REGCOMP003 – Regulatory Compliance – Auditing of Research Studies


Auditing of Research Studies

No./Title: Auditing of Research Studies

Resp. Office: Institutional

Review Board

Effective Date: 01/12/2007

Category: Institutional Review Board (IRB)

Last Review: 04/13/2021

Next Review: 04/13/2022

Contact: Institutional Review Board (IRB)

 901.448.4824


    To document the policy and procedures used by the University of Tennessee Health Science Center Institutional Review Board regarding the auditing of IRB-approved studies.
  2. SCOPE

    This SOP applies to the IRB administrative staff, IRB members, IRB compliance auditing staff, and investigators.

    Personnel responsible:

    IRB Compliance Advisor, Director, section chair, administrative staff and IRB members.

Under federal regulations for the protection of human subjects, IRBs must maintain written procedures for ensuring prompt reporting of any unanticipated problems involving risks to subjects or others, or any serious and continuing noncompliance with federal regulations or local IRB policies and procedures. In addition, the regulations require IRBs to conduct continuing review of previously approved research, and specifically authorize IRBs to observe or have a third party observe the consent process and the research as part of the continuing review process.

One component of the IRB’s compliance oversight activities involves auditing of previously approved studies. The process of compliance auditing is meant to accomplish several important purposes. First, it is intended to assure that human subjects are properly protected, and that the procedures used to accomplish this goal are carefully documented. Second, the auditing process is intended to assist investigators in complying with the current regulatory standards for protecting human subjects and in avoiding any external sanctions that may result from non- compliance with regulatory requirements. Finally, the process is intended to assure that the University and affiliated institutions remain in good standing with federal agencies having oversight of human subjects research activities, as well as federal entities and non- governmental institutions that provide financial support for the conduct of research.

The purpose of this policy is to provide written guidance on operational requirements for compliance auditing activities.

In accordance with:

For studies approved under the revised Common Rule:

45 CFR 46.108(a)(4); 45 CFR 46.109(a); 45 CFR 46.109(e); 45 CFR 46.111(a)(6); 45 CFR 46.113;


For studies approved under the Pre-2018 Common Rule: 45 CFR 46.103(b)(5); and

For FDA-regulated studies:

21 CFR 56.108(b); 21 CFR 56.109(f); 21 CFR 56.111(a)(6)

Institutional Review Boards Frequently Asked Questions – Information Sheet

Compliance with this policy also requires compliance with state or local laws or regulations that provide additional protections for human subjects.


General Authority

    1. The UTHSC IRB has the authority to review at any time all research records and materials including, but not limited to: informed consent documents; regulatory files; IRB files; subjects’ research and medical records, including the results of procedures and tests performed during the course of the research; arrangements for the storage of investigational articles (including drugs, devices, or biologics) and specimens; and protections for the security of paper and electronic research records, as well as for the transmission of data and specimens to other sites.
    2. Research compliance auditing staff also have the authority to observe the informed consent process and the conduct of the research, and to interview subjects either during or after their participation in research activities.

Categories of Audits & Notification

    1. There are five primary types of audits that may be conducted by the UTHSC IRB at the request of the IRB Director or Associate Director:
      1. Random/Routine: The IRB Compliance Advisor randomly selects a previously approved research study for routine audit.
      2. For-cause: This review is performed when concerns regarding regulatory compliance, protocol adherence, or subject safety are brought to the attention of the IRB, including:
        1. Any report of suspected non-compliance;
        2. Research terminated by the IRB due to failure of the investigator to submit the study for continuing review or failure to respond to a request for information from the IRB;
        3. Questions regarding the accuracy of continuing review reports;
        4. Studies reporting a large number of unanticipated problems, including adverse events and/or protocol deviations; or
        5. Studies designated as high risk by the Board.
      3. Training: This audit is intended to support new researchers or researchers who initiate projects without external monetary support. The training audit is generally performed shortly after the project receives initial IRB approval and provides instruction on procedures for assuring optimal regulatory compliance.
      4. Investigator-Initiated: An investigator or research coordinator may request an on-site review to assist in keeping records and procedures in compliance with federal regulations and institutional policies or to prepare for an external audit by a sponsor or federal agency.
      5. Informed Consent: This audit is intended to support researchers in conducting the informed consent process. It may include observational assessment of consent interviews, evaluation of the training provided to key study personnel obtaining informed consent, review of the completeness of the process of documenting informed consent, and/or review of manner in which informed consent documents are stored.
    2. Prior to initiation of an audit, the investigator will be notified by the IRB Compliance Advisor or designee via project correspondence in iMedRIS and/or email regarding the type of audit planned.
    3. The correspondence will instruct the principal investigator (PI) to submit a completed Pre-Audit Form via iMedRIS within two weeks of the request for an audit. However, if the audit is for-cause, the form must be submitted within one week.
    4. Failure to submit a completed Pre-Audit Form within the requested time frame will result in a second correspondence request copied to the chair of the department and/or to research administration at the hospital/institution.

Elements of the Audit Review

    1. Before the scheduled audit, the IRB Compliance Advisor will review the IRB study file and all documentation related to the study including, but not limited to, the following items:
      1. Pre-Audit Form submitted by the investigator to the IRB via iMedRIS;
      2. IRB Form 1 Application;
      3. Grant application (if applicable);
      4. Sponsor protocol (if applicable);
      5. Investigator’s brochure(s) and/or package inserts;
      6. Consent form(s);
      7. Continuation application(s);
      8. Amendment/revision request(s);
      9. DMSB/annual report(s);
      10. Advertising/recruitment materials;
      11. Adverse events and unanticipated problems;
      12. Protocol deviation(s);
      13. iMedRIS correspondence;
      14. Documents submitted for IRB review;
      15. IRB minutes, and
      16. publications related to the IRB-approved study (as appropriate).
    2. A pre-audit interview may be conducted with the investigator or other key research personnel to document the delegation of authority related to the following activities:
      1. Regulatory affairs/IRB submissions;
      2. Obtaining of informed consent;
      3. Recruitment of study participants;
      4. Reporting of adverse events/protocol deviations;
      5. Reporting of injury or other unforeseen events to the IRB/sponsor;
      6. Maintaining study documentation/CRFs;
      7. Test article accountability;
      8. Monitoring by the sponsor/CRO; and
      9. Verification of continuing review reports.
    3. During the audit, the investigator or designee will:
      1. Provide the IRB Compliance Advisor with the study files;
      2. Make available the use of a quiet space for the IRB Compliance Advisor to review the study files;
      3. Provide a list of all study participants to the auditor;
        1. If the number of subjects enrolled is large, the auditor will select a percentage of the subject population to be audited. Otherwise, all records will be reviewed;
        2. In the case of a for-cause audit, the IRB may undertake an audit of the records of all study participants; and
      4. The principal investigator or designee who is familiar with the study must be available during the audit to address questions of the IRB Compliance Advisor.
    4. The audit may involve numerous components including, but not limited to:
      1. Comprehensive review of IRB records, investigator study records (paper and electronic), and medical/dental records of subjects;
      2. Review of records of individual subjects to determine whether:
        1. Subjects met the inclusion/exclusion criteria;
        2. Study-related procedures are performed according to the IRB application and/or protocol, and are completed according to the study timeline;
        3. Data are recorded and stored securely as described in the IRB application and consent form(s);
        4. Adverse events and protocol deviations have been reported according to institutional policy;
        5. Payments were made to subjects as described in the IRB application and consent form(s); and
        6. Subject ID numbers are assigned according to protocol and/or IRB application.
      3. Monitoring of ongoing research to ensure adherence of study procedures as described in the most recently approved version of the IRB application, study protocol, and informed consent document;
      4. Interviews with investigators, staff, and/or subjects;
      5. Inventory of specimens and review of associated collection, documentation and storage procedures;
      6. Review of study medication or device accounting and storage;
      7. Review of computer hardware and/or software associated with the research; and
      8. Surveying key study personnel to determine the training needs of the research team.
    5. The UTHSC IRB audit form will be used and may be amended by the auditor to capture all required information necessary for the audit. This audit form will be uploaded to the Audit submission in iMedRIS.
    6. The IRB may engage any outside consultant or expert as necessary to conduct or assist in the audit.

Report of Audit Findings and Follow Up

    1. A report of the audit findings will be prepared and submitted to the IRB Director or Associate Director for review and action. The report will provide a summary of the findings, including the identification of areas which need improvement and recommendations regarding necessary corrective actions.
    2. When minor deficiencies in compliance with regulatory and/or local IRB policies and procedures are identified, the principal investigator will be asked to implement appropriate corrective actions. A copy of the audit report and a letter outlining the basis of the findings, requests for further explanations, corrective action plans, and/or study revisions will be sent to the principal investigator, study contact(s), and research administrative specialist (if appropriate) via iMedRIS. The response of the principal investigator will be reviewed by the IRB Compliance Advisor in consultation with the IRB Director or Associate Director to determine whether all outstanding issues have been addressed. Further communication may occur as necessary until all issues are resolved.
    3. If audit findings indicate serious or continuing non-compliance with federal regulations and/or local IRB policies, the audit report will be reviewed at the next meeting of the full Board and the Board will determine whether suspension or termination of the study is warranted.
    4. When problems are identified meriting suspension of a study, potential corrective actions that the Board may endorse include, but are not limited to, any of the following:
      1. Requiring changes in study procedures or the informed consent process or disclosure;
      2. Directing the investigator to destroy or surrender data and/or specimens gathered from previously accrued subjects;
      3. Requiring more frequent continuing review of the study;
      4. Scheduling follow-up audits of the research study;
      5. Requiring that the research activity and/or informed consent process be monitored by an individual designated by the IRB;
      6. Requiring that the investigator inform previously accrued subjects regarding the identified elements of noncompliance; and
      7. Auditing, suspension or termination of other research studies conducted by the PI.
    5. If the Board determines that the study should be suspended or terminated, then the following individuals will be notified in writing within 48 hours of the Board’s determination: PI, UTHSC department chair and/or division chief, sponsor, UTHSC Vice Chancellor for Research (the Signatory Official named in UTHSC’s Federalwide Assurance held with OHRP), and appropriate officials of the institution in which the research is being conducted, as well as the appropriate federal department or agency head and OHRP when the research is conducted or supported by any federal agency that has adopted the Common Rule, and/or the Food and Drug Administration (FDA) when the research is FDA-regulated. The basis for the suspension or termination will be clearly delineated in these communications.

The principal investigator may appeal the IRB’s decision regarding corrective actions, or suspension or termination of a study. Appeals will only be considered if a written request is submitted to the IRB Director within ten business days after formal notification of the PI regarding the action of the IRB. In the correspondence, the PI should identify the action that he or she wishes to appeal, and must explain clearly and completely the basis for the appeal. The IRB Director will confer with the appropriate section chair to determine whether the appeal warrants further consideration. If so, the appeal will be considered at the next meeting of the section of the Board that approved the original action being appealed. At the discretion of the IRB Director, the PI may be granted the opportunity to make a presentation to the Board regarding the issue. However, the presence of a personal attorney representing the PI will not be permitted. See IRB SOP: Appeal of IRB Decisions.

    1. Copies of audit reports and correspondence will be filed in the appropriate electronic study files in iMedRIS, as well as in the IRB Compliance Advisor’s electronic files. In addition, copies can be located in the Audit submission, which will be placed on the electronic meeting agenda and sent electronically to Board members before the Board meeting each applicable week when the agenda is finalized.

REGCOMP003 – Regulatory Compliance – Auditing of Research Studies
Version: // Effective: 01/12/2007
PDF icon Downloadable PDF