Once planning is complete, it’s time to execute the actual CSV audit. Here are some tips for conducting rigorous, value-adding CSV audits:
Discuss in-depth with stakeholders like system owners, quality managers, and end users. This provides insights into how systems are used and any issues.
Thoroughly review all validation documents, change controls, previous audit reports, etc. Confirm that documentation is complete, current, and compliant.
Verify System Configurations
Check that actual system configurations match documented configs. Review interfaces, data flows, permissions, access controls, and workflows.
Observe Operational Processes
Witness live system processes like data backup, batch processing, and archiving. Compare to SOPs and ensure alignment.
Trace Data Lifecycle
Follow a data element through its complete lifecycle. Validate integrity and security from origination through processing, transmission, and storage.
Select Representative Sampling
Use risk-based sampling to selectively test elements like user requirements, test scripts, data records, and system functions.
Document Detailed Findings
Record complete, well-evidenced details for each finding, including observations, relevant screenshots or logs, applicable regulations, and severity.
By following these tips during audit execution, auditors can unearth more insightful findings and better evaluate true system compliance and data integrity. Later we’ll discuss how to categorise and report findings.