AICA in the Quality Department: How to Actually Use it Day to Day
Where our AI-powered auditing tool fits in the everyday work of a Quality team.
AICA, the Audit Intelligence Compliance Assistance, is a patent-pending AI-powered compliance auditing tool we launched this year that analyzes all of your QMS documentation at machine speed.
It eliminates the sampling and blind spots common with fully manual document reviews. Upload your documents and get results the same day. If you’re new to AICA, learn more about it at aica.thefdagroup.com. Get a personalized demo here, or watch our intro below.
A lot of teams getting in touch with us about AICA are asking about how to actually integrate it into everyday operations. We run through it in every demo, but we wanted to take a minute to explain it in detail.
Let’s back up and start with some context: Just about every Quality department runs on a quiet, largely unsolved problem:
There are more procedures than anyone can read closely, they change faster than anyone can track, and all of them are supposed to align with a body of regulation that does not forgive gaps.
Very few teams have the headcount and hours to read every SOP against every applicable requirement, so review gets sampled. People check what they can, trust that the rest holds, and find out otherwise when an auditor, a customer, or an inspector reads the one procedure nobody got to.
That gap between what a Quality team is responsible for and what it can actually review is the space AICA was built to fill. To understand how, we talked with two consultants who helped develop it: Neal Siegel, a senior auditor with decades of QMS experience, and Mohammed Yousffi, a former FDA investigator who spent most of his time on the project training the system.
They explained what the tool does, what it does not, and how a Quality team should actually use it.
One job, done well
Start with what AICA does, because the honest version is narrower and more useful than the marketing version. We covered this in more depth here:
In short though, AICA reads a procedure against the regulation and judges whether the procedure contains what the regulation requires. That is the whole job. Neal puts it plainly:
“AICA looks at a regulation and says, ‘here are the things you should be doing.’ Then it takes your procedure and answers a single question: are the steps to meet those requirements actually written down? That’s the work. It’s not a checklist. It’s a contextual comparison between what the regulation requires and what your document says.”
The gaps it finds are often the quiet ones. Neal described a site where he asked the Quality team about their record retention period. Everyone knew it was five years. The managers, the QA staff, the CEO when he walked past. The number just was not in the procedure anymore. It had been dropped in a revision, and nobody noticed, because everyone already knew the practice. Harmless that time, but the same mechanism, a required element quietly missing from the document, is exactly what an inspector finds and what AICA is built to catch first.
Why it’s not just ChatGPT pointed at an SOP
The obvious question from anyone who has used a general AI tool is what makes this different. The answer is the part Mohammed spent his time on, and it is the reason the tool is worth trusting.
A general model, handed a regulation and a procedure, flags everything that looks like a gap. Many of those flags are wrong! Mohammed, Neal, and several other auditors fed AICA real procedures from companies they had audited and corrected its instincts, case by case, until it stopped raising things that did not matter.
His example is the one to hold onto here:
"There might be a requirement to have a QC lab, but you don't need to write that into a procedure. You can walk over and see that it's there. We taught the system: as long as the physical utility is there and you can verify it, that does not have to be in the document."
A raw model does not know this! An auditor does! That difference, multiplied across hundreds of real documents, is what keeps AICA from burying a reviewer in false positives. As Mohammed put it, "that sharpening is the uniqueness of it. A general model relies on hearsay. This was verified by people who actually use the regulation and write observations." The judgment of an experienced auditor is part of what got built into the tool, not left entirely to the person reading the output.
How to use it day to day
This is where the idea comes down out of the sky and into the department. Mohammed laid out four uses, and they move from a one-time check to something woven through the week, month, etc.
1. Start with a baseline
The first pass with AICA is diagnostic. Run your current procedures through the tool to see where the gaps are, then decide what to fix and in what order.
“The first thing I’d do is use it to see where my deficiencies are, so I know what to realign to. It is the use most people picture, and it is actually the smallest of the four.”
2. Then make it continuous
This is where it stops being a project and becomes part of the work. Procedures never hold still. Mohammed worked at a company with a vault of roughly 3,000 SOPs that revised close to 300 of them a month. At that pace, something slips past human review, not through carelessness but through volume.
"From a human perspective, we are always going to miss something. You're updating that many procedures a month. This is the double check."
Used this way, AICA runs against the regulation continuously and flags what has been addressed, what has not, and what looks risky enough to revisit. It becomes a standing check on a system that is always moving. Neal frames the same habit from the quality-culture side: a manager who runs it regularly reads the report not as fires to put out but as a running list of improvements, which is the evidence of an active, functioning quality program that an inspector wants to see.
3. Build your risk register before an inspection
The third use is preparation. The tool surfaces gaps, and the team turns them into a self-identified risk register with a plan attached. Mohammed is careful about what that is:
"You're not handing this to the regulator. But you have an internal plan you can take to management. We self-identified these. Here is the three-to-five-year plan, here is the stopgap until the funding comes."
Neal draws the same line. The report is an internal tool, not a document you give an investigator. Its value in preparation is that it lets a company show, with a documented plan, that it found its own problems and is working them.
If a gap surfaces during an inspection, the answer is already in hand: we know, here is the plan, management is aware, here is the interim control. That posture is worth far more than a clean-looking binder.
4. Sharpen your audits (internal or supplier!)
The fourth use is the one Mohammed knows best, because it’s his job. When he audits a supplier or conducts an internal audit, he is on-site for a day and has to cover six or seven systems. There is never enough time to read everything.
If he can get the procedures in advance, he runs them through the tool first. AICA sorts what it finds into confirmed, unconfirmed, and potential observations. He filters to the confirmed list, validates each with his own judgment, and walks in with a focused line of questioning.
"Say they give me the calibration procedure. Some of these run 10 to 50 pages, with an umbrella procedure and one for every piece of equipment. I run it through, it tells me where the gaps are, and that becomes my line of questioning on site."
The heat map does the triage here (example below). Instead of reading fifty pages at the same depth, he spends his limited hours where the report shows the most red.
This is the same move Neal described from the audit-prep side: walking in able to say, “here are the six procedures I want to look at out of everything you gave me.” The slow part happens before anyone is in the room, so the time on site goes to the questions only a person can ask.
Where the human stays essential
A tool that found everything and judged it correctly would not need a reviewer. AICA is not that tool (nor do we want it to be), and both consultants are direct about it.
One reason why we’re adamant that humans be kept in the loop is that AICA only sees what you give it. If you don’t upload a procedure, AICA will report it as missing, which is true of what it was handed, but possibly false about your quality system. As Neal puts it, absence in the report does not mean absence from the QMS. The tool is built to ask the reviewer to confirm rather than to declare a non-conformance outright.
Also, it reads documents, not records. It’s not opening batch records, deviation files, or CAPA histories, so it cannot tell you whether a procedure is actually being followed. That question stays with a person (where it should at least for now).
AICA obviously can’t walk the floor, either. An equipment or facility issue that an investigator would see on site is outside what a document review can reach.
And it’s not perfect, which Mohammed says plainly. The output is a strong, fast first pass that a qualified person then screens, validates, and prioritizes. The tool screens and challenges. The expert decides. That division is the design, not a shortcoming, and it is the reason the results hold up.
Where it earns its keep
AICA pays off most where the work is heaviest. Neal’s point is that the value compounds in large, multi-site operations, where the same procedures repeat across departments and a traditional review pulls senior people off their jobs for a week. Cut that to a few days and surface the worst procedures first, and you give back real time on every audit cycle.
Mohammed’s point is that the reach is broad: because the regulation covers the whole operation, every department governed by a procedure can use it, from facilities and equipment to production to the lab.
The piece that was missing, which AICA now fills
Step back, and the shape of the value here is clear: For years, a Quality team had two ways to check procedures against the regulation. People could read them, slowly, a sample at a time, with results that varied by who did the reading.
Or a general AI tool could read them quickly and return a pile of flags too unreliable to act on. Neither covered the actual need, which was a fast, consistent first pass across everything, grounded in how an auditor actually reads.
That first pass is what AICA adds. It doesn’t replace the Quality team, it does not review records, and it does not solve compliance.
What it does is take the one layer that was always too large to do by hand, the line-by-line comparison of every procedure against the regulation, and do it at machine speed with auditor judgment built in, so the experts can spend their time where judgment is the work.
For a Quality department that has spent years sampling what it could and trusting the rest to hold, that is the missing piece.
This article draws on conversations with Neal Siegel, a senior quality consultant, and Mohammed Yousffi, a former FDA investigator and GxP compliance consultant, both of whom contributed to AICA's development. Quotes are lightly edited for readability.
Read our other AICA articles:
Eric Boyd Introduces the Latest Version of AICA in 3 Minutes
AICA's Security Architecture: What Your IT Team Needs to Know
AICA is Officially Live — Here's Everything You Need to Know
Have questions or want to get a demo?
Want to see whether AICA fits your team? Visit aica.thefdagroup.com to learn more and get in touch. We’re onboarding teams to the tool right now.
