Accessibility disclaimer: To obtain information contained in document files on this page in an accessible format please contact the IU Human Research Protection Program (HRPP) at (317) 274-8289 or via email at irb@iu.edu
Internal Audits
Quick guide: Internal audits of human subjects research
IU's Office for Research Compliance conducts research compliance audits that are internal to the University. Audits are conducted in accordance with the IU HRPP Policy for Auditing Human Subjects Research and are categorized as either for-cause (directed) or not-for-cause (scheduled).
Words to know
- For-cause (directed): Audits requested by an IRB, IRB chair, the director of the Human Research Protection Programs, or the associate vice president of research compliance, generally related to reported or suspected noncompliance.
- Not-for-cause (scheduled): Audits that are part of the IU Human Subjects Research Audit Plan and Schedule. Criteria used to select studies for a not-for-cause audit vary and are approved by the HRPP Director semi-annually. Examples of selection criteria include but are not limited to the following factors:
- Clinical studies opened by a new principal investigator (PI) or an existing clinical study that has been transferred to a new PI.
- The PI holds the Investigational New Drug (IND) or Investigational Device Exemption (IDE).
- Factors indicating study subjects may be at increased risk (i.e. PIs with a high volume of studies, studies with minimal or no external oversight, inclusion of vulnerable populations, past or present subject safety or noncompliance issues, involvement of investigational drugs or devices).
Investigators may request to be on the schedule for a not-for-cause audit to ensure continuing compliance in their research studies by contacting IU’s Quality Improvement Office. Participating in a scheduled audit can provide valuable education for all research staff as well as principal investigators. QIO staff members make every effort to include these requested audits on the schedule, based on current workload and risk assessment.
How it works
- Made approximately 2-4 weeks prior to audit.
- Auditor confirms study status and may solicit subject enrollment information.
- Auditor determines scope of audit, mechanism of review, and materials to be
- On site audits (generally of greater than minimal risk research):
- Typically include a review of the Regulatory Binder, a selection of subject charts, and may include Investigational Product Accountability Logs.
- On-site audit (typically 1-3 days) and closeout meeting (typically 1 hour at end of last audit day) are scheduled.
- Remote audits (generally of minimal risk research):
- Typically include review of a selection of subject charts and a Q&A form completed by the study team prior to the audit. Requested files may be uploaded into a secure IU Box Health Data Account or provided through another secure mechanism.
- A summary of audit findings may be provided to the PI via email following audit completion in lieu of a closeout meeting.
- Auditor reviews IRB file to become familiar with the study, including changes to protocol, consent/assent documents, other study materials, and study team over time.
- If IU is not the IRB of record, IRB files will be requested from study team.
- When the audit is conducted on-site, activities include an introduction meeting, study team interviews as necessary, and review of selected study materials. Study team member is not required to be present at all times (periodic check-in only).
- When the audit is conducted remotely, the auditor may need to seek additional information from the study team by phone or email during the audit in order to complete the review.
- An auditor may expand the scope of audit at any time during the audit process.
- When a closeout meeting is to occur (generally all audits of greater than minimal risk research will require a closeout meeting), the PI is required to attend. Other study team members are encouraged to attend
- Key findings, appropriate Corrective and Preventive Action Plans, and timeline for report are discussed.
- A closeout meeting for a minimal risk research audit may only be required if findings warrant further review/discussion to resolve issues and/or corrective action is required before the final audit report is issued. In such instances, the PI is required to attend.
- Audit report is completed and sent to PI and study contact by email approximately 1-3 weeks after the audit is complete.
- Report includes guidance from auditor regarding appropriate and thorough responses.
- PI responses (if requested) are due 2 weeks following receipt of the audit report.
- Auditor reviews responses and clarifies any remaining issues.
- Auditor provides PI and study team with final audit report and responses.
When directed to do so in the auditor's communication, PI and study team submit the final audit report and responses through Kuali Protocols as a Reportable Event.
- PI and study team are notified by HRPP staff if any additional actions are required.
- Upon acceptance of report by the IRB, the audit is considered complete.
Who to contact
Contact the Quality Improvement Office within the Office for Research Compliance at researchcompliance@iu.edu.