Jump to content

  • Quick Navigation
Photo

Frequency of Internal Audit Based on ISO 22000:2018 Standard

Share this

  • You cannot start a new topic
  • Please log in to reply
6 replies to this topic

Escherichia coli

    Grade - Active

  • IFSQN Active
  • 6 posts
  • 0 thanks
0
Neutral

  • Philippines
    Philippines

Posted 28 August 2023 - 07:53 AM

We are audited by SGS and one of the findings is about the frequency of internal audit. We conduct our internal audit annually for each department against all clause applicable to the function of the departments. Once a department failed the internal audit, a reaudit will commence after 3 months to ensure the effectiveness of the department in implementing the organization's FSMS. Now, one of the non-conformity is for internal audit saying

 

"It was not evidenced that frequency of internal audit was determined based on risk with consideration to importance of processes concerned, changes in FSMS, results of monitoring, measurement and previous audits."

 

Can somebody give light to me in regard to the SGS finding? I have trouble in making a criteria as to what criteria I will develop, what does it include, and how I will schedule the internal audit throughout these criteria.



Evans X.

    Grade - SIFSQN

  • IFSQN Senior
  • 331 posts
  • 158 thanks
116
Excellent

  • Greece
    Greece
  • Gender:Male
  • Interests:Food safety, Lab quality, Reading, Online&board gaming, Movies&series, Basketball.

Posted 28 August 2023 - 08:23 AM

Greetings Joseph,

 

What the auditor wants is to make your procedure more robust, explaining in detail what are the criteria that you use to determine the frequency of your audits. SGS actually helped you the way they phrased it. Some simple examples in each category are:

Consideration to importance of processes: Warehousing of end products generally poses less risk of something failing than the production (always depending on the nature of the product of course).

Changes in FSMS: Changes like an addition / removal of an interested party (chapter 4) is less impactful than a change to the hazards assessment (chapter 8).

Reuslts of monitoring: This you already covered with the 3 month corrective actions period and re-auditing, but you can elaborate a bit more on this, maybe let's say that for critical N/Cs maybe the re-audit can happen in 1 month.

Measurement and previous audits: It's determining if there is a trend through time. If a department is showing more N/Cs in a period of 3 concecutive audits or years than another then the one with the most may need more frequent checks than others.

 

Regards!



Thanked by 1 Member:

Scampi

    Fellow

  • IFSQN Fellow
  • 5,630 posts
  • 1541 thanks
1,659
Excellent

  • Canada
    Canada
  • Gender:Not Telling

Posted 28 August 2023 - 11:53 AM

I think your auditor is telling you that your written program for internal auditing is not clear, and your process is probably fine...........your comment reads to me like the auditor is spoon feeding you details from the code that are absent from your program


Please stop referring to me as Sir/sirs


Tony-C

    Grade - FIFSQN

  • IFSQN Fellow
  • 4,301 posts
  • 1310 thanks
646
Excellent

  • United Kingdom
    United Kingdom
  • Gender:Male
  • Location:World
  • Interests:My main interests are sports particularly football, pool, scuba diving, skiing and ten pin bowling.

Posted 29 August 2023 - 06:43 AM

Hi Joseph,

 

The auditor should have made it clear this was clause 9.2.2 from ISO 22000:2018 Food safety management systems — Requirements for any organization in the food chain.

 

Clause 9.2.2 The organization shall:

a) plan, establish, implement and maintain (an) audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes in the FSMS, results of monitoring, measurement and previous audits.

b) etc..

 

You should be prioritising higher risk areas for more frequent internal audits and also when there are changes and results of monitoring, measurement and previous audits indicate a need for more frequent audits.

 

Here is an example of audit scheduling but for SQF, the same principle applies and higher risk areas with regards to food safety and legality are audited more frequently.

 

Attached File  Audit and Inspection Scheduling.jpg   143.53KB   25 downloads

 

Kind regards,

 

Tony



Thanked by 1 Member:

Escherichia coli

    Grade - Active

  • IFSQN Active
  • 6 posts
  • 0 thanks
0
Neutral

  • Philippines
    Philippines

Posted 06 September 2023 - 12:22 PM

Hi Joseph,

 

The auditor should have made it clear this was clause 9.2.2 from ISO 22000:2018 Food safety management systems — Requirements for any organization in the food chain.

 

Clause 9.2.2 The organization shall:

a) plan, establish, implement and maintain (an) audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes in the FSMS, results of monitoring, measurement and previous audits.

b) etc..

 

You should be prioritising higher risk areas for more frequent internal audits and also when there are changes and results of monitoring, measurement and previous audits indicate a need for more frequent audits.

 

Here is an example of audit scheduling but for SQF, the same principle applies and higher risk areas with regards to food safety and legality are audited more frequently.

 

attachicon.gif Audit and Inspection Scheduling.jpg

 

Kind regards,

 

Tony

 

Thank you Tony, your inputs are really appreciated. I'm just starting in this career and your inputs helped me a lot. 



Escherichia coli

    Grade - Active

  • IFSQN Active
  • 6 posts
  • 0 thanks
0
Neutral

  • Philippines
    Philippines

Posted 06 September 2023 - 12:24 PM

Greetings Joseph,

 

What the auditor wants is to make your procedure more robust, explaining in detail what are the criteria that you use to determine the frequency of your audits. SGS actually helped you the way they phrased it. Some simple examples in each category are:

Consideration to importance of processes: Warehousing of end products generally poses less risk of something failing than the production (always depending on the nature of the product of course).

Changes in FSMS: Changes like an addition / removal of an interested party (chapter 4) is less impactful than a change to the hazards assessment (chapter 8).

Reuslts of monitoring: This you already covered with the 3 month corrective actions period and re-auditing, but you can elaborate a bit more on this, maybe let's say that for critical N/Cs maybe the re-audit can happen in 1 month.

Measurement and previous audits: It's determining if there is a trend through time. If a department is showing more N/Cs in a period of 3 concecutive audits or years than another then the one with the most may need more frequent checks than others.

 

Regards!

 

Thank you Evans X, this helped in improving our guidelines on internal audit. I really appreciate your help.  


Edited by Escherichia coli, 06 September 2023 - 12:27 PM.


Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5669 thanks
1,548
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 07 September 2023 - 07:39 AM

We are audited by SGS and one of the findings is about the frequency of internal audit. We conduct our internal audit annually for each department against all clause applicable to the function of the departments. Once a department failed the internal audit, a reaudit will commence after 3 months to ensure the effectiveness of the department in implementing the organization's FSMS. Now, one of the non-conformity is for internal audit saying

 

"It was not evidenced that frequency of internal audit was determined based on risk with consideration to importance of processes concerned, changes in FSMS, results of monitoring, measurement and previous audits."

 

Can somebody give light to me in regard to the SGS finding? I have trouble in making a criteria as to what criteria I will develop, what does it include, and how I will schedule the internal audit throughout these criteria.

Hi Ec,

 

JFI you can find a quite nice, specific, detailed IA Procedure based on Risk in earlier threads on this Forum. Many, many times downloaded. Was developed for BRC but I would anticipate equally acceptable to iso22000. Some similarity to Tony's excellent example but little bit more extended.

 

PS - after some searching, here is link/thread -

 

https://www.ifsqn.co...dit/#entry95362


Kind Regards,

 

Charles.C




Share this


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users