Re-establish Credibility following Unfavorable External Audit Observations

In the Quality Assurance (QA), Quality Improvement (QI), and Regulatory Compliance (RC) world, there exists a mantra that reminds of a constant preparation for an audit. In fact, most QA, QI, and RC departments have such preparations as the primary goal of their quality and compliance program implementation.

While the extent and degree of a constant preparation for external audits lie with individual quality assurance and compliance departments, there is a "back end" (i.e. audit response component) to external audits that lies not with the quality and compliance departments but with the requirements of external regulators. This "back end" goes beyond constant preparation to include a more systematic self assessment and realignment. It occurs when an audit results in an unfavorable finding or observation by external regulators.

An external audit, whether it is a quality, regulatory, or systemic audit, is an examination and evaluation conducted by an outside reviewer such as a government agency or other independent auditors to determine whether quality and regulatory compliance activities and their results comply with established regulations or planned arrangements; and whether implementation is effective and suitable to achieve objectives.

Knowledge of how to respond and provide systemic resolution to “issues” from an external audit cannot be overstated regardless of whether the audit of your programs and services results in favorable or unfavorable audit findings.

In the organization's constant preparation for audit, the QA, QI, and RC department must always ensure that quality is built into their processes. Auditors are looking for current implementation of programs alongside how the organization develops and implements any corrective actions to audit observations. The organization's actions before, during, and after the audit can shed light on the organization's level of compliance.


Whatever you do, don't panic. Understand the Audit Findings and Citations.

  1. Take note of the auditor's feedback during and after the audit.

  2. Understand and evaluate the context of the audit findings.

  3. Solicit inputs from personnel involved with the audit.

  4. Solicit feedback from the auditors during "exit conference."




The "Exit Conference" is the closing meeting at the end of an audit. The auditor meets with the organization's representatives to provide feedback on observations during the course of the audit as well as provide pertinent information including timeline regarding the final audit reports. The manner in which the organization approaches the exit meeting can have critical ramifications on the final results and overall relationship with the auditing body.

Before attending the exit conference, consider the following:

Decide in advance how the organization is going to approach the meeting.
Have the appropriate personnel in attendance.
Will the organization's representatives be competitive whereby they question every observation and attempt to get them removed?
Will the organization be all welcoming and accepting every observation even erroneous ones?
Who in the organization will comment on the observations?
Will the organization debate or disagree with valid observations?

A good approach is where the head of quality or regulatory compliance:

  • Hosts the audit and moderates the meeting.

  • Reviews each item with the auditor to effectively understand what they are citing. Guessing or speculating on the auditors' findings will affect the quality of response to the auditors' concerns.

  • Comments if errors are present. Asks for clarification, because like every human, auditors do make mistakes too.

  • If corrections have already being made – decides if he/she will indicate that fact here.

  • Discusses true points of contention, but doesn’t argue directly with the auditors. Note: (1) It is not best practise to argue every point or even a large percentage of them; (2) Be cautious in committing to anything during the exit meeting. The auditor is taking notes and will indicate that the firm “committed” to a particular action or time frame.   


Things to keep in mind while the organization crafts its response to audit findings:

  • Don't give an auditor the "run around" for corrective actions or a cause to conduct extensive follow-up. To avoid this, ensure clarity and details in your response so as to not create a cause for further information request, a new review, and so on.

  • Adhere to a policy to immediately respond to critical deficiencies noted. Remember: This is the organization chance to re-establish credibility with the auditor and those to whom the organization's reputation m