internal auditor
Post on 07-Apr-2015
326 Views
Preview:
TRANSCRIPT
Internal auditortraining programme
On
ISO 22000:2005(FOOD SAFETY MANAGEMENT SYSTEM)
SESSION-1
About the course
To know Audit Methodology And
To develop Auditing skills
The Course training directors/ tutors can accept No responsibility for any delegates possessions and/or property.
You are advised to ensure that your personal possessions and property are kept in safe place at all times.
Fire Exits !?!-If the course really hots up.
Facilities – Wash Room This is a non smoking venue. Courtesy (mobile phones, etc.) –
Mobile to be switched off during the course. Requested to use the mobile during lunch and tea breaks only.
Stipulated time for tea and lunch breaks.
COURSE MATERIAL Course Notes Work Book (for Exercises) ISO 22000:2005 Standard Model question paper Training feedback form
Course structure
Lectures and discussionExercises- to consolidate lectures: Examine ISO 22000:2005 Audit planning Audit process Verbal audit presentation Examining the systemPlease supplement the course manual by
taking notes-you are provided with space alongside the presentations
Course structure
Case studies Document review Preparation of audit check list Audit reporting-written and verbal Role play
Course Objectives
UPON SUCCESSFUL COMPLETION OF THIS COURSE YOU WILL:
Be able to prepare for, report on, carry out and follow up an assessment or audit.
Have achieved the means to access and improve your own organizations systems.
Course Plan
Planning Audits
Conducting AuditsCollecting and
Verifying evidence
Non-Conformities(NCR/ Checklist)
Objective Evidence(Checklist)
Course Plan
Report preparation
Preparing audit summary
Preparing audit conclusions
Documenting audit report
Closing MeetingCompleting Audit
Delegate IntroductionsInformation to be obtained from delegatesPlease interview the delegate to your left so you may introduce
them to the group.Include the following information in the introduction:• Full name • Name of Organisation for which they working/ previously
worked.• Carrier Background • Their knowledge of ISO 22000 ranked from 1-10• Auditing experience-first, second or third party• Personal Objective for attending the course• Any information which the auditor should know to be able to
establish successful communication with auditee.• “Any personal information”- Birth date, Spouse name etc.
Session-2
FOOD SAFETY ISSUESAnd
Food laws applicable in food sector
Introduction
What is food safety?• Food safety- Concept that food will not cause
harm to the consumer when it is prepared and / or eaten according to its intended use
Introduction
WHY FOOD SAFETY?• New products are coming on the market
at a fast pace• New processing methods and equipment• World market and changing patterns of
consumption• Emerging pathogens• World trade need for international
harmonisation
Introduction
WHY FOOD SAFETY?
IntroductionFOOD SAFETY GUIDELINES AND STANDARDS
• Guideline: It is an advisory document which gives explanatory information to meet the requirement or conformity. For example: HACCP,GMP
• Standard: It is an agreed and authorized set of requirements which must be followed in order to be complaint. For example:
- British retail Consortium (BRC standards) - International food Standards (IFS standards) - ISO 22000
Legal Compliance and Conformance to ISO 22000 Standards
• Use with caution:• It has connotations• (associated with product liabilities issues)
Conformity
Non-fulfillment of a requirement
nonconformity
Conformance legalwith audit = Compliance criteria
Understand the difference
Non-fulfillment of a requirement related to an intended or Specified use
defect
Fulfillment of a requirement
Food lawsFoods Acts applicable in India under different
Ministries• Ministry of health and family welfare Prevention of Food Adulteration Act, 1954 (PFA)
& Prevention of Food Adulteration Rules,1955Under the purview of the Food and Drug
Administration.The food operator needs to hold a valid licenseDefines what is meant by adulterated foodDescribes responsibilities and power of Food
Inspectors
Food Laws
Requirements include• Food labelling requirements • Identification of vegetarian and non-veg.
Foods through colored dots on the label• Food quality and safety requirements• Through the act is not specifically
targeted at food safety, requirements include food saftey requirements
E.g. pesticide residue MRLs, heavy metals, added colors etc.
Food Laws• Ministry of Food Processing industries Fruits and vegetable products (control) order-
1955(FPO).• Applicable only to Fruit and Vegetable
Processing industries• Such a manufacturer need to hold a valid
license.• Requirements focus on fruit/vegetable product
characteristics• Labelling • The label need to bare the FPO logo.
Other Food Laws• Ministry of Food and Consumer Affairs Essential Com.Act,1955 Standards of Weights and Measures Act and
(Enforcement Act) and (Packaged Commodities) Rules,1977
• Ministry of Rural Development Agricultural Produce (Grading and Marketing)
Act 1937 (AGMARK)• Ministry of Agriculture Milk and Milk Products Order- 1992(MMPO) Meat Food Products Order (MFPO)-1973
Session-3
Typical Hazards
Hazards and risk
Food safety Hazard:Biological, chemical or Physical agent in
food, or condition of food, with the potential to cause an adverse health effect
Food Safety Risk:The function the probability of the
adverse effect (harm) and the severity of that effect
NO YES
Define System
Hazard Recognition
Continuous Hazards Hazards as a result of failure
Assess Risk
Severity of consequence
Acceptable risk Y/N
Unacceptable Improve Control
Conduct Task
Risk Assessment Matrix
Slighly harmfull
Harmful Extremely Harmful
Highly unlikely
Trivial Risk
Tolerable Risk
Moderate Risk
Unlikely Tolerable Risk
Moderate Risk
Substantial Risk
Likely Moderate Risk
Substantial Risk
IntolerableRisk
Risk Matrix Control PlanRISK LEVEL ACTION AND TIMESCALE
TRIVIAL No action is required and no documentary records need to be kept.
TOLERABLE No additional controls are required. Consideration may be given to a amore cost-effective solution or improvement thay imposes no additional cost burden. Monitoring is required to ensure that controls are maintained.
MODERATE Efforts should be made to reduce the risk, but the costs of prevention should be carefully measured and limited.
SUBSTAINTIAL GMPs and GHPs are applied, special measures for keeping the risks within tolerable limits are applied. The effect is controlled through measurements and if necessary the process is considered as a CCP
INTOLERABLE The process is controlled as a CCP
Hazards Classification
Biological Chemical Physical
Biological Hazard
Visible:Birds,Flies,Mosquitoes,Rats/rodents, pet animals etc.
Invisible: Microbes like Bacteria, Viruses, mold and yeast, fungus etc.
Sources of Hazards- Biological
• Raw materials• Animals• Environment• Staff
Sources of Hazards- chemicals
• Veterinary Medicines• Fertilizers• Packaging chemical compounds• Hazardous gases• Cleaning and disinfection
detergent
Sources of Hazards- Physical• Glass• Metal particles• Hair• Nail• Stones• Dust/ Dirt• Equipment• Facilities • Raw material• Packages• Environment• Personnel• Ionizing radiation
Session-4
DEFINITION AND TERMINOLOGY
DEFINITIONS AND TERMINOLOGY
• Control: To manage the conditions of an operation to maintain compliance with established criteria
• Critical Limit: Criterion which separates acceptability from unacceptability
• Control measure: Action or activity that can be use to prevent or eliminate a food safety hazard or reduce it to an acceptable level
• CCP Decision tree: A sequence of questions asked to determine whether a control point is critical control point
DEFINITIONS AND TERMINOLOGY
Deviation: failure to meet a critical limit HACCP Plan: The written document based
upon principles of HACCP that delineates the procedures to be followed to ensure the control of a specific process or procedure.
Food Safety Policy: Overall intensions and direction of an organisation related to food safety as formally expressed by top management
DEFINITIONS AND TERMINOLOGY
Monitor: To conduct a planned sequence of observations, measurements to assess whether a CCP is under control and to produce an accurate record for future use in verification.
Operating Limits: Criteria more stringent than critical limits that are used by an operator to reduce the risk of contamination. For example, if a certain chemical concentration is required to control a hazard, the operating limit is generally set above the minimum concentration needed to ensure effective treatment.
Risk: An estimate of the likely occurrence of a hazard. Severity: the seriousness of a hazard (if not properly
controlled).
DEFINITIONS AND TERMINOLOGY
Validation: Verification focused on collecting and evaluating scientific and technical information to determine if the HACCP Plan, when properly implemented, will effectively control the hazards.
Verification: The use of methods, procedures or Tests, in addition to those used in monitoring, that determine if the HACCP system complies with the HACCP plan and/or whether the plan needs modification.
DEFINITIONS AND TERMINOLOGY
Correction: Action to eliminate a detected non conformity
Corrective action: Action to terminite the cause of a detected conformity or other undesirable situation.
Flow diagram: Schematic and systematic presentation of the sequence and interaction of steps
DEFINITIONS AND TERMINOLOGY
End Product: Product that will undergo no further processing or transformation by the organization.
Updating: Immediate and/or planned activity to ensure application of the most recent information.
Pre-requisite programme PRP: Basic conditions and activities that are necessary to maintain a hygienic environment through out the food chain(3.2) suitable for the production, handling and provision of safe end products(3.5) and safe food for human consumption.
Operational PRP/Operational prerequisite programme: identified by the hazard analysis an essential in order to control the likely hood of introducing food safety hazards( and/or the contamination or proliferation of food safety hazards in the product(s) or in the processing environment
Session-5
ISO 22000:2005Food safety management systemsFood SMS requirements for any organization in the food
chain
4. Food safety management requirements
Establish, document, implement and maintain an effective Food SMS and update it.
Define the scope of Food SMS.Products categories.Processes and product sites.
Documents requirements
Food safety policy and related objectives
Documented procedures required by the standard
Records required by the standard Documents needed to ensure
effective development, implementation updating of the Food SMS
Required documented procedures
Document control (4.2.2) Record control (4.2.3) Nonconformity control Corrections (7.10.1) Corrective action(7.10.2) Withdrawals(7.10.4) Internal Audit(8.4.1)
4.2.2 Control of documents
Documented procedures defining controls for food SMS required documents:
Approval for adequacy before use Revview/update as nec. & re-
approval Changes and current revision status
clearly identified
4.2.2 Control of documents Relevant version available at points of
ue Documents remain legible and reaily
identifiable Documents of external origin are
identified and their distribution controlled
Prevent use of obsolete documents, and identify if retained
4.2.3 Control of records
Maintained to demonstrate conformance to requirements and the effective operation of the Food SMS
System-level procedure for identifying, storage, retrieval, protection, retention times and disposal
5. Management responsibility
5.1 General
Top Management to provide evidence of its commitment to development and implementation of the Food SMS &continually improving its effectiveness
How???
Top management training school
Show food safety is supported by business Objectives
Communicating the importance of meeting customer/statutory/regulatory requirements
Establishing the food safety policyHolding management reviewsEnsuring availability of resources
5.2 Food safety policyTop management to ensure it: Is appropriate to the role of organization in
food chain. Confirms with both statutory and regulatory
and with agreed food safety requirements of customers
Is communicated, implemented and maintained at all levels of organization
Is reviewed for continuing suitability Adequately addresses communication Is supported by measurable objectives.
5.3 Food safety management system planning
Top management to ensure planning conducted to:
Meet the over all requirements and food safety objectives
Ensure system integrity during changes
Responsibility and authority
Top management to ensure that R&D are defined and communicated
All personnel have the responsibility to report problems with the Food SMS to identified person(s).
That designated personnel shall initiate and record action.
Food safety Team Leader
Manage a Food system team Ensure relevant training and
education of team Ensure the Food SMS is established,
implemented, maintained and updated
Reporting effectiveness and suitability to top management
5.6 Communication External communication Supplier and contractors Customers or consumers Statuary and regulatory authorities Other impacted organization on Food
SMS Known food safety hazards, needed
to be controlled by other organizations.
Communication (cont.)
Internal communication Food safety team is informed of
changes in food SMS. Food safety team shall ensure the
updating of the Food SMS.
5.7 Emergency preparedness and response
Procedure to manage potential emergency situation and accidents that can impact food safety
Role of the organization in the food chain
5.8 Management review
Top management reviewing Food SMS to ensure suitability, adequacy & EFFECTIVENESS
Defined intervals Is there a need to amend the Food
SMS, food safety policy.
5.8 Management review(cont.)Review information to: Follow up issues from previous reviews Analysis results of verification activities Changing circumstances that affect to food
safety. Emergency situation, accident and withdrawals Reviewing results of system updating activities. Review of communication activities, including
customer fed back External audits or inspection Data shall be presented in link to objectives
5.8 Management review(cont.)
Output shall include decisions and actions related to:
Assurance of food safety Improvement of Food SMS Resource needs Revision of Food safety policy and
objectives
6.Resource management
6.1 Provision of Resource
Provide the adequate resources for established, implemented, maintenance and updating Food SMS.
6.2 Human resources
All personnel shall be competent Have appropriate education
training skills and experience Maintain agreement or contract of
external experts, defining the responsibility and authority.
6.2 Human resources Identify competence needs Provide training or other action Train personnel who responsible for
monitoring, correction and corrective actions
Evaluate effectiveness of training or other actions
Ensure that personnel are aware of activity/contribution
Ensure effective communication Training or development records
6.3 Infrastructure &6.4 Work environment
Provide Infrastructure and work environment needed to implement this standard.
7.Planning and realization of Safe Products
7.1 General
Plan and develop necessary processes for realization of safe products
Implement, operate and ensure the effectiveness of planned activities, including PRP, operational PRP and HACCP plan
7.2 Prerequisite programmes (PRPs)
7.2.1 Establish, implement and maintain PRP to assist controlling
Likelihood Food safety hazards thru work environment B/C/P contamination between product
Food safety hazard level in product and process environment
7.2 Prerequisite programmes (PRPs) Cont. Be appropriate to organization need Be appropriate to size, type and
nature of products Be implemented across the entire
production system Be approved by food safety team Shall identify related statutory and
regulatory requirements
7.2 Prerequisite programmes (PRPs) Cont. Construction and layout of building and
utility Lay-out of premises, workspace and
employee facilities Supplies of air, water, energy and other
utilities Waste, sewage disposal Equipment, accessibility for cleaning,
maintenance Management of purchased material,
supplies, disposals and handling of products
7.2 Prerequisite programmes (PRPs) Cont. Measures for prevention of cross
contamination Cleaning and sanitizing Pest control Personnel hygiene Other aspects, as appropriate PRP verification shall be planned
and modified as necessary
7.3 Preliminary steps to enable hazard analysis Collect information needed Appoint food safety team, multi-
disciplinary knowledge & experienced Raw materials, ingredients, product-
contact materials Characteristics of end products Intended use/ target people Flow diagrams, process step and control
measure
7.4 Hazard Analysis
Determine which hazards need to be controlled, degree of control combination of control measures
Hazard identification and determine acceptable levels, based on:
Preliminary collected information and data Experience
External information Information from food chain
7.4.2 Hazard Identificaton
Consider to Preceding and following step of specified operation
Process equipment, utilities and surrounding Preceding and following links in food chain
Determine acceptable level Justification and result shall be
recorded
Hazard assessment
Conduct the hazard assessment to determine whether Its elimination to reduction to acceptable levels
Its control is need to meet the defined acceptable level
Describe the methodology used and record
7.4.4 Section and assessment of control measures
Select appropriate combination of control measures
Categorized selected control measures whether manage thru operational PRP or HACCP plan
7.5 Establishing the operational prerequisite programme
Document operational PRP Food safety hazard(s) to be controlled Control measure Monitoring procedures Correction and corrective action to be
taken Responsibilities and authorities Record of monitoring
Establishing the HACCP plan
Document HACCP plan Identification of critical control
point Determine critical limit for CCP System for monitoring of CCP Action when monitoring result
exceed critical limit
7.7 Updating of preliminary information and document specifying the PRP and HACCP plan
Updating the following information, if necessary
Product chart Intended use Flow diagram Process step Control measure
Verification planning Verification activities shall confirm that
PRP are implemented Input hazard analysis is updated Effective of operational PRP and HACCP
plan Hazard levels are within acceptable level Other procedure are implemented and
effective
7.9 Traceability system
Traceability system for product lot and their relation to batch of raw material, processing and delivery record
Able to identify incoming material from immediate suppliers and initial distribution route of end product
7.10 Control of nonconformity Corrections Identify and assessment affected end
product to determine proper handlingReview of the corrections carried out Corrective actions Eliminate cause of detected N/CPrevent recurrenceBring the process or system back into
control
7.10 Control of nonconformity
Handling of potentially unsafe product
To prevent the N/C product from entering the food chain
N/C product shall be held until they have been evaluated
Notify interested parties and initiate a withdrawal
7.10 Control of nonconformity Evaluation for release N/C product shall only be released as
safe when Evidence of effective control measure,
other then monitoring system. Evidence of complies with performance
intended Result of sampling, analysis or either
verification shows product complies acceptable level
7.10 Control of nonconformity Disposition of N/C products Reprocessing or further processing to
acceptable levels Destruction or disposals as waste
Withdrawals Appoint authority personnel to initiate
and execute the withdrawal Notify to interested parties Handling of withdraw product Procedure sequence of action to be taken
8. Validation, verification and improvement of the Food SMS
8.1 General Plan & implement Processes needed to validate
control measures To verify and improve the food
SMS
8.2 Validation of control measure combinations
Validate the control measures are capable to control the Hazards
Modify the control measures, as necessary.
8.3 control of measuring & monitoring
To ensure valid results, devices are: Calibrated/adjusted prior to use or
at specified intervals against devices traceable to national/international standards if not, define basis for calibration
Identified & calibration status defined
Safeguard from adjustment
8.3 Control of measuring & monitoring Protected from damage & deterioration
during handling, maintenance & storage
Assess & record previous results validity & take action when device found not conforming to requirements
Record calibration & verification results Software validated prior to use & when
req.
8.4 Food safety management system verification
8.4.1 internal Audit Verify Food SMS is complying &
effectively implemented Planned based on status, importance and
previous results Independent auditors? Dept. Audit (cross) Documented procedure Timely corrective action by relevant mgt. Follow-up
8.4.2 Evaluation of individual verification results
Systematic evaluate the individual results of planed verification
Take action to achieve the require conformity
8.4.3 Analysis of results of verification activities Analysis the results of verification
activities, incl. internal/ External audit To confirm overall performance of
system. To identify need for updating/ improving
the Food SMS To identify trends of potential unsafe
products information for internal audit To provide evidence the effectiveness of
correction and corrective action
8.5 Improvement
8.5.1 Continual improvement Continually improve Food SMS
effectiveness through use of various sources of information:
Communication, management review, internal audit, verification activities, validate result, corrective action, etc.
Updating the Food SMS
Continually update the food SMS Consider whether it is necessary
to review hazard analysis, PRP and HACCP plan
As the input for management review.
Session-6
Planning the audit
Audits MUST be well managed to provide good VALUE To audit team leader has overall
responsibility for the audit. Audit team members assist the team
leader Good audit management requires good: - Planning and Preparation - Communications (Client, Auditees and
Auditors) - Accurate and Objective Fact Finding
Review documentation, including:FSMS PolicyHACCP plan
GMP,GHP,PRP,OPRPLegal and other requirements
Audit criteriaAuditory resources
Company informationScope of Audit
Team with relevant skillsDuration of auditWho/When/Where
Audit PlanChecklists
Information to brief teamCommunicate with client
Planning Preparation Reporting & Follow-upPerformance
Types of Audit
3 Types of AuditsFirst Party Audit
• Self-audit (Client, auditor and auditee are Internal)
Second Party Audit• Audit by an interested body (like a customer)
Third party Audit• Audit by independent body
(certification/registration body )
IllustrationFigure 1 – Illustration of the process flow for the management of an audit programme
Authority for the audit programme(5.1)
Establishing the audit programme (5.2,5.3)-Objectives and extent-responsibilities-resources-procedures
Implementing the audit programme (5.4,5.5)-scheduling audits-Evaluating auditors-selecting audit teams-directing audit activities-maintaining records
Monitoring and reviewing the audit programme (5.6)-monitoring and reviewing-identifying needs for corrective and preventive actions-Identifying opportunities for improvement
Competence and evaluation of auditors
(7)
Audit activities(6)
Improving the audit programme(5.6)
ACT
Plan
DO
Check
Audit program objectives and extent Objectives should be established for an audit
programmed, to direct the planning and auditsThese objectives can be based on consideration ofa) Management priorities,b) Commercial intentions,c) Management system requirements,d) Statutory, regulatory and contractual requirements,e) Need for supplier evaluation,f) Customer requirements,g) Needs of other interested parties, and h) Risks to the organization
Example of Audit programming objectives
Example of Audit programming objectives:
a) To meet requirements for certification to a management system standard;
b) To verify conformance with contractual requirements;
c) To obtain and maintain confidence in the capability of a supplier;
d) To contribute to the improvement of the management system.
Planning the audit
This is the initial phase and involves: Audit criteria
Auditor resourcesCompany information
Scope of audit
Planning
Team with relevant skillsDuration of auditWho/when/where
Planning the audit
Brief from Organization employing the auditor
Usually defined in Contract Review or audit
program - Organization to be audited - Scope of the audit - Audit objective - Audit criteria - Estimated dates, duration, size of team (3rd party)
Audit criteriaAuditor resources
Company informationScope of audit
Team with relevant skillsDuration of auditWho/when/where
Planning
Planning the AuditInitiating the Audit
Audit criteria Audit scopeReference against Extent and boundaries
ofwhich conformity is Determined the audit including: • Standard > Locations• Contractual specification > Organizational units• FSMS documentation > Activities and
processes • FSMS programmes and plans covered• Statutory, regularity or other requirements
Planning
TEAM SELECTION BASED ON 19011
Lead Auditor Auditor(s) (Technical Specialist)
Systems Experience Industrial knowledge Legal/ Regulatory KnowledgeFSMS Audit Experience ISO 22000 Understanding Language/Cultutal ability
Team with relevant skillsDuration of audit
Who/When/Where
Preparing for the on-site Audit activities
Determine amount of work Number of person-days Prepare plan Prepare working documents Keep auditee advised, agree date
and time Logistics
Examples implementation of FSMS and Audit process
Top management commitment
Define scope, food safety policy and Objectives frame work
Appointment of food Safety team leader
Documentation of food safety management system
Implement/ identify (new) system requirements, procedures and workingDocuments, GHP, PRP, HACCP
Internal Audit and Management review
Corrective actions
Stage 1
Second internal audit and management review
Stage 2
Review documentation, including:FSMS policyHACCP plan
GMP,GHP,PRP,OPRPLegal and other requirements
Preparation
Audit planCheck list
Information to brief teamCommunicate with client
Session 7
Audit Process and Planning
Audit stages
Pre audit management Subsequent action Preparation and - Prepare/ submit report audit planning - Close out corrective Preliminary visit actions Detailed plan - Plan Surveillance/ review/The Audit re-audit Opening Meeting - Generate & store records The Actual audit Report Preparation Closing Meeting
The Audit process Internal Audit are performed to verify Formal assessment of hazard analysis Process flow diagrams Prerequisite programmes Document review5 main audit trails:- Organization GMP and PRP Legal Compliance Hazard Analysis, CCPs, Control Measures, Monitoring,
Corrective and preventive actions Verification
Reasons for Conducting Internal Audits
To examine the Food Safety Management System for improvements
To ensure ISO 22000, and all other standards, are being complied with To determine compliance or non-
compliance To meet regulatory requirements
Auditing ProcedureAudit activities are required to be documented in a
procedure that will address A statement of responsibility ‘Executive’ authority and responsibility The standard of training required for Auditors and Lead
Auditors Access authority The use of specialists when required
Lead Auditor
A Person qualified and authorized to manage a system audit
Auditor
A person with the competence to conduct an audit
Auditee Co-operate with the auditor in the
planning and conducting of the audit Provide access for the audit team Provide guides Attend the Opening and Closing
Meetings Address and implement corrective
action
Auditing Procedure The method for planning, initiating and
conducting audits and follow up activities including corrective actions
The rules for deciding the criticality of non-compliances
The format and distribution of audit reports, non-compliance reports, checklists or other forms required for reporting
Records, storage and retention
Audit Schedule
Audit can be schedule or initiate when any of the following conditions exists:
When an auditee engages the services of a third party organization with the aim of auditing their own system to prove the systems effectiveness
Audit Schedule
When planning an audit schedule the following shall be considered:
Status and importance Applicable management system Contract requirements Significant changes to the system, due
to major re-organization When it is suspected or reported that
the quality of a product or service is compromised due to a non-compliance
Initial planning
Decide who shall carryout the audit Identify the relevant specification or
requirements Notify the supplier/auditee of the
purpose of the audit Agree a mutually convenient date Preliminary visit Gather information – particularly in
areas covered by process description are these may need special attention
Preliminary visit
Meet the management and staff Determine the standard
requirement Inform the auditee of the purpose
of the audit Ensure the auditee is prepared for
the audit
Preliminary visitCarry out a tour of the site to: Judge the health of the auditee’s system Gain knowledge of the products and
facilities Decide on the audit structure and the team Investigate structure of processes to enable
audit planning Decide the duration of the audit Identify the need for protective clothing Check for any special security
arrangements
Preliminary visit
Answer all the auditee’s questions- so as to calm their fears
Organize administration arrangements obtain copies of auditee’s mutual, procedures and flow chart
Site layout
Detailed planning
Collation of auditee data Prepare program-send copy to
auditee Decide team composition Arrange team briefing Team prepare checklists
Detailed planning
Notify auditee of arrangements/ requirements
Duration of audit Composition of audit team Facilities and accommodation
required Administration requirements
Planning
The audit team must be supplied with copies of
The specification Any applicable contracts against
which the audit is going to be conducted
Copies of any documents they may have to complete (e.g. non-compliance, reports, checklists, etc)
Planning
Team size and complexity of the company’s operation
The specification to be applied Auditor Competence
Planning
Audit Team Briefing It is good management to arrange
for a meeting of the team, prior to the audit, to brief them on the requirements
The briefing should cover: The programme Allocation of individual audit areas Audit policies and practices
Planning
Facilities and Administration The audit team may require hotel
accommodation, secretarial support and throughout the audit a separate room, so they can discuss findings and prepare reports
Lunch should preferably be light, quick and easily accessible
Planning
Planning may need to take account of: Contentious issues (Quarrelsome) Local customs Local cultures Customer expectation
The Lead Auditor shall ensure the audit team is briefed accordingly so that the team may act sensitively to maintain suitable auditee relations
Session-8
Auditing skillsAnd
Audit
Auditor Competence
“ Ability and Eligibility to perform an Audit”Competence is based on: Educational Qualification Work Experience Training Auditing Experience Personal Attributes and triats Auditing skills
Auditor AttributesDesirable Undesirable• Fact finding > Fault Finding• Polite > Rude• Persistent > Lazy• Decisive > Indecisive• Prepared > Unprepared• Honest > Dishonest• Unbiased > Biased• Communication > Un communicative• Ethical > Un ethical
A Good Auditor’s Attributes Focused Diplomatic Versatile Time Manager Open Minded Fast Thinker Self Reliant Observant
3 Most Important Qualities
Persistence:Ability to overcome difficulties and maintain
planned course of action inspite of setbacksFlexible outlook:Ability to see things from different points of
view and adapt to changing circumstancesPerceptiveness:Ability to grasp the problem quickly but
withoutJumping to conclusions
Responsibilities of an Audit Communicate and clarify Audit Requirements Execute the audit in compliance with the audit
plan Adhere to Audit plan Arrangements Record the Audit Findings Record the Non Conformities along with
agreement with the auditee Maintain Audit documents and records Cooperate with Audit Team members Prepare summary of own audit findings Inform Lead Auditor incase of any concerns
during the audit.
Responsibilities of a Lead Auditor Assistance in selection of audit team Manage audit team and overall process
of the audit Prepare audit plan and applicable
checklists Liaison with auditee Coordinate with the other auditors for
seamless audit process Compile and present the audit report Ensure timely follow-up of the corrective
actions
Responsibilities of an Auditee Understand, define and publicize scope and objective of
the audit Provide guide/escorts to the audit team Arrangement of resources required for the conduct of
the audit Provide access to facilities/system/documents/records
to auditors during the audit Extend cooperation to auditor Carryout Root Cause analysis for non conformity
detected. Determine and take corrective action without undue
delay.
Audit Techniquesa) Ask questionsb) Examine objective evedencec) Observe activitiesd) Listen to reactionse) Record findings
Forward Trace – An audit which follows the natural flow of a product or service process
Backward Trace – An audit which traces records back through the system
Audit Techniques
Audit follows a trial across department interfaces processes may be across departmental borders and functions a vertical audit in the process environment will test the interdependency and inter process relationship
DESIGN
PURCHASING
PRODUCTION
TRAINING
HORIZONTAL
VE
RT
ICA
L
HORIZONTAL
HORIZONTAL
HORIZONTAL
The Auditors Six Friends
When asking questions…. Who? What? Where? When? Why? How?And the seventh…. OK, Show Me?
Questioning Techniques
Keep conservation going Repeat the last word or phrase-
say something niceAvoid double questions(2 questions
in 1) Only one word answer is likely to
result
Question Technique
Yes/no Questions Often elicit dead end answers- you gain
nothing- only useful as a leader questionHow-What-Why-Why-Where-Who? Direct question-will achieve more
detailed answers Explanations questions Useful for comparing interfaces
Objective Evidence
Try to establish: That authorised documents are in use That superseded drawings have been
removed That good housekeeping is practiced That facilities are adequate That supervision is adequate
Objective Evidence
That orderly records are kept That staff are adequately trained Well prepared checklists will assist
when answering these questions
Conducting the Audit Assign the auditors to their area Sample the system Collect objective evidence of system
effectiveness Compare finding from checklist with
requirements Decide compliance or non-
compliance Audit team daily meeting
Conducting the Audit Decide on system effectiveness Agree and categorize non-compliance Hold a meeting daily with auditee’s
representatives, and at the end of the audit, prior to the closing meeting
Prepare summary report with conclusions and indicate recommendations
The Audit
Remember the auditor is attempting to prove the system
Establishing the facts and finding proof
The aim is not to set out fail the system!
Observations
Observations may be obtained through any of the following methods:
Seeking objective evidence that the system is functioning as prescribed
Samples taken of the system will allow the auditor to obtain the required evidence
Observations Always establish objective evidence when
an apparent non- compliance is found, remember the occurrence discovered may be the effect and not the cause
When processes are involved the audit may examine the process controls and records to establish conformance with the specification
Both positive and negative observations are recorded
Finding the root cause
Investigate non-compliance Establishing the root cause Recording the results
Session 9
NON CONFORMITY REPORTS ANDCORRECTIVE ACTION
Definitions
Non conformityNon fulfillment of a requirementCorrective actionAction to eliminate the cause of a
detected non conformityNon conformity is established by
OBJECTIVE EVIDENCE Intend a requirement has not been addressed Implementation practice differs from the define
system Effectiveness the practice is not effective
Concepts relating to the requirements
Need or expectation that is stated, generally implied or obligatory
Conformity-Fulfillment of a requirement Non- conformity- Non fulfillment of a requirementDefect-Non fulfillment of a requirement related to
intended use
Non conformity report writing State the fact with the objective evidence Statement should be clear, and unambiguous
(clear in meeting) and concise Refer the clause number and /or audit criteria
against which non conformity is established It should trace up to verifiable status of fact Grade non conformity as ‘Major’ or ‘Minor’ if it
is practiced in the organization It should be agreed, accepted and designed by
the auditee Other relevant details like location, auditee,
date etc. should be mentioned
Concept of non conformity reportName of organizationNC No. Date of audit Audit name Location/ department/ function Statement of non conformity Corrective action planned Details of corrective action Completed Verification of corrective action Closure details of a non conformity
Categorizing non conformityMajor non conformityThe absence or complete non fulfillment or break down of the
standard’s stated requirements A frequent or purposeful failure to follow specified
requirements written within the company system A failure to achieve the fundamental aim of a system
requirement. A failure to achieve legal or statutory requirements.Minor nonconformityAn isolated or sporadic lapse in the content are implementation
of procedures or records which could reasonably lead to failure of the system, if not corrected
Isolated examples of noise levels exceeding limits Isolated examples of measuring instrument out of calibration
date
A number of MINOR Non conformity against one specific requirement of the standard/specification represents breakdown of the system and should be categorized as MAJOR Non conformity
Area Objective evidence Attribution Reference to internal
requirements NC type Signature
Corrective Action
Don’t cure the SYMPTOMS only…
Hit the CAUSE !
Corrective Action Responsibilities
The auditee or the client is responsible for determining and initiating corrective action needed to respond to auditee finding of non conformance
Response to audit findings includes Correct a non conformance Correct the cause of the non
conformance
Corrective Action planning and follow up The auditee or the client should plan for
corrective action based on the audit findings identified in the non conformity report
First- investigate non conformances to determine corrective action needed
Then – implement corrective plan Follow up ensures that the corrective
action was Implemented Effective in preventing reoccurrence of the
non conformance
What to fill in a corrective action form
The FINDING
Why it had happenedWhat is to be done, so that it does
not happen againBy when it shall be implementedIs the implemented plan working fine
top related