The final version of EMA’s Module IV, regarding Pharmacovigilance Audits, came into effect 13 December 2012. There were several relevant changes to the draft version and we have listed them below:

IV.B.2. It is no longer stipulated that the risk assessment for the strategic, tactical and operational planning should be performed by the auditors.
IV.B.2.1. It is further clarified that ‘third parties’ includes, for example, contract organisations and other vendors.
IV.B.2.1. The list of examples of risk factors is no longer recommended for the strategic audit planning, but is proposed as a more general list which can be used broadly.

IV.B.2.1. The inclusion of all possible audits that could be performed and an assessment of risk, resources and training needs into the audit strategy has been replaced by “a list of audits that could reasonably be performed”.
IV.B.2.2. It has been added that ‘changes to the audit program may happen and will require proper documentation’.
IV.B.2.2. The tactical audit program should now be approved by upper management (as with the strategic plan) and no longer by the head of the organisation. It is worth noting here that later in the module, senior management is also allocated important tasks in the resolution of audit findings (IV.B.2.4.andIV.B.3.1.1.).
IV.B.2.3. A sentence was added in this section stating that the organisation should ensure that audits are conducted in accordance with the written procedures “in line with this GVP Module”.
IV.B.2.3.2. The paragraphs on recommendations for the grading system for findings have all been removed in the descriptions of what constitutes a critical, major and minor finding. (the use of ‘recommendation’ in other sections of this Module and Module III has been taken out).
IV.B.2.3.2. The word “serious” was removed before  the sentence: ”Issues that need to be urgently addressed should be communicated in an expedited manner to the auditee’s management and the senior management”.
IV.B.2.4. The first two paragraphs were rewritten and have become more clear in their meaning. The section on independency and objectivity of audit work and auditors (IV.B.3.1.1.) has been reworded to some extent. Examples have been provided as to how the quality of audit activities can be evaluated (IV.B.3.1.3.).
A new paragraph on retention of audit reports was added (IV.B.3.3.). The title of IV.C. was changed from “Operation of the EU network” to “PV audit policy framework’’ and organisational structure’.
IV.C.2.1. This section was reworded and is now more consistent with GVP Module II and the Implementing Regulation.

Link to the Module: http://www.ema.europa.eu/docs/en_GB/document_library/Scientific_guideline/2012/12/WC500136233.pdf