BEST PRACTICEInternal Auditing
Lesson Guide
cademyATraining
Sample - for demonstration purposes only
Sample lesson guide information
Our internal audit training comes as just a lesson guide, as distance learning, eLearning or as classroom based training and teaches you not only how to audit; but also the subject you’re auditing, which other courses don’t teach you.
This lesson guide is included with all of our training options in either paperback or ebook format.
This sample provides a snapshot of each module and we’ve included the content and introduction, including the index so you can see the subjects and information covered.
shop now
Secure online shopping - all major cards accepted
Welcome to your Best Practice Internal Audit lesson guide. It’s designed for anyone who has been tasked with completing internal auditing on site. It will provide all of the information and help develop the skills you need, to carry out your internal audits effectively.
You will learn to understand the requirements of internal auditing, corrective and preventive actions, root cause analysis and also senior management commitment.
Having the required knowledge about the standard, to be able to challenge your system when you’re auditing, is what makes a really good auditor. This guide will teach you how to be a ‘best practice’ auditor.
When you have completed this training, you will be able to audit the internal audit system, corrective and preventive actions system and also the senior management commitment section along with document control, training and GMP.
You will be ‘qualified’ to audit the other sections of your standard, but we can’t teach you these sections in detail within this guide - but don’t worry, we have other guides and courses that you can bolt onto this one, that will teach you the other subjects and then you’ll be able to audit those to ‘best practice’ standard too!
If you have any queries or questions about this guide, please contact us at [email protected] alternatively, you can call us on 07955 211023.
Contents
Glossary .....................................................................................................................................4
Module 1 Introduction ..................................................................................................................................6
Module 2 Internal audit requirements ..................................................................................................7
Module 3 Corrective & preventive actions & root cause analysis .........................................20
Module 4 Internal audit basics .............................................................................................................. 45
Module 5 The aim of internal audits ....................................................................................................51
Module 6 Audit skills & tools ..................................................................................................................60
Module 7 Best practice auditing ............................................................................................................71
Module 8 Audit report writing ..............................................................................................................109
Module 9 Senior management commitment ............................................................................... 115
Module 10 Summary ...................................................................................................................................142
Index .......................................................................................................................................144
Module 1
This guide is broken down into manageable parts, so let’s look at what each module will cover.
Internal audit requirements• What the requirements are for internal audits, what they mean and how
you can work towards meeting them.• What a non-conformance is, and when and where you would raise them.
Corrective & preventive actions & root cause analysis• What the requirements for corrective and preventive actions are, and what
they mean.• Root cause analysis; what it is, why it is important and our Smart Analysis
method.
Internal audit basics
• Diff erent types of audits and the audit cycle.
The aim of internal audits
• Why we carry out internal audits and what prevents the audits from working.
Audit skills & tools
• The skills and tools you will need to carry out an internal audit.
Best practice auditing
• The best practices of auditing both documents and inside the factory.
Audit report writing
• How to write an audit report.
Senior management commitment
• What requirements there are for senior management commitment, what is needed to comply and how you audit this section.
IntroductionIntroduction
We are going to focus on best practice so you will be covering all possibilities, including retailer We are going to focus on best practice so you will be covering all possibilities, including retailer We are going to focus on best practice so you will be covering all possibilities, including retailer standards. This means we will be looking at auditing to a high level of detail. In this guide standards. This means we will be looking at auditing to a high level of detail. In this guide standards. This means we will be looking at auditing to a high level of detail. In this guide we’ve highlighted areas where you can exceed this. Pushing your site to work to gold star we’ve highlighted areas where you can exceed this. Pushing your site to work to gold star we’ve highlighted areas where you can exceed this. Pushing your site to work to gold star standards, will elevate you above external audit requirements, giving you extra armour.standards, will elevate you above external audit requirements, giving you extra armour.standards, will elevate you above external audit requirements, giving you extra armour.
In each module we’ve shown the requirements like this, in pink text - these requirements refer to what’s required in most of the GFSI schemes.
6
Module 2
Internal audit requirementsInternal audit requirements
What an internal audit is.
What the requirements for your internal audits are:
• What the requirements are actually asking you for
• what you need to do to work to best practice to cover retailer requirements too
• the diff erence between verifi cation and validation.
What you will learn...What you will learn...What you will learn...
The requirement of internal audits is much the same across all standards, so we’ve gathered this all together for you.
What is an internal audit?What is an internal audit?An internal audit is an independent and objective evaluation of site compliance against the standard it works to. They are checks that your site is working properly and meeting the requirements. Audits are carried out to keep your site in control and to help it to continually improve.
Internal audits are a fundamental part of any standard and in some cases, if they are not implemented correctly - can lead to failing an external or certifi cation audit. This highlights how important it is to complete internal audits, not only to ensure your system is eff ective, but also for the safety, legality, authenticity and quality of your products.
If your internal audits are not implemented or carried out correctly, it can cause huge problems when it comes to external audits. Ineff ective audits can lead to non-conformances being raised throughout your system, and nobody wants to give non-conformances away easily.
In the worst case, not having audits in place can lead to food safety issues, which can have an impact on public health. This could then lead to recalls and possible damage to your business.
7
Module 3
Corrective & preventive Corrective & preventive actions & root cause analysisactions & root cause analysis
Before we go through what the requirements are, let’s look at the defi nition of a non-conformance, and what corrective and preventive actions are,
and what the diff erence is between them.
A non-conformance is when there has been a failure to meet the requirements, and you raise one whenever you identify a failure to meet a requirement of whatever standard you are auditing against.
There are three typical levels of non-conformance:
Your site may call them diff erent things, or they might just stick to ‘compliance’ or ‘non-compliance,’ you just need to stick to what your site procedure says. Let’s go through what minor, major and critical mean, just in case your site uses these, as these terms are the most common.
‘non-conformance’ A non-conformance is when there
has been a failure to meet the requirements.
minor, major & minor, major & critical...critical...
What the requirements are for corrective and preventive actions.
Root cause analysis: what it is, why we use it and our Smart Analysis method.
What you will learn...What you will learn...What you will learn...
20
Think of audits like a cake. Horizontal audits look at the individual layers of the cake, one layer at a time...
A horizontal audit is where you focus on a specifi c topic. Where you audit each clause, one by one.
In a horizontal audit you can therefore focus on one particular requirement or department, to check for compliance.
This is how most Internal audits will be carried out, by taking one part of the standard and auditing each clause, one by one.
There are two types of audit; horizontal and vertical. Both of these are acceptable but are usually used at diff erent times depending on; who is carrying out the audit, the reason for the audit and the time restrictions.
Module 4
Internal audit basicsInternal audit basicsIn this module we’ll look at two types of audit when we would use them, and then each step of the audit cycle.
types of audit...types of audit...
horizontal audithorizontal audit
The diff erent types of audits – horizontal and vertical.
The audit cycle.
What you will learn...What you will learn...What you will learn...
45
Module 5
The The aim of internal auditsaim of internal auditsWe’re going to look at all of the reasons why we carry out internal audits and the benefi ts of doing them correctly.
Internal audits are the most undervalued tool in your site toolbox, and we are sure that you will agree with us after this section!
Why do we carry out internal audits?
HOW MANY REASONS CAN YOU THINK OF?
The most important reason is to test the system. It has to be tested eff ectively so that you know it is in control and is functioning like it should. If this is done correctly it is invaluable, as it allows you to do all of the following:
Stopping failures in the system will help prevent unsafe, illegal or substandard quality product.
This will keep your customers and the public safe and should help to minimise complaints. It will also save your company money from possible recalls or withdrawals.
stop failuresstop failures
Why we carry out internal audits.
Why internal audits sometimes don’t work.
What you will learn...What you will learn...What you will learn...
51
Module 6
Audit skills & toolsAudit skills & toolsWe’ll go over what’s involved in internal auditing and the
skills and tools, you’ll need as an auditor.
There are lots of words that are used to describe auditing, which give you a stronger idea of what the purpose of auditing is and what it involves!
These words are all descriptions that are used when talking about auditing as auditing involves all of these things. The reason you are carrying out an audit is to confi rm compliance; and where non-compliances are found, you can raise the appropriate non-conformances.
In order to establish whether the site, documents, records, procedures and staff are compliant or not, you have to use many of the activities we have shown here when auditing.
What does auditing involve?What does auditing involve?
What’s involved with internal auditing.
Audit skills and tools.
What you will learn...What you will learn...What you will learn...
60
Module 7
Best practice auditingBest practice auditingThis section is all about how to carry out the most eff ective
and effi cient audit, to a high standard.
What the best auditors look for when auditing is detailed for you in every part of this section as it cannot exist as a subject on its own. Its linked to everything that happens when looking at documents and records and also when looking inside the factory.
It will include the fundamental things that auditors look for when viewing documentation and records as well as what they are looking out for when carrying out GMP inspections in the factory. We’ve split this up into the two types of audits...
what the best auditors look for...what the best auditors look for...
system auditssystem auditsSystem audits focus on your quality management system and are predominantly documentation based, with an element of practical checks, to make sure that what is said in the procedure is being done in the factory.
Remember that audits confi rm compliance and non-compliance through detailed evidence.
What the best auditors look for when auditing.
How to audit documents and records.
What to look for in the factory.
What you will learn...What you will learn...What you will learn...
71
Before you start your audit, read the previous report. Check to make sure that all the non-conformances have been closed out. If they haven’t, that’s where you should start.
Sometimes non-conformances may have been closed out, but it just wasn’t recorded on the audit report. If the evidence can be provided and you can verify that the actions have been taken, you can close out the non-conformances now.
If the non-conformances haven’t been closed out, and they have exceeded the timescales without any justifi cation, then new non-conformances should be raised at the start of your audit.
Module 8
Audit Audit report writingreport writingThis module is all about how to write your audit report so
that you have an accurate record of your auditing activities.
do’s and don’ts of report writing...There is a bit of an art to writing an audit report, so don’t expect it to be perfect fi rst time
around. After this module you should feel a lot more confi dent!
do: read the previous reportdo: read the previous report
don’t: copy informationdon’t: copy informationAs tempting as it may be, do not copy any information from the previous audit report. It may seem like it will save you time, but in the long run it won’t, as it could lead to major errors in the information, because you may be copying out of date information, or information that was incorrect in the last audit.
Do’s and don’ts of report writing.
Examples of good and bad audit statements.
What you will learn...What you will learn...What you will learn...
109
Module 9
Senior managementSenior managementcommitmentcommitment
What the requirements are for senior management commitment and what they mean.
How your site can work to meet the requirements, and what you would want to see as an auditor.
What you will learn...What you will learn...What you will learn...
There must be a documented policy in place. It must state that:
• The site is committed to producing safe, legal, authentic and quality products
• the site will meet all of its customers’ requirements
• it must be signed by the person responsible for the running of the site
• it must be dated
• it must be communicated to ALL members of staff .
Let’s break the requirements down and go through each part individually.
The policy must include a statement about the site’s commitment to producing safe, legal authentic and quality products.
Think of this like a vow or a promise. The site is making a written declaration of how the site will be run and manufacture products, covering all of the aspects that would be expected by any standard.
All of these aspects must be included in the policy or it fails to meet the requirements. So, if any of them are missing the policy doesn’t conform.
state that the site is committed to producing safe, legal, authentic and
quality products
The The policypolicy
115
Module 10
SummarySummaryLet’s just take a few minutes to quickly recap everything we
have learnt during the course...
Module 2• What the standard requirements are for internal audits
• audits have to be at least four scheduled days throughout the year
• audits are carried out at a frequency based on risk
• auditors should be trained and independent
• audits need to record compliance and non-compliance
• the results of the audits need to be communicated to relevant personnel
• a separate GMP inspection programme is necessary.
Module 3 • Non-conformance is a failure to meet a requirement
• corrective actions are the quick and immediate fi xes that allow you to regain control, and
should be applied to all non-conformances
• preventive actions are needed to avoid recurrence of non-conformances and should be
applied to trends and non-conformances of a major or critical severity
• root cause analysis should be used to determine the necessary preventive action.
Module 4• There are two types of audits: horizontal and vertical
• horizontal audits focus on particular areas and is how internal audits are usually carried out
• vertical audits slice through many diff erent areas at the same time and are usually done
during external audits during the traceability exercise
• the fi ve steps of the audit cycle: (1) carrying out the audit (2) raise non-conformances
(3) corrective actions (4) preventive actions (5) verifi cation.
Module 5 • The purposes and benefi ts of carrying out internal audits properly
• the reasons that internal audits can be ineff ective and why that happens
• why senior management commitment is so important to a site carrying out the internal
audits and managing the internal audit programme correctly.
142
A
Affi nity diagram method 28
Aim of internal audits (The) 51–59
Alarms 94, 102
Allergen equipment 90, 97–99, 106
Assessing non-conformances 25, 27, 48
Audit attendance 137
Audit cycle 47–49
Audit (Defi nition) 4
Auditing skills 11, 62–66, 69
Accuracy 63, 69
Attention to detail 63, 69
Communication 63, 69
Focus 66, 69
Instincts 61
Integrity 65, 69
Knowledge 65, 69
Listening 62, 69
Organisation 62, 69
Problem solving 64, 69
Staying calm 64, 69
Time management 62, 69
Writing 63, 69
Auditing tools 66–68, 70
Documentation 67, 70
Notes 67, 70
Plan 66, 70
Questions 68, 70
Reference documents 67, 70
Audit programme 8
Audit recommendation 22, 80, 113
Audit records 13
Audit results 15, 47–48, 124–125, 140
Audit writing 109–114
Authenticity 4, 7, 116, 121–122, 128, 134–135, 141, 143–144
B
Business objectives 119
C
CAYG (Clean As You Go) 4, 89, 97
CCP (Critical Control Point) 4, 9–10, 21, 46, 79, 93, 107, 110–111, 138
Chemicals 91, 98, 107
Codes of practice 4, 134–135, 141, 144
Competency 11, 76, 78, 104
Complaints 9–10, 26, 38, 51, 56, 122, 124, 126, 130, 137, 140
Conformity / Compliance 4, 7, 13–14, 17, 20, 45–47, 52, 60–61, 66, 71–72, 83, 110–111, 114, 127–
129, 131, 142–143
Corrective actions 6, 16, 20, 23–25, 27, 48–50
Critical non-conformance 4, 20–22, 25, 27, 44, 48, 142
Culture 4, 54, 97, 117–121, 128, 132, 139, 143
Culture assessment 118, 120
Survey questions 119
Customer requirements 67, 116, 139
D
Date coding 92, 107
Deputies 137–138, 144
Document control 4, 72, 74, 78, 103, 110–111
IndexIndex
144
Drains 86, 91, 107, 133
Due diligence 75, 79, 93
E
Eating & drinking 85, 105
Effective auditing 59
Effective communication 16
EFK (Electric Fly Killer) 4, 87, 99
External audit 4, 7–8, 47, 49, 52–53, 56, 58–59, 125, 142
External auditor 13, 16, 46, 53, 58–59, 110
F
Fabrication 15, 17, 83, 86–88, 91, 99, 105, 127, 133
Fishbone method 28
Five why’s method 28
Floors 87, 90–91, 97–101, 105–106
Food defence 4, 124–126, 140
Food safety 4, 7, 24–27, 57, 75, 87, 92, 100, 117–119, 126, 128, 140
Food safety & quality culture 117–123
1. Define the target culture 118–119
2. Carry out a culture assessment 120
3. Review the results 120
4. Measure the effectiveness 121
5. Review the plan 121
G
GFSI (Global food safety initiative) 4, 6, 52
Glass & plastics 21, 86, 88, 100, 106
GMP (Good Manufacturing Practices) 4
GMP Inspection 17–19, 72, 81, 83–96, 134, 142–143
Alarms 94, 102
Allergen equipment 90, 97–99, 106, 132
Check records 93
Chemicals 91, 98, 107
Date coding 92, 107
Drains 86, 91, 107, 133
Eating & drinking 85, 105
Fabrication 15, 17, 83, 86–88, 91, 99, 105, 127, 133
Frequency 17–18
Glass & plastics 86, 100, 106
Hand washing 85
Hosepipes 91, 98, 106
Hygiene 17, 65, 83, 86–87, 89, 97–101
Ingredients 25, 92, 100
Jewellery 84, 101, 105
Knives 95, 107
Logins 89, 99
Maintenance 15, 17, 65, 86, 88, 99–100, 105, 127, 133
Metal detector & check-weigh bin 68, 94, 101, 102, 107
Observing & interacting 61, 67, 83
Packaging 92, 98, 101, 107
Pens 94, 102, 107, 132
Pest proofing 5, 86–87, 97, 99–100, 106
Phones 84, 102, 105
Plasters 84, 102, 105, 132
Pooling water 90, 91
PPE (Personal Protective Equipment) 5, 17, 84, 97–99, 102, 105
Pre-filled records 93, 102, 107
Probes 87, 101, 106
Procedures 95, 102, 108
Programme 17
Quarantined product 92, 101, 107
Quick fix engineering 88, 101, 106
Security 88, 97, 106
Shifts 96, 108
145
Spillages 89, 97, 106
Staff 85, 102, 105
Test pieces 94, 101, 107
Tools 95, 97, 108
Traceability 5, 46, 74, 92–93, 100, 107, 142
Waste 85, 90, 98, 100, 106, 119, 122
Wooden pallets 88, 100, 106
H
HACCP (Hazard Analysis & Critical Control Point) 4, 9–12, 14–15, 29, 31, 65, 112, 124–126, 140
Hand washing 85
Hazard analysis 4, 12, 14, 112
Horizontal auditing 45, 50, 142
Hosepipes 91, 98, 106
HR (Human Resources) 4, 11, 129
Hygiene 17–18, 65, 83, 89, 97–101
I
Incidents 4, 9–10, 26, 124–126, 135, 140
Independent 7, 11–12, 16, 18–19, 47, 49, 130, 142
Ingredients 25, 92, 100
Inspection 4, 17–19, 71–72, 81, 83–96, 98, 104–108, 134, 142–143
Integrity 4, 65, 69, 129, 131, 139–140
Internal audit 4
System audit 4, 19, 47, 71, 143
Internal audit basics 45–50
Internal audit documentation pack 46
Internal audit programme 8–9, 17, 142
Dates 8, 9, 19
Frequency 9–10, 19, 49, 142
Scoring 10
Training 11, 47, 65
Internal audit requirements 7–19
Is, or is not method 29
J
Jewellery 84, 101, 105
K
Knives 95, 107
KPI (Key Performance Indicator) 4, 9–10, 21, 121, 123
L
Legality 5, 7, 24–27, 89, 121–122, 128–129, 131, 139–140, 143
Legislation 5, 67, 134, 141, 144
Listeria monocytogenes 5, 86, 90–91, 135
Logins 89, 99
M
Maintenance 15, 17, 65, 86, 88, 99–100, 105, 127, 133
Major non-conformance 5, 20–22, 25, 27, 44, 48–
49, 52, 57, 99, 102, 136
Management meetings 21, 121, 123, 128–131, 143
Metal detector 65, 68, 84, 94, 101–102, 132, 134
Minor non-conformance 5, 20–22, 25, 27, 48, 52, 102
Monitoring 9, 87, 100–101, 117–118, 121, 123, 125, 139
N
NCN / NCR (Non-Conformance Note/Record) 5, 13, 26, 48, 53, 81, 97
Non-conformance / Non-compliance 5
Critical 4, 20–22, 25, 27, 44, 48–49, 142
Investigating 24–25
Major 5, 20–22, 25, 27, 44, 48–49, 52, 57, 99, 102, 136
Minor 5, 20–22, 25, 27, 48, 52, 102
Procedure 15
146
Record / Report 16, 19, 36, 43
O
Objective evidence 14, 19, 63–64
Objectives 119, 121–127, 139–140, 143
SMART criteria 122
Organisational chart 137, 141, 144
P
Packaging 87, 92, 98, 101, 107
Pens 94, 102, 107, 132
Pest proofing 5, 17, 86–87, 97, 99–100, 106
Phones 84, 102, 105
Plasters 84, 102, 105, 132
Policy 5, 73, 88, 89, 90, 97, 106
Senior management commitment 115–116, 121, 131, 139, 143
Pooling water 90, 91
PPE (Personal Protective Equipment) 5, 17, 84, 85, 97–99, 102, 105
Pre-requisites 5, 10
Preventive action 5–6, 16–17, 19–20, 23–27, 29, 36–37, 42–44, 47–50, 126, 137, 142, 144
Previous audit performance 9, 109, 114, 124, 140
Probes 87, 101, 106
Procedures 95, 102
Breakage 95
CCP (Critical Control Point) 21, 93
Chemical control 91, 98
Corrective & preventive actions 15, 20, 24–25
Document control 72
Hand washing 85, 105
Hygiene 89, 97–98
Ingredient storage 100
Internal audit 15
Maintenance 101
Non-conforming product 101
Packaging 92
Pest management 87, 97
Root cause analysis 26–27, 29, 36
Security 88
Spillages 89
Training 21
Whistleblowing 129, 140
Proofing 5
Q
Quality 5, 13, 24–27, 51, 89, 115, 119–123, 126, 128–129, 131, 139–140, 143
Quarantined product 92, 101, 107
Questions 10, 12, 15, 53, 61–62, 64, 128, 143
Audit tools 68–70
Culture 119–120
GMP 18, 85, 89, 99–100, 105
Root cause analysis 28–30, 37
Quick fix engineering 88, 101, 106
R
Recall 5, 9, 56–57, 92, 124–126, 135, 140
Records 5, 18, 71, 103–104, 107, 110
Audit 13–14, 70, 72–75
Breakages 86, 95
CCP (Critical Control Points) 46, 93, 107
Cleaning 46, 93
Dispatch 46, 93
Glass & plastics 86, 100
Goods in 46, 93
Meeting 124–129, 140
Non-conformance 5, 24–25, 36, 43
Production 46, 60, 93
Root cause analysis 26, 28–29, 32–33, 35–36
Training 46, 65, 76–77, 85, 134
147
Whistleblowing 129–131, 140
Reporting audit results 15, 48, 123–125, 142
Report writing 109–114
Requirement 5
Resources 56, 123–125, 127, 131–134, 140–141, 144
Reviewing your audit report 113
Risk assessment 4, 5, 9–10, 49, 135
Roles and responsibilities 138, 141, 144
Root cause analysis 5
Issues 30–31
Methods 28–29, 32–37
Procedure 26–27, 29, 36
Record 26, 28–29, 32–33, 35
Smart Analysis 32–43
S
Security 88, 97, 106
Senior management commitment 47, 54–57, 59, 115–141, 143
Audit attendance 137
Audit dates 136
Food safety & quality culture 117–123, 139
Management meetings 128–129
Non-conformances 137
Objectives 119–127, 139–140, 143
Organisational chart 137, 141, 144
Policy 115–116, 121, 131, 139, 143
Resources 56, 123–125, 131–134, 140–141, 144
Roles & responsibilities 138, 141
Senior management review 124–127
Technical updates 134–136
Whistleblowing 129–131
Shifts 96, 108
Smart Analysis 32–43
SOP (Standard Operating Procedure) 5, 73, 112
Spillages 89, 97, 106
Spot the NCN (Game) 81
Answers 97–102
Standard 5, 136
System audits 4, 19, 47, 71, 143
T
Technical updates 134, 136
Test pieces 94, 101, 107
Timescales 16, 24, 26, 43, 48–49, 99, 109, 122, 124–125, 127, 140
Tools 95, 97, 108
Traceability 5, 46, 74, 92–93, 100, 107, 142
Training 18, 55, 65, 104, 116, 127, 131–132, 138
Audit 11, 47, 65
HACCP 12
Records 46, 65, 76, 78, 85, 104, 134
Root cause analysis 29
Trends 26–27, 36, 44, 52, 123, 125–126, 142
V
Validation 5, 7, 16–17, 19
Verification 7, 16–17, 19, 24, 26, 29, 36–37, 43, 49–50, 50, 75, 80, 104, 142
Vertical auditing 45–46, 50, 142
Vulnerability assessment 5, 124–126, 135, 140
W
Waste 56, 85–86, 90, 98, 100, 106, 119, 122
Whistleblowing 5, 129–131, 140
Withdrawal 9, 51, 57, 92, 124–126, 140
Wooden pallets 88, 100, 106
Work instruction 5, 15, 18, 67, 73, 76, 112, 138, 141, 144
148
Techni-K Consulting Ltd ©
Registered Company: 08058495
cademyATraining