The Critical Importance of Self-Inspection (Internal Audit) in the Pharmaceutical Industry

Understanding the Terminology: Self-Inspection versus Self-Audit

The term “Self Inspection” is commonly translated as “自己点検” (self-check) in Japanese pharmaceutical regulations. However, this translation may not fully capture the regulatory intent and requirements. When regulatory authorities conduct an inspection, it is referred to as an “Authority Inspection.” In contrast, Self Inspection represents a company’s internal equivalent of such regulatory scrutiny—it is fundamentally an internal audit process, not merely a superficial checklist exercise.

The distinction is significant: “Self Inspection” should be understood as “自己査察” (self-audit) or “内部監査” (internal audit), representing a comprehensive, systematic examination of operations rather than a simple self-check. This interpretation aligns with international GMP requirements, including those from the World Health Organization (WHO), Pharmaceutical Inspection Co-operation Scheme (PIC/S), and the European Medicines Agency (EMA), all of which emphasize the audit nature of self-inspection activities.

According to current regulatory frameworks (as of 2025), self-inspection programs must be systematic, documented, and designed to verify compliance with Good Manufacturing Practices (GMP) across all pharmaceutical operations. The EU GMP Chapter 9 explicitly requires that self-inspections be conducted “at intervals following a pre-arranged programme” to verify conformity with quality assurance principles. Similarly, WHO GMP guidelines mandate comprehensive self-inspection systems that evaluate not just procedural compliance but also the effectiveness of the quality management system as a whole.

The Current State of Internal Audit Competence: A Critical Assessment

Through consulting work with pharmaceutical companies, medical device manufacturers, healthcare facilities, and international active pharmaceutical ingredient (API) facilities across various countries, I have observed that the competence level of many internal auditors is concerningly inadequate. This observation is not limited to Japan but represents a global challenge in maintaining effective quality systems.

Common Deficiencies in Audit Practice

In some egregious cases, internal auditors focus exclusively on trivial formatting issues such as:

• Whether conjunctions (“および” / “または”) should be written in kanji or hiragana
• Whether punctuation should uniformly use commas instead of periods
• Minor grammatical corrections in documents (“てにをは” in Japanese)

Such focus is fundamentally misguided and counterproductive. Correcting document formatting does not constitute quality assurance. These superficial observations are entirely unrelated to ensuring patient safety and product quality—the core mission of pharmaceutical quality systems. When companies produce audit reports dominated by such trivial findings, regulatory authorities cannot have confidence in the organization’s quality oversight capabilities.

This issue has been recognized in recent regulatory guidance. The 2024 EMA guidelines on GMP inspection coordination and the updated PIC/S guidance emphasize that self-inspection should focus on critical quality and compliance issues that affect patient safety, not administrative trivia. The FDA’s current Good Manufacturing Practice (cGMP) regulations (21 CFR Parts 210 and 211) similarly expect that quality oversight activities, including internal audits, should be risk-based and focused on areas that could impact product quality, safety, or efficacy.

Essential Requirements for Effective Auditors

Effective internal auditors must be subject matter experts in their respective domains:

Manufacturing Process Auditors must have extensive manufacturing experience and deep understanding of:

• Production operations and process controls
• Equipment qualification and maintenance
• Clean room operations and environmental monitoring
• Process validation principles
• Deviation and change control management

Quality Control Laboratory Auditors must have comprehensive laboratory experience including:

• Analytical method development and validation
• Good Laboratory Practice (GLP) principles
• Data integrity requirements (including 2025 updates to Annex 11 and Chapter 4 of EU GMP)
• Out-of-Specification (OOS) investigations
• Stability testing protocols

Beyond technical expertise, auditors must possess current knowledge of regulatory requirements. As of 2025, this includes understanding:

Regulatory Area	Key Requirements
Data Integrity	EU GMP Annex 11 and Chapter 4 revisions (expected consultation 2025), FDA guidance on ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, and Available)
Advanced Manufacturing	FDA’s Advanced Manufacturing Technology (AMT) designation program, EMA guidance on process analytical technology (PAT)
Risk Management	ICH Q9(R1) Quality Risk Management principles integrated into Chapter 1 revision
Contamination Control	PIC/S Annex 1 (2022) on sterile manufacturing with ongoing Q&A development
Artificial Intelligence	Emerging GMP Annex 22 on AI applications in pharmaceutical manufacturing
Supply Chain Integrity	Updated WHO guidelines on preventing falsified medical products

Auditors must demonstrate keen analytical insight to identify not just symptoms but root causes of quality issues. The ability to prevent recurrence through corrective and preventive action (CAPA) systems is paramount. According to ISO 19011:2018 (Guidelines for auditing management systems), which has become the de facto international standard for internal audit programs, auditors must possess:

1. Knowledge and skills specific to the discipline being audited
2. Personal attributes including ethical behavior, open-mindedness, diplomacy, observation skills, perception, versatility, tenacity, decisiveness, and self-reliance
3. Ability to apply knowledge and skills through practical experience and continual professional development

Identifying Suitable Audit Personnel

The Challenge with Long-Tenured, Single-Company Employees

While Japanese companies have historically valued lifelong employment and internal promotion, individuals who have only worked at a single organization often face inherent limitations as auditors. This is not a reflection on their dedication or technical competence, but rather stems from lack of comparative perspective.

When auditors have only experienced one company’s systems, they lack benchmarks for evaluation. They may accept suboptimal practices as “normal” simply because they have no exposure to alternative approaches. Modern regulatory expectations increasingly emphasize risk-based thinking and continuous improvement—concepts that require the ability to envision better practices.

The Value of Diverse Experience

Professionals who have worked at multiple organizations—whether through career transitions or consulting roles—possess invaluable comparative frameworks. They can identify gaps by recognizing what other companies implement more effectively.

In my own consulting practice, despite never having been directly employed by pharmaceutical or medical device companies, I can effectively audit these organizations because I have studied and compared Quality Management Systems (QMS) and Standard Operating Procedures (SOPs) from numerous companies. This comparative analysis enables identification of potential risks and opportunities for improvement that might not be apparent to internal personnel.

The 2018 revision of ISO 19011 explicitly recognizes the value of diverse experience in developing auditor competence. Organizations are encouraged to provide auditors with exposure to various contexts, including through:

• Cross-functional audit assignments
• Participation in audits of different sites or divisions
• Involvement in supplier audits
• Engagement with external audit programs
• Professional networking and industry association participation

Essential Personal Qualities for Auditors

Beyond technical knowledge and diverse experience, effective auditors require specific personal characteristics:

Courage and Independence: Auditors must be willing to report uncomfortable truths without fear of criticism. They cannot be swayed by hierarchical pressures or personal relationships. The principle of audit independence, fundamental to both GMP regulations and ISO 19011, requires that auditors maintain objectivity regardless of organizational politics.

Impartiality: Auditors must apply the same standards universally, regardless of whether they are auditing senior management or junior staff, popular departments or problematic ones. This impartiality is not merely a professional courtesy—it is a regulatory requirement. EU GMP Chapter 9 explicitly states that self-inspections should be conducted “by competent and qualified persons from the company who can evaluate the implementation of GMP in an independent and detailed way.”

Communication Skills: The ability to clearly articulate findings, persuade stakeholders of the need for improvement, and diplomatically challenge the status quo is essential. According to current best practices outlined in the 2024 ECA Code of Practice for GMP Auditors, effective auditors must be able to:

• Present objective evidence clearly and without ambiguity
• Distinguish between observations, findings, and recommendations
• Facilitate constructive dialogue about improvement opportunities
• Document findings in a manner that supports effective CAPA

Continuous Learning: The pharmaceutical regulatory landscape evolves continuously. In 2024-2025 alone, significant updates have included new guidance on nitrosamine impurities, revised sterile manufacturing requirements, emerging standards for cell and gene therapies under GMP for Advanced Therapy Medicinal Products (ATMPs), and evolving expectations around digital technologies and data integrity. Effective auditors must commit to ongoing professional development to maintain their competence.

Implementing an Effective Self-Inspection Program

Frequency and Scope

Current regulatory guidance does not prescribe a specific frequency for self-inspections, allowing organizations to develop risk-based schedules. However, common industry practice, supported by regulatory expectations, typically includes:

Comprehensive facility-wide audits: Annually or bi-annually for each major operational area (manufacturing, quality control, quality assurance, warehousing, etc.)

Targeted audits: Triggered by specific events such as:

• Introduction of new products or processes
• Significant changes to equipment or facilities
• Repeated deviations or quality issues
• Preparation for regulatory inspections
• Investigation of potential systemic issues

Supplier audits: Based on risk assessment, with critical suppliers audited more frequently

The 2025 regulatory landscape emphasizes that self-inspection programs should be dynamic and responsive to risk. Organizations should consider factors such as:

• Product criticality and patient impact
• Process complexity and technology maturity
• Historical compliance performance
• Recent regulatory changes or industry trends
• Results of previous audits and inspections

Documentation and Follow-up

While FDA regulations (21 CFR 211) do not explicitly mandate retention of internal audit reports (only that appropriate follow-up occurs), EU GMP requirements are more prescriptive. Under EU regulations, companies must maintain:

• A documented self-inspection program with planned schedule
• Self-inspection reports detailing observations and findings
• Action plans addressing identified deficiencies
• Evidence of implementation and effectiveness of corrective actions
• Management review of self-inspection outcomes

The emerging international consensus, reflected in ISO 19011:2018 and harmonized GMP guidance, favors comprehensive documentation that can demonstrate:

1. The systematic nature of the audit program
2. Competence of audit personnel
3. Thoroughness of audit activities
4. Appropriateness of corrective actions
5. Verification of corrective action effectiveness

Integration with Quality Management Systems

Modern pharmaceutical quality systems, as defined by ICH Q10 Pharmaceutical Quality System, require that self-inspection programs be integrated with other quality oversight mechanisms:

Management Review: Audit findings should inform senior management’s periodic review of quality system effectiveness.

Risk Management: Audit programs should be risk-based, focusing resources on areas of highest potential impact to product quality and patient safety.

Knowledge Management: Lessons learned from audits should be captured and shared across the organization to prevent similar issues in other areas.

Continuous Improvement: Audit programs themselves should be subject to periodic review and improvement, learning from both successes and limitations.

Preparing for Regulatory Inspections

One of the most valuable functions of a robust self-inspection program is preparation for regulatory inspections. Companies with mature, effective self-inspection programs typically experience:

• Fewer observations during regulatory inspections
• More rapid resolution of any findings
• Greater confidence among regulatory inspectors
• Lower risk of serious regulatory actions

Current best practices for inspection readiness, as outlined in recent guidance from EMA (2025) and ISPE, include:

Mock Inspections: Periodic simulations of regulatory inspections, conducted with the same rigor as actual regulatory audits

Document Readiness: Ensuring all required documentation is current, accurate, and readily retrievable

Staff Training: Regular preparation of personnel who may interact with inspectors, emphasizing transparency and accuracy

Rapid Response Capabilities: Systems to quickly gather information and respond to inspector requests

CAPA Effectiveness Verification: Demonstrating that previous issues have been thoroughly investigated and effectively resolved

Conclusion: Elevating Self-Inspection from Compliance to Excellence

Self-inspection, properly understood and implemented, is far more than a regulatory requirement—it is a powerful tool for organizational learning and continuous improvement. However, realizing this potential requires:

1. Correct Understanding: Recognizing that self-inspection is internal auditing, not superficial checking
2. Competent Auditors: Ensuring audit teams possess appropriate technical expertise, regulatory knowledge, diverse experience, and personal qualities
3. Management Support: Providing auditors with the authority, resources, and organizational support needed to be effective
4. Systematic Approach: Implementing structured programs based on risk, with appropriate documentation and follow-up
5. Integration: Connecting self-inspection with broader quality management and continuous improvement initiatives
6. Evolution: Regularly updating audit programs to reflect changing regulatory expectations, emerging risks, and organizational maturity

In an increasingly complex and globalized pharmaceutical industry, with evolving technologies such as continuous manufacturing, artificial intelligence, and advanced therapies, the role of effective internal audit becomes ever more critical. Organizations that invest in developing truly capable audit functions—staffed by competent, independent, and insightful professionals—will be better positioned not just to maintain compliance, but to achieve operational excellence and consistently deliver safe, effective medicines to patients worldwide.

The regulatory landscape of 2025 and beyond demands nothing less than this level of commitment to quality oversight. Companies must move beyond checkbox compliance to embrace self-inspection as a strategic quality tool, implemented by auditors who are recognized as valued professionals bringing crucial independent perspective to the ongoing quest for pharmaceutical quality excellence.