Internal auditor

training programme

On

ISO 22000:2005
(FOOD SAFETY MANAGEMENT SYSTEM)
 SESSION-1

 About the course

To know Audit Methodology
And
To develop Auditing skills
 The Course training directors/ tutors can
accept No responsibility for any
delegates possessions and/or property.
 You are advised to ensure that your
personal possessions and property are
kept in safe place at all times.
 Fire Exits !?!-If the course really hots up.
 Facilities – Wash Room
 This is a non smoking venue.
 Courtesy (mobile phones, etc.) –
Mobile to be switched off during the
course. Requested to use the mobile
during lunch and tea breaks only.
 Stipulated time for tea and lunch
breaks.
 COURSE MATERIAL
 Course Notes
 Work Book (for Exercises)
 ISO 22000:2005 Standard
 Model question paper
 Training feedback form
Course structure
Lectures and discussion
Exercises- to consolidate lectures:
 Examine ISO 22000:2005

 Audit planning

 Audit process

 Verbal audit presentation

 Examining the system

Please supplement the course manual by

taking notes-you are provided with
space alongside the presentations
Course structure
Case studies
 Document review

 Preparation of audit check list

 Audit reporting-written and verbal

 Role play
Course Objectives
UPON SUCCESSFUL COMPLETION OF
THIS COURSE YOU WILL:
 Be able to prepare for, report on,

carry out and follow up an

assessment or audit.
 Have achieved the means to

access and improve your own

organizations systems.
Course Plan

Planning Audits

Collecting and
Conducting Audits
Verifying evidence

Non-Conformities Objective Evidence

(NCR/ Checklist) (Checklist)
Course Plan

Preparing audit summary

Report preparation Preparing audit conclusions

Documenting audit report

Completing Audit Closing Meeting

Delegate Introductions
Information to be obtained from delegates
Please interview the delegate to your left so you may introduce
them to the group.
Include the following information in the introduction:
• Full name
• Name of Organisation for which they working/ previously
worked.
• Carrier Background
• Their knowledge of ISO 22000 ranked from 1-10
• Auditing experience-first, second or third party
• Personal Objective for attending the course
• Any information which the auditor should know to be able to
establish successful communication with auditee.
• “Any personal information”- Birth date, Spouse name etc.
 Session-2
FOOD SAFETY ISSUES
And
Food laws applicable in food sector
Introduction
What is food safety?
• Food safety-
Concept that food will not cause
harm to the consumer when it is
prepared and / or eaten according
to its intended use
Introduction
WHY FOOD SAFETY?
• New products are coming on the market at
a fast pace
• New processing methods and equipment
• World market and changing patterns of
consumption
• Emerging pathogens
• World trade need for international
harmonisation
Introduction
WHY FOOD SAFETY?
Introduction
FOOD SAFETY GUIDELINES AND STANDARDS
• Guideline: It is an advisory document which
gives explanatory information to meet the
requirement or conformity. For example:
HACCP,GMP
• Standard: It is an agreed and authorized set of
requirements which must be followed in order
to be complaint. For example:
- British retail Consortium (BRC standards)
- International food Standards (IFS standards)
- ISO 22000
Legal Compliance and Conformance
to
ISO 22000 Standards
• Use with caution:
• It has connotations
• (associated with product liabilities issues)
Conformity
Fulfillment of a requirement

defect nonconformity
Non-fulfillment of a Non-fulfillment of a requirement
requirement related
to an intended or
Specified use Understand the difference
Conformance legal
with audit = Compliance
criteria
Food laws
Foods Acts applicable in India under different
Ministries
• Ministry of health and family welfare

Prevention of Food Adulteration Act, 1954 (PFA)

& Prevention of Food Adulteration Rules,1955
Under the purview of the Food and Drug
Administration.
The food operator needs to hold a valid license
Defines what is meant by adulterated food
Describes responsibilities and power of Food
Inspectors
Food Laws
Requirements include
• Food labelling requirements

• Identification of vegetarian and non-veg.

Foods through colored dots on the label
• Food quality and safety requirements

• Through the act is not specifically targeted

at food safety, requirements include food
saftey requirements
E.g. pesticide residue MRLs, heavy metals,
added colors etc.
Food Laws
• Ministry of Food Processing industries
Fruits and vegetable products (control) order-
1955(FPO).
• Applicable only to Fruit and Vegetable Processing
industries
• Such a manufacturer need to hold a valid license.
• Requirements focus on fruit/vegetable product
characteristics
• Labelling
• The label need to bare the FPO logo.
Other Food Laws
• Ministry of Food and Consumer Affairs
Essential Com.Act,1955
Standards of Weights and Measures Act and
(Enforcement Act) and (Packaged
Commodities) Rules,1977
• Ministry of Rural Development
Agricultural Produce (Grading and Marketing)
Act 1937 (AGMARK)
• Ministry of Agriculture
Milk and Milk Products Order- 1992(MMPO)
Meat Food Products Order (MFPO)-1973
 Session-3
Typical Hazards
Hazards and risk
Food safety Hazard:
Biological, chemical or Physical agent in
food, or condition of food, with the
potential to cause an adverse health
effect
Food Safety Risk:
The function the probability of the adverse
effect (harm) and the severity of that
effect
 Define System

Hazard Recognition

Continuous Hazards Hazards as a

result of failure
Assess Risk

Severity of consequence

NO Acceptable risk Y/N YES

Unacceptable Improve
Conduct Task
Control
 Risk Assessment Matrix
Slighly Harmful Extremely
harmfull Harmful

Highly Trivial Tolerable Moderate

unlikely Risk Risk Risk
Unlikely Tolerable Moderate Substanti
Risk Risk al Risk
Likely Moderate Substanti Intolerabl
Risk al Risk e
Risk
Risk Matrix Control Plan
RISK LEVEL ACTION AND TIMESCALE

TRIVIAL No action is required and no documentary records need to be kept.

TOLERABLE No additional controls are required. Consideration may be given to a

amore cost-effective solution or improvement thay imposes no
additional cost burden. Monitoring is required to ensure that controls
are maintained.
MODERATE Efforts should be made to reduce the risk, but the costs of prevention
should be carefully measured and limited.

SUBSTAINTIAL GMPs and GHPs are applied, special measures for keeping the risks
within tolerable limits are applied. The effect is controlled through
measurements and if necessary the process is considered as a CCP
INTOLERABLE The process is controlled as a CCP
Hazards Classification
 Biological
 Chemical
 Physical
Biological Hazard
 Visible:Birds,Flies,Mosquitoes,Rats/
rodents, pet animals etc.
 Invisible: Microbes like Bacteria,
Viruses, mold and yeast, fungus
etc.
Sources of Hazards-
Biological
• Raw materials
• Animals
• Environment
• Staff
Sources of Hazards-
chemicals
• Veterinary Medicines
• Fertilizers
• Packaging chemical compounds
• Hazardous gases
• Cleaning and disinfection
detergent
Sources of Hazards-
Physical
• Glass
• Metal particles
• Hair
• Nail
• Stones
• Dust/ Dirt
• Equipment
• Facilities
• Raw material
• Packages
• Environment
• Personnel
• Ionizing radiation
Session-4

DEFINITION AND TERMINOLOGY

DEFINITIONS AND TERMINOLOGY
• Control: To manage the conditions of an
operation to maintain compliance with
established criteria
• Critical Limit: Criterion which separates
acceptability from unacceptability
• Control measure: Action or activity that can
be use to prevent or eliminate a food safety
hazard or reduce it to an acceptable level
• CCP Decision tree: A sequence of questions
asked to determine whether a control point
is critical control point
DEFINITIONS AND TERMINOLOGY
 Deviation: failure to meet a critical limit
 HACCP Plan: The written document based
upon principles of HACCP that delineates the
procedures to be followed to ensure the
control of a specific process or procedure.
 Food Safety Policy: Overall intensions and
direction of an organisation related to food
safety as formally expressed by top
management
DEFINITIONS AND TERMINOLOGY
 Monitor: To conduct a planned sequence of
observations, measurements to assess whether a CCP is
under control and to produce an accurate record for
future use in verification.
 Operating Limits: Criteria more stringent than critical
limits that are used by an operator to reduce the risk of
contamination. For example, if a certain chemical
concentration is required to control a hazard, the
operating limit is generally set above the minimum
concentration needed to ensure effective treatment.
 Risk: An estimate of the likely occurrence of a hazard.
 Severity: the seriousness of a hazard (if not properly
controlled).
DEFINITIONS AND TERMINOLOGY
 Validation: Verification focused on collecting
and evaluating scientific and technical
information to determine if the HACCP Plan,
when properly implemented, will effectively
control the hazards.
 Verification: The use of methods, procedures or
Tests, in addition to those used in monitoring,
that determine if the HACCP system complies
with the HACCP plan and/or whether the plan
needs modification.
DEFINITIONS AND TERMINOLOGY
 Correction: Action to eliminate a
detected non conformity
 Corrective action: Action to terminite
the cause of a detected conformity
or other undesirable situation.
 Flow diagram: Schematic and
systematic presentation of the
sequence and interaction of steps
DEFINITIONS AND TERMINOLOGY
 End Product: Product that will undergo no further
processing or transformation by the organization.
 Updating: Immediate and/or planned activity to ensure
application of the most recent information.
 Pre-requisite programme PRP: Basic conditions and
activities that are necessary to maintain a hygienic
environment through out the food chain(3.2) suitable for
the production, handling and provision of safe end
products(3.5) and safe food for human consumption.
 Operational PRP/Operational prerequisite programme:
identified by the hazard analysis an essential in order to
control the likely hood of introducing food safety
hazards( and/or the contamination or proliferation of
food safety hazards in the product(s) or in the
processing environment
Session-5
ISO 22000:2005
Food safety management systems
Food SMS requirements for any organization in the food
chain
4. Food safety management
requirements

Establish, document, implement and

maintain an effective Food SMS
and update it.
Define the scope of Food SMS.
Products categories.
Processes and product sites.
Documents requirements
 Food safety policy and related
objectives
 Documented procedures required by
the standard
 Records required by the standard
 Documents needed to ensure
effective development,
implementation updating of the Food
SMS
Required documented
procedures
 Document control (4.2.2)
 Record control (4.2.3)
 Nonconformity control
 Corrections (7.10.1)
 Corrective action(7.10.2)
 Withdrawals(7.10.4)
 Internal Audit(8.4.1)
4.2.2 Control of
documents
Documented procedures defining
controls for food SMS required
documents:
 Approval for adequacy before use

 Revview/update as nec. & re-

approval
 Changes and current revision status

clearly identified
4.2.2 Control of
documents
 Relevant version available at points of ue
 Documents remain legible and reaily
identifiable
 Documents of external origin are
identified and their distribution controlled
 Prevent use of obsolete documents, and
identify if retained
4.2.3 Control of records
 Maintained to demonstrate
conformance to requirements and
the effective operation of the Food
SMS
 System-level procedure for
identifying, storage, retrieval,
protection, retention times and
disposal
 5. Management responsibility
5.1 General
Top Management to provide evidence
of its commitment to development
and implementation of the Food SMS
&continually improving its
effectiveness

How???
Top management training
school
Show food safety is supported by
business Objectives
Communicating the importance of
meeting
customer/statutory/regulatory
requirements
Establishing the food safety policy
Holding management reviews
Ensuring availability of resources
5.2 Food safety policy
Top management to ensure it:
 Is appropriate to the role of organization in food

chain.
 Confirms with both statutory and regulatory and with

agreed food safety requirements of customers

 Is communicated, implemented and maintained at

all levels of organization

 Is reviewed for continuing suitability

 Adequately addresses communication

 Is supported by measurable objectives.

5.3 Food safety
management system
planning
Top management to ensure planning
conducted to:
 Meet the over all requirements and

food safety objectives

 Ensure system integrity during

changes
Responsibility and
authority
 Top management to ensure that R&D
are defined and communicated
 All personnel have the responsibility
to report problems with the Food
SMS to identified person(s).
 That designated personnel shall
initiate and record action.
Food safety Team Leader
 Manage a Food system team
 Ensure relevant training and
education of team
 Ensure the Food SMS is established,
implemented, maintained and
updated
 Reporting effectiveness and
suitability to top management
5.6 Communication
 External communication
 Supplier and contractors
 Customers or consumers
 Statuary and regulatory authorities
 Other impacted organization on Food
SMS
 Known food safety hazards, needed to
be controlled by other organizations.
Communication (cont.)
 Internal communication
 Food safety team is informed of
changes in food SMS.
 Food safety team shall ensure the
updating of the Food SMS.
5.7 Emergency
preparedness and
response
 Procedure to manage potential
emergency situation and accidents
that can impact food safety
 Role of the organization in the food
chain
5.8 Management review
 Top management reviewing Food
SMS to ensure suitability,
adequacy & EFFECTIVENESS
 Defined intervals
 Is there a need to amend the Food
SMS, food safety policy.
5.8 Management
review(cont.)
Review information to:
 Follow up issues from previous reviews

 Analysis results of verification activities

 Changing circumstances that affect to food safety.

 Emergency situation, accident and withdrawals

 Reviewing results of system updating activities.

 Review of communication activities, including

customer fed back

 External audits or inspection

 Data shall be presented in link to objectives

5.8 Management
review(cont.)
 Output shall include decisions and
actions related to:
 Assurance of food safety
 Improvement of Food SMS
 Resource needs
 Revision of Food safety policy and
objectives
6.Resource management
6.1 Provision of Resource

Provide the adequate resources for

established, implemented,
maintenance and updating Food
SMS.
6.2 Human resources
 All personnel shall be competent
 Have appropriate education
training skills and experience
 Maintain agreement or contract of
external experts, defining the
responsibility and authority.
6.2 Human resources
 Identify competence needs
 Provide training or other action
 Train personnel who responsible for
monitoring, correction and corrective
actions
 Evaluate effectiveness of training or other
actions
 Ensure that personnel are aware of
activity/contribution
 Ensure effective communication
 Training or development records
6.3 Infrastructure &
6.4 Work environment

Provide Infrastructure and work

environment needed to implement
this standard.
7.Planning and realization
of Safe Products
7.1 General
 Plan and develop necessary
processes for realization of safe
products
 Implement, operate and ensure
the effectiveness of planned
activities, including PRP,
operational PRP and HACCP plan
7.2 Prerequisite
programmes (PRPs)
7.2.1 Establish, implement and
maintain PRP to assist controlling
 Likelihood Food safety hazards thru

work environment B/C/P

contamination between product
 Food safety hazard level in product

and process environment

7.2 Prerequisite
programmes (PRPs) Cont.
 Be appropriate to organization need
 Be appropriate to size, type and
nature of products
 Be implemented across the entire
production system
 Be approved by food safety team
 Shall identify related statutory and
regulatory requirements
7.2 Prerequisite
programmes (PRPs) Cont.
 Construction and layout of building and utility
 Lay-out of premises, workspace and employee
facilities
 Supplies of air, water, energy and other utilities
Waste, sewage disposal
 Equipment, accessibility for cleaning, maintenance
 Management of purchased material, supplies,
disposals and handling of products
7.2 Prerequisite
programmes (PRPs) Cont.
 Measures for prevention of cross
contamination
 Cleaning and sanitizing
 Pest control
 Personnel hygiene
 Other aspects, as appropriate
 PRP verification shall be planned
and modified as necessary
7.3 Preliminary steps to
enable hazard analysis
 Collect information needed
 Appoint food safety team, multi-
disciplinary knowledge & experienced
 Raw materials, ingredients, product-
contact materials
 Characteristics of end products
 Intended use/ target people
 Flow diagrams, process step and control
measure
7.4 Hazard Analysis
Determine which hazards need to be
controlled, degree of control
combination of control measures
Hazard identification and determine
acceptable levels, based on:
 Preliminary collected information and

data Experience
 External information

 Information from food chain

7.4.2 Hazard Identificaton
 Consider to Preceding and following step
of specified operation
 Process equipment, utilities and
surrounding Preceding and following links
in food chain
 Determine acceptable level
 Justification and result shall be recorded
Hazard assessment
 Conduct the hazard assessment to
determine whether Its elimination
to reduction to acceptable levels
 Its control is need to meet the
defined acceptable level
 Describe the methodology used
and record
7.4.4 Section and
assessment of control
measures
 Select appropriate combination of
control measures
 Categorized selected control
measures whether manage thru
operational PRP or HACCP plan
7.5 Establishing the
operational prerequisite
programme
 Document operational PRP
 Food safety hazard(s) to be controlled
 Control measure
 Monitoring procedures
 Correction and corrective action to be
taken
 Responsibilities and authorities
 Record of monitoring
Establishing the HACCP
plan
 Document HACCP plan
 Identification of critical control
point
 Determine critical limit for CCP
 System for monitoring of CCP
 Action when monitoring result
exceed critical limit
7.7 Updating of preliminary information
and document specifying the PRP and
HACCP plan

Updating the following information,

if necessary
 Product chart

 Intended use

 Flow diagram

 Process step

 Control measure
Verification planning
 Verification activities shall confirm that
PRP are implemented
 Input hazard analysis is updated
 Effective of operational PRP and HACCP
plan
 Hazard levels are within acceptable level
 Other procedure are implemented and
effective
7.9 Traceability system
 Traceability system for product lot
and their relation to batch of raw
material, processing and delivery
record
 Able to identify incoming material
from immediate suppliers and
initial distribution route of end
product
7.10 Control of
nonconformity
 Corrections
Identify and assessment affected end
product to determine proper handling
Review of the corrections carried out
 Corrective actions

Eliminate cause of detected N/C

Prevent recurrence
Bring the process or system back into control
7.10 Control of
nonconformity
 Handling of potentially unsafe
product
 To prevent the N/C product from
entering the food chain
 N/C product shall be held until they
have been evaluated
 Notify interested parties and initiate
a withdrawal
7.10 Control of
nonconformity
 Evaluation for release
 N/C product shall only be released as
safe when
 Evidence of effective control measure,
other then monitoring system.
 Evidence of complies with performance
intended
 Result of sampling, analysis or either
verification shows product complies
acceptable level
7.10 Control of
nonconformity
 Disposition of N/C products
 Reprocessing or further processing to
acceptable levels
 Destruction or disposals as waste
Withdrawals
 Appoint authority personnel to initiate and
execute the withdrawal
 Notify to interested parties
 Handling of withdraw product
 Procedure sequence of action to be taken
8. Validation, verification
and improvement of the
Food SMS
8.1 General
 Plan & implement

 Processes needed to validate

control measures
 To verify and improve the food

SMS
8.2 Validation of control
measure combinations
 Validate the control measures are
capable to control the Hazards
 Modify the control measures, as
necessary.
8.3 control of measuring &
monitoring
To ensure valid results, devices are:
 Calibrated/adjusted prior to use or at

specified intervals against devices

traceable to national/international
standards if not, define basis for
calibration
 Identified & calibration status defined

 Safeguard from adjustment

8.3 Control of measuring &
monitoring
 Protected from damage & deterioration
during handling, maintenance & storage
 Assess & record previous results validity &
take action when device found not
conforming to requirements
 Record calibration & verification results
 Software validated prior to use & when req.
8.4 Food safety
management system
verification
8.4.1 internal Audit
 Verify Food SMS is complying & effectively

implemented
 Planned based on status, importance and

previous results
 Independent auditors? Dept. Audit (cross)

 Documented procedure

 Timely corrective action by relevant mgt.

 Follow-up
8.4.2 Evaluation of
individual verification
results
 Systematic evaluate the individual
results of planed verification
 Take action to achieve the require
conformity
8.4.3 Analysis of results of
verification activities
 Analysis the results of verification
activities, incl. internal/ External audit
 To confirm overall performance of system.
 To identify need for updating/ improving
the Food SMS
 To identify trends of potential unsafe
products information for internal audit
 To provide evidence the effectiveness of
correction and corrective action
8.5 Improvement
8.5.1 Continual improvement
 Continually improve Food SMS

effectiveness through use of

various sources of information:
 Communication, management

review, internal audit, verification

activities, validate result, corrective
action, etc.
Updating the Food SMS
 Continually update the food SMS
 Consider whether it is necessary
to review hazard analysis, PRP and
HACCP plan
 As the input for management
review.
Session-6

Planning the audit

Audits MUST be well
managed to provide good
VALUE
 To audit team leader has overall
responsibility for the audit.
Audit team members assist the team
leader
 Good audit management requires good:

- Planning and Preparation

- Communications (Client, Auditees and
Auditors)
- Accurate and Objective Fact Finding
 Audit criteria
Auditory resources
Company information
Scope of Audit
Review documentation, including:
FSMS Policy
HACCP plan
GMP,GHP,PRP,OPRP
Legal and other requirements

Planning Preparation Performance Reporting & Follow-up

Team with relevant skills Audit Plan

Duration of audit Checklists
Who/When/Where Information to brief team
Communicate with client
Types of Audit
3 Types of Audits
First Party Audit
• Self-audit (Client, auditor and auditee are
Internal)
Second Party Audit
• Audit by an interested body (like a customer)
Third party Audit
• Audit by independent body
(certification/registration body )
 Illustration
Figure 1 – Illustration of the process flow for the management of an audit programme

Authority for the audit programme

(5.1)

Establishing the audit programme

(5.2,5.3)
-Objectives and extent Plan
-responsibilities
-resources
-procedures
Competence and
Implementing the audit programme evaluation of auditors
(5.4,5.5) (7)
Improving the audit programme -scheduling audits DO
(5.6) -Evaluating auditors
-selecting audit teams Audit activities
-directing audit activities
-maintaining records (6)
ACT

Monitoring and reviewing the audit programme

(5.6)
-monitoring and reviewing Check
-identifying needs for corrective and
preventive actions
-Identifying opportunities for improvement
Audit program objectives
and extent
 Objectives should be established for an audit
programmed, to direct the planning and audits
These objectives can be based on consideration of
a) Management priorities,
b) Commercial intentions,
c) Management system requirements,
d) Statutory, regulatory and contractual requirements,
e) Need for supplier evaluation,
f) Customer requirements,
g) Needs of other interested parties, and
h) Risks to the organization
Example of Audit
programming objectives
Example of Audit programming objectives:
a) To meet requirements for certification to
a management system standard;
b) To verify conformance with contractual
requirements;
c) To obtain and maintain confidence in the
capability of a supplier;
d) To contribute to the improvement of the
management system.
Planning the audit
 This is the initial phase and
involves: Audit criteria
Auditor resources
Company information
Scope of audit

Planning

Team with relevant skills

Duration of audit
Who/when/where
Planning the audit
Audit criteria Brief from Organization employing the
Auditor resources
auditor
Company information Usually defined in Contract Review or
Scope of audit
audit
program
- Organization to be audited
Planning
- Scope of the audit
- Audit objective
- Audit criteria
Team with relevant skills - Estimated dates, duration,
Duration of audit size of team (3rd party)
Who/when/where
Planning the Audit
Initiating the Audit
Audit criteria Audit scope
Reference against Extent and boundaries
of
which conformity is Determined the audit including:
• Standard > Locations
• Contractual specification > Organizational units
• FSMS documentation > Activities and
processes
• FSMS programmes and plans covered
• Statutory, regularity or other
requirements
 Planning
 TEAM SELECTION BASED ON 19011
Lead Auditor Auditor(s) (Technical Specialist)

Systems Experience Industrial knowledge Legal/ Regulatory Knowledge

FSMS Audit Experience ISO 22000 Understanding Language/Cultutal ability

Team with relevant skills

Duration of audit
Who/When/Where
Preparing for the on-site
Audit activities
 Determine amount of work
 Number of person-days
 Prepare plan
 Prepare working documents
 Keep auditee advised, agree date
and time
 Logistics
Examples implementation
of FSMS and Audit process
Top management commitment

Define scope, food safety policy and Appointment of food

Objectives frame work Safety team leader

Documentation of food safety management system

Implement/ identify (new) system requirements, procedures and working
Documents, GHP, PRP, HACCP
Internal Audit and Management review

Corrective actions
Stage 1
Second internal audit and management review
Stage 2
Review documentation, including:
FSMS policy
HACCP plan
GMP,GHP,PRP,OPRP
Legal and other requirements

Preparation

Audit plan
Check list
Information to brief team
Communicate with client
Session 7
Audit Process and Planning
Audit stages

Pre audit management Subsequent action

 Preparation and - Prepare/ submit report
audit planning - Close out corrective
 Preliminary visit actions
 Detailed plan - Plan Surveillance/ review/
The Audit re-audit
 Opening Meeting - Generate & store records
 The Actual audit

 Report Preparation

 Closing Meeting
 The Audit process
Internal Audit are performed to verify
 Formal assessment of hazard analysis
 Process flow diagrams
 Prerequisite programmes
 Document review
5 main audit trails:-
 Organization
 GMP and PRP
 Legal Compliance
 Hazard Analysis, CCPs, Control Measures, Monitoring,
Corrective and preventive actions
 Verification
 Reasons for Conducting
Internal Audits
 To examine the Food Safety
Management System for
improvements
 To ensure ISO 22000, and all other

standards, are being complied with

 To determine compliance or non-

compliance
 To meet regulatory requirements
Auditing Procedure
Audit activities are required to be documented in a
procedure that will address
 A statement of responsibility

 ‘Executive’ authority and responsibility

 The standard of training required for Auditors and Lead

Auditors
 Access authority

 The use of specialists when required

Lead Auditor
 A Person qualified and authorized
to manage a system audit
Auditor
 A person with the competence to
conduct an audit
Auditee
 Co-operate with the auditor in the
planning and conducting of the audit
 Provide access for the audit team
 Provide guides
 Attend the Opening and Closing
Meetings
 Address and implement corrective
action
Auditing Procedure
 The method for planning, initiating and
conducting audits and follow up
activities including corrective actions
 The rules for deciding the criticality of
non-compliances
 The format and distribution of audit
reports, non-compliance reports,
checklists or other forms required for
reporting
 Records, storage and retention
Audit Schedule
Audit can be schedule or initiate
when any of the following
conditions exists:
 When an auditee engages the

services of a third party

organization with the aim of
auditing their own system to prove
the systems effectiveness
Audit Schedule
When planning an audit schedule the
following shall be considered:
 Status and importance

 Applicable management system

 Contract requirements

 Significant changes to the system, due

to major re-organization
 When it is suspected or reported that
the quality of a product or service is
compromised due to a non-compliance
Initial planning
Decide who shall carryout the audit
 Identify the relevant specification or
requirements
 Notify the supplier/auditee of the purpose
of the audit
 Agree a mutually convenient date

 Preliminary visit

 Gather information – particularly in areas

covered by process description are these
may need special attention
Preliminary visit
 Meet the management and staff
 Determine the standard
requirement
 Inform the auditee of the purpose
of the audit
 Ensure the auditee is prepared for
the audit
Preliminary visit
Carry out a tour of the site to:
 Judge the health of the auditee’s system

 Gain knowledge of the products and facilities

 Decide on the audit structure and the team

 Investigate structure of processes to enable

audit planning
 Decide the duration of the audit

 Identify the need for protective clothing

 Check for any special security arrangements

Preliminary visit
 Answer all the auditee’s questions-
so as to calm their fears
 Organize administration
arrangements obtain copies of
auditee’s mutual, procedures and
flow chart
 Site layout
Detailed planning
 Collation of auditee data
 Prepare program-send copy to auditee
 Decide team composition
 Arrange team briefing
 Team prepare checklists
Detailed planning
Notify auditee of arrangements/
requirements
 Duration of audit

 Composition of audit team

 Facilities and accommodation

required
 Administration requirements
Planning
The audit team must be supplied with
copies of
 The specification

 Any applicable contracts against which

the audit is going to be conducted

 Copies of any documents they may have

to complete (e.g. non-compliance,

reports, checklists, etc)
Planning
 Team size and complexity of the
company’s operation
 The specification to be applied
 Auditor Competence
Planning
Audit Team Briefing
 It is good management to arrange for

a meeting of the team, prior to the

audit, to brief them on the
requirements
 The briefing should cover:

 The programme
 Allocation of individual audit areas
 Audit policies and practices
Planning
Facilities and Administration
 The audit team may require hotel

accommodation, secretarial
support and throughout the audit a
separate room, so they can discuss
findings and prepare reports
 Lunch should preferably be light,

quick and easily accessible

Planning
Planning may need to take account of:
 Contentious issues (Quarrelsome)
 Local customs
 Local cultures
 Customer expectation
 The Lead Auditor shall ensure the audit
team is briefed accordingly so that the
team may act sensitively to maintain
suitable auditee relations
Session-8
Auditing skills
And
Audit
Auditor Competence
“ Ability and Eligibility to perform an Audit”
Competence is based on:
 Educational Qualification

 Work Experience

 Training

 Auditing Experience

 Personal Attributes and triats

 Auditing skills
Auditor Attributes
Desirable Undesirable
• Fact finding > Fault Finding
• Polite > Rude
• Persistent > Lazy
• Decisive > Indecisive
• Prepared > Unprepared
• Honest > Dishonest
• Unbiased > Biased
• Communication > Un communicative
• Ethical > Un ethical
A Good Auditor’s
Attributes
 Focused
 Diplomatic
 Versatile
 Time Manager
 Open Minded
 Fast Thinker
 Self Reliant
 Observant
3 Most Important Qualities
Persistence:
Ability to overcome difficulties and maintain planned
course of action inspite of setbacks
Flexible outlook:
Ability to see things from different points of view and
adapt to changing circumstances
Perceptiveness:
Ability to grasp the problem quickly but without
Jumping to conclusions
Responsibilities of an Audit
 Communicate and clarify Audit Requirements
 Execute the audit in compliance with the audit
plan
 Adhere to Audit plan Arrangements
 Record the Audit Findings
 Record the Non Conformities along with
agreement with the auditee
 Maintain Audit documents and records
 Cooperate with Audit Team members
 Prepare summary of own audit findings
 Inform Lead Auditor incase of any concerns
during the audit.
Responsibilities of a Lead
Auditor
 Assistance in selection of audit team
 Manage audit team and overall process of
the audit
 Prepare audit plan and applicable checklists
 Liaison with auditee
 Coordinate with the other auditors for
seamless audit process
 Compile and present the audit report
 Ensure timely follow-up of the corrective
actions
Responsibilities of an
Auditee
 Understand, define and publicize scope and objective of
the audit
 Provide guide/escorts to the audit team
 Arrangement of resources required for the conduct of
the audit
 Provide access to facilities/system/documents/records to
auditors during the audit
 Extend cooperation to auditor
 Carryout Root Cause analysis for non conformity
detected.
 Determine and take corrective action without undue
delay.
Audit Techniques
a) Ask questions
b) Examine objective evedence
c) Observe activities
d) Listen to reactions
e) Record findings
 Forward Trace – An audit which follows the natural flow of a product or
service process

 Backward Trace – An audit which traces records back through the system
Audit Techniques
DESIGN HORIZONTAL

VERTICAL
HORIZONTAL
PURCHASING
HORIZONTAL
PRODUCTION
HORIZONTAL
TRAINING

Audit follows a trial across department interfaces processes may

be across departmental borders and functions a vertical audit
in the process environment will test the interdependency and
inter process relationship
The Auditors Six Friends
When asking questions….
Who?
What?
Where?
When?
Why?
How?
And the seventh…. OK, Show Me?
Questioning Techniques
Keep conservation going
 Repeat the last word or phrase-

say something nice

Avoid double questions(2 questions
in 1)
 Only one word answer is likely to

result
Question Technique
Yes/no Questions
 Often elicit dead end answers- you gain

nothing- only useful as a leader question

How-What-Why-Why-Where-Who?
 Direct question-will achieve more detailed

answers
Explanations questions
 Useful for comparing interfaces
Objective Evidence
Try to establish:
 That authorised documents are in use

 That superseded drawings have been

removed
 That good housekeeping is practiced

 That facilities are adequate

 That supervision is adequate

Objective Evidence
 That orderly records are kept
 That staff are adequately trained
 Well prepared checklists will assist
when answering these questions
Conducting the Audit
 Assign the auditors to their area
 Sample the system
 Collect objective evidence of system
effectiveness
 Compare finding from checklist with
requirements
 Decide compliance or non- compliance
 Audit team daily meeting
Conducting the Audit
 Decide on system effectiveness
 Agree and categorize non-compliance
 Hold a meeting daily with auditee’s
representatives, and at the end of the
audit, prior to the closing meeting
 Prepare summary report with conclusions
and indicate recommendations
The Audit
 Remember the auditor is
attempting to prove the system
 Establishing the facts and finding
proof
 The aim is not to set out fail the
system!
Observations
Observations may be obtained through
any of the following methods:
 Seeking objective evidence that the

system is functioning as prescribed

 Samples taken of the system will allow

the auditor to obtain the required

evidence
Observations
 Always establish objective evidence when an
apparent non- compliance is found, remember
the occurrence discovered may be the effect and
not the cause
 When processes are involved the audit may
examine the process controls and records to
establish conformance with the specification
 Both positive and negative observations are
recorded
Finding the root cause
 Investigate non-compliance
 Establishing the root cause
 Recording the results
Session 9
NON CONFORMITY REPORTS AND
CORRECTIVE ACTION
Definitions
Non conformity
Non fulfillment of a requirement
Corrective action
Action to eliminate the cause of a
detected non conformity
Non conformity is established by
OBJECTIVE EVIDENCE
 Intend a requirement has not been addressed
 Implementation practice differs from the define
system
 Effectiveness the practice is not effective
Concepts relating to the
requirements
Need or expectation that is stated,
generally implied or obligatory
Conformity-
Fulfillment of a requirement
Non- conformity-
Non fulfillment of a requirement
Defect-
Non fulfillment of a requirement related to
intended use
Non conformity report
writing
 State the fact with the objective evidence
 Statement should be clear, and unambiguous
(clear in meeting) and concise
 Refer the clause number and /or audit criteria
against which non conformity is established
 It should trace up to verifiable status of fact
 Grade non conformity as ‘Major’ or ‘Minor’ if it
is practiced in the organization
 It should be agreed, accepted and designed by
the auditee
 Other relevant details like location, auditee,
date etc. should be mentioned
Concept of non conformity
report
Name of organization
NC No.
 Date of audit

 Audit name

 Location/ department/ function

 Statement of non conformity

 Corrective action planned

 Details of corrective action

 Completed

 Verification of corrective action

 Closure details of a non conformity

Categorizing non
conformity
Major non conformity
The absence or complete non fulfillment or break down of the
standard’s stated requirements
 A frequent or purposeful failure to follow specified
requirements written within the company system
 A failure to achieve the fundamental aim of a system
requirement.
 A failure to achieve legal or statutory requirements.
Minor nonconformity
An isolated or sporadic lapse in the content are implementation
of procedures or records which could reasonably lead to
failure of the system, if not corrected
 Isolated examples of noise levels exceeding limits
 Isolated examples of measuring instrument out of calibration
date
A number of MINOR Non conformity
against one specific requirement of
the standard/specification
represents breakdown of the
system and should be categorized
as MAJOR Non conformity
 Area
 Objective evidence
 Attribution
 Reference to internal
requirements
 NC type
 Signature
Corrective Action

Don’t cure the

SYMPTOMS only…

Hit the CAUSE !

Corrective Action
Responsibilities
 The auditee or the client is responsible
for determining and initiating corrective
action needed to respond to auditee
finding of non conformance
 Response to audit findings includes
 Correct a non conformance
 Correct the cause of the non conformance
Corrective Action planning
and follow up
 The auditee or the client should plan for
corrective action based on the audit
findings identified in the non conformity
report
 First- investigate non conformances to
determine corrective action needed
 Then – implement corrective plan
 Follow up ensures that the corrective action
was
 Implemented
 Effective in preventing reoccurrence of the non
conformance
What to fill in a corrective
action form
The FINDING

Why it had happened

What is to be done, so that it does not
happen again
By when it shall be implemented
Is the implemented plan working fine