Norwegian version of this page

Procedure 7: Internal control and audit in health science research

Version 3, approved by the University Director 01/02/2022

Medical and health research:  Research activity carried out using scientific methodology to acquire new knowledge about health and diseases.

Internal control:

  • is the tool used to ensure sound conduct of medical and health research
  • is about working systematically to ensure that UiO acts in accordance with laws and regulations that apply for the activity while ensuring aimed and efficient operation and reliable reporting

1. Purpose

The purpose of this procedure is to describe UiO's system for ensuring that the institution plans, organizes, conducts, maintains and reports its medical and health research in compliance with current regulatory requirements, and for handling internal and external audits of the system.

2. Scope

This procedure applies to the quality assurance system for medical and health research that is subject to the Health Research Act, and the legislation governing clinical trials of medicinal products and investigation of medical devices.

3. Responsibility

The University Board c/o the Rector

  • has overall responsibility for, and for the management of, the activities of the institution, and monitoring those activities

The University Director

  • is responsible for ensuring that UiO has a system for complying with the Health Research Act and other regulations, including privacy protection, and the legislation governing clinical trials of medicinal products and investigation of medical devices.

Department Director, Department of Research and Innovation Administration

  • is responsible for the establishment, availability and maintenance of the system
  • is responsible for initiating routine upgrades of the system
  • is responsible for implementing other necessary upgrades on the basis of input and information from employees
  • has a special responsibility for keeping abreast of relevant legislation

IT Director

  • is responsible for the follow-up and control of the work on privacy protection and the processing of personal data in research
  • is responsible for implementing procedures for and the processing of personal data in research
  • is the point of contact for Sikt (formerly NSD) as a service provider
  • is responsible for the Information Security Management systems

The person who has in writing been delegated responsibility for research or representative of the sponsor (see Procedure descriptions 1, 3 and 4)

is responsible for:

  • establishing and maintaining procedures specific to individual units
  • ensuring that unit staff are familiar with the quality assurance system and what it entails 
  • follow up that the projects are implemented in accordance to the Quality assurance system
  • notifying the dean of the individual faculty, the director of museums or centres under the University Board and Chief Auditor, when notification is received of external audits.

Chief Auditor

  • is responsible for planning, conducting, reporting and following up internal audits
  • shall ensure the overview over external audits

The individual member of staff

  • is responsible for observing procedures and in other respects meeting the requirements of the quality assurance system
  • is responsible for reporting needs for changes in the quality assurance system to the Director of Research Administration
  • is responsible for notifying his immediate superior at once on receiving information about external audits
  • is responsible for preparing and following up internal audits
  • is responsible for taking part as needed in external audit

Data protection officer

  • should give advice as to how the data controller (see University Director) can best safeguard the privacy protection interests of employees and research participants

4. Internal control system

UiO's quality assurance system for ensuring compliance with the Health Research Act is separate from the rest of UiO's quality assurance system, but is linked to UiO's IT security, privacy protection and archiving systems and its external financing procedures.

4.1. Contents of the system

An overview of UiO's quality assurance system for medical and health research is provided in Appendix 7.1 Overview of UiO's quality assurance system (in Norwegian). The individual documents in the system can be updated independently of one another provided that the consistency of the individual documents is preserved.

4.2. Maintenance of quality assurance system, routine

The quality assurance system shall have a routine review and upgrade at least every three years. Updated documents must be circulated widely for comments before approval and implementation. The documents must be circulated for comment at faculty level.

4.3. As-needed maintenance of the quality assurance system

Upgrading of the whole or parts of the quality assurance system may be necessary as a result of changes in legislation, changes in UiO's organisational or staff structure, or changes in the practical handling of projects. Any need for such changes must be reported to the Director of Research Administration. Updated documents must be circulated for comments in relevant parts of the organisation before approval and implementation.

4.4. Availability and archiving

The current version of the documents in the quality assurance system should be made available electronically to all users. Paper versions of current and previously applicable documents are to be archived by the Department of Research and Innovation Administration.

5. Audits

An audit is a review of the whole or parts of the quality assurance system. The review may be purely an audit of the system, or it may be linked to an audit of one or more research projects.

5.1 Internal audits

Internal audits are conducted in accordance with instructions approved by the University Board and currently applicable procedures and practice by the Internal Audit Unit on the basis of international standards and ethical rules by IIA. Advance notification will normally be given of internal audits, and preparations shall be made in accordance with the specifications in the notification of audit. The manager of the unit being audited should be available during the audit. The project manager must be available during audits of individual projects. An internal audit may be part of the preparations for an external audit (inspection) by the supervisory authority.

5.2 External audits (inspections)

External audits pursuant to the Health Research Act may be performed by the Norwegian Board of Health and the Norwegian Data Protection Authority. Projects that involve administration of medicinal products to humans and/or the use of medical devices may be subject to inspection by the The Norwegian Medical Products Agency.

Written or verbal information about an upcoming inspection shall be immediately conveyed to the dean, museum director or the director of a centre subject to the University Board and to the Chief Auditor (Auditing Director). Presence and parts to be played during the audit are to be decided by UiO's Chief Auditor (Auditing Director) jointly with the University Director.

6. Legal basis

  • LOV 2008-06-20 no. 44 Medical Research Act
  • FOR-2009-07-01-955 Regulations on Organisation of Medical Research
  • LOV 1992-12-04 no. 132 Act on medicinal products etc. (the Medicinal Products Act)
  • FOR-2009-10-30-1321 Regulation relating to clinical trials on medicinal products for human use
  • LOV-1995-01-12-6 Medical Devices Act
  • FOR 2005-12-15 nr 1690 Medical Devices Regulations
  • LOV -2018-06-15-38 Act on the Processing of Personal Data
  • LOV-2003-12-05-100 Biotechnology Act

7. Appendices

Published July 19, 2022 9:49 PM - Last modified Apr. 26, 2024 12:31 PM
E-mail this page