅ Only current, approved versions are in use
• ✅ Retired versions are archived but traceable
• ✅ Document updates are dated and signed
• ✅ Access to electronic documents is role-restricted
• ✅ Audit trails in eTMF or EDC are intact and unaltered

For example, when reviewing an eTMF, check that each document has metadata showing upload date, uploader name, and version history. Systems that lack audit trails or allow backdated entries can present major regulatory risks.

ICH E6(R2) and FDA 21 CFR Part 11 both emphasize electronic records auditability as part of GCP compliance.

Linking Documentation Review to Findings and CAPA

Each observation during the document review must be categorized and linked to a specific compliance area. Categorize findings as:

• ✅ Critical – Subject safety or data integrity at risk
• ✅ Major – Process not followed or incomplete documentation
• ✅ Minor – Filing or formatting issue

Include document-specific references in the audit report, such as:

“Subject 1023 signed ICF V1.3 after V1.4 was implemented. Per ICH E6(R2) Section 4.8.10, this represents use of outdated informed consent and is classified as a Major Finding.”

Ensure CAPAs are tracked, validated, and closed appropriately. A separate CAPA tracker spreadsheet can be linked to each document type or observation category.

Conclusion

Document review is more than ticking checkboxes—it’s a strategic function within internal audits that helps safeguard regulatory compliance and clinical trial credibility. By focusing on high-risk areas, applying structured techniques, and documenting findings rigorously, QA auditors can elevate the value of each audit and empower sites to close gaps effectively.

References:

• ICH E6(R2) GCP Guideline
• FDA 21 CFR Part 11 Guidance
• EMA GCP Inspection Guide