Procurement Auditor Q&A

Top 20 Most Likely Questions — NSF/ANSI 455-2 & 21 CFR 111

This document provides standardized responses to the most frequently asked Procurement-related audit questions. It is intended for training and audit readiness only and does not replace SOPs.

Scope: Procurement (PROC) Process Family
Standards: NSF/ANSI 455-2, 21 CFR Part 111

TOP 20 AUDITOR QUESTIONS & SNL RESPONSES

1. How do you ensure suppliers are qualified before use?
Suppliers are qualified using a Quality-led, risk-based process. Qualification requirements are determined by material type, intended use, and risk. Only suppliers approved by Quality and listed on the ASL may be used.
2. Who has final authority to approve suppliers?
Final supplier approval authority resides with the Quality Unit. Procurement and Sourcing support the process but do not approve suppliers.
3. How do you prevent purchasing from using unapproved suppliers?
Purchasing verifies supplier status against the current ASL prior to issuing purchase orders. If a supplier is not approved, purchasing is stopped and escalated to Quality.
4. What is the difference between sourcing and purchasing?
Sourcing identifies and evaluates potential suppliers and initiates qualification. Purchasing executes orders only with suppliers that are already approved.
5. How is supplier risk determined?
Supplier risk is assessed based on material criticality, regulatory impact, supplier location, intended use, and historical performance. Risk level determines qualification depth.
6. Are international suppliers handled differently?
International suppliers follow the same qualification framework with additional risk considerations applied where appropriate.
7. How do you ensure ongoing supplier compliance?
Suppliers are subject to ongoing monitoring, requalification as needed, and Quality review based on performance, risk, and changes.
8. How do you control the Approved Supplier List?
The ASL is owned and maintained by Quality. Changes require Quality review and approval. Procurement may not modify supplier status.
9. What happens if a supplier’s approval expires?
Purchasing is halted for that supplier until requalification is completed and Quality approval is restored.
10. What checks occur before issuing a purchase order?
Purchasing verifies supplier approval, confirms correct specifications and revisions, and ensures documentation expectations are defined.
11. Does receipt of material mean it is accepted?
No. Receipt does not constitute Quality acceptance. Materials are subject to Quality review, testing, and disposition.
12. How are supplier specifications controlled?
Supplier specifications are controlled through document control processes. Changes are reviewed and approved by Quality prior to implementation.
13. How do you handle emergency or expedited purchases?
Emergency purchases still require Quality involvement. Supplier approval and quality requirements are not bypassed due to urgency.
14. How do you ensure segregation of duties in procurement?
Sourcing, purchasing, and supplier approval are performed by separate roles. Quality maintains independent approval authority.
15. How do you control supplier documentation?
Supplier documentation is maintained in controlled systems in accordance with document control and record retention requirements.
16. What happens if supplier documentation is missing or incomplete?
The issue is escalated to Quality. Material may be placed on hold or rejected until documentation requirements are met.
17. How are supplier changes managed?
Supplier changes are evaluated through change control and risk assessment. Quality approval is required before changes are implemented.
18. How do you train procurement personnel?
Personnel are trained on applicable SOPs, role responsibilities, and GMP expectations. Training is documented and maintained.
19. How do you demonstrate procurement compliance during an audit?
Compliance is demonstrated through controlled SOPs, supplier qualification records, ASL status, purchasing records, and Quality oversight documentation.
20. What are the most common procurement risks you manage?
Key risks include unapproved suppliers, inadequate qualification, specification drift, missing documentation, and bypassing Quality controls. These are managed through defined roles, approval gates, and oversight.
Training Reminder:
Answer auditor questions clearly, factually, and consistently. Focus on controls, Quality oversight, and risk-based decision making. Avoid speculation or procedural detail unless requested.