Developing and maintaining a robust and effective internal audit system provides meaningful and actionable improvements for your food safety and food quality processes. Avoid these ten most common auditing mistakes made by food and beverage companies. Watch the webinar replay at: https://info.safetychain.com/top-10-auditing-mistakes

1. Beyond Compliance
Webinar & Podcast Series for Process Manufacturers
Best Audit Practices:
The Top 10 Auditing Mistakes Companies Make
with Karissa Vaughn
Lead Auditor, Mérieux NutriSciences

2. // About SafetyChain
✔Improve Yield
✔Maximize Productivity
✔Ensure Compliance
Plant Management Platform

3. About the Presenter
BEYOND COMPLIANCE
Karissa Vaughn
Lead Auditor with Mérieux NutriSciences
In her 15 years in the food industry, Karissa has also
held roles as Sr. Manager of Plant Quality Assurance,
and Mix Processing Supervisor. She holds a Bachelor
of Sciences in Dairy Production and Dairy
Manufacturing from South Dakota State University.
Aaron Bolshaw
Moderator

4. BEYOND COMPLIANCE
About Mérieux NutriSciences
Mérieux NutriSciences Certification LLC is an independent
subsidiary of Mérieux NutriSciences established to provide clients
with certification to many internationally recognized schemes.
GFSI benchmarked schemes include:
● SQF
● BRCGS Global Standard for Food
● BRCGS Storage and Distribution
● IFS Logistics
● FSSC 22000

5. BEYOND COMPLIANCE
● Introduction
● #10 – Informal Internal Audits
● #9 – Incorrect Internal Audit Frequency
● #8 – Missing Internal Auditor Evaluations
● #7 – Missing Essential Criteria and Areas
● #6 – Not Establishing an Audit Mgmt System
● #5 – Selecting the Right Auditors
● #4 – Inadequate Internal Auditor Training
● #3 – Ineffective Corrective Action Plans
● #2 – Using an Internal Audit as a Compliance Tool
● #1 – Not Reporting the Positives
● Summary
Agenda

6. BEYOND COMPLIANCE
● Informal Process
○ Missing formal communication
■ Missing audit scheduling and audit criteria
■ Notification and communication about findings
○ Missing a formal opening meeting
○ Missing a formal closing meeting
○ Missing a formal audit report
# 10 – Informal Internal Audits

7. BEYOND COMPLIANCE
Use ISO 19011:2018 standards
● Principles of Audits
● How to establish, implement, monitor, and review your audit program
● How to perform an audit
● How to report an audit properly
● Proper audit follow up
● Auditor competence
● Auditor Evaluation
# 10 – Informal Internal Audits

8. BEYOND COMPLIANCE
● Not Focused completely on the internal audit
○ Interruptions from the job
○ Back-up and coverage assignments
○ Designated substitutes
● Tunnel Vision
○ Only focusing on known issues
○ Not observing the whole process
■ Observe like it was the first time you saw it
# 10 – Informal Internal Audits

9. BEYOND COMPLIANCE
● The Frequency needs to fit your RESOURCES
○ Available Time
■ Scope of the audit
■ Does the audit take an hour or multiple days?
○ Available Staff
■ How many people are trained?
■ An additional 10% staff trained
○ Manage Costs
■ Budget Restrictions
# 9 – Incorrect Internal Audit Frequency

10. BEYOND COMPLIANCE
● Fit the NEEDS of the organization
○ Fit risk of the organization
○ High risk product or process may need more time and resources
○ Determine what is a need vs. a want
● Strike a BALANCE between resources and risk
○ Focus more on high risk areas
# 9 – Incorrect Internal Audit Frequency

11. BEYOND COMPLIANCE
● Hybrid Audits
○ Internal audit conducted at different times and may be different frequencies
■ Save resources and time
○ Parts Performed Monthly
■ GMP (Personnel behavior and Facility Condition)
○ Parts Performed Quarterly
■ Pre-requisite Programs
○ Parts Performed Semi-annually or Annually
■ System Reviews
○ Align available resources to risks
# 9 – Incorrect Internal Audit Frequency

12. BEYOND COMPLIANCE
● Drives Auditor Consistency
○ Share findings
○ Share how to handle situations
● Understanding training needs
○ Know their strengths
○ Know their weakness
● Drive Continuous Improvements
○ Keeping auditor update to on current industry or company issues
○ Help build and maintain ability to make accurate risk assessments
# 8 – Missing Internal Auditor Evaluations

13. BEYOND COMPLIANCE
● Auditor Evaluation
○ Behaviors align with requirements
○ Knowledge of audit principles, procedures and methods
○ Knowledge and skills about the business and industry
○ Knowledge and understanding of legal and contractual
requirements for auditing
○ Sector-specific knowledge
○ Understands hazard risks for sector and product
# 8 – Missing Internal Auditor Evaluations

14. BEYOND COMPLIANCE
An Internal Audit should include criteria for:
○ Regulatory Requirements
■ Labeling, FDA, USDA, etc.
○ Third Party Audit Requirements
■ GSFI, SQF, BRC, etc.
○ Customer / Co-Manufacturing Requirements
■ Specifications
■ Contract Requirements (Manual, Special Instructions, etc.)
○ Identity Preserved Requirements (if applicable)
■ Non-GMO, Organic, Kosher, Halal, All Natural, etc.
○ Internal Company Specific Requirements
■ Company Policies
■ Brand Identity Protection
#7 – Missing Essential Criteria and Areas

15. BEYOND COMPLIANCE
● An Internal Audit should include the following areas:
○ Food Safety & Food Quality Management Systems
○ Product non-conformities
○ Incident Management
○ Traceability/Recall
○ Sanitation
○ Hygiene (GMPs – Facility & Personnel)
○ Processing Areas
○ Exterior of the facility
○ Shipping/Receiving/Storage
○ Outlying areas
#7 – Missing Essential Criteria and Areas

16. BEYOND COMPLIANCE
● Establish audit objectives and align with company values
● Assign Competent Managers (roles, responsibilities)
● Establish Audit Procedures and Methods to Meet Objectives
● Establish Audit Criteria
● Select and Organize Audit Teams
● Process for confidentiality, security, health and safety
#6 – Not Establishing an Audit Management System

17. BEYOND COMPLIANCE
● Audit Reporting System
○ Results
○ KPIs
● Annual Review
○ Extent of Audit Program
■ Criteria still current?
■ Objectives still current?
■ Auditors
○ Results of the Program
○ Audit Risks for Failure
○ Audit Program Resources
■ Time
■ Budget
■ Information Availability
#6 – Not Establishing an Audit Management System

18. BEYOND COMPLIANCE
#5 – Selecting the Right Auditors
■ Auditor Skills & Behaviors
■ Knowledge
■ Audit process
■ Facility & Industry
■ Ability to work independently
■ Observant
■ Ability to Multitask

19. BEYOND COMPLIANCE
#5 – Selecting the Right Auditors
■ Integrity and impartiality
■ Professionalism
■ Ethical
■ Honest
■ Fair presentation
■ Report only the truth
■ Report accurate information
■ Professional ethics
■ Diligent
■ Can make sound, reasonable judgments
■ Doesn’t take bribes
■ Displays no bias for personal gain

20. BEYOND COMPLIANCE
#5 – Selecting the Right Auditors
■ Keep information confidential
■ Demonstrate independence
■ Work objectively and free from bias
■ Avoid conflicts of interest
■ Evidence-based conclusions
■ Can use a Risk-based Approach
■ Can consider the risk and opportunities that are
significant for achieving audit objectives

21. BEYOND COMPLIANCE
● Improve Auditor Competence
○ Formal Education and Experience
■ Audit Protocols and Procedures
■ Auditor Skills
■ Risks and Hazards
■ Judgment, critical thinking, decision
making, problem solving and
communication skills
#4 – Inadequate Internal Auditor Training

22. BEYOND COMPLIANCE
#4 – Inadequate Internal Auditor Training
■ Orientation Training
■ Audit Criteria
■ Internal Audit Techniques and procedures
■ Hazard Identification
■ Safety Requirements During Auditing
■ Reporting and Tracking System
■ Statistics
■ Report for Upper Management

23. BEYOND COMPLIANCE
#4 – Inadequate Internal Auditor Training
■ Annual Refresher Training
■ Improve Auditor Competency
■ Use pictures, videos, or demonstrations
on what to look for both compliance
and non-compliance observations
■ Drive Continuous Improvements
■ How to look for best practices, identify
root causes, and problem solving
techniques.
■ Share industry changes or updates

24. BEYOND COMPLIANCE
#3 – Ineffective Corrective Action Plans
■ Know the Root Cause Analysis First
■ Potential Multiple Root Causes
■ Identify All Potential Corrective Actions
■ Perform a Cost Benefit Analysis to Identify the Most Cost Effective Correction
■ Identify if the Corrective Action Will Have Lasting Effects or Be Short Lived
■ Identify All People or Areas that Need the Corrective Action
■ Assign Ownership for Each Action Item

25. BEYOND COMPLIANCE
■ A cost benefit analysis is done to determine how well, or
how poorly, a planned action will turn out
■ Two purposes:
○ To determine if it is a sound investment/decision
(justification/feasibility)
○ To provide a basis for comparing projects
■ It involves comparing the total expected cost of each option
against the total expected benefits, to see whether the
benefits outweigh the costs, and by how much
#3 – Ineffective Corrective Action Plans

26. BEYOND COMPLIANCE
#3 – Ineffective Corrective Action Plans
■ For example, you identify a roof leak during your internal
audit.
■ List out the options with costs associated for preventive
actions, repairs, and recalls.
■ Hire a company to look at the roof twice a year for
$12,000
■ Have a leak in the roof and the repair would cost $50k
■ Have undetected roof leak that could cause a product
recall for $1 million.
■ Allow Senior Leadership to understand all the risks before
they make a decision

27. BEYOND COMPLIANCE
#2 – Using an Internal Audit as a Compliance Tool
■ Focus on how to use the Internal Audit System
to drive improvements in your process
■ KPI trends
■ Industry trends
■ Facility Risk
■ Develop an Internal Audit Program based on
the facility
■ Customized checklist
■ Customized training

28. BEYOND COMPLIANCE
#2 – Using an Internal Audit as a Compliance Tool
■ Engage Frontline Employees
■ Ask for their improvement ideas
■ Ask about areas of concern
■ Opportunity to Drive a Food Safety and
Food Quality Culture

29. BEYOND COMPLIANCE
#1 – Not Reporting the Positives
■ Include criteria for “best practices” that should be shared with the organization
■ What to look for?
■ What does it mean?
■ Align with company vision
■ Exceeding expectations
■ How to report “WOW” items

30. BEYOND COMPLIANCE
#1 – Not Reporting the Positives
■ Include best practices in reporting process and closing meeting
■ Opportunity to share positives during an internal audit
■ Drives continuous improvement throughout the organization
■ Drive engagement in the program
■ Drive an improvement culture

31. BEYOND COMPLIANCE
Summary
• Formalize your Internal Audit Process
• Audit Frequency based on risk
• Conduct Internal Audit Evaluations
• Include All Audit Criteria in your Internal Audit Program
• Establish an Internal Audit Management System

32. BEYOND COMPLIANCE
Summary
• Select the Right Auditors
• Internal Auditor Training
• Have the Right Corrective Action Plans
• Use Internal Audits as an Improvement Tool
• Share the Positives and Best Practices

33. Questions?
Karissa Vaughn
Lead Auditor
Mérieux
Best Audit Practices:
The Top 10 Auditing Mistakes Companies Make
Watch the webinar replay: https://info.safetychain.com/top-10-auditing-mistakes

34. BEYOND COMPLIANCE
For More Information, Contact Mérieux NutriSciences
Visit www.merieuxnutrisciences.com/na/training to view our online and public
training offerings or contact us at techservices.na@mxns.com to discuss your
training and consulting needs.

35. More Resources at safetychain.com and merieuxnutrisciences.com
White Papers & Surveys
Webinars & Videos
Product & Partner Info
Solution Consultation
BEYOND COMPLIANCE
Get More Knowledge:
www.safetychain.com
www.merieuxnutrisciences.com