internal auditor

Internal auditortraining programme

On

ISO 22000:2005(FOOD SAFETY MANAGEMENT SYSTEM)

SESSION-1

About the course

To know Audit Methodology And

To develop Auditing skills

The Course training directors/ tutors can accept No responsibility for any delegates possessions and/or property.

You are advised to ensure that your personal possessions and property are kept in safe place at all times.

Fire Exits !?!-If the course really hots up.

Facilities – Wash Room This is a non smoking venue. Courtesy (mobile phones, etc.) –

Mobile to be switched off during the course. Requested to use the mobile during lunch and tea breaks only.

Stipulated time for tea and lunch breaks.

COURSE MATERIAL Course Notes Work Book (for Exercises) ISO 22000:2005 Standard Model question paper Training feedback form

Course structure

Lectures and discussionExercises- to consolidate lectures: Examine ISO 22000:2005 Audit planning Audit process Verbal audit presentation Examining the systemPlease supplement the course manual by

taking notes-you are provided with space alongside the presentations

Course structure

Case studies Document review Preparation of audit check list Audit reporting-written and verbal Role play

Course Objectives

UPON SUCCESSFUL COMPLETION OF THIS COURSE YOU WILL:

Be able to prepare for, report on, carry out and follow up an assessment or audit.

Have achieved the means to access and improve your own organizations systems.

Course Plan

Planning Audits

Conducting AuditsCollecting and

Verifying evidence

Non-Conformities(NCR/ Checklist)

Objective Evidence(Checklist)

Course Plan

Report preparation

Preparing audit summary

Preparing audit conclusions

Documenting audit report

Closing MeetingCompleting Audit

Delegate IntroductionsInformation to be obtained from delegatesPlease interview the delegate to your left so you may introduce

them to the group.Include the following information in the introduction:• Full name • Name of Organisation for which they working/ previously

worked.• Carrier Background • Their knowledge of ISO 22000 ranked from 1-10• Auditing experience-first, second or third party• Personal Objective for attending the course• Any information which the auditor should know to be able to

establish successful communication with auditee.• “Any personal information”- Birth date, Spouse name etc.

Session-2

FOOD SAFETY ISSUESAnd

Food laws applicable in food sector

Introduction

What is food safety?• Food safety- Concept that food will not cause

harm to the consumer when it is prepared and / or eaten according to its intended use

Introduction

WHY FOOD SAFETY?• New products are coming on the market

at a fast pace• New processing methods and equipment• World market and changing patterns of

consumption• Emerging pathogens• World trade need for international

harmonisation

Introduction

WHY FOOD SAFETY?

IntroductionFOOD SAFETY GUIDELINES AND STANDARDS

• Guideline: It is an advisory document which gives explanatory information to meet the requirement or conformity. For example: HACCP,GMP

• Standard: It is an agreed and authorized set of requirements which must be followed in order to be complaint. For example:

- British retail Consortium (BRC standards) - International food Standards (IFS standards) - ISO 22000

Legal Compliance and Conformance to ISO 22000 Standards

• Use with caution:• It has connotations• (associated with product liabilities issues)

Conformity

Non-fulfillment of a requirement

nonconformity

Conformance legalwith audit = Compliance criteria

Understand the difference

Non-fulfillment of a requirement related to an intended or Specified use

defect

Fulfillment of a requirement

Food lawsFoods Acts applicable in India under different

Ministries• Ministry of health and family welfare Prevention of Food Adulteration Act, 1954 (PFA)

& Prevention of Food Adulteration Rules,1955Under the purview of the Food and Drug

Administration.The food operator needs to hold a valid licenseDefines what is meant by adulterated foodDescribes responsibilities and power of Food

Inspectors

Food Laws

Requirements include• Food labelling requirements • Identification of vegetarian and non-veg.

Foods through colored dots on the label• Food quality and safety requirements• Through the act is not specifically

targeted at food safety, requirements include food saftey requirements

E.g. pesticide residue MRLs, heavy metals, added colors etc.

Food Laws• Ministry of Food Processing industries Fruits and vegetable products (control) order-

1955(FPO).• Applicable only to Fruit and Vegetable

Processing industries• Such a manufacturer need to hold a valid

license.• Requirements focus on fruit/vegetable product

characteristics• Labelling • The label need to bare the FPO logo.

Other Food Laws• Ministry of Food and Consumer Affairs Essential Com.Act,1955 Standards of Weights and Measures Act and

(Enforcement Act) and (Packaged Commodities) Rules,1977

• Ministry of Rural Development Agricultural Produce (Grading and Marketing)

Act 1937 (AGMARK)• Ministry of Agriculture Milk and Milk Products Order- 1992(MMPO) Meat Food Products Order (MFPO)-1973

Session-3

Typical Hazards

Hazards and risk

Food safety Hazard:Biological, chemical or Physical agent in

food, or condition of food, with the potential to cause an adverse health effect

Food Safety Risk:The function the probability of the

adverse effect (harm) and the severity of that effect

NO YES

Define System

Hazard Recognition

Continuous Hazards Hazards as a result of failure

Assess Risk

Severity of consequence

Acceptable risk Y/N

Unacceptable Improve Control

Conduct Task

Risk Assessment Matrix

Slighly harmfull

Harmful Extremely Harmful

Highly unlikely

Trivial Risk

Tolerable Risk

Moderate Risk

Unlikely Tolerable Risk

Moderate Risk

Substantial Risk

Likely Moderate Risk

Substantial Risk

IntolerableRisk

Risk Matrix Control PlanRISK LEVEL ACTION AND TIMESCALE

TRIVIAL No action is required and no documentary records need to be kept.

TOLERABLE No additional controls are required. Consideration may be given to a amore cost-effective solution or improvement thay imposes no additional cost burden. Monitoring is required to ensure that controls are maintained.

MODERATE Efforts should be made to reduce the risk, but the costs of prevention should be carefully measured and limited.

SUBSTAINTIAL GMPs and GHPs are applied, special measures for keeping the risks within tolerable limits are applied. The effect is controlled through measurements and if necessary the process is considered as a CCP

INTOLERABLE The process is controlled as a CCP

Hazards Classification

Biological Chemical Physical

Biological Hazard

Visible:Birds,Flies,Mosquitoes,Rats/rodents, pet animals etc.

Invisible: Microbes like Bacteria, Viruses, mold and yeast, fungus etc.

Sources of Hazards- Biological

• Raw materials• Animals• Environment• Staff

Sources of Hazards- chemicals

• Veterinary Medicines• Fertilizers• Packaging chemical compounds• Hazardous gases• Cleaning and disinfection

detergent

Sources of Hazards- Physical• Glass• Metal particles• Hair• Nail• Stones• Dust/ Dirt• Equipment• Facilities • Raw material• Packages• Environment• Personnel• Ionizing radiation

Session-4

DEFINITION AND TERMINOLOGY

DEFINITIONS AND TERMINOLOGY

• Control: To manage the conditions of an operation to maintain compliance with established criteria

• Critical Limit: Criterion which separates acceptability from unacceptability

• Control measure: Action or activity that can be use to prevent or eliminate a food safety hazard or reduce it to an acceptable level

• CCP Decision tree: A sequence of questions asked to determine whether a control point is critical control point


Deviation: failure to meet a critical limit HACCP Plan: The written document based

upon principles of HACCP that delineates the procedures to be followed to ensure the control of a specific process or procedure.

Food Safety Policy: Overall intensions and direction of an organisation related to food safety as formally expressed by top management


Monitor: To conduct a planned sequence of observations, measurements to assess whether a CCP is under control and to produce an accurate record for future use in verification.

Operating Limits: Criteria more stringent than critical limits that are used by an operator to reduce the risk of contamination. For example, if a certain chemical concentration is required to control a hazard, the operating limit is generally set above the minimum concentration needed to ensure effective treatment.

Risk: An estimate of the likely occurrence of a hazard. Severity: the seriousness of a hazard (if not properly

controlled).


Validation: Verification focused on collecting and evaluating scientific and technical information to determine if the HACCP Plan, when properly implemented, will effectively control the hazards.

Verification: The use of methods, procedures or Tests, in addition to those used in monitoring, that determine if the HACCP system complies with the HACCP plan and/or whether the plan needs modification.


Correction: Action to eliminate a detected non conformity

Corrective action: Action to terminite the cause of a detected conformity or other undesirable situation.

Flow diagram: Schematic and systematic presentation of the sequence and interaction of steps


End Product: Product that will undergo no further processing or transformation by the organization.

Updating: Immediate and/or planned activity to ensure application of the most recent information.

Pre-requisite programme PRP: Basic conditions and activities that are necessary to maintain a hygienic environment through out the food chain(3.2) suitable for the production, handling and provision of safe end products(3.5) and safe food for human consumption.

Operational PRP/Operational prerequisite programme: identified by the hazard analysis an essential in order to control the likely hood of introducing food safety hazards( and/or the contamination or proliferation of food safety hazards in the product(s) or in the processing environment

Session-5

ISO 22000:2005Food safety management systemsFood SMS requirements for any organization in the food

chain

4. Food safety management requirements

Establish, document, implement and maintain an effective Food SMS and update it.

Define the scope of Food SMS.Products categories.Processes and product sites.

Documents requirements

Food safety policy and related objectives

Documented procedures required by the standard

Records required by the standard Documents needed to ensure

effective development, implementation updating of the Food SMS

Required documented procedures

Document control (4.2.2) Record control (4.2.3) Nonconformity control Corrections (7.10.1) Corrective action(7.10.2) Withdrawals(7.10.4) Internal Audit(8.4.1)

4.2.2 Control of documents

Documented procedures defining controls for food SMS required documents:

Approval for adequacy before use Revview/update as nec. & re-

approval Changes and current revision status

clearly identified

4.2.2 Control of documents Relevant version available at points of

ue Documents remain legible and reaily

identifiable Documents of external origin are

identified and their distribution controlled

Prevent use of obsolete documents, and identify if retained

4.2.3 Control of records

Maintained to demonstrate conformance to requirements and the effective operation of the Food SMS

System-level procedure for identifying, storage, retrieval, protection, retention times and disposal

5. Management responsibility

5.1 General

Top Management to provide evidence of its commitment to development and implementation of the Food SMS &continually improving its effectiveness

How???

Top management training school

Show food safety is supported by business Objectives

Communicating the importance of meeting customer/statutory/regulatory requirements

Establishing the food safety policyHolding management reviewsEnsuring availability of resources

5.2 Food safety policyTop management to ensure it: Is appropriate to the role of organization in

food chain. Confirms with both statutory and regulatory

and with agreed food safety requirements of customers

Is communicated, implemented and maintained at all levels of organization

Is reviewed for continuing suitability Adequately addresses communication Is supported by measurable objectives.

5.3 Food safety management system planning

Top management to ensure planning conducted to:

Meet the over all requirements and food safety objectives

Ensure system integrity during changes

Responsibility and authority

Top management to ensure that R&D are defined and communicated

All personnel have the responsibility to report problems with the Food SMS to identified person(s).

That designated personnel shall initiate and record action.

Food safety Team Leader

Manage a Food system team Ensure relevant training and

education of team Ensure the Food SMS is established,

implemented, maintained and updated

Reporting effectiveness and suitability to top management

5.6 Communication External communication Supplier and contractors Customers or consumers Statuary and regulatory authorities Other impacted organization on Food

SMS Known food safety hazards, needed

to be controlled by other organizations.

Communication (cont.)

Internal communication Food safety team is informed of

changes in food SMS. Food safety team shall ensure the

updating of the Food SMS.

5.7 Emergency preparedness and response

Procedure to manage potential emergency situation and accidents that can impact food safety

Role of the organization in the food chain

5.8 Management review

Top management reviewing Food SMS to ensure suitability, adequacy & EFFECTIVENESS

Defined intervals Is there a need to amend the Food

SMS, food safety policy.

5.8 Management review(cont.)Review information to: Follow up issues from previous reviews Analysis results of verification activities Changing circumstances that affect to food

safety. Emergency situation, accident and withdrawals Reviewing results of system updating activities. Review of communication activities, including

customer fed back External audits or inspection Data shall be presented in link to objectives

5.8 Management review(cont.)

Output shall include decisions and actions related to:

Assurance of food safety Improvement of Food SMS Resource needs Revision of Food safety policy and

objectives

6.Resource management

6.1 Provision of Resource

Provide the adequate resources for established, implemented, maintenance and updating Food SMS.

6.2 Human resources

All personnel shall be competent Have appropriate education

training skills and experience Maintain agreement or contract of

external experts, defining the responsibility and authority.

6.2 Human resources Identify competence needs Provide training or other action Train personnel who responsible for

monitoring, correction and corrective actions

Evaluate effectiveness of training or other actions

Ensure that personnel are aware of activity/contribution

Ensure effective communication Training or development records

6.3 Infrastructure &6.4 Work environment

Provide Infrastructure and work environment needed to implement this standard.

7.Planning and realization of Safe Products

7.1 General

Plan and develop necessary processes for realization of safe products

Implement, operate and ensure the effectiveness of planned activities, including PRP, operational PRP and HACCP plan

7.2 Prerequisite programmes (PRPs)

7.2.1 Establish, implement and maintain PRP to assist controlling

Likelihood Food safety hazards thru work environment B/C/P contamination between product

Food safety hazard level in product and process environment

7.2 Prerequisite programmes (PRPs) Cont. Be appropriate to organization need Be appropriate to size, type and

nature of products Be implemented across the entire

production system Be approved by food safety team Shall identify related statutory and

regulatory requirements

7.2 Prerequisite programmes (PRPs) Cont. Construction and layout of building and

utility Lay-out of premises, workspace and

employee facilities Supplies of air, water, energy and other

utilities Waste, sewage disposal Equipment, accessibility for cleaning,

maintenance Management of purchased material,

supplies, disposals and handling of products

7.2 Prerequisite programmes (PRPs) Cont. Measures for prevention of cross

contamination Cleaning and sanitizing Pest control Personnel hygiene Other aspects, as appropriate PRP verification shall be planned

and modified as necessary

7.3 Preliminary steps to enable hazard analysis Collect information needed Appoint food safety team, multi-

disciplinary knowledge & experienced Raw materials, ingredients, product-

contact materials Characteristics of end products Intended use/ target people Flow diagrams, process step and control

measure

7.4 Hazard Analysis

Determine which hazards need to be controlled, degree of control combination of control measures

Hazard identification and determine acceptable levels, based on:

Preliminary collected information and data Experience

External information Information from food chain

7.4.2 Hazard Identificaton

Consider to Preceding and following step of specified operation

Process equipment, utilities and surrounding Preceding and following links in food chain

Determine acceptable level Justification and result shall be

recorded

Hazard assessment

Conduct the hazard assessment to determine whether Its elimination to reduction to acceptable levels

Its control is need to meet the defined acceptable level

Describe the methodology used and record

7.4.4 Section and assessment of control measures

Select appropriate combination of control measures

Categorized selected control measures whether manage thru operational PRP or HACCP plan

7.5 Establishing the operational prerequisite programme

Document operational PRP Food safety hazard(s) to be controlled Control measure Monitoring procedures Correction and corrective action to be

taken Responsibilities and authorities Record of monitoring

Establishing the HACCP plan

Document HACCP plan Identification of critical control

point Determine critical limit for CCP System for monitoring of CCP Action when monitoring result

exceed critical limit

7.7 Updating of preliminary information and document specifying the PRP and HACCP plan

Updating the following information, if necessary

Product chart Intended use Flow diagram Process step Control measure

Verification planning Verification activities shall confirm that

PRP are implemented Input hazard analysis is updated Effective of operational PRP and HACCP

plan Hazard levels are within acceptable level Other procedure are implemented and

effective

7.9 Traceability system

Traceability system for product lot and their relation to batch of raw material, processing and delivery record

Able to identify incoming material from immediate suppliers and initial distribution route of end product

7.10 Control of nonconformity Corrections Identify and assessment affected end

product to determine proper handlingReview of the corrections carried out Corrective actions Eliminate cause of detected N/CPrevent recurrenceBring the process or system back into

control

7.10 Control of nonconformity

Handling of potentially unsafe product

To prevent the N/C product from entering the food chain

N/C product shall be held until they have been evaluated

Notify interested parties and initiate a withdrawal

7.10 Control of nonconformity Evaluation for release N/C product shall only be released as

safe when Evidence of effective control measure,

other then monitoring system. Evidence of complies with performance

intended Result of sampling, analysis or either

verification shows product complies acceptable level

7.10 Control of nonconformity Disposition of N/C products Reprocessing or further processing to

acceptable levels Destruction or disposals as waste

Withdrawals Appoint authority personnel to initiate

and execute the withdrawal Notify to interested parties Handling of withdraw product Procedure sequence of action to be taken

8. Validation, verification and improvement of the Food SMS

8.1 General Plan & implement Processes needed to validate

control measures To verify and improve the food

SMS

8.2 Validation of control measure combinations

Validate the control measures are capable to control the Hazards

Modify the control measures, as necessary.

8.3 control of measuring & monitoring

To ensure valid results, devices are: Calibrated/adjusted prior to use or

at specified intervals against devices traceable to national/international standards if not, define basis for calibration

Identified & calibration status defined

Safeguard from adjustment

8.3 Control of measuring & monitoring Protected from damage & deterioration

during handling, maintenance & storage

Assess & record previous results validity & take action when device found not conforming to requirements

Record calibration & verification results Software validated prior to use & when

req.

8.4 Food safety management system verification

8.4.1 internal Audit Verify Food SMS is complying &

effectively implemented Planned based on status, importance and

previous results Independent auditors? Dept. Audit (cross) Documented procedure Timely corrective action by relevant mgt. Follow-up

8.4.2 Evaluation of individual verification results

Systematic evaluate the individual results of planed verification

Take action to achieve the require conformity

8.4.3 Analysis of results of verification activities Analysis the results of verification

activities, incl. internal/ External audit To confirm overall performance of

system. To identify need for updating/ improving

the Food SMS To identify trends of potential unsafe

products information for internal audit To provide evidence the effectiveness of

correction and corrective action

8.5 Improvement

8.5.1 Continual improvement Continually improve Food SMS

effectiveness through use of various sources of information:

Communication, management review, internal audit, verification activities, validate result, corrective action, etc.

Updating the Food SMS

Continually update the food SMS Consider whether it is necessary

to review hazard analysis, PRP and HACCP plan

As the input for management review.

Session-6

Planning the audit

Audits MUST be well managed to provide good VALUE To audit team leader has overall

responsibility for the audit. Audit team members assist the team

leader Good audit management requires good: - Planning and Preparation - Communications (Client, Auditees and

Auditors) - Accurate and Objective Fact Finding

Review documentation, including:FSMS PolicyHACCP plan

GMP,GHP,PRP,OPRPLegal and other requirements

Audit criteriaAuditory resources

Company informationScope of Audit

Team with relevant skillsDuration of auditWho/When/Where

Audit PlanChecklists

Information to brief teamCommunicate with client

Planning Preparation Reporting & Follow-upPerformance

Types of Audit

3 Types of AuditsFirst Party Audit

• Self-audit (Client, auditor and auditee are Internal)

Second Party Audit• Audit by an interested body (like a customer)

Third party Audit• Audit by independent body

(certification/registration body )

IllustrationFigure 1 – Illustration of the process flow for the management of an audit programme

Authority for the audit programme(5.1)

Establishing the audit programme (5.2,5.3)-Objectives and extent-responsibilities-resources-procedures

Implementing the audit programme (5.4,5.5)-scheduling audits-Evaluating auditors-selecting audit teams-directing audit activities-maintaining records

Monitoring and reviewing the audit programme (5.6)-monitoring and reviewing-identifying needs for corrective and preventive actions-Identifying opportunities for improvement

Competence and evaluation of auditors

(7)

Audit activities(6)

Improving the audit programme(5.6)

ACT

Plan

DO

Check

Audit program objectives and extent Objectives should be established for an audit

programmed, to direct the planning and auditsThese objectives can be based on consideration ofa) Management priorities,b) Commercial intentions,c) Management system requirements,d) Statutory, regulatory and contractual requirements,e) Need for supplier evaluation,f) Customer requirements,g) Needs of other interested parties, and h) Risks to the organization

Example of Audit programming objectives

Example of Audit programming objectives:

a) To meet requirements for certification to a management system standard;

b) To verify conformance with contractual requirements;

c) To obtain and maintain confidence in the capability of a supplier;

d) To contribute to the improvement of the management system.

Planning the audit

This is the initial phase and involves: Audit criteria

Auditor resourcesCompany information

Scope of audit

Planning

Team with relevant skillsDuration of auditWho/when/where

Planning the audit

Brief from Organization employing the auditor

Usually defined in Contract Review or audit

program - Organization to be audited - Scope of the audit - Audit objective - Audit criteria - Estimated dates, duration, size of team (3rd party)

Audit criteriaAuditor resources

Company informationScope of audit

Team with relevant skillsDuration of auditWho/when/where

Planning

Planning the AuditInitiating the Audit

Audit criteria Audit scopeReference against Extent and boundaries

ofwhich conformity is Determined the audit including: • Standard > Locations• Contractual specification > Organizational units• FSMS documentation > Activities and

processes • FSMS programmes and plans covered• Statutory, regularity or other requirements

Planning

TEAM SELECTION BASED ON 19011

Lead Auditor Auditor(s) (Technical Specialist)

Systems Experience Industrial knowledge Legal/ Regulatory KnowledgeFSMS Audit Experience ISO 22000 Understanding Language/Cultutal ability

Team with relevant skillsDuration of audit

Who/When/Where

Preparing for the on-site Audit activities

Determine amount of work Number of person-days Prepare plan Prepare working documents Keep auditee advised, agree date

and time Logistics

Examples implementation of FSMS and Audit process

Top management commitment

Define scope, food safety policy and Objectives frame work

Appointment of food Safety team leader

Documentation of food safety management system

Implement/ identify (new) system requirements, procedures and workingDocuments, GHP, PRP, HACCP

Internal Audit and Management review

Corrective actions

Stage 1

Second internal audit and management review

Stage 2

Review documentation, including:FSMS policyHACCP plan

GMP,GHP,PRP,OPRPLegal and other requirements

Preparation

Audit planCheck list

Information to brief teamCommunicate with client

Session 7

Audit Process and Planning

Audit stages

Pre audit management Subsequent action Preparation and - Prepare/ submit report audit planning - Close out corrective Preliminary visit actions Detailed plan - Plan Surveillance/ review/The Audit re-audit Opening Meeting - Generate & store records The Actual audit Report Preparation Closing Meeting

The Audit process Internal Audit are performed to verify Formal assessment of hazard analysis Process flow diagrams Prerequisite programmes Document review5 main audit trails:- Organization GMP and PRP Legal Compliance Hazard Analysis, CCPs, Control Measures, Monitoring,

Corrective and preventive actions Verification

Reasons for Conducting Internal Audits

To examine the Food Safety Management System for improvements

To ensure ISO 22000, and all other standards, are being complied with To determine compliance or non-

compliance To meet regulatory requirements

Auditing ProcedureAudit activities are required to be documented in a

procedure that will address A statement of responsibility ‘Executive’ authority and responsibility The standard of training required for Auditors and Lead

Auditors Access authority The use of specialists when required

Lead Auditor

A Person qualified and authorized to manage a system audit

Auditor

A person with the competence to conduct an audit

Auditee Co-operate with the auditor in the

planning and conducting of the audit Provide access for the audit team Provide guides Attend the Opening and Closing

Meetings Address and implement corrective

action

Auditing Procedure The method for planning, initiating and

conducting audits and follow up activities including corrective actions

The rules for deciding the criticality of non-compliances

The format and distribution of audit reports, non-compliance reports, checklists or other forms required for reporting

Records, storage and retention

Audit Schedule

Audit can be schedule or initiate when any of the following conditions exists:

When an auditee engages the services of a third party organization with the aim of auditing their own system to prove the systems effectiveness

Audit Schedule

When planning an audit schedule the following shall be considered:

Status and importance Applicable management system Contract requirements Significant changes to the system, due

to major re-organization When it is suspected or reported that

the quality of a product or service is compromised due to a non-compliance

Initial planning

Decide who shall carryout the audit Identify the relevant specification or

requirements Notify the supplier/auditee of the

purpose of the audit Agree a mutually convenient date Preliminary visit Gather information – particularly in

areas covered by process description are these may need special attention

Preliminary visit

Meet the management and staff Determine the standard

requirement Inform the auditee of the purpose

of the audit Ensure the auditee is prepared for

the audit

Preliminary visitCarry out a tour of the site to: Judge the health of the auditee’s system Gain knowledge of the products and

facilities Decide on the audit structure and the team Investigate structure of processes to enable

audit planning Decide the duration of the audit Identify the need for protective clothing Check for any special security

arrangements

Preliminary visit

Answer all the auditee’s questions- so as to calm their fears

Organize administration arrangements obtain copies of auditee’s mutual, procedures and flow chart

Site layout

Detailed planning

Collation of auditee data Prepare program-send copy to

auditee Decide team composition Arrange team briefing Team prepare checklists

Detailed planning

Notify auditee of arrangements/ requirements

Duration of audit Composition of audit team Facilities and accommodation

required Administration requirements

Planning

The audit team must be supplied with copies of

The specification Any applicable contracts against

which the audit is going to be conducted

Copies of any documents they may have to complete (e.g. non-compliance, reports, checklists, etc)

Planning

Team size and complexity of the company’s operation

The specification to be applied Auditor Competence

Planning

Audit Team Briefing It is good management to arrange

for a meeting of the team, prior to the audit, to brief them on the requirements

The briefing should cover: The programme Allocation of individual audit areas Audit policies and practices

Planning

Facilities and Administration The audit team may require hotel

accommodation, secretarial support and throughout the audit a separate room, so they can discuss findings and prepare reports

Lunch should preferably be light, quick and easily accessible

Planning

Planning may need to take account of: Contentious issues (Quarrelsome) Local customs Local cultures Customer expectation

The Lead Auditor shall ensure the audit team is briefed accordingly so that the team may act sensitively to maintain suitable auditee relations

Session-8

Auditing skillsAnd

Audit

Auditor Competence

“ Ability and Eligibility to perform an Audit”Competence is based on: Educational Qualification Work Experience Training Auditing Experience Personal Attributes and triats Auditing skills

Auditor AttributesDesirable Undesirable• Fact finding > Fault Finding• Polite > Rude• Persistent > Lazy• Decisive > Indecisive• Prepared > Unprepared• Honest > Dishonest• Unbiased > Biased• Communication > Un communicative• Ethical > Un ethical

A Good Auditor’s Attributes Focused Diplomatic Versatile Time Manager Open Minded Fast Thinker Self Reliant Observant

3 Most Important Qualities

Persistence:Ability to overcome difficulties and maintain

planned course of action inspite of setbacksFlexible outlook:Ability to see things from different points of

view and adapt to changing circumstancesPerceptiveness:Ability to grasp the problem quickly but

withoutJumping to conclusions

Responsibilities of an Audit Communicate and clarify Audit Requirements Execute the audit in compliance with the audit

plan Adhere to Audit plan Arrangements Record the Audit Findings Record the Non Conformities along with

agreement with the auditee Maintain Audit documents and records Cooperate with Audit Team members Prepare summary of own audit findings Inform Lead Auditor incase of any concerns

during the audit.

Responsibilities of a Lead Auditor Assistance in selection of audit team Manage audit team and overall process

of the audit Prepare audit plan and applicable

checklists Liaison with auditee Coordinate with the other auditors for

seamless audit process Compile and present the audit report Ensure timely follow-up of the corrective

actions

Responsibilities of an Auditee Understand, define and publicize scope and objective of

the audit Provide guide/escorts to the audit team Arrangement of resources required for the conduct of

the audit Provide access to facilities/system/documents/records

to auditors during the audit Extend cooperation to auditor Carryout Root Cause analysis for non conformity

detected. Determine and take corrective action without undue

delay.

Audit Techniquesa) Ask questionsb) Examine objective evedencec) Observe activitiesd) Listen to reactionse) Record findings

Forward Trace – An audit which follows the natural flow of a product or service process

Backward Trace – An audit which traces records back through the system

Audit Techniques

Audit follows a trial across department interfaces processes may be across departmental borders and functions a vertical audit in the process environment will test the interdependency and inter process relationship

DESIGN

PURCHASING

PRODUCTION

TRAINING

HORIZONTAL

VE

RT

ICA

L

HORIZONTAL

HORIZONTAL

HORIZONTAL

The Auditors Six Friends

When asking questions…. Who? What? Where? When? Why? How?And the seventh…. OK, Show Me?

Questioning Techniques

Keep conservation going Repeat the last word or phrase-

say something niceAvoid double questions(2 questions

in 1) Only one word answer is likely to

result

Question Technique

Yes/no Questions Often elicit dead end answers- you gain

nothing- only useful as a leader questionHow-What-Why-Why-Where-Who? Direct question-will achieve more

detailed answers Explanations questions Useful for comparing interfaces

Objective Evidence

Try to establish: That authorised documents are in use That superseded drawings have been

removed That good housekeeping is practiced That facilities are adequate That supervision is adequate

Objective Evidence

That orderly records are kept That staff are adequately trained Well prepared checklists will assist

when answering these questions

Conducting the Audit Assign the auditors to their area Sample the system Collect objective evidence of system

effectiveness Compare finding from checklist with

requirements Decide compliance or non-

compliance Audit team daily meeting

Conducting the Audit Decide on system effectiveness Agree and categorize non-compliance Hold a meeting daily with auditee’s

representatives, and at the end of the audit, prior to the closing meeting

Prepare summary report with conclusions and indicate recommendations

The Audit

Remember the auditor is attempting to prove the system

Establishing the facts and finding proof

The aim is not to set out fail the system!

Observations

Observations may be obtained through any of the following methods:

Seeking objective evidence that the system is functioning as prescribed

Samples taken of the system will allow the auditor to obtain the required evidence

Observations Always establish objective evidence when

an apparent non- compliance is found, remember the occurrence discovered may be the effect and not the cause

When processes are involved the audit may examine the process controls and records to establish conformance with the specification

Both positive and negative observations are recorded

Finding the root cause

Investigate non-compliance Establishing the root cause Recording the results

Session 9

NON CONFORMITY REPORTS ANDCORRECTIVE ACTION

Definitions

Non conformityNon fulfillment of a requirementCorrective actionAction to eliminate the cause of a

detected non conformityNon conformity is established by

OBJECTIVE EVIDENCE Intend a requirement has not been addressed Implementation practice differs from the define

system Effectiveness the practice is not effective

Concepts relating to the requirements

Need or expectation that is stated, generally implied or obligatory

Conformity-Fulfillment of a requirement Non- conformity- Non fulfillment of a requirementDefect-Non fulfillment of a requirement related to

intended use

Non conformity report writing State the fact with the objective evidence Statement should be clear, and unambiguous

(clear in meeting) and concise Refer the clause number and /or audit criteria

against which non conformity is established It should trace up to verifiable status of fact Grade non conformity as ‘Major’ or ‘Minor’ if it

is practiced in the organization It should be agreed, accepted and designed by

the auditee Other relevant details like location, auditee,

date etc. should be mentioned

Concept of non conformity reportName of organizationNC No. Date of audit Audit name Location/ department/ function Statement of non conformity Corrective action planned Details of corrective action Completed Verification of corrective action Closure details of a non conformity

Categorizing non conformityMajor non conformityThe absence or complete non fulfillment or break down of the

standard’s stated requirements A frequent or purposeful failure to follow specified

requirements written within the company system A failure to achieve the fundamental aim of a system

requirement. A failure to achieve legal or statutory requirements.Minor nonconformityAn isolated or sporadic lapse in the content are implementation

of procedures or records which could reasonably lead to failure of the system, if not corrected

Isolated examples of noise levels exceeding limits Isolated examples of measuring instrument out of calibration

date

A number of MINOR Non conformity against one specific requirement of the standard/specification represents breakdown of the system and should be categorized as MAJOR Non conformity

Area Objective evidence Attribution Reference to internal

requirements NC type Signature

Corrective Action

Don’t cure the SYMPTOMS only…

Hit the CAUSE !

Corrective Action Responsibilities

The auditee or the client is responsible for determining and initiating corrective action needed to respond to auditee finding of non conformance

Response to audit findings includes Correct a non conformance Correct the cause of the non

conformance

Corrective Action planning and follow up The auditee or the client should plan for

corrective action based on the audit findings identified in the non conformity report

First- investigate non conformances to determine corrective action needed

Then – implement corrective plan Follow up ensures that the corrective

action was Implemented Effective in preventing reoccurrence of the

non conformance

What to fill in a corrective action form

The FINDING

Why it had happenedWhat is to be done, so that it does

not happen againBy when it shall be implementedIs the implemented plan working fine