APIC Audit Step by Step

 GMP audit can be initiated by but is not limited to:

  • Pharmaceutical companies that manufacture either medicinal products for human use or veterinary medicinal products in order to fulfill their obligations according to Directives 2001/83/EC and 2001/82/EC as amended. The following flow chart describes the steps from the initial contact with the company (auditee) to the finalisation of the audit report.

Before placement of an order by an interested customer the API Compliance Institute will have preliminary talks on the following topics, among others: Scope of the audit, steps of the audit process, expected time inputs and expected costs, etc. Provided the customer signed a contract with the API Compliance Institute the order is considered awarded and the further steps can be followed. 

For gaining initial information about the company (auditee) and to effectively plan the Audit, a pre-Audit questionnaire will be sent to the company (auditee) in advance. After return of the completed questionnaire to the API Compliance Institute, auditors will be selected upon the information given in the questionnaire. The questionnaire will also be handed on to the selected auditors for their preparation. The company (auditee) will appoint a contact person (audit representative) responsible for the handling of the audit.

In general, the APIC Compliance Institute will select one or two certified auditors from their register. The company (auditee) will be notified of the names of the auditors. The company (auditee) is entitled to reject the appointed auditors, but will be asked to explain the reasons for rejecting the auditor. In these cases new auditors are going to be selected.

Before the audit the company (auditee) will receive an audit plan from the auditors, detailing the major topics of the audit and a tentative schedule. Immediately after the audit all major observations and remaining questions will be discussed and clarified during the final wrap up. If, for any reason, a re-audit of follow-up audit deems to be necessary, the date for the re-(follow-up) audit as well as the selection of the auditors will be set by the API Compliance Institute. An additional order is required.

At the latest, within a period of 3 weeks after the audit, the company (auditee) will receive a draft audit report. The audit report will include a management summary as well as a detailed list of observations. The company (auditee) may respond to the observations, proposing corrective actions, responsibilities and time frames. The final audit report is being released by APIC before sending it to the company (auditee). The company (auditee) will receive the original audit report for use without limitations.


The basic audit report is valid for three years. Prior to the expiration, a new audit for the renewal of the validity can be carried out at the company’s (auditee’s) site. 
As the APIC Audit Programme is a worldwide third party auditing programme, the audits will be conducted in English and the Audit Report will be written in English.