You are on page 1of 163

Internal auditor

training programme


ISO 22000:2005

 About the course

To know Audit Methodology
To develop Auditing skills
 The Course training directors/ tutors can
accept No responsibility for any
delegates possessions and/or property.
 You are advised to ensure that your
personal possessions and property are
kept in safe place at all times.
 Fire Exits !?!-If the course really hots up.
 Facilities – Wash Room
 This is a non smoking venue.
 Courtesy (mobile phones, etc.) –
Mobile to be switched off during the
course. Requested to use the mobile
during lunch and tea breaks only.
 Stipulated time for tea and lunch
 Course Notes
 Work Book (for Exercises)
 ISO 22000:2005 Standard
 Model question paper
 Training feedback form
Course structure
Lectures and discussion
Exercises- to consolidate lectures:
 Examine ISO 22000:2005

 Audit planning

 Audit process

 Verbal audit presentation

 Examining the system

Please supplement the course manual by

taking notes-you are provided with
space alongside the presentations
Course structure
Case studies
 Document review

 Preparation of audit check list

 Audit reporting-written and verbal

 Role play
Course Objectives
 Be able to prepare for, report on,

carry out and follow up an

assessment or audit.
 Have achieved the means to

access and improve your own

organizations systems.
Course Plan

Planning Audits

Collecting and
Conducting Audits
Verifying evidence

Non-Conformities Objective Evidence

(NCR/ Checklist) (Checklist)
Course Plan

Preparing audit summary

Report preparation Preparing audit conclusions

Documenting audit report

Completing Audit Closing Meeting

Delegate Introductions
Information to be obtained from delegates
Please interview the delegate to your left so you may introduce
them to the group.
Include the following information in the introduction:
• Full name
• Name of Organisation for which they working/ previously
• Carrier Background
• Their knowledge of ISO 22000 ranked from 1-10
• Auditing experience-first, second or third party
• Personal Objective for attending the course
• Any information which the auditor should know to be able to
establish successful communication with auditee.
• “Any personal information”- Birth date, Spouse name etc.
Food laws applicable in food sector
What is food safety?
• Food safety-
Concept that food will not cause
harm to the consumer when it is
prepared and / or eaten according
to its intended use
• New products are coming on the market at
a fast pace
• New processing methods and equipment
• World market and changing patterns of
• Emerging pathogens
• World trade need for international
• Guideline: It is an advisory document which
gives explanatory information to meet the
requirement or conformity. For example:
• Standard: It is an agreed and authorized set of
requirements which must be followed in order
to be complaint. For example:
- British retail Consortium (BRC standards)
- International food Standards (IFS standards)
- ISO 22000
Legal Compliance and Conformance
ISO 22000 Standards
• Use with caution:
• It has connotations
• (associated with product liabilities issues)
Fulfillment of a requirement

defect nonconformity
Non-fulfillment of a Non-fulfillment of a requirement
requirement related
to an intended or
Specified use Understand the difference
Conformance legal
with audit = Compliance
Food laws
Foods Acts applicable in India under different
• Ministry of health and family welfare

Prevention of Food Adulteration Act, 1954 (PFA)

& Prevention of Food Adulteration Rules,1955
Under the purview of the Food and Drug
The food operator needs to hold a valid license
Defines what is meant by adulterated food
Describes responsibilities and power of Food
Food Laws
Requirements include
• Food labelling requirements

• Identification of vegetarian and non-veg.

Foods through colored dots on the label
• Food quality and safety requirements

• Through the act is not specifically targeted

at food safety, requirements include food
saftey requirements
E.g. pesticide residue MRLs, heavy metals,
added colors etc.
Food Laws
• Ministry of Food Processing industries
Fruits and vegetable products (control) order-
• Applicable only to Fruit and Vegetable Processing
• Such a manufacturer need to hold a valid license.
• Requirements focus on fruit/vegetable product
• Labelling
• The label need to bare the FPO logo.
Other Food Laws
• Ministry of Food and Consumer Affairs
Essential Com.Act,1955
Standards of Weights and Measures Act and
(Enforcement Act) and (Packaged
Commodities) Rules,1977
• Ministry of Rural Development
Agricultural Produce (Grading and Marketing)
Act 1937 (AGMARK)
• Ministry of Agriculture
Milk and Milk Products Order- 1992(MMPO)
Meat Food Products Order (MFPO)-1973
Typical Hazards
Hazards and risk
Food safety Hazard:
Biological, chemical or Physical agent in
food, or condition of food, with the
potential to cause an adverse health
Food Safety Risk:
The function the probability of the adverse
effect (harm) and the severity of that
Define System

Hazard Recognition

Continuous Hazards Hazards as a

result of failure
Assess Risk

Severity of consequence

NO Acceptable risk Y/N YES

Unacceptable Improve
Conduct Task
Risk Assessment Matrix
Slighly Harmful Extremely
harmfull Harmful

Highly Trivial Tolerable Moderate

unlikely Risk Risk Risk
Unlikely Tolerable Moderate Substanti
Risk Risk al Risk
Likely Moderate Substanti Intolerabl
Risk al Risk e
Risk Matrix Control Plan

TRIVIAL No action is required and no documentary records need to be kept.

TOLERABLE No additional controls are required. Consideration may be given to a

amore cost-effective solution or improvement thay imposes no
additional cost burden. Monitoring is required to ensure that controls
are maintained.
MODERATE Efforts should be made to reduce the risk, but the costs of prevention
should be carefully measured and limited.

SUBSTAINTIAL GMPs and GHPs are applied, special measures for keeping the risks
within tolerable limits are applied. The effect is controlled through
measurements and if necessary the process is considered as a CCP
INTOLERABLE The process is controlled as a CCP
Hazards Classification
 Biological
 Chemical
 Physical
Biological Hazard
 Visible:Birds,Flies,Mosquitoes,Rats/
rodents, pet animals etc.
 Invisible: Microbes like Bacteria,
Viruses, mold and yeast, fungus
Sources of Hazards-
• Raw materials
• Animals
• Environment
• Staff
Sources of Hazards-
• Veterinary Medicines
• Fertilizers
• Packaging chemical compounds
• Hazardous gases
• Cleaning and disinfection
Sources of Hazards-
• Glass
• Metal particles
• Hair
• Nail
• Stones
• Dust/ Dirt
• Equipment
• Facilities
• Raw material
• Packages
• Environment
• Personnel
• Ionizing radiation


• Control: To manage the conditions of an
operation to maintain compliance with
established criteria
• Critical Limit: Criterion which separates
acceptability from unacceptability
• Control measure: Action or activity that can
be use to prevent or eliminate a food safety
hazard or reduce it to an acceptable level
• CCP Decision tree: A sequence of questions
asked to determine whether a control point
is critical control point
 Deviation: failure to meet a critical limit
 HACCP Plan: The written document based
upon principles of HACCP that delineates the
procedures to be followed to ensure the
control of a specific process or procedure.
 Food Safety Policy: Overall intensions and
direction of an organisation related to food
safety as formally expressed by top
 Monitor: To conduct a planned sequence of
observations, measurements to assess whether a CCP is
under control and to produce an accurate record for
future use in verification.
 Operating Limits: Criteria more stringent than critical
limits that are used by an operator to reduce the risk of
contamination. For example, if a certain chemical
concentration is required to control a hazard, the
operating limit is generally set above the minimum
concentration needed to ensure effective treatment.
 Risk: An estimate of the likely occurrence of a hazard.
 Severity: the seriousness of a hazard (if not properly
 Validation: Verification focused on collecting
and evaluating scientific and technical
information to determine if the HACCP Plan,
when properly implemented, will effectively
control the hazards.
 Verification: The use of methods, procedures or
Tests, in addition to those used in monitoring,
that determine if the HACCP system complies
with the HACCP plan and/or whether the plan
needs modification.
 Correction: Action to eliminate a
detected non conformity
 Corrective action: Action to terminite
the cause of a detected conformity
or other undesirable situation.
 Flow diagram: Schematic and
systematic presentation of the
sequence and interaction of steps
 End Product: Product that will undergo no further
processing or transformation by the organization.
 Updating: Immediate and/or planned activity to ensure
application of the most recent information.
 Pre-requisite programme PRP: Basic conditions and
activities that are necessary to maintain a hygienic
environment through out the food chain(3.2) suitable for
the production, handling and provision of safe end
products(3.5) and safe food for human consumption.
 Operational PRP/Operational prerequisite programme:
identified by the hazard analysis an essential in order to
control the likely hood of introducing food safety
hazards( and/or the contamination or proliferation of
food safety hazards in the product(s) or in the
processing environment
ISO 22000:2005
Food safety management systems
Food SMS requirements for any organization in the food
4. Food safety management

Establish, document, implement and

maintain an effective Food SMS
and update it.
Define the scope of Food SMS.
Products categories.
Processes and product sites.
Documents requirements
 Food safety policy and related
 Documented procedures required by
the standard
 Records required by the standard
 Documents needed to ensure
effective development,
implementation updating of the Food
Required documented
 Document control (4.2.2)
 Record control (4.2.3)
 Nonconformity control
 Corrections (7.10.1)
 Corrective action(7.10.2)
 Withdrawals(7.10.4)
 Internal Audit(8.4.1)
4.2.2 Control of
Documented procedures defining
controls for food SMS required
 Approval for adequacy before use

 Revview/update as nec. & re-

 Changes and current revision status

clearly identified
4.2.2 Control of
 Relevant version available at points of ue
 Documents remain legible and reaily
 Documents of external origin are
identified and their distribution controlled
 Prevent use of obsolete documents, and
identify if retained
4.2.3 Control of records
 Maintained to demonstrate
conformance to requirements and
the effective operation of the Food
 System-level procedure for
identifying, storage, retrieval,
protection, retention times and
 5. Management responsibility
5.1 General
Top Management to provide evidence
of its commitment to development
and implementation of the Food SMS
&continually improving its

Top management training
Show food safety is supported by
business Objectives
Communicating the importance of
Establishing the food safety policy
Holding management reviews
Ensuring availability of resources
5.2 Food safety policy
Top management to ensure it:
 Is appropriate to the role of organization in food

 Confirms with both statutory and regulatory and with

agreed food safety requirements of customers

 Is communicated, implemented and maintained at

all levels of organization

 Is reviewed for continuing suitability

 Adequately addresses communication

 Is supported by measurable objectives.

5.3 Food safety
management system
Top management to ensure planning
conducted to:
 Meet the over all requirements and

food safety objectives

 Ensure system integrity during

Responsibility and
 Top management to ensure that R&D
are defined and communicated
 All personnel have the responsibility
to report problems with the Food
SMS to identified person(s).
 That designated personnel shall
initiate and record action.
Food safety Team Leader
 Manage a Food system team
 Ensure relevant training and
education of team
 Ensure the Food SMS is established,
implemented, maintained and
 Reporting effectiveness and
suitability to top management
5.6 Communication
 External communication
 Supplier and contractors
 Customers or consumers
 Statuary and regulatory authorities
 Other impacted organization on Food
 Known food safety hazards, needed to
be controlled by other organizations.
Communication (cont.)
 Internal communication
 Food safety team is informed of
changes in food SMS.
 Food safety team shall ensure the
updating of the Food SMS.
5.7 Emergency
preparedness and
 Procedure to manage potential
emergency situation and accidents
that can impact food safety
 Role of the organization in the food
5.8 Management review
 Top management reviewing Food
SMS to ensure suitability,
 Defined intervals
 Is there a need to amend the Food
SMS, food safety policy.
5.8 Management
Review information to:
 Follow up issues from previous reviews

 Analysis results of verification activities

 Changing circumstances that affect to food safety.

 Emergency situation, accident and withdrawals

 Reviewing results of system updating activities.

 Review of communication activities, including

customer fed back

 External audits or inspection

 Data shall be presented in link to objectives

5.8 Management
 Output shall include decisions and
actions related to:
 Assurance of food safety
 Improvement of Food SMS
 Resource needs
 Revision of Food safety policy and
6.Resource management
6.1 Provision of Resource

Provide the adequate resources for

established, implemented,
maintenance and updating Food
6.2 Human resources
 All personnel shall be competent
 Have appropriate education
training skills and experience
 Maintain agreement or contract of
external experts, defining the
responsibility and authority.
6.2 Human resources
 Identify competence needs
 Provide training or other action
 Train personnel who responsible for
monitoring, correction and corrective
 Evaluate effectiveness of training or other
 Ensure that personnel are aware of
 Ensure effective communication
 Training or development records
6.3 Infrastructure &
6.4 Work environment

Provide Infrastructure and work

environment needed to implement
this standard.
7.Planning and realization
of Safe Products
7.1 General
 Plan and develop necessary
processes for realization of safe
 Implement, operate and ensure
the effectiveness of planned
activities, including PRP,
operational PRP and HACCP plan
7.2 Prerequisite
programmes (PRPs)
7.2.1 Establish, implement and
maintain PRP to assist controlling
 Likelihood Food safety hazards thru

work environment B/C/P

contamination between product
 Food safety hazard level in product

and process environment

7.2 Prerequisite
programmes (PRPs) Cont.
 Be appropriate to organization need
 Be appropriate to size, type and
nature of products
 Be implemented across the entire
production system
 Be approved by food safety team
 Shall identify related statutory and
regulatory requirements
7.2 Prerequisite
programmes (PRPs) Cont.
 Construction and layout of building and utility
 Lay-out of premises, workspace and employee
 Supplies of air, water, energy and other utilities
Waste, sewage disposal
 Equipment, accessibility for cleaning, maintenance
 Management of purchased material, supplies,
disposals and handling of products
7.2 Prerequisite
programmes (PRPs) Cont.
 Measures for prevention of cross
 Cleaning and sanitizing
 Pest control
 Personnel hygiene
 Other aspects, as appropriate
 PRP verification shall be planned
and modified as necessary
7.3 Preliminary steps to
enable hazard analysis
 Collect information needed
 Appoint food safety team, multi-
disciplinary knowledge & experienced
 Raw materials, ingredients, product-
contact materials
 Characteristics of end products
 Intended use/ target people
 Flow diagrams, process step and control
7.4 Hazard Analysis
Determine which hazards need to be
controlled, degree of control
combination of control measures
Hazard identification and determine
acceptable levels, based on:
 Preliminary collected information and

data Experience
 External information

 Information from food chain

7.4.2 Hazard Identificaton
 Consider to Preceding and following step
of specified operation
 Process equipment, utilities and
surrounding Preceding and following links
in food chain
 Determine acceptable level
 Justification and result shall be recorded
Hazard assessment
 Conduct the hazard assessment to
determine whether Its elimination
to reduction to acceptable levels
 Its control is need to meet the
defined acceptable level
 Describe the methodology used
and record
7.4.4 Section and
assessment of control
 Select appropriate combination of
control measures
 Categorized selected control
measures whether manage thru
operational PRP or HACCP plan
7.5 Establishing the
operational prerequisite
 Document operational PRP
 Food safety hazard(s) to be controlled
 Control measure
 Monitoring procedures
 Correction and corrective action to be
 Responsibilities and authorities
 Record of monitoring
Establishing the HACCP
 Document HACCP plan
 Identification of critical control
 Determine critical limit for CCP
 System for monitoring of CCP
 Action when monitoring result
exceed critical limit
7.7 Updating of preliminary information
and document specifying the PRP and
HACCP plan

Updating the following information,

if necessary
 Product chart

 Intended use

 Flow diagram

 Process step

 Control measure
Verification planning
 Verification activities shall confirm that
PRP are implemented
 Input hazard analysis is updated
 Effective of operational PRP and HACCP
 Hazard levels are within acceptable level
 Other procedure are implemented and
7.9 Traceability system
 Traceability system for product lot
and their relation to batch of raw
material, processing and delivery
 Able to identify incoming material
from immediate suppliers and
initial distribution route of end
7.10 Control of
 Corrections
Identify and assessment affected end
product to determine proper handling
Review of the corrections carried out
 Corrective actions

Eliminate cause of detected N/C

Prevent recurrence
Bring the process or system back into control
7.10 Control of
 Handling of potentially unsafe
 To prevent the N/C product from
entering the food chain
 N/C product shall be held until they
have been evaluated
 Notify interested parties and initiate
a withdrawal
7.10 Control of
 Evaluation for release
 N/C product shall only be released as
safe when
 Evidence of effective control measure,
other then monitoring system.
 Evidence of complies with performance
 Result of sampling, analysis or either
verification shows product complies
acceptable level
7.10 Control of
 Disposition of N/C products
 Reprocessing or further processing to
acceptable levels
 Destruction or disposals as waste
 Appoint authority personnel to initiate and
execute the withdrawal
 Notify to interested parties
 Handling of withdraw product
 Procedure sequence of action to be taken
8. Validation, verification
and improvement of the
Food SMS
8.1 General
 Plan & implement

 Processes needed to validate

control measures
 To verify and improve the food

8.2 Validation of control
measure combinations
 Validate the control measures are
capable to control the Hazards
 Modify the control measures, as
8.3 control of measuring &
To ensure valid results, devices are:
 Calibrated/adjusted prior to use or at

specified intervals against devices

traceable to national/international
standards if not, define basis for
 Identified & calibration status defined

 Safeguard from adjustment

8.3 Control of measuring &
 Protected from damage & deterioration
during handling, maintenance & storage
 Assess & record previous results validity &
take action when device found not
conforming to requirements
 Record calibration & verification results
 Software validated prior to use & when req.
8.4 Food safety
management system
8.4.1 internal Audit
 Verify Food SMS is complying & effectively

 Planned based on status, importance and

previous results
 Independent auditors? Dept. Audit (cross)

 Documented procedure

 Timely corrective action by relevant mgt.

 Follow-up
8.4.2 Evaluation of
individual verification
 Systematic evaluate the individual
results of planed verification
 Take action to achieve the require
8.4.3 Analysis of results of
verification activities
 Analysis the results of verification
activities, incl. internal/ External audit
 To confirm overall performance of system.
 To identify need for updating/ improving
the Food SMS
 To identify trends of potential unsafe
products information for internal audit
 To provide evidence the effectiveness of
correction and corrective action
8.5 Improvement
8.5.1 Continual improvement
 Continually improve Food SMS

effectiveness through use of

various sources of information:
 Communication, management

review, internal audit, verification

activities, validate result, corrective
action, etc.
Updating the Food SMS
 Continually update the food SMS
 Consider whether it is necessary
to review hazard analysis, PRP and
HACCP plan
 As the input for management

Planning the audit

Audits MUST be well
managed to provide good
 To audit team leader has overall
responsibility for the audit.
Audit team members assist the team
 Good audit management requires good:

- Planning and Preparation

- Communications (Client, Auditees and
- Accurate and Objective Fact Finding
Audit criteria Review documentation, including:
Auditory resources FSMS Policy
Company information HACCP plan
Scope of Audit GMP,GHP,PRP,OPRP
Legal and other requirements

Planning Preparation Performance Reporting & Follow-up

Team with relevant skills Audit Plan

Duration of audit Checklists
Who/When/Where Information to brief team
Communicate with client
Types of Audit
3 Types of Audits
First Party Audit
• Self-audit (Client, auditor and auditee are
Second Party Audit
• Audit by an interested body (like a customer)
Third party Audit
• Audit by independent body
(certification/registration body )
Figure 1 – Illustration of the process flow for the management of an audit programme

Authority for the audit programme


Establishing the audit programme

-Objectives and extent Plan
Competence and
Implementing the audit programme evaluation of auditors
(5.4,5.5) (7)
Improving the audit programme -scheduling audits DO
(5.6) -Evaluating auditors
-selecting audit teams Audit activities
-directing audit activities
-maintaining records (6)

Monitoring and reviewing the audit programme

-monitoring and reviewing Check
-identifying needs for corrective and
preventive actions
-Identifying opportunities for improvement
Audit program objectives
and extent
 Objectives should be established for an audit
programmed, to direct the planning and audits
These objectives can be based on consideration of
a) Management priorities,
b) Commercial intentions,
c) Management system requirements,
d) Statutory, regulatory and contractual requirements,
e) Need for supplier evaluation,
f) Customer requirements,
g) Needs of other interested parties, and
h) Risks to the organization
Example of Audit
programming objectives
Example of Audit programming objectives:
a) To meet requirements for certification to
a management system standard;
b) To verify conformance with contractual
c) To obtain and maintain confidence in the
capability of a supplier;
d) To contribute to the improvement of the
management system.
Planning the audit
 This is the initial phase and
involves: Audit criteria
Auditor resources
Company information
Scope of audit


Team with relevant skills

Duration of audit
Planning the audit
Audit criteria Brief from Organization employing the
Auditor resources
Company information Usually defined in Contract Review or
Scope of audit
- Organization to be audited
- Scope of the audit
- Audit objective
- Audit criteria
Team with relevant skills - Estimated dates, duration,
Duration of audit size of team (3rd party)
Planning the Audit
Initiating the Audit
Audit criteria Audit scope
Reference against Extent and boundaries
which conformity is Determined the audit including:
• Standard > Locations
• Contractual specification > Organizational units
• FSMS documentation > Activities and
• FSMS programmes and plans covered
• Statutory, regularity or other
Lead Auditor Auditor(s) (Technical Specialist)

Systems Experience Industrial knowledge Legal/ Regulatory Knowledge

FSMS Audit Experience ISO 22000 Understanding Language/Cultutal ability

Team with relevant skills

Duration of audit
Preparing for the on-site
Audit activities
 Determine amount of work
 Number of person-days
 Prepare plan
 Prepare working documents
 Keep auditee advised, agree date
and time
 Logistics
Examples implementation
of FSMS and Audit process
Top management commitment

Define scope, food safety policy and Appointment of food

Objectives frame work Safety team leader

Documentation of food safety management system

Implement/ identify (new) system requirements, procedures and working
Documents, GHP, PRP, HACCP
Internal Audit and Management review

Corrective actions
Stage 1
Second internal audit and management review
Stage 2
Review documentation, including:
FSMS policy
HACCP plan
Legal and other requirements


Audit plan
Check list
Information to brief team
Communicate with client
Session 7
Audit Process and Planning
Audit stages

Pre audit management Subsequent action

 Preparation and - Prepare/ submit report
audit planning - Close out corrective
 Preliminary visit actions
 Detailed plan - Plan Surveillance/ review/
The Audit re-audit
 Opening Meeting - Generate & store records
 The Actual audit

 Report Preparation

 Closing Meeting
The Audit process
Internal Audit are performed to verify
 Formal assessment of hazard analysis
 Process flow diagrams
 Prerequisite programmes
 Document review
5 main audit trails:-
 Organization
 GMP and PRP
 Legal Compliance
 Hazard Analysis, CCPs, Control Measures, Monitoring,
Corrective and preventive actions
 Verification
Reasons for Conducting
Internal Audits
 To examine the Food Safety
Management System for
 To ensure ISO 22000, and all other

standards, are being complied with

 To determine compliance or non-

 To meet regulatory requirements
Auditing Procedure
Audit activities are required to be documented in a
procedure that will address
 A statement of responsibility

 ‘Executive’ authority and responsibility

 The standard of training required for Auditors and Lead

 Access authority

 The use of specialists when required

Lead Auditor
 A Person qualified and authorized
to manage a system audit
 A person with the competence to
conduct an audit
 Co-operate with the auditor in the
planning and conducting of the audit
 Provide access for the audit team
 Provide guides
 Attend the Opening and Closing
 Address and implement corrective
Auditing Procedure
 The method for planning, initiating and
conducting audits and follow up
activities including corrective actions
 The rules for deciding the criticality of
 The format and distribution of audit
reports, non-compliance reports,
checklists or other forms required for
 Records, storage and retention
Audit Schedule
Audit can be schedule or initiate
when any of the following
conditions exists:
 When an auditee engages the

services of a third party

organization with the aim of
auditing their own system to prove
the systems effectiveness
Audit Schedule
When planning an audit schedule the
following shall be considered:
 Status and importance

 Applicable management system

 Contract requirements

 Significant changes to the system, due

to major re-organization
 When it is suspected or reported that
the quality of a product or service is
compromised due to a non-compliance
Initial planning
Decide who shall carryout the audit
 Identify the relevant specification or
 Notify the supplier/auditee of the purpose
of the audit
 Agree a mutually convenient date

 Preliminary visit

 Gather information – particularly in areas

covered by process description are these
may need special attention
Preliminary visit
 Meet the management and staff
 Determine the standard
 Inform the auditee of the purpose
of the audit
 Ensure the auditee is prepared for
the audit
Preliminary visit
Carry out a tour of the site to:
 Judge the health of the auditee’s system

 Gain knowledge of the products and facilities

 Decide on the audit structure and the team

 Investigate structure of processes to enable

audit planning
 Decide the duration of the audit

 Identify the need for protective clothing

 Check for any special security arrangements

Preliminary visit
 Answer all the auditee’s questions-
so as to calm their fears
 Organize administration
arrangements obtain copies of
auditee’s mutual, procedures and
flow chart
 Site layout
Detailed planning
 Collation of auditee data
 Prepare program-send copy to auditee
 Decide team composition
 Arrange team briefing
 Team prepare checklists
Detailed planning
Notify auditee of arrangements/
 Duration of audit

 Composition of audit team

 Facilities and accommodation

 Administration requirements
The audit team must be supplied with
copies of
 The specification

 Any applicable contracts against which

the audit is going to be conducted

 Copies of any documents they may have

to complete (e.g. non-compliance,

reports, checklists, etc)
 Team size and complexity of the
company’s operation
 The specification to be applied
 Auditor Competence
Audit Team Briefing
 It is good management to arrange for

a meeting of the team, prior to the

audit, to brief them on the
 The briefing should cover:

 The programme
 Allocation of individual audit areas
 Audit policies and practices
Facilities and Administration
 The audit team may require hotel

accommodation, secretarial
support and throughout the audit a
separate room, so they can discuss
findings and prepare reports
 Lunch should preferably be light,

quick and easily accessible

Planning may need to take account of:
 Contentious issues (Quarrelsome)
 Local customs
 Local cultures
 Customer expectation
 The Lead Auditor shall ensure the audit
team is briefed accordingly so that the
team may act sensitively to maintain
suitable auditee relations
Auditing skills
Auditor Competence
“ Ability and Eligibility to perform an Audit”
Competence is based on:
 Educational Qualification

 Work Experience

 Training

 Auditing Experience

 Personal Attributes and triats

 Auditing skills
Auditor Attributes
Desirable Undesirable
• Fact finding > Fault Finding
• Polite > Rude
• Persistent > Lazy
• Decisive > Indecisive
• Prepared > Unprepared
• Honest > Dishonest
• Unbiased > Biased
• Communication > Un communicative
• Ethical > Un ethical
A Good Auditor’s
 Focused
 Diplomatic
 Versatile
 Time Manager
 Open Minded
 Fast Thinker
 Self Reliant
 Observant
3 Most Important Qualities
Ability to overcome difficulties and maintain planned
course of action inspite of setbacks
Flexible outlook:
Ability to see things from different points of view and
adapt to changing circumstances
Ability to grasp the problem quickly but without
Jumping to conclusions
Responsibilities of an Audit
 Communicate and clarify Audit Requirements
 Execute the audit in compliance with the audit
 Adhere to Audit plan Arrangements
 Record the Audit Findings
 Record the Non Conformities along with
agreement with the auditee
 Maintain Audit documents and records
 Cooperate with Audit Team members
 Prepare summary of own audit findings
 Inform Lead Auditor incase of any concerns
during the audit.
Responsibilities of a Lead
 Assistance in selection of audit team
 Manage audit team and overall process of
the audit
 Prepare audit plan and applicable checklists
 Liaison with auditee
 Coordinate with the other auditors for
seamless audit process
 Compile and present the audit report
 Ensure timely follow-up of the corrective
Responsibilities of an
 Understand, define and publicize scope and objective of
the audit
 Provide guide/escorts to the audit team
 Arrangement of resources required for the conduct of
the audit
 Provide access to facilities/system/documents/records to
auditors during the audit
 Extend cooperation to auditor
 Carryout Root Cause analysis for non conformity
 Determine and take corrective action without undue
Audit Techniques
a) Ask questions
b) Examine objective evedence
c) Observe activities
d) Listen to reactions
e) Record findings
 Forward Trace – An audit which follows the natural flow of a product or
service process

 Backward Trace – An audit which traces records back through the system
Audit Techniques


Audit follows a trial across department interfaces processes may

be across departmental borders and functions a vertical audit
in the process environment will test the interdependency and
inter process relationship
The Auditors Six Friends
When asking questions….
And the seventh…. OK, Show Me?
Questioning Techniques
Keep conservation going
 Repeat the last word or phrase-

say something nice

Avoid double questions(2 questions
in 1)
 Only one word answer is likely to

Question Technique
Yes/no Questions
 Often elicit dead end answers- you gain

nothing- only useful as a leader question

 Direct question-will achieve more detailed

Explanations questions
 Useful for comparing interfaces
Objective Evidence
Try to establish:
 That authorised documents are in use

 That superseded drawings have been

 That good housekeeping is practiced

 That facilities are adequate

 That supervision is adequate

Objective Evidence
 That orderly records are kept
 That staff are adequately trained
 Well prepared checklists will assist
when answering these questions
Conducting the Audit
 Assign the auditors to their area
 Sample the system
 Collect objective evidence of system
 Compare finding from checklist with
 Decide compliance or non- compliance
 Audit team daily meeting
Conducting the Audit
 Decide on system effectiveness
 Agree and categorize non-compliance
 Hold a meeting daily with auditee’s
representatives, and at the end of the
audit, prior to the closing meeting
 Prepare summary report with conclusions
and indicate recommendations
The Audit
 Remember the auditor is
attempting to prove the system
 Establishing the facts and finding
 The aim is not to set out fail the
Observations may be obtained through
any of the following methods:
 Seeking objective evidence that the

system is functioning as prescribed

 Samples taken of the system will allow

the auditor to obtain the required

 Always establish objective evidence when an
apparent non- compliance is found, remember
the occurrence discovered may be the effect and
not the cause
 When processes are involved the audit may
examine the process controls and records to
establish conformance with the specification
 Both positive and negative observations are
Finding the root cause
 Investigate non-compliance
 Establishing the root cause
 Recording the results
Session 9
Non conformity
Non fulfillment of a requirement
Corrective action
Action to eliminate the cause of a
detected non conformity
Non conformity is established by
 Intend a requirement has not been addressed
 Implementation practice differs from the define
 Effectiveness the practice is not effective
Concepts relating to the
Need or expectation that is stated,
generally implied or obligatory
Fulfillment of a requirement
Non- conformity-
Non fulfillment of a requirement
Non fulfillment of a requirement related to
intended use
Non conformity report
 State the fact with the objective evidence
 Statement should be clear, and unambiguous
(clear in meeting) and concise
 Refer the clause number and /or audit criteria
against which non conformity is established
 It should trace up to verifiable status of fact
 Grade non conformity as ‘Major’ or ‘Minor’ if it
is practiced in the organization
 It should be agreed, accepted and designed by
the auditee
 Other relevant details like location, auditee,
date etc. should be mentioned
Concept of non conformity
Name of organization
NC No.
 Date of audit

 Audit name

 Location/ department/ function

 Statement of non conformity

 Corrective action planned

 Details of corrective action

 Completed

 Verification of corrective action

 Closure details of a non conformity

Categorizing non
Major non conformity
The absence or complete non fulfillment or break down of the
standard’s stated requirements
 A frequent or purposeful failure to follow specified
requirements written within the company system
 A failure to achieve the fundamental aim of a system
 A failure to achieve legal or statutory requirements.
Minor nonconformity
An isolated or sporadic lapse in the content are implementation
of procedures or records which could reasonably lead to
failure of the system, if not corrected
 Isolated examples of noise levels exceeding limits
 Isolated examples of measuring instrument out of calibration
A number of MINOR Non conformity
against one specific requirement of
the standard/specification
represents breakdown of the
system and should be categorized
as MAJOR Non conformity
 Area
 Objective evidence
 Attribution
 Reference to internal
 NC type
 Signature
Corrective Action

Don’t cure the


Hit the CAUSE !

Corrective Action
 The auditee or the client is responsible
for determining and initiating corrective
action needed to respond to auditee
finding of non conformance
 Response to audit findings includes
 Correct a non conformance
 Correct the cause of the non conformance
Corrective Action planning
and follow up
 The auditee or the client should plan for
corrective action based on the audit
findings identified in the non conformity
 First- investigate non conformances to
determine corrective action needed
 Then – implement corrective plan
 Follow up ensures that the corrective action
 Implemented
 Effective in preventing reoccurrence of the non
What to fill in a corrective
action form

Why it had happened

What is to be done, so that it does not
happen again
By when it shall be implemented
Is the implemented plan working fine