profile

The HaiQu Newsletter

How do you audit a regulated data processing spreadsheet? Part 1: Before I even open it.

Published almost 2 years ago • 1 min read

When you're confronted with a spreadsheet full of data, how do you audit it? where do you start? What kind of things should you be looking for?

Let's say I'm seeing a data processing spreadsheet template for the first time. Before I even open up the spreadsheet, I want to ask a few questions:

  • What exactly am I looking at? Is it the spreadsheet file itself, or a printouts / PDF images of the spreadsheet? If it's an image, is it the complete record?
  • What's the use case for this spreadsheet? What kind of data are we processing? Does it directly affect the safety of a patient, quality of a product, or study data?
  • Does it come from an approved template, or is it a one-off designed around this particular data set?
  • How is the file controlled? Which version am I looking at? Can I tell if it's from the latest approved release?
  • Where did the data come from? Is any of it direct entry of original inputs?
  • Is it transcribed, imported, cut/pasted, or is that part uncontrolled?
  • Were the users trained on filling this spreadsheet with data?
  • Do I have access to the input data?
  • Is there an SOP or instructions governing the use of the spreadsheet?

Until next time, thanks for reading!

– Brendan

p.s. Enjoy this message? Read more at the Hyland Quality Systems website.

The HaiQu Newsletter

I'm Brendan Hyland. I help regulated facilities transform their software, spreadsheets, workflows and documents from time-consuming, deviation-invoking, regulatory burdens, to the competitive advantage they were meant to be. Join me every week as we take a few minutes to explore, design, test and improve the critical systems we use in our facilities.

Read more from The HaiQu Newsletter
A cartoon image of a spreadsheet monster

Sometimes what was meant as a quick fix ends up growing into a hungry monster. The trouble is, the bigger it grows, the harder it is to walk away. Each workaround you add makes it more capable, more embedded in your process, and the ‘proper’ solution feels increasingly out of reach. But at what cost? Was this email forwarded to you? Subscribe Here! A few years ago I was working with a startup in a newly regulated industry. We had a strict requirement to report our inventory - raw ingredients,...

23 days ago • 2 min read

I’ve seen this pattern repeatedly: Instrument data is saved as an Excel or CSV. Data is then copied to a bare-bones spreadsheet with several columns of calculations or transformations. Results from the spreadsheet’s calculations are copied for use further down the data analysis pipeline. And I, the auditor, get handed a signed and dated pdf of the worksheet. Was this email forwarded to you? Subscribe Here! Why yes, M. Inspector, this spreadsheet was validated! Ok, they are rarely this bad - I...

2 months ago • 1 min read
The Spreadsheet Risk Reduction Guide

Calling quality people everywhere! I've just released something I think you'll find useful. Over the past 20 years working in regulated environments, I've seen the same spreadsheet problems show up again and again: A quick Excel tool gets built to solve an immediate need. It works. Gets "validated" with a few hand calculations. Then gets reused and modified for different datasets or slightly different purposes. Eventually - sometimes months or years later - someone discovers an error. Or an...

2 months ago • 1 min read