Autonomy key to audit team effectiveness

Early intervention can reduce long-term impact

An effective compliance oversight process can nip noncompliance problems in the bud — acting quickly to handle small problems before they get bigger, even preventing future noncompliance from occurring.

But getting to the heart of allegations fairly and efficiently takes a strong audit team, with the expertise to handle varying types of investigations and the independence to examine anyone, even the IRB it serves.

George Gasparis, CIP, executive director of the human subjects protection program at Columbia University says that regardless of whether an audit team is officially part of an institution’s IRB staff, it should have the autonomy to directly address senior institutional officials, if necessary, to have its concerns heard.

"Regardless of where the audit team is in the institution, if that audit team compliance officer doesn’t report directly to the highest institutional officials and reports to somebody else, then there needs to be a dual reporting line to the higher institutional official," he says.

At Columbia, Gasparis is assistant vice president and senior assistant dean for research ethics, which gives him responsibility for developing the university’s human subjects protection program. He oversees Columbia’s four IRBs as well as the university’s compliance oversight team for human research, which generally has three to four members.

Although both functions are under his authority, Gasparis says the compliance oversight team does maintain a certain separation from the IRBs. It is designed so that at least one member is completely independent of the boards, in part because whenever the team does a full-blown audit for possible noncompliance, IRB records are part of the investigation.

"To have someone audit themselves creates a potential conflict," he says. "We may have some people from the IRB to assist in the audit, but we want to have individuals who are outside of the IRB as well."

Audits examine records globally

At any one time, the compliance oversight team handles 20-25 investigations, ranging from small inquiries into minor issues to full-scale audits. Allegations of noncompliance can come from a number of sources — from the IRBs, research staff or other employees, subjects, from institutional officials or from Gasparis himself.

After a brief inquiry, the team determines whether an investigation or audit is warranted. If an audit is appropriate, then a more intensive review of documents is conducted, Gasparis says.

"We’ll conduct interviews and review relevant documentation for investigations," he says. "For audits, we will review more information, including the regulatory documentation, research records, and source documentation. When appropriate, we will review a significant percentage of the research records or broaden the audit to more than one study. Audits also will include a review of the IRB records.

"We’ll look at it as globally as we can to see all noncompliance that may have occurred and whether there is more noncompliance than the allegation is initially reporting."

The compliance oversight team will come up with its findings, and with recommendations to fix the problem and prevent its recurrence. Those recommendations are forwarded to the IRB, which can accept them in full or modify them.

If the team doesn’t agree with the IRB’s decision, the program’s standard operating procedure (SOP) allows it to take up the matter with a senior institutional official — the dual reporting line that Gasparis says is important to give the team its autonomy.

"In a situation like that, the institutional official most likely would call for a separate investigation that is independent of the IRB to make a determination," he says. "Fortunately, something like that hasn’t happened yet since I have been here, but our SOP is designed to deal with it."

An institution that wants to strengthen its compliance oversight process should be sure it has an SOP that spells out exactly how noncompliance allegations are handled, Gasparis says.

It should be clear how an inquiry proceeds to a full investigation — who decides, and on what that decision is based. As the findings come in, there should be a clear-cut process for handling them objectively.

Gasparis says it’s important that the SOP allows for due process, giving the investigator an opportunity to respond to any findings of noncompliance from the team.

"The findings should go to whoever is accused of noncompliance, for them to comment on the audit’s findings before they’re released to a federal regulatory office," he says. "You may ruin someone’s reputation, and if you didn’t have it correct or you misrepresented the facts, you could incur some liability."

Affording investigators due process isn’t just a legal issue, Gasparis says.

"It’s important not just for preserving reputations, but also for getting it right," he says. "You need to have due process, and due process isn’t always in everyone’s SOPs."

Gasparis says institutional officials, legal counsel, and appropriate representatives of the IRB, including the chairs and the director, should review a proposed SOP.

Another vital step in creating a strong compliance oversight team is carefully choosing who will serve on it, he notes.

Ideally, members should have both experience with IRBs and strong research experience.

"I think it’s important that the audit team manager, or at least one or two auditors, were actually involved in clinical research," he says. "To audit a clinical research study, one should be familiar with how they keep their records — what records should be kept, what regulatory files should look like, what clinical research data looks like, how adverse event information is usually collected, how to go through source documentation.

"Somebody who is sent out to a research team to look through their records and isn’t familiar with that research methodology is going to be a little handicapped at being able to conduct a solid audit," Gasparis says.

He says a successful auditor must be able to write well, and present findings in a clear and objective manner, not going beyond the documentation to draw conclusions.

Finding these candidates can be difficult.

"The ideal candidate to me for what we want to do here is somebody who has research experience as well as IRB experience. That’s a really hard candidate to find, because it’s hard to find people with good IRB experience," Gasparis says.

While auditing is inherently an adversarial activity, Gasparis says it’s important that the process be as collegial as possible, to maintain a good relationship between faculty and the IRB.

"Many believe that an IRB works best when it works with the researchers to protect human subjects," he says. "If you work in a collegial manner with investigators, you’re probably going to have a better human subjects protection program."

As the program at Columbia continues to grow and develop, Gasparis plans to introduce a quality improvement program, inviting researchers to volunteer to have their work examined to look for ways they can improve protection of study participants.

Such a voluntary program can help enhance an IRB’s relationship with investigators, while finding and correcting smaller problems before they become more serious.

"Most researchers really want to do it the right way," Gasparis explains. "When noncompliance occurs, it’s usually a result of lack of resources, lack of attention to detail, or lack of follow-up. Something gets missed, wasn’t followed up on and with a high volume of work, people move on to do other things and it slips through the cracks. And then suddenly, one is out of compliance."