Institutional Review Board

POLICY

An IRB administrator or IRB designee may perform routine and for-cause audits using systematic methods to evaluate compliance with federal regulations, state and local laws, and University of Utah policies and procedures, and to verify that research is conducted in accordance with the IRB-approved protocols.

The objective of a routine IRB audit is to ensure proper documentation, record keeping, data analysis, and adherence to applicable Federal regulations and IRB policy in order to monitor, measure, and improve the effectiveness of the human research protection program. The audit assesses the study conduct procedure, identifies errors and omissions, and is a means to provide the investigator with recommendations for corrections and improvements in order to protect the rights and welfare of research participants.

In this policy, an IRB designee refers to a person designated in writing by the IRB Chair to assume the role of an ad-hoc auditor. The IRB may also accept audits conducted by the Research Compliance Officer at the VA.

PROCEDURES

1. Procedures for Initiating a Routine Audit
   1. The IRB administrator or designee selects an Investigator or study for a routine audit based on criteria which includes, but is not limited to, the following:
      • Studies involving procedures that are greater than minimal risk to subjects
      • Studies involving vulnerable populations
      • Investigator-Initiated drug/device studies
      • Investigators conducting a large number of studies
      • Studies approved using expedited procedures that are not subject to continuing review
   2. The IRB administrator or designee contacts the Investigator and establishes a time and place for the audit to take place. The IRB administrator informs the Investigator which documents are necessary for the audit. The Investigator must make such documents available at the time of the audit. Any other materials the IRB administrator deems necessary to accurately understand the research process under investigation shall be made available by the Investigator upon request.
2. Procedure for Initiating a For-Cause Audit
   1. The convened IRB, IRB Chair, Subcommittee, or IRB Director may direct the IRB administrator or designee to conduct an audit in response to a particular concern. Concerns which may prompt a for-cause audit include, but are not limited to, the following:
      • Complaints or concerns made by a research participant, family member of the research participant, research team member, or an employee of the University or the covered entity.
      • Reports of audits or monitoring conducted by other committees affiliated with the HRPP, federal agencies, data and safety monitoring committees, or other agencies involved in the conduct of a study.
      • Issues of non-compliance.
   2. The IRB administrator or designee contacts the Investigator and establishes a time and place for the audit to take place. The IRB administrator informs the investigator which documents are necessary for the audit. The Investigator must make such documents available at the time of the audit. Any other materials the IRB administrator deems necessary to accurately understand the research process under investigation shall be made available by the Investigator upon request.
3. Procedure for Conducting an Audit
   1. Using the University of Utah IRB auditing worksheets and the investigator self-assessment checklist (if completed), the IRB administrator reviews some or all of the aspects of the research records. These checklists become part of the final written report.
4. Procedures for Completing an Audit
   1. After an audit, the Investigator is informed of the result of the review in a written report from the IRB administrator or designee. The written report is also sent to the IRB Chair, IRB Director, and other Institutional Officials and other units within the University or the covered entity as appropriate.
   2. If the audit does not identify any problems, no action is taken.
   3. If the audit identifies problems or deficiencies, the IRB administrator includes appropriate corrective actions in the written report. The Investigator is expected to respond or comply with the corrective actions in a time frame determined by the IRB administrator. The IRB administrator is responsible for reviewing these corrective actions and follows up with the Investigator to ensure these corrective actions are completed. The IRB administrator may accept confirmation of completion for the corrective actions through a statement from the Investigator, other documentation from the Investigator, or a follow-up audit.
   4. If the corrective actions are not completed, the IRB administrator may recommend to the convened IRB that a suspension be considered for the study that was audited or for the studies that an Investigator is conducting, according to the procedures in SOP 904 (Administrative Hold, Suspension and Termination of Approved Research).
   5. If the audit identifies non-compliance, such as lack of oversight, deliberate falsification or omission, failure to comply with the requirements and determinations of the IRB, significant protocol violations, or deviations or frequent occurrences of such, the IRB follows SOP 903 (Human Research Protection Program and Non-Compliance). The IRB may request additional corrective actions as per this policy.
   6. If the audit identifies a problem that might be an unanticipated problem involving risks to participants or others the IRB follows SOP 901 (Unanticipated Problems Involving Risks to Participants or Others). The IRB may request additional corrective actions as per this policy.