The University of Texas Southwestern Medical Center Institutional Review Board Oversight Audit. Internal Audit Report 14:07

Similar documents
The University of Texas Southwestern Medical Center Park Cities Clinic Operational Audit Internal Audit Report 16:18

Texas Administrative Code 202 Compliance Audit

Revenue Cycle: Patient Account Adjustments and Follow-up Audit

Decentralized Computing Audit

Clinical Trials Billing Audit Internal Audit Report 18:02

University Hospitals Building and Fixed Equipment Maintenance Audit

Data Security Audit Non-Employees

Willed Body Program Audit

Office for Technology Development Audit

Office of Internal Audit. The University of Texas Southwestern Medical Center Business Continuity/Disaster Recovery. Internal Audit Report 16:32

UC DAVIS OFFICE OF RESEARCH AAHRPP Preparation UC Davis Human Research Part III Investigator Manual. Cindy Gates IRB Administration

THE UNIVERSITY OF TEXAS AT DALLAS OFFICE OF INTERNAL AUDIT 800 W. CAMPBELL RD. SPN 32, RICHARDSON, TX PHONE FAX

Title: IRB Purpose, Principles and Responsibilities Page: 1 of 5

2013 Metrics on Human Research Protection Program Performance

The University of Texas at Tyler. Contract Administration Audit

Effective Date: October 8, 2015 Policy Number: MHC_RP0301. Corporate Director, HRPP Institutional Official, HRPP

Human Research Protection Program Policy

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

THE UNIVERSITY OF TEXAS AT DALLAS OFFICE OF INTERNAL AUDIT 800 W. CAMPBELL RD. SPN 32, RICHARDSON, TX PHONE FAX

UNIVERSITY OF TENNESSEE GRADUATE SCHOOL OF MEDICINE INSTITUTIONAL REVIEW BOARD CONFLICTS OF INTEREST

AUDIT COMMITTEE CHARTER

2010 Joint Chairmen s Report. UMB Progress to Address Audit Findings. (R30B/R75T), pages 133/ Release of Restricted Funds

Anheuser-Busch Companies, Inc. Audit Committee Charter

UNIVERSITY OF TENNESSEE GRADUATE SCHOOL OF MEDICINE INSTITUTIONAL REVIEW BOARD CONFLICTS OF INTEREST

Quality Assurance QA STANDARD OPERATING PROCEDURE FOR FDA or Pharmaceutical Sponsored Audits

Human Research Protection Program. Plan

Sponsor-Investigator Responsibilities In Clinical Trials

VCU Faculty Held IND and IDE Procedure Handbook

RESEARCH PERFORMANCE SITES AND COLLABORATIVE OFF-SITE RESEARCH

Human Research Protection Program. Plan

UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT AND ADVISORY SERVICES. School of Dentistry Health Sciences Compensation Plan Project #16-013

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

The University of Texas at Tyler. Procurement and Travel Card Audit

AUDIT COMMITTEE CHARTER DATED AS OF AUGUST 5, 2010

Human Subjects Protection Program Plan

Office of Internal Audit 800 W. Campbell Rd. SPN 32, Richardson, TX Phone Fax January 23, 2017

The University of Texas at San Antonio. Internal Audit Annual Report For Fiscal Year As required by the Texas Internal Auditing Act

REQUEST FOR FINAL ACTION AUDIT OVERSIGHT AUDIT OF DISTRIBUTOR COMPLIANCE GROUP

Investigator Manual. Human Subjects Protection Program

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

Developing a Written Reliance Agreement with a Central IRB

Defining research compliance Protocol review committees Conflicts of interest Export Controls

irobot Corporation Audit Committee Charter I. General Statement of Purpose

Internal Audit Charter

HUMAN RESEARCH PROTECTION PROGRAM PLAN

GW Policy on Human Research Protection Program

ELEMENTS OF A DATA MONITORING PLAN

Trends in Oversight of Human Research Protections?

THE UNIVERSITY OF TEXAS AT DALLAS

CARIBBEAN BASIN ECONOMIC RECOVERY ACT & CARIBBEAN BASIN TRADE PARTNERSHIP ACT TECHNICAL INFORMATION FOR PRE-ASSESSMENT SURVEY (TIPS)

PROTOCOL-SPECIFIC DOCUMENT

Bank Account Creation, Management, and Oversight at University of Wisconsin-Stevens Point. Office of Internal Audit

Quality Assurance and Improvement Program (QAIP)

Office of Internal Audit

Effective Date: April 2014 Revision: September 29, 2017

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

Human Research Audit Program. Gabrielle Gaspard, MPH, CCRC Assistant Director, Human Research Compliance

GENERALIZED SYSTEM OF PREFERENCES TECHNICAL INFORMATION FOR PRE-ASSESSMENT SURVEY (TIPS)

AUDIT COMMITTEE CHARTER

Audit Committee Charter

Audit Committee Charter

CATERPILLAR INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS (adopted by the Board of Directors on February 11, 2015)

ARATANA THERAPEUTICS, INC. CORPORATE GOVERNANCE GUIDELINES

ADMINISTRATIVE INTERNAL AUDIT Board of Trustees Approval: 03/10/2004 CHAPTER 1 Date of Last Cabinet Review: 04/07/2017 POLICY 3.

UNIVERSITY OF CALIFORNIA, DAVIS INTERNAL AUDIT SERVICES. Subrecipient Monitoring Project # April 2013

External IRB Review What Does it Mean for Your Institution

PPG INDUSTRIES, INC. AUDIT COMMITTEE CHARTER

NEVRO CORP. CORPORATE GOVERNANCE GUIDELINES. (Adopted October 9, 2014)

Audit Committee Charter

Human Research Protection Program Policy

ARMSTRONG WORLD INDUSTRIES, INC. AUDIT COMMITTEE CHARTER

GAP INC. AUDIT AND FINANCE COMMITTEE CHARTER February 23, 2016

Department of Biology

1 The Clinical Research Coordinator (CRC)... 1

Advocate Health Care Network. Human Research Protection Program. Plan

Human Research Protection Program Compliance Plan

Institutional Review - Protection of Human Subjects

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

OFFICERS ROLES, RESPONSIBILITIES, SKILLS AND SELECTION GUIDE

GTT COMMUNICATIONS, INC. AUDIT COMMITTEE CHARTER

GARMIN LTD. Audit Committee Charter. (Amended and Restated as of July 25, 2014)

F5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

COI V September Draft. USC Conflict of Interest Disclosure System (COIDS) System Requirements V1.0 (Draft)

Human Research Protection Program Plan

DATATRAK INTERNATIONAL, INC. AUDIT COMMITTEE CHARTER. (As Adopted on April 20, 2004)

OBSERVATIONS, RECOMMENDATIONS, AND RESPONSES

COLGATE-PALMOLIVE COMPANY AUDIT COMMITTEE CHARTER

RECRUITING OF AND ADVERTISING FOR SUBJECTS

MANDATE OF THE CONDUCT REVIEW, GOVERNANCE & HUMAN RESOURCE COMMITTEE

Investigator Manual Revised August 19, 2013

Internal Audit Charter

MARKEY CANCER CENTER STANDARD OPERATING PROCEDURES. SOP No.: MCC Type: Final

INFRAREIT, INC. Corporate Governance Guidelines

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

EMPLOYEE TUITION ASSISTANCE PLAN AUDIT JULY 25, 2014

SUBJECT: INSTITUTIONAL REVIEW BOARD (IRB) - HUMANITARIAN USE DEVICES

Audit Committee Charter Amended September 3, Tyco International plc

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Transcription:

Office of Internal Audit The University of Texas Southwestern Medical Center Institutional Review Board Oversight Audit Internal Audit Report 14:07 November 17, 2014

Table of Contents I. Executive Summary 3 Background/Scope and Objectives 3 Conclusion 4 II. Detailed Observations and Action Plans Matrix 6 III. Appendices 10 Appendix A Risk Classifications and Definitions 10 Appendix B IRB Data 11 Page 2 of 11

Executive Summary Background The Institutional Review Board (IRB) is the administrative body established to protect the rights and welfare of human research subjects. All research projects conducted by faculty, students, or employees of UT Southwestern Medical Center (Medical Center), which involve living humans or identifiable data about living humans, require prior review and approval by the IRB. The Medical Center has four multipurpose boards (IRBs). Each IRB consists of physicians, scientists, non-scientists, and community members who serve to protect the rights and safety of human research subjects in accordance with U.S. Department of Health and Human Services (HHS) (45 CFR 46), and U.S. Food and Drug Administration (FDA) (21 CFR 50 and 21 CFR 56) regulations. Medical Center policy defines the jurisdiction of the IRB. In accordance with the Federalwide Assurance (FWA) on file with the U.S. Department of Health and Human Services, the IRB reviews and approves research involving human subjects conducted at the Medical Center and the following institutions: Children's Medical Center Parkland Health & Hospital System Texas Scottish Rite Hospital for Children The Retina Foundation of the Southwest The IRB staff within the Research Protection Office of the Medical Center coordinates IRB activities. Staff responsibilities include regulatory filings, membership orientation, training, scheduling of IRB meetings, and maintenance of the studies within the eirb System database. The eirb System is the official record of the research studies. All supporting documentation, approvals, board meetings, board decisions and status of the studies are documented and maintained in eirb. Depending on the level of risk identified for the submitted study, the IRB will conduct a full board study review or expedited review. The IRB also will perform exempt reviews to confirm a study meets the regulatory criteria for exempt status. Each of the four boards meets twice per month. See Appendix B for statistics on the volume of IRB activities and approved studies during the scope period of the audit. Scope and Objectives The Medical Center Office of Internal Audit has completed its IRB Oversight audit. This is a risk based audit and part of the fiscal year 2014 Audit Plan. The audit scope period included activities of the IRB from September 1, 2013 to July 31, 2014. The review included operations from the assignment of IRB members up to and including the study approval process. Post-approval IRB operations were not included in the scope of this review. Audit procedures included interviews with stakeholders, review of policies and procedures and other documentation, substantive testing, and data analytics. We conducted our examination according to guidelines set forth by the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing. Fieldwork was initiated, performed, and completed during September and October 2014 and consisted of the following primary objectives: IRB operations are compliant with federal regulations and Medical Center policies regarding protection of human subjects. IRB membership is appropriate based on federal regulation requirements for diversity and qualifications. New study decisions are made based on complete and relevant documentation, and sufficient review by appropriate levels of authority. Page 3 of 11

Executive Summary All submission fees due to the IRB are invoiced and accurately accounted for. Appropriate system controls are in place. Conclusion Overall, processes and controls for the IRB oversight were in place and operating effectively. We did not identify any significant observations (i.e. high or medium/high). No observations represented a violation of regulatory requirements. Specific strengths include: IRB operations were well documented and compliant with federal regulations. There was sufficient documentation to support the decisions and actions of the IRB. The membership demographics of each IRB met the regulatory requirements for diversity and qualifications. Study decisions were supported by evidence of sufficient review by appropriate levels of authority. Included in the table below is a summary of the observations noted, along with the respective disposition of these observations within the Medical Center internal audit risk definition and classification process. See Appendix A for Risk Rating Classifications and Definitions. High (0) Medium/High (0) Medium (1) Low (3) Total (4) The key improvement opportunity risk-ranked as medium is summarized below. IRB Membership Administration Onboarding and off-boarding processes for IRB membership changes need improvement. New member training and documentation requirements were not consistently tracked to ensure completion. Additionally, system access privileges were not removed for prior members of the IRB. Management has plans to address the issues identified in the report and in some cases have already implemented corrective actions. These responses, along with additional details for the key improvement opportunity listed above and other lower risk observations are listed in the Detailed Observations and Action Plans Matrix (Matrix) section of this report. We would like to take the opportunity to thank the departments and individuals included in this audit for the courtesies extended to us and for their cooperation during our review. Sincerely, Valla Wilson, Assistant Vice President for Internal Audit Page 4 of 11

Executive Summary Audit Team: Angeliki Marko, Senior Internal Auditor Kelly Iske, Manager of Internal Audit John Maurer, Senior IT Auditor Jeff Kromer, IT Manager of Internal Audit Tim LaChiusa, Assistant Director of Internal Audit Valla Wilson, Assistant Vice President for Internal Audit Page 5 of 11

Detailed Observations and Action Plans Matrix Observation Recommendation Management Response Risk Rating: Medium 1. Membership Administration Onboarding and off-boarding processes for IRB membership changes need improvement. Onboarding - IRB staff is responsible for ensuring newly appointed IRB members obtain all orientation materials and complete orientation requirements (e.g. training) before participating in IRB activities. Based on a review of all 14 new members added to the IRB in fiscal 2014, we identified the following: While a process was in place to track required training for Medical Center employee IRB members, a process was not in place to track required training for external community members. Testing identified one new IRB community member had not completed required Conflict of Interest training. One new IRB member did not have a signed member agreement on file. New IRB member appointments by the President of the Medical Center were not formally documented as described within the Institutional Review Board Written Procedures. Off-boarding - IRB staff must also ensure each new IRB Chair or member is granted the appropriate level of access to the eirb system. However, procedures were not in place to remove assigned system access for individuals who were no longer on the IRB. System records indicated 11 former members who still had active IRB Chair or IRB Member access. 1. Collaborate with the identified IRB member who had not completed the required Conflict of Interest Training to ensure completion. 2. Establish formal onboarding and off boarding checklists to ensure all required steps are completed for IRB membership changes. 3. Collaborate with the President s Office and determine the appropriate communications, authorizations and retention necessary for the appointment of new Chairs and members to the IRB. 4. Establish a process to review eirb system access reports on a periodic basis in order to identify and correct inappropriate access. 5. Update the written procedures to reflect the revised processes, as necessary. Management Action Plans: 1. The IRB Manager has contacted the volunteer IRB community member to request that he complete the COI training by the end of November. 2. All of the identified former IRB members have had their IRB member access removed in the eirb system. 3. As part of the AAHRPP accreditation process, we are currently revising and enhancing the IRB Member onboarding and off-boarding processes. The revisions and enhancements will include development of the following: Specific training requirements for the community members that are more relevant to their role with the IRB. An onboarding and off-boarding checklist for IRB staff to utilize. Standard operating procedures (SOP) with the President s office in regards to IRB member appointments. Procedures to review eirb system access reports on a periodic basis. 4. Procedures will be updated as necessary to reflect the new processes. Action Plan Owners: Director, Research Protections Target Completion Dates: 1. November 30, 2014 2. Complete Page 6 of 11

Detailed Observations and Action Plans Matrix Observation Recommendation Management Response 3. Revisions/enhancements developed by December 31, 2014 and implemented by March 1, 2015. 4. March 1, 2015 Risk Rating: Low 2. eirb System Access Security access controls need to be strengthened. Testing revealed 10 users were granted the IRB Staff role to view private IRB documents. However, this role also granted approval privileges not required for their job duties. Testing confirmed that all study approvals recorded in the eirb system during fiscal year 2014 were performed only by authorized individuals working within the IRB office. Also, history reports and audit trails exist in the eirb system that would likely detect inappropriate approvals by non IRB staff. However, prudent system controls restrict system access to privileges only those required for specific job duties. 1. Establish a role in the eirb system that will allow read only access to private IRB documents, which can be assigned to those individuals who require this access for monitoring purposes. 2. Once a read only access is available, reassign non IRB staff who had been assigned the IRB Staff level privileges to the new roll. Grant IRB Staff level privileges only to individuals who have actual approval authority. Management Action Plans: 1. Functionality has been added to an existing read-only role in eirb (Research Administration role) that provides read only access to IRB documents for monitoring purposes only. 2. All non IRB staff has been reassigned to the Research Administration role. Only IRB office staff will be granted the IRB staff privileges moving forward. Action Plan Owners: Director, Research Protections Sr. Manager, Academic Information Systems Target Completion Dates: 1. Complete 2. Complete Page 7 of 11

Detailed Observations and Action Plans Matrix Observation Recommendation Management Response Risk Rating: Low 3. IRB Fees Procedures are not in place to ensure sponsors are billed for all studies submitted to the IRB for review. For studies that are submitted by for-profit industry sponsors, the IRB is entitled to charge the sponsors IRB submission fees of $1000 for expedited reviews and $3000 for full board reviews. Currently these fees are invoiced only after the contract is executed and a sub ledger account is created for an approved study. We identified one approved expedited study that was withdrawn after the IRB review. The IRB submission fees, though earned, were not invoiced because procedures were not in place to invoice IRB fees for withdrawn projects. However, because the number of withdrawn studies is low (3 to 5 per year) the potential lost revenue is not material. Establish procedures to identify and invoice the for-profit industry sponsors for eligible IRB submission fees, including for those studies withdrawn after IRB reviews. Management Action Plan: The Office for Clinical Research Facilitation will draft and implement standard operating procedures (SOPs) for invoicing industry sponsors for IRB fees. Sample SOPs have been reviewed and a draft procedure is underway. Draft will be completed by November 30, 2014 and revised procedure will be implemented by December 31, 2014. Action Plan Owners: Vice President for Research Administration Director of Office for Clinical Research Facilitation Target Completion Date: December 31, 2014 Page 8 of 11

Detailed Observations and Action Plans Matrix Observation Recommendation Management Response Risk Rating: Low 4. IRB Written Procedures Institutional Review Board Written Procedures have been in place since 2012, but there is no evidence of formal approval. Written procedures are specifically required by Health and Human Services and Food and Drug Administration IRB regulations, and are subject to outside review. Without evidence of management approval, procedures may not be consistent with management's understanding and expectations. Ensure management approval of the IRB written procedures is documented after all updates to the procedures have been finalized. Management Action Plans: We are in the process of reviewing, revising and developing SOPs as part of the AAHRPP accreditation process. We have adopted a new SOP template which includes an effective date, review and revision and revision history. All SOPs will be approved by the VP, Research Administration. Action Plan Owners: Director, Research Protections Target Completion Dates: December 31, 2014 Page 9 of 11

Appendix A Risk Classifications and Definitions As you review each observation within the Detailed Observations and Action Plans Matrix of this report, please note that we have included a color-coded depiction as to the perceived degree of risk represented by each of the observations identified during our review. The following chart is intended to provide information with respect to the applicable definitions and terms utilized as part of our risk ranking process: Degree of Risk and Priority of Action Risk Definition - The degree of risk that exists based upon the identified deficiency combined with the subsequent priority of action to be undertaken by management. High Medium/High Medium Low The degree of risk is unacceptable and either does or could pose a significant level of exposure to the organization. As such, immediate action is required by management in order to address the noted concern and reduce risks to the organization. The degree of risk is substantially undesirable and either does or could pose a moderate to significant level of exposure to the organization. As such, prompt action by management is essential in order to address the noted concern and reduce risks to the organization. The degree of risk is undesirable and either does or could pose a moderate level of exposure to the organization. As such, action is needed by management in order to address the noted concern and reduce risks to a more desirable level. The degree of risk appears reasonable; however, opportunities exist to further reduce risks through improvement of existing policies, procedures, and/or operations. As such, action should be taken by management to address the noted concern and reduce risks to the organization. It is important to note that considerable professional judgment is required in determining the overall ratings presented on the subsequent pages of this report. Accordingly, others could evaluate the results differently and draw different conclusions. It is also important to note that this report provides management with information about the condition of risks and internal controls at one point in time. Future changes in environmental factors and actions by personnel may significantly and adversely impact these risks and controls in ways that this report did not and cannot anticipate. Page 10 of 11

Appendix B IRB Data Figure 1: IRB Study Volumes FY 2014 New Study Continuing Review Modification Reportable Event 1426 930 2382 5668 Figure 2: Studies Approved by Type During Audit Scope. Total Studies Approved=769 Full Board Studies with higher than minimum risk reviewed by the whole board Expedited Studies with less than minimum risk reviewed by the Board Chair or Vice Chair Relying on a non UT Southwestern IRB (e.g. CIRB approved or other UT Component IRB) Exempt Reviews to confirm a study meets the regulatory criteria for exempt status (no human research risk) 2% 1% 43% 54% Page 11 of 11

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback