Skip to content Skip to sidebar Skip to footer
Close
Pharmacovigilance

Pharmacovigilance Auditing: Preparation, Execution and Close-Out

December 29, 2025
Senior healthcare and pharmaceutical professionals reviewing AI-enabled quality and compliance dashboards during a governance oversight meeting.
Pharmacovigilance auditing represents one of the most critical quality assurance activities within pharmaceutical safety operations. When conducted systematically, these audits verify that sponsor organisations maintain inspection-ready systems capable of detecting, assessing, and managing medicine safety risks throughout a product’s lifecycle. For Australian sponsors navigating TGA expectations, and for international sponsors requiring vendor qualification in Australia and New Zealand, understanding how pharmacovigilance auditing works in practice determines whether audit findings strengthen operations or expose systemic gaps during regulatory inspections.
This article provides practical guidance for planning, conducting, and closing pharmacovigilance audits aligned to GVP Module IV and TGA regulatory frameworks. You’ll learn how risk-based audit strategies identify priority areas, how systematic execution generates actionable findings, and how CAPA implementation transforms audit observations into measurable system improvements.

Note on PSMF vs Australian PV Documentation

In Australia, there is no formal requirement for an EMA-style Pharmacovigilance System Master File (PSMF). Instead, sponsors typically maintain an Australian pharmacovigilance system description document (or equivalent) that clearly describes local responsibilities, processes, and compliance arrangements.

The PSMF is an EMA concept and is continuously maintained to reflect global pharmacovigilance oversight, including updates relevant to Australia. If you are an Australian sponsor without a global EMA partner or entity, a formal PSMF may not be applicable—however, clear and current local PV documentation remains essential for inspection readiness.

Learn more about the EMA PSMF (Q&A)

The Regulatory Context for Pharmacovigilance Auditing

Pharmacovigilance audits exist within a clear regulatory framework. In Australia, the TGA’s Pharmacovigilance Inspection Program (PVIP) assesses sponsor compliance against defined pharmacovigilance responsibilities. Specifically, these obligations are outlined in the Pharmacovigilance responsibilities of medicine sponsors – Australian recommendations and requirements. Meanwhile, in the European Union, GVP Module IV establishes mandatory requirements for regular pharmacovigilance audits within quality systems.
As a result, these frameworks create parallel regulatory expectations. In practice, the QPPV must receive audit reports and provide auditors with risk-relevant information, including CAPA status. Additionally, marketing authorisation holders must record critical and major audit findings in the PSMF, together with appropriate corrective and preventive action plans.Importantly, the core principle remains consistent across jurisdictions: sponsors retain primary responsibility for medicine safety. Accordingly, audits serve as structured mechanisms to confirm that accountability translates into functioning systems that protect patients.In the European Union, this responsibility is assigned to the Qualified Person for Pharmacovigilance (QPPV). By comparison, in Australia, the TGA refers to the Australian pharmacovigilance contact person, although industry commonly uses the term QPPVA to reflect equivalent responsibilities adapted to local regulatory requirements.

Risk-Based Audit Planning: Strategic to Operational

Effective pharmacovigilance auditing begins long before auditors arrive on-site. Risk assessment must occur at three levels—strategic, tactical, and operational—to create audit programmes that focus resources where they matter most.

Strategic Audit Planning (2-5 Years)

Strategic planning defines the audit universe and sets coverage priorities. This stage covers 2-5 years and should address global and local systems, vendor relations, and affiliate operations. Risk factors include: product portfolio complexity, recent changes in pharmacovigilance systems, regulatory intelligence, previous audit outcomes, and entry into new markets with unfamiliar rules.
  • Product portfolio complexity and therapeutic risk profiles
  • Recent organisational changes affecting pharmacovigilance systems
  • Regulatory intelligence indicating increased scrutiny in specific areas
  • Previous audit outcomes show recurring themes.
  • Geographic expansion into new markets with unfamiliar regulatory frameworks
The strategic audit plan establishes frequency expectations. High-risk areas warrant more frequent attention. The audit strategy defines a reasonable audit cycle within the defined period, ensuring complete system coverage without creating an unsustainable audit burden.

Tactical Audit Planning (Annual)

Tactical planning turns strategy into yearly audit schedules. It covers audits required by the cyclical plan and adds reactive audits for specific events. Annual plans should consider mandatory vendor audits before contract renewal, post-inspection follow-ups for CAPA, audits after big process changes, and audits in response to serious safety events.
  • Mandatory vendor audits before contract renewal
  • Post-inspection follow-up audits verifying CAPA effectiveness
  • System audits triggered by significant process changes
  • For-cause audits responding to serious safety signals or quality events.

Operational Audit Planning (Individual Audits)

Operational planning encompasses notification, research, detailed audit plan preparation, and reporting frameworks for specific audits. Initial steps involve meetings to clarify audit objectives, scope, and the roles and responsibilities of all parties.
The operational audit plan specifies:

The operational audit plan specifies:

AreaDetails

Scope Definition

Processes, systems, products, timeframes, locations included and excluded

Audit Criteria

Regulatory standards (TGA guidelines, GVP modules, ICH guidance), internal SOPs, contractual requirements

Resource Allocation

Lead auditor, technical specialists, administrative support, estimated person-days

Logistics

On-site dates, virtual components, document access arrangements, and auditee availability

Sampling Approach

Case selection methodology, transaction volumes, and statistical basis for sample sizes

Clear operational planning prevents scope creep during execution and establishes shared understanding between auditors and auditees.

Audit Execution: Systematic Evidence Collection

A “kick-off” meeting typically precedes personnel interviews to introduce participants and establish the agenda. This opening session confirms the scope, explains the audit process, addresses logistical questions, and sets a professional tone.

Evidence Gathering Methods

Auditors employ multiple techniques to assess pharmacovigilance system effectiveness:
  • Document Review: Auditors examine SOPs, PSMF documentation, training records, CAPA logs, signal management reports, PSURs, and regulatory correspondence. Conformity of stored data with initial and follow-up reports should be verified by quality control procedures that permit validation against the original data or images thereof.
  • Personnel Interviews: Structured discussions with QPPVs, case processors, medical reviewers, quality personnel, and vendor contacts verify understanding of responsibilities and system operation. Auditors assess staff qualifications, roles, and responsibilities of designated personnel, including the Qualified Person for Pharmacovigilance.
  • System Demonstrations: Live demonstrations of safety databases, case processing workflows, signal detection tools, and document management systems reveal actual practice versus documented procedures.
  • Transaction Sampling: Auditors use risk-based sampling and testing to review representative case reports, conduct literature surveillance, and assess the quality of regulatory submissions.

What Auditors Actually Assess

During pharmacovigilance audits, personnel review the quality management system for the collection, coding, and processing of data for individual case safety reports.
  • First, auditors review the QMS for how ICSRs are collected, coded, and processed.
  • Confirm the safety database is regulation-compliant and fit for storing adverse event data.
  • Evaluate ongoing surveillance (including signal detection and risk mitigation strategies).
  • Check PV procedures are defined, current, and followed in practice.
  • Verify data transfer controls so safety data is fully received within/between organisations.
  • In addition, they confirm routine reconciliation is performed to protect transfer integrity—and that frequency is risk-based (often monthly for high-volume/high-risk transfers).
  • Importantly, they ensure stored data matches initial and follow-up reports, with QC allowing validation against original source data or images (GVP Module VI, VI.B.5).
  • Finally, they assess vendor oversight, including contracts/procedures for outsourced PV activities, and whether vendor/partner training is adequate—especially for anyone likely to identify adverse events.

Findings Classification and Audit Reporting

Audit reports detail the scope, auditor observations, and categorise findings as Minor, Major, or Critical, along with recommendations for improvement. This risk-based classification determines required response urgency and PSMF documentation requirements.

Findings Classification Framework

  • Critical Findings: System failures posing immediate risk to patient safety or representing serious non-compliance with legal obligations. Examples include failure to report serious adverse events within regulatory timeframes, absent QPPV oversight, or systematic failure to collect safety data from identifiable sources.
  • Major Findings: Significant system deficiencies that could impact patient safety if uncorrected, or clear non-compliance with regulatory requirements. Examples include inadequate case quality control, missing signal detection procedures, or incomplete PSMF documentation.
  • Minor Findings: Isolated incidents or procedural variations not significantly affecting system operation or patient safety. Examples include administrative errors in training documentation, minor SOP deviations with compensating controls, or formatting issues in internal reports.

Marketing authorisation holders must document critical and major audit findings in the PSMF and ensure appropriate corrective and preventive action plans are prepared and implemented.

CAPA Development and Implementation

The audit report’s value lies entirely in what happens next. Findings without effective corrective action represent wasted effort. The process requires implementing corrective and preventive actions and scheduling follow-up audits to verify their effectiveness.

CAPA Plan Elements

Effective CAPA plans include:
  • Root Cause Analysis: Investigation determining why the finding occurred, addressing systemic causes rather than symptoms
  • Immediate Containment: Actions preventing further non-compliance or risk while permanent solutions are developed
  • Corrective Actions: Specific steps eliminating identified non-compliance, with responsible parties and completion dates
  • Preventive Actions: Measures preventing similar issues in other areas or future operations
  • Verification Methods: How implementation and effectiveness will be confirmed
  • Timeline Commitments: Realistic schedules accounting for resource availability and change complexity. 

Audit Close-Out and Continuous Improvement

The audit concludes with a presentation of findings and a summary of results, marking the end of the interview process. However, true close-out extends beyond report delivery.
Complete audit close-out includes:
  • Formal Acceptance: Auditee acknowledgement of findings, agreement on CAPA plans, and commitment to implementation timelines.
  • PSMF Updates: Documentation of critical and major findings in the PSMF with reference to approved CAPA plans.
  • Progress Monitoring: Regular reviews of CAPA implementation status, identifying obstacles and adjusting plans as needed.
  • Effectiveness Verification: Confirmation through re-audit, metrics review, or system observation that CAPAs achieved intended outcomes.
  • Knowledge Transfer: Sharing lessons learned across the organisation to prevent similar findings in other locations or functions.
  • Regular audits reinforce trust with regulators and partners, showcasing commitment to excellence. Organisations treating audits as learning opportunities rather than compliance exercises build genuinely robust pharmacovigilance systems.

Preparing Your Team for Audit Success

Mock audits provide invaluable preparation before launching products or entering new markets. These simulated audits help teams practice responding to questions, presenting documentation, and demonstrating understanding of regulatory requirements.
Mock audit benefits include:
  • Identifying gaps in knowledge or documentation before formal audits
  • Building confidence among personnel who will interface with auditors
  • Testing whether documented procedures reflect actual practice
  • Creating a safe environment for learning and improvement
  • Reducing anxiety around inspection scenarios
Experienced pharmacovigilance experts can help organisations audit and improve existing systems, ensure PSMF inspection readiness, and prepare for routine GVP inspections as well as for-cause inspections by regulatory authorities.

When to Seek External Audit Support

Internal audit capabilities provide tremendous value, but external expertise offers distinct advantages in specific circumstances:
  • Independent vendor qualification requiring an objective third-party assessment
  • Limited internal pharmacovigilance audit experience
  • Resource constraints are preventing adequate audit frequency.
  • Complex international operations requiring multi-jurisdictional expertise
  • Preparation for anticipated regulatory inspections requiring independent validation
  • Post-inspection response requiring rapid gap remediation
Quality assurance teams with extensive inspection support experience can guide organisations through follow-up inspections for identified non-compliance issues by establishing CAPA plans and, as required, periodic progress reports.

Conclusion: Building Inspection-Ready Systems Through Systematic Auditing

Pharmacovigilance auditing transforms regulatory obligation into operational advantage. When done well, audits apply a transparent methodology, a risk-based focus, and a commitment to improvement. As a result, they strengthen safety surveillance while building inspection confidence.

The preparation-execution-close-out framework provides a systematic approach that delivers actionable intelligence rather than administrative burden. Risk-based planning concentrates resources where they matter most. Structured execution produces objective evidence of system performance. CAPA implementation converts findings into measurable improvements.

For Australian sponsors facing TGA inspections and international organisations requiring regional vendor oversight, pharmacovigilance auditing is essential quality assurance. Therefore, the question is whether organisations act proactively or respond reactively to findings.

Teams that plan strategically, execute thoroughly, and close decisively build systems that withstand scrutiny and protect patients. Ultimately, patient protection remains the fundamental purpose of every audit.

Common Pharmacovigilance Auditing Questions and Answers

What are the most common TGA pharmacovigilance inspection findings in Australia?

The three most common deficiency areas in TGA inspections are quality management system deficiencies (17%), collection and collation of adverse drug reactions (15%), and management of reference safety information (14%). In recent inspections, management of significant safety issues and failure to report serious ADRs within regulatory timeframes represented the highest proportion of major findings.

How much notice does the TGA give before a pharmacovigilance inspection?

The TGA provides sponsors with six to eight weeks’ notice before conducting a pharmacovigilance inspection under the Pharmacovigilance Inspection Program (PVIP). This advance notice allows sponsors adequate time to prepare documentation, ensure PSMF readiness, and organize personnel availability for the inspection.

What is the difference between QPPVA and Australian pharmacovigilance contact person?

The Australian Pharmacovigilance Contact Person (A-PVCP) is the TGA-mandated primary contact who must be notified within 15 days of ARTG entry, while the QPPVA (Qualified Person for Pharmacovigilance in Australia) is an industry term for the person overseeing the entire pharmacovigilance system. Both must reside in Australia, and while they can be the same person, the QPPVA role typically involves broader system oversight responsibilities aligned with global pharmacovigilance standards.

How quickly must significant safety issues be reported to the TGA?

Significant safety issues (SSIs) meeting the definition of Urgent Safety Measures must be reported to the TGA within 72 hours of the sponsor becoming aware of the issue. All other significant safety issues must be notified within 15 calendar days, while Other Safety Issues (OSIs) require notification within 30 days after completing the Australian risk assessment.

Does the QPPVA in Australia need to be medically qualified?

Medical qualification is not mandatory for the QPPVA role in Australia, but the TGA strongly recommends that the QPPVA has access to a medically qualified person for clinical assessments. Ideally, this medical expert should reside in Australia and hold local medical registration to ensure relevant clinical judgment for evaluating adverse reactions and benefit-risk balance in the Australian context.

What documents should be prepared for a TGA pharmacovigilance inspection?

Essential documents include an up-to-date Pharmacovigilance System Master File (PSMF), current SOPs and work instructions, training matrices for all PV staff, CAPA logs with open and closed actions, audit schedules and reports, quality assurance documentation, organizational charts defining roles and responsibilities, and evidence of previous inspection findings resolution. All documentation should be readily accessible and demonstrate continuous system oversight.

How does the TGA prioritize which sponsors to inspect for pharmacovigilance?

The TGA uses a risk-based approach combining information from a biennial Pharmacovigilance Inspection Program Risk Assessment Survey with other risk intelligence to prioritize inspections. Factors include product portfolio complexity, Schedule 4/8 medicines, recent acquisitions, safety concerns, regulatory history, and compliance with reporting obligations. Sponsors who fail to complete the survey are assigned the highest risk score, resulting in higher inspection priority.

What are critical deficiencies in TGA pharmacovigilance inspections?

Critical deficiencies are system failures posing immediate risk to patient safety or representing serious regulatory non-compliance. The TGA has most frequently observed critical deficiencies in collection and collation of adverse reactions, reporting adverse reactions within required timeframes, ongoing safety management of significant safety issues, and failures in Australian pharmacovigilance contact person/QPPVA responsibilities. Critical deficiencies require immediate corrective action and detailed CAPA plans.

Must the Australian pharmacovigilance contact person reside in Australia?

Yes, the Australian pharmacovigilance contact person (A-PVCP) and QPPVA must both reside in Australia, and any nominated deputy must also be based locally. This residency requirement ensures accountability, accessibility to the TGA, and appropriate oversight of the Australian pharmacovigilance system. This role cannot be managed remotely from overseas or consolidated under an EU-QPPV position.

How should I choose a pharmacovigilance audit consultant in Australia?

When selecting a pharmacovigilance consultant in Australia, prioritize experience with TGA requirements, proven track record in PVIP preparation, and Australian-based local expertise. Evaluate quality, compliance standards, efficiency, cultural alignment, responsiveness to specific needs, and ability to provide services including mock audits, gap analysis, inspection-readiness assessments, QPPVA support, and CAPA implementation. Ensure the consultant demonstrates proactive approaches and comprehensive understanding of both Australian and global regulatory frameworks.

Pharmacovigilance Audits in Australia

At GxpVigilance, we conduct expert pharmacovigilance (PV) system audits across Australia to help sponsors and MAHs strengthen compliance with TGA expectations and maintain inspection readiness. Our audits are designed to assess the effectiveness of your PV quality management system, confirm regulatory reporting capability, and identify practical opportunities to improve oversight, documentation, and end-to-end safety processes.

Whether you require a full PV system audit, a targeted audit of key processes (e.g., case management, signal management, significant safety issues, or reference safety information), or a readiness assessment ahead of a TGA Pharmacovigilance Inspection Program (PVIP) inspection, we provide clear findings, risk-based recommendations, and actionable CAPA support to help you close gaps efficiently.

Our approach is professional, collaborative, and aligned to both Australian and global pharmacovigilance frameworks—ensuring your organisation remains compliant, confident, and audit-ready.

Contact GxpVigilance for more information

References

  1. European Medicines Agency (EMA). (2015). Guideline on good pharmacovigilance practices (GVP): Module IV—Pharmacovigilance audits (Rev 1). 
  2. Therapeutic Goods Administration (TGA). (2024). Pharmacovigilance responsibilities of medicine sponsors: Australian recommendations and requirements. 
  3. Therapeutic Goods Administration (TGA). (2024). Understanding our pharmacovigilance inspection program (PVIP) for medicines. 
  4. International Council for Harmonisation (ICH). (2025). ICH E6(R3) Good Clinical Practice. 
  5. U.S. Food and Drug Administration (FDA). (n.d.). 21 CFR Part 11
  6. QPPVA & Pharmacovigilance Roles in Australia (2025 Guide) – GxP Vigilance, 2025
    Australian-specific guidance on pharmacovigilance contact person requirements, residency obligations, and TGA expectations.

Disclaimer

This article is provided for educational and informational purposes only. It is intended to support general understanding of regulatory concepts and good practice and does not constitute legal, regulatory, or professional advice.

Regulatory requirements, inspection expectations, and system obligations may vary based on jurisdiction, study design, technology, and organisational context. As such, the information presented here should not be relied upon as a substitute for project-specific assessment, validation, or regulatory decision-making.

For guidance tailored to your organisation, systems, or clinical programme, we recommend speaking directly with us or engaging another suitably qualified subject matter expert (SME) to assess your specific needs and risk profile.

You May Also Like

QPPVA and pharmacovigilance roles in Australia — specialist reviewing safety reports in a modern office
Pharmacovigilance
QPPVA and Pharmacovigilance Roles in Australia (2025 Guide)
Professional pharmacovigilance contact person smiling at desk while reviewing AI-assisted safety data on a laptop, symbolising confident human oversight in regulatory compliance.
Pharmacovigilance
AI in Pharmacovigilance 2025: Regulatory Readiness & Roadmap