Internal Audits are a key element in any food safety management system (FSMS). Whether you want certification to SQF, BRC, FSSC 22000 or another GFSI Certification program you must implement internal audits, and your certification auditor will pay close attention to the effectiveness of the program.
The certification body that you use will have to depend on your internal audit program to measure the effectiveness of your FSMS when they are not there. They are visiting your facility once/year; in the meantime your internal audit program is the system in place to identify issues and make sure they are corrected, ensuring that your FSMS remains effective and in compliance with the standard.
The first step to building a good program is to have a thorough understanding of what internal audits are, and the specific requirements for the system. If you are used to doing GMP audits, or food safety audits that focus on the cleanliness of the facility and employee compliance with GMPs you will need to expand your vision for internal audits.
The food safety standards (SQF, BRC, FSSC 22000 and other GFSI Benchmarked Standards) require an internal audit system that evaluates the effectiveness of ALL of the food safety management system processes. This goes beyond the GMP checklist audit and requires including the processes such as management commitment and management review, corrective actions, purchasing, food safety and HACCP plans and more.
While it is common to see audits scheduled for each procedure or each element of the standard once per year, the most effective audits are process based. This means organizing your audits so you are looking at the interaction of the processes, not looking at one procedure at a time. For example, you may schedule your audits so you audit a department, looking at all of the procedures that apply to that department. Your audit schedule would be based on the departments in your organization. (Example: Administration, R&D, Production Area 1, Production Area 2, Shipping and Receiving, Quality) Each audit of an area would include all of the procedures and prerequisite programs that apply in the area.
As mentioned above, the most common audit schedule is a schedule that includes one audit of each process each year. Most standards require that audits are scheduled based on the status and importance of the area. This is also more effective, the more critical an area, the more frequent the audits. Also, if an area is not performing well (nonconformances are being identified) the next audit of the area is scheduled sooner.
Don't settle for audits that do not give you the most improvement for your efforts. Reach beyond the routine "each clause of the standard once per year" approach. Develop processed based audits and schedule them based on the status and importance of the area. You will be rewarded with an effective food safety management system and greater improvements to the system.
All Management System Certification programs have a requirement for Internal Auditing. Internal Audits play a key function in maintaining and improving the management system. This includes food safety management systems such as Safe Quality Food (SQF), FSSC 22000, ISO 22000 and BRC and quality management systems such as ISO 9001.
Internal Audits are an evaluation of your processes. A trained internal auditor will compare the way a process is being performed against the documented procedure, work instruction or other documentation as well as against the requirements of the standard that applies.
Designate responsibility for coordinating the Internal Audits. The person responsible will make sure that the audit schedule is prepared by management and then initiate the audits according to the schedule. The coordinator may also be an internal auditor, or may only be responsible for administrative responsibilities. They will assign auditors to each audit on the schedule and make sure that audits are taking place as planned.
Next, identify how you will audit the facility. Typically an organization will audit by department, identifying the processes in the department and the procedures and documents that apply. Some organizations audit by individual processes or by sections of the standard that applies. Process audits are preferable to procedure based audits. A procedure based audit focuses on on procedure at a time, and can miss the important interactions of different processes. A process based audit looks at all the procedures that apply to a process. For example by auditing a department the auditors will look at all of the procedures that apply and how they interact.
Management prepares the audit schedule, usually during a management review meeting. The schedule should include audits of each process or department a minimum of once per year. They must also take into account the "status and importance of the area", if a particular process, area or department shows a higher number of nonconformances, customer complaints or other issues the area should be audited more frequently. The same applies to critical areas, those critical to food safety or quality should also be audited on a more frequent schedule.
Identify a group of people to become your internal auditors. You will want to have a team that is large enough so you have enough auditors to choose from and are able to schedule auditors that do not have responsibility for the area being audited.
Train your audit team to perform effective process audits. Choose employees that have good communication skills and will be able to work well with a variety of people. The auditors will be a key part of establishing an effective program; be sure they will present a positive attitude and evaluate the process not the people. Audits are not a performance evaluation.
Auditors must be trained on each step of the audit process, and the requirements of the standard that applies. Classroom training is available from a variety of sources or for a convenient online option visit our page: Online Internal Auditor Training