top of page

Self-inspection vs internal audit

In big pharma, there are usually two levels of 'periodic self-check': self-inspection and internal audit. But what is the real difference between them, based on rigorously reading the guidelines?


Let's start the understanding with the purpose of them: based on ICH Q10 it's non-other than continual improvement. Above the 'usual' , day-to-day tools like deviations, CAPAs, and the periodic reviews, like risk assessments, Product Quality Reviews, self-inspection and internal audits are product-independent, preventive tools to improve the quality of the GMP processes.

And what is the biggest value (usually)? The fresh set of eyes, without knowing any 'historical' reasons to implement a solution. An unbiased external - but still internal person can check your processes without risking certification of business - what more would you want?

Big pharma approach

So what are the 'usual' differences between self-inspection and the internal audit?

First, the internal audit is usually done by a global audit team, full with well-experienced QA personnel who is fully independent from any entities of the audited department - and self-inspection can be done by (almost) anyone on the site, after a throurough training.

The scope is different: the internal audit aims a full site (from starting materials to the finished product), the self-inspections' targets are usually one or two departments, like warehousing, QC, or maintenance.

The frequency can also differ: a site can self-inspect their department as many times a year as they want, the internal audit on a site cannot be more the once a year (I almost hear the reasons: scheduling, resources, travelling etc.)

And...of course, the results. The self-inspection results are only reviewed by the site, but the result of an internal audit can go up to the senior management, which is not always the best...

How can we decide which is useful? - I would say both.

Internal audits are great for the site to train for authority inspections. How to defend your processes, your decisions 'against' extremely professionals in a stressful environment.

However, self-inspections are also great when you are really aiming the continual improvement. There can be really open conversations about a department's current issues, questions on their processes. I remember what I always asked as a last question during my self-inspection: 'Do you have any issues you want to talk through?' Well, you never do that in an internal audit :)

Legal approach

Now let's look around, what legislation we have access to on the topic of self-inspection and internal audit.

EU GMP Volume 4 Chapter 9: Self inspection


Self inspections should be conducted in order to monitor the implementation and compliance with Good Manufacturing Practice principles and to propose necessary corrective measures.

9.1 Personnel matters, premises, equipment, documentation, production, quality control, distribution of the medicinal products, arrangements for dealing with complaints and recalls, and self inspection, should be examined at intervals following a pre-arranged programme in order to verify their conformity with the principles of Quality Assurance.

9.2 Self inspections should be conducted in an independent and detailed way by designated competent person(s) from the company. Independent audits by external experts may also be useful.

9.3 All self inspections should be recorded. Reports should contain all the observations made during the inspections and, where applicable, proposals for corrective measures. Statements on the actions subsequently taken should also be recorded.

WHO Expert Committee on Specifications Annex 4, Appendix 1:

[...] Self-inspection: describe the procedures and items for self-inspection and quality audits; constitution of self-inspection team(s); frequency of self-inspection; existence of selfinspection schedules and report; system for monitoring follow-up actions. [...]


'2.4 Internal Audits (Self Inspection)

2.40 In order to verify compliance with the principles of GMP for APIs, regular internal audits should be performed in accordance with an approved schedule.

2.41 Audit findings and corrective actions should be documented and brought to the attention of responsible management of the firm. Agreed corrective actions should be completed in a timely and effective manner.'


So what can we say? What is the minimal design approach to do this? ICH Q7 even uses the two terms as synonyms.

Since there is no exact requirement in the guidelines to have this 2-level approach, you want to have a single-level, but really efficient self-inspection approach - without the expensive QA, but with the open-minded personnel on your site. If they ask the good questions, you will win the most precious value - unbiased evaluation of your quality system.

Next to this, you may organize a mock inspection if needed to rehearse the authority inspections.

Upside of these events

What gives the essence to self-inspections/internal audits (now it doesn't matter how we call them)?

There is a statement from FDA that really makes these events really an asset:

'During routine inspections and investigations conducted at any regulated entity that has a written quality assurance program, FDA will not review or copy reports and records that result from audits and inspections of the written quality assurance program,[...] FDA may seek written certification that such audits and inspections have been implemented, performed, and documented and that any required corrective action has been taken.'

In other words, FDA lets us perform real self-inspections, having it fully transparent for the internal company personnel.

4 views0 comments

Recent Posts

See All

PQR, QMR, CPV, VMP/VMR, Computerized systems' periodic reviews, who knows what else...we manufacture these summaries, but exactly what for? Sometimes we spend so much time compiling these documents th

I just received a question that looked easy at first, but the laws and guidelines are surprisingly vague on this topic. The question is: how to choose between retest period and shelf-life for an API (

bottom of page