Baker Tilly
Contact us
Team discusses Internal Audit for Life Science Companies

Internal Audit for Life Science Companies

Helping address the unique risks to life sciences companies, including commercial, medical, safety, quality, regulatory, and government pricing and contracting activities.

Internal Audit for Life Science Companies

Comprehensive internal audit planning

Life sciences companies face pressures and challenges that are unique from other industries. Almost every aspect of the business – from the safety and quality of commercial and sales, to manufacturing and development – is affected by the driving forces of fear, uncertainty and doubt that arise from:

  • Complex regulatory and compliance requirements
  • Emerging risks that are hard to identify, isolate and measure
  • Varying expectations from health plans, healthcare providers and regulators
  • Specialty markets that have increased patient needs and complex barriers to access

Implementing a comprehensive internal audit plan can help alleviate these anxieties and concerns that affect management’s decision-making skills, and most notably, strengthen the internal controls necessary to allow life sciences companies to meet their strategic objectives and goals.

Internal audit approach and methodology

Connect with our teamarrowCreated with Sketch.

Baker Tilly’s life sciences and internal audit professionals can help support your organization’s goals and objectives by addressing the unique risks associated with companies in the life sciences industry. Our team of Value Architects™ are able to help identify current and emerging risks now, so that we can help minimize tomorrow’s fears, uncertainties and doubts. By moving past a checklist or one-size-fits-all approach, our team is able to develop a customized solution tailored to your organization’s unique situation, needs and resource capabilities.

Our internal audit approach commonly encompasses three phases:

Internal Audit Engagement Methodology

Phase one

Phase one is about understanding your organization’s objectives, culture, administration, and strategy to provide a strategic and structured view of risks within your organization, as well as the interdependencies between risks at multiple levels.

Phase two

Phase two involves developing or refining the needed audit activities to address risks and provide a link between the proposed audits and high priority risks to ensure that the audit activities are clear, understood and relevant. At the onset of each audit, we assess your objectives, significant processes, applicable systems and most relevant risks to define a scope for the audit activities.

Phase three

Phase three entails a disciplined approach to executing audits to confirm that audit objectives are achieved on time and in budget. At the completion of the project, we work with your organization’s management team to finalize observations and create a report inclusive of significant audit findings, recommendations and implementation timelines. A follow-up on audit findings may be performed when the applicable function is audited again as a part of the normal audit plan or when, corrective actions are performed.

Internal audit key areas of focus

Connect with our teamarrowCreated with Sketch.

Internal audit must extend past financial controls to include internal control evaluations and design in order to address key risks that are unique to life sciences companies, specifically commercial; medical; safety, quality, and regulatory; and government pricing and contracting activities.

Due to the broad and often decentralized nature of commercial activities, it is key to include audits that cover internal controls to ensure that key stakeholders within the commercial organization are following the company code of conduct and policies, as well as relevant regulations.

The inclusion of such topics and subsequent strengthening of internal controls can help to alleviate the risk overload of commercial leadership and management, allowing these individuals to focus on strategic business objectives instead. The outcomes of these audits can also help provide feedback to stakeholders of what management is expecting of them.

Commercial internal audit activity areas include:

  • Sales activities
  • Account management and strategic customer interactions
  • HUB and specialty pharmacy operations
  • Patient support and copay programs
  • Managed care marketing programs and other fee-for-service activities
  • Third party distributors and vendor operations
  • External funding

The medical function of the organization is focused on generating and disseminating evidence around the product or innovation. Lately, these innovations tend to serve small, competitive patient segments. Nonetheless, it is crucial to audit the internal controls in place to ensure that product information is fair and balanced to patient populations or advocacy groups. The outcomes of these audits can also help provide feedback to stakeholders of what management is expecting of them and to allow management to focus on strategic objectives as well.

Medical internal audit activity areas include:

  • Medical information
  • Research collaborations and investigator-sponsored research
  • Medical education and global philanthropy funding requests
  • Patient advocacy

Safety and quality reporting requirements are constantly changing, and given the complex nature of the data these reports are derived from and the importance of collecting all signals, it is necessary to have strong internal controls. Auditing these activities will allow for not only greater compliance with regulatory bodies, but will also allow for greater understanding of the process and data flows. The latter tends to be a heavy burden on management, but with stronger internal controls, this can free up time for upper management and allow lower level employees to take on greater responsibilities in this area.

Safety, quality and regulatory internal audit activity areas include:

  • Product safety signal detection
  • Global early/expanded access programs
  • Quality management systems (QMS)

With high scrutiny from various government agencies, companies must evaluate their standard operating procedures (SOPs) and policies, product acquisitions and how data is handled for inclusion in their pricing calculations.  Methodologies and reasonable assumptions should also be reviewed to ensure they are kept up with the changing regulations and companies’ business models.

Government pricing and contracting internal audit activities include:

  • Governance, including SOPs and policies, committee oversight of new activities and review of government pricing calculations, government contract management and maintenance, and governance over contract membership and domain data
  • Data, including data reconciliation and domain files coverage of relevant business activities
  • Reporting and contracting, including definition of appropriate methodologies, storage of relevant data in accordance with three year and 10 year rules and FSS contracting, review and certification of products, prices and modifications by appropriate company officer, and pricing reporting using defined methodology

Ready to connect about internal audit?

Contact us nowarrowCreated with Sketch.

It is imperative for life sciences organizations to monitor the recent enforcement actions of the Department of Justice and the Department of Health and Human Services Office of Inspector General in order to understand current focuses and applications of relevant regulations. The internal audit plan should be guided by such focus areas.