To steal a line from the Hitchhiker's Guide: Don't Panic!
Here's what I would suggest you do.
Step 1: Admit you have a problem. I would write this up as a Corrective Action.
Step 2: Analyze the situation. You need to establish some basis for either doing a validation or not (risk based). This shouldn't be an ad-hoc approach. I would recommend a Validation Master Plan that describes how you assess risk / validation needs. You should also do an inventory of software used and determine (as part of the CA) if anything else should be addressed.
Step 3: Plan. Presuming your assessment leads you down the validation path, you'll need something to validate against. You don't (necessarily) need to validate the entire system. Document your "How We Use" requirements and use that as the basis for validation. (Bear in mind that validation is more than just verifying your requirements are met - you need to also show control of the software). Obviously all your customizations need to be tested.
Step 4: Reflect. Since you have a (long) history of using this, you're effectively doing a retrospective validation. Assess all the data gathered / managed to date and determine if there is any chance that there could be quality issues based on your validation results. For example, if you find a bug in the software during the testing, you'd need to determine if that could have led you to make erroneous decisions.
Step 5: Maintain. As noted above, validation is more than just testing. You need all the controls in place to ensure the software remains in a validated state after changes (which could be to the underlying software libraries, the OS, etc.).
If you're in a state of emergency, I would probably recommend you bring in some outside expertise to guide you through the process. If the audit is impending, you'll likely get a hit but if you already show you're taking action to correct the situation (and have a good handle on a systemic correction), it might soften the blow.
