Developing and maintaining a robust and effective internal audit system provides meaningful and actionable improvements for your food safety and food quality processes. Avoid these top 10 mistakes.
1. Beyond Compliance
Webinar & Podcast Series for Process Manufacturers
Best Audit Practices:
The Top 10 Auditing Mistakes Companies Make
with Karissa Vaughn
Auditor, Mérieux NutriSciences Certification, LLC
3. BEYOND COMPLIANCE
Helpful tips
✔ Informal, conversational approach
✔ Audio Issues? Use call-in number
✔ Only panelists are displayed/heard
✔ Ask Questions Throughout! (Q&A at end)
✔ Recording link & slides available in 24 hours
Before We Get Started
4. About the Presenter
BEYOND COMPLIANCE
Karissa Vaughn
Auditor with Mérieux NutriSciences
Certification, LLC
In her 15 years in the food industry, Karissa has also
held roles as Sr. Manager of Plant Quality Assurance,
and Mix Processing Supervisor. She holds a
Bachelor of Sciences in Dairy Production and Dairy
Manufacturing from South Dakota State University.
Aaron Bolshaw
VP of Marketing
Moderator
5. BEYOND COMPLIANCE
About Mérieux NutriSciences
Mérieux NutriSciences Certification LLC is an independent
subsidiary of Mérieux NutriSciences established to provide clients
with certification to many internationally recognized schemes.
GFSI benchmarked schemes include:
● SQF
● BRCGS Global Standard for Food
● BRCGS Storage and Distribution
● IFS Logistics
● FSSC 22000
6. BEYOND COMPLIANCE
● Introduction
● #10 – Informal Internal Audits
● #9 – Incorrect Internal Audit Frequency
● #8 – Missing Internal Auditor Evaluations
● #7 – Missing Essential Criteria and Areas
● #6 – Not Establishing an Audit Mgmt System
● #5 – Selecting the Right Auditors
● #4 – Inadequate Internal Auditor Training
● #3 – Ineffective Corrective Action Plans
● #2 – Using an Internal Audit as a Compliance Tool
● #1 – Not Reporting the Positives
● Summary
Agenda
7. BEYOND COMPLIANCE
● Informal Process
○ Missing formal communication
■ Missing audit scheduling and audit criteria
■ Notification and communication about findings
○ Missing a formal opening meeting
○ Missing a formal closing meeting
○ Missing a formal audit report
# 10 – Informal Internal Audits
8. BEYOND COMPLIANCE
Use ISO 19011:2018 standards
● Principles of Audits
● How to establish, implement, monitor, and review your audit program
● How to perform an audit
● How to report an audit properly
● Proper audit follow up
● Auditor competence
● Auditor Evaluation
# 10 – Informal Internal Audits
9. BEYOND COMPLIANCE
● Not Focused completely on the internal audit
○ Interruptions from the job
○ Back-up and coverage assignments
○ Designated substitutes
● Tunnel Vision
○ Only focusing on known issues
○ Not observing the whole process
■ Observe like it was the first time you saw it
# 10 – Informal Internal Audits
10. BEYOND COMPLIANCE
● The Frequency needs to fit your RESOURCES
○ Available Time
■ Scope of the audit
■ Does the audit take an hour or multiple days?
○ Available Staff
■ How many people are trained?
■ An additional 10% staff trained
○ Manage Costs
■ Budget Restrictions
# 9 – Incorrect Internal Audit Frequency
11. BEYOND COMPLIANCE
● Fit the NEEDS of the organization
○ Fit risk of the organization
○ High risk product or process may need more time and resources
○ Determine what is a need vs. a want
● Strike a BALANCE between resources and risk
○ Focus more on high risk areas
# 9 – Incorrect Internal Audit Frequency
13. BEYOND COMPLIANCE
● Hybrid Audits
○ Internal audit conducted at different times and may be different frequencies
■ Save resources and time
○ Parts Performed Monthly
■ GMP (Personnel behavior and Facility Condition)
○ Parts Performed Quarterly
■ Pre-requisite Programs
○ Parts Performed Semi-annually or Annually
■ System Reviews
○ Align available resources to risks
# 9 – Incorrect Internal Audit Frequency
14. BEYOND COMPLIANCE
● Drives Auditor Consistency
○ Share findings
○ Share how to handle situations
● Understanding training needs
○ Know their strengths
○ Know their weakness
● Drive Continuous Improvements
○ Keeping auditor update to on current industry or company issues
○ Help build and maintain ability to make accurate risk assessments
# 8 – Missing Internal Auditor Evaluations
15. BEYOND COMPLIANCE
● Auditor Evaluation
○ Behaviors align with requirements
○ Knowledge of audit principles, procedures and methods
○ Knowledge and skills about the business and industry
○ Knowledge and understanding of legal and contractual
requirements for auditing
○ Sector-specific knowledge
○ Understands hazard risks for sector and product
# 8 – Missing Internal Auditor Evaluations
16. BEYOND COMPLIANCE
An Internal Audit should include criteria for:
○ Regulatory Requirements
■ Labeling, FDA, USDA, etc.
○ Third Party Audit Requirements
■ GSFI, SQF, BRC, etc.
○ Customer / Co-Manufacturing Requirements
■ Specifications
■ Contract Requirements (Manual, Special Instructions, etc.)
○ Identity Preserved Requirements (if applicable)
■ Non-GMO, Organic, Kosher, Halal, All Natural, etc.
○ Internal Company Specific Requirements
■ Company Policies
■ Brand Identity Protection
#7 – Missing Essential Criteria and Areas
17. BEYOND COMPLIANCE
● An Internal Audit should include the following areas:
○ Food Safety & Food Quality Management Systems
○ Product non-conformities
○ Incident Management
○ Traceability/Recall
○ Sanitation
○ Hygiene (GMPs – Facility & Personnel)
○ Processing Areas
○ Exterior of the facility
○ Shipping/Receiving/Storage
○ Outlying areas
#7 – Missing Essential Criteria and Areas
18. BEYOND COMPLIANCE
● Establish audit objectives and align with company values
● Assign Competent Managers (roles, responsibilities)
● Establish Audit Procedures and Methods to Meet Objectives
● Establish Audit Criteria
● Select and Organize Audit Teams
● Process for confidentiality, security, health and safety
#6 – Not Establishing an Audit Management System
19. BEYOND COMPLIANCE
● Audit Reporting System
○ Results
○ KPIs
● Annual Review
○ Extent of Audit Program
■ Criteria still current?
■ Objectives still current?
■ Auditors
○ Results of the Program
○ Audit Risks for Failure
○ Audit Program Resources
■ Time
■ Budget
■ Information Availability
#6 – Not Establishing an Audit Management System
21. BEYOND COMPLIANCE
#5 – Selecting the Right Auditors
■ Auditor Skills & Behaviors
■ Knowledge
■ Audit process
■ Facility & Industry
■ Ability to work independently
■ Observant
■ Ability to Multitask
22. BEYOND COMPLIANCE
#5 – Selecting the Right Auditors
■ Integrity and impartiality
■ Professionalism
■ Ethical
■ Honest
■ Fair presentation
■ Report only the truth
■ Report accurate information
■ Professional ethics
■ Diligent
■ Can make sound, reasonable judgments
■ Doesn’t take bribes
■ Displays no bias for personal gain
23. BEYOND COMPLIANCE
#5 – Selecting the Right Auditors
■ Keep information confidential
■ Demonstrate independence
■ Work objectively and free from bias
■ Avoid conflicts of interest
■ Evidence-based conclusions
■ Can use a Risk-based Approach
■ Can consider the risk and opportunities that are
significant for achieving audit objectives
24. BEYOND COMPLIANCE
● Improve Auditor Competence
○ Formal Education and Experience
■ Audit Protocols and Procedures
■ Auditor Skills
■ Risks and Hazards
■ Judgment, critical thinking, decision
making, problem solving and
communication skills
#4 – Inadequate Internal Auditor Training
25. BEYOND COMPLIANCE
#4 – Inadequate Internal Auditor Training
■ Orientation Training
■ Audit Criteria
■ Internal Audit Techniques and procedures
■ Hazard Identification
■ Safety Requirements During Auditing
■ Reporting and Tracking System
■ Statistics
■ Report for Upper Management
26. BEYOND COMPLIANCE
#4 – Inadequate Internal Auditor Training
■ Annual Refresher Training
■ Improve Auditor Competency
■ Use pictures, videos, or demonstrations
on what to look for both compliance and
non-compliance observations
■ Drive Continuous Improvements
■ How to look for best practices, identify
root causes, and problem solving
techniques.
■ Share industry changes or updates
27. BEYOND COMPLIANCE
#3 – Ineffective Corrective Action Plans
■ Know the Root Cause Analysis First
■ Potential Multiple Root Causes
■ Identify All Potential Corrective Actions
■ Perform a Cost Benefit Analysis to Identify the Most Cost Effective Correction
■ Identify if the Corrective Action Will Have Lasting Effects or Be Short Lived
■ Identify All People or Areas that Need the Corrective Action
■ Assign Ownership for Each Action Item
28. BEYOND COMPLIANCE
■ A cost benefit analysis is done to determine how well, or how
poorly, a planned action will turn out
■ Two purposes:
○ To determine if it is a sound investment/decision
(justification/feasibility)
○ To provide a basis for comparing projects
■ It involves comparing the total expected cost of each option
against the total expected benefits, to see whether the
benefits outweigh the costs, and by how much
#3 – Ineffective Corrective Action Plans
29. BEYOND COMPLIANCE
#3 – Ineffective Corrective Action Plans
■ For example, you identify a roof leak during your internal
audit.
■ List out the options with costs associated for preventive
actions, repairs, and recalls.
■ Hire a company to look at the roof twice a year for
$12,000
■ Have a leak in the roof and the repair would cost $50k
■ Have undetected roof leak that could cause a product
recall for $1 million.
■ Allow Senior Leadership to understand all the risks before
they make a decision
30. BEYOND COMPLIANCE
#2 – Using an Internal Audit as a Compliance Tool
■ Focus on how to use the Internal Audit System
to drive improvements in your process
■ KPI trends
■ Industry trends
■ Facility Risk
■ Develop an Internal Audit Program based on
the facility
■ Customized checklist
■ Customized training
31. BEYOND COMPLIANCE
#2 – Using an Internal Audit as a Compliance Tool
■ Engage Frontline Employees
■ Ask for their improvement ideas
■ Ask about areas of concern
■ Opportunity to Drive a Food Safety and
Food Quality Culture
32. BEYOND COMPLIANCE
#1 – Not Reporting the Positives
■ Include criteria for “best practices” that should be shared with the organization
■ What to look for?
■ What does it mean?
■ Align with company vision
■ Exceeding expectations
■ How to report “WOW” items
33. BEYOND COMPLIANCE
#1 – Not Reporting the Positives
■ Include best practices in reporting process and closing meeting
■ Opportunity to share positives during an internal audit
■ Drives continuous improvement throughout the organization
■ Drive engagement in the program
■ Drive an improvement culture
34. BEYOND COMPLIANCE
Summary
• Formalize your Internal Audit Process
• Audit Frequency based on risk
• Conduct Internal Audit Evaluations
• Include All Audit Criteria in your Internal Audit Program
• Establish an Internal Audit Management System
35. BEYOND COMPLIANCE
Summary
• Select the Right Auditors
• Internal Auditor Training
• Have the Right Corrective Action Plans
• Use Internal Audits as an Improvement Tool
• Share the Positives and Best Practices
37. BEYOND COMPLIANCE
For More Information, Contact Mérieux NutriSciences
Visit merieuxnutriscience.learnupon.com to view our online and public training
offerings or contact us at techservices.na@mxns.com to discuss your training
and consulting needs.
38. More Resources at safetychain.com and merieuxnutrisciences.com
White Papers & Surveys
Webinars & Videos
Product & Partner Info
Solution Consultation
Sept. 24, 2021: The 3 C’s of Internal Auditing w/The Acheson Group
Sept. 30, 2021: KPIs Operations Might Be Missing
Oct. 29, 2021: Bio-Engineered Labeling Disclosures
—> safetychain.com/resources/webinars
BEYOND COMPLIANCE