What are the internal audit procedure requirements?

Procedure: Internal Audit

The internal audit requires the following bullet point:

• An audit is an objective assessment of the quality system in which it is checked whether what happens in practice has also been described and vice versa. Besides HACCP, food defence and fraud are also assessed.
• An audit should be performed by employees that in principle have no connection with the audited department. This is because business blindness and “fast” conclusions can present a distorted picture.
• The audit should be performed by employees that are trained to conduct audits. The auditor must be able to identify the applicable standards for each department. 
• The audit is normally performed by 1 person, but it can also be performed by multiple people. 
• An auditor is granted access to all relevant information. This requires approval from the management. 
• Every auditor has followed a course or is able to conduct the audit by virtue of position. 
• All information provided during the audit is CONFIDENTIALLY handled! 

The primary goal of the internal audits is a continuous assessment of whether the company follows the written procedures and instructions of the quality system. 

Implementation of the audit:

During the verification, it should examined whether an abnormality has been properly handled and also that the problem is unlikely to occur again in the future. 

By severe abnormalities, an interim verification is performed. The progress of the improvement points are stated in the audit report. A point can only be removed from the report if it is approved after verification. 

Points for which an improvement action has already been written are not listed again unless it is important for clarity and progress. However it must be ascertained why adequate measures have not yet been taken:

• Each department is audited at least 1 x per year. The various process steps are reviewed with their related products. 
• At every audit, at least the control and the control measures (CCP’s, QCP’s, LCP’s or PRP’s and OPRP’s) and quality aspects are considered. 
• Measures taken are assessed on implementation and effectiveness. 
• The handbook is mirrored in the implementation. 

The scope of the internal audits is determined in such a way that all aspects of the food safety and quality systems are assessed at least once a year and at least include: 

• The HACCP plan (food safety plan) including the activities to implement it, such as the selection and assessment of suppliers, correcting measures, verification. 
• The prerequisite program, such as hygiene, pest control, and etc.
• Policy 
• Food defence and food fraud prevention plans 
• Procedures and instructions
• Documentation 
• Production.

Audit reports:

An audit report is recorded from the audit with at least:

• Which aspects were assessed;
• Who was spoken to, which documents or forms were assessed, proof; 
• Notable matters;
• Found shortcomings;
• Which abnormalities were found;
• Appointments made in regards to the shortcomings;
• Timelines for resolution.

Observations:

The internal audit also includes diverse inspection rounds. In these rounds, the production environment, different processes, and equipment are looked at. It is checked whether they are in the correct condition for foodstuff production. For example, hygiene, condition, and requirements from the prerequisite program are looked at. These checks are recorded in the iMIS audit client. The frequency of the checks is based on risk, but for BRC certified companies it is required that inspections are conducted at least once per month. 

The quickscan conducted through QAssurance also makes up part of the internal audits.

Audit planning:

There is a planning for internal audits. All activities are audited at least once per year. Every audit in the plan has a defined scope and handles a specific activity or section of the HACCP plan. For BRC certified companies, it is required that the internal audit is divided over a minimum of 4 different audit moments that are spread over the year. The frequency by with each activity is audited is determined in relation to the risks and results of previous audits.