Академический Документы
Профессиональный Документы
Культура Документы
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Accelerated Learning Introduction
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Aims and Objectives
• Describe the fundamental purpose of a Food Safety
Management System (FSMS)
• Explain the purpose, content and interrelationship of:
management system standard ISO 22000:2005 and
guidance document, industry practice; standard operating
procedures; and relevant food safety legislation
• Explain the role of an auditor to plan, conduct, report and
follow up an audit in according with ISO 19011
• Plan, undertake and report an audit of a food safety
management system in accordance with ISO 19011
• Audit the adequacy of an organisation’s Food Safety
Management System
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Course Program Day 1
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
The International Register of
Certificated Auditors (IRCA)
– Certification of Auditors
– Certification of Auditor Training
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
IRCA Food Safety Management
Systems Auditor Certification
Scheme
• The objectives of the Food Safety Scheme;
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
IRCA Food Safety Certification
Categories
• Three certification grades for auditors:
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
IRCA Auditor Registration Scheme
Academic Qualification
Formal
Work Experience Auditor Training
Auditing Experience
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
IRCA Contact Information
Address: IRCA,
PO Box 25120,
12 Grosvenor Crescent,
London SW1X 7ZL
E-Mail: fs@irca.org
Website: www.irca.org
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 2 Objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Key Elements of ISO 22000:2005
ISO 22000:2005 specifies the requirements for a Food
Safety Management System (FSMS) that combines the
following generally recognized key elements:
- Interactive communication
- System management
- prerequisite programmes
- CODEX HACCP principles
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 System Management
FMEA
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Scope of ISO 22000:2005
Producers of pesticides,
fertilizers, and veterinary
drugs
Crop producers
Food chain for the
production of ingredients
and additives
Feed producers
Regulatory authorities
Producers of packaging
2nd food processors materials
Service providers
Wholesalers
Food service
operators/caterers
Retailers
Consumers
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 and the Food
Chain
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 Philosophy
Old Vision New Vision
Do
Process Design
Inspection Check Audit
Plan Improve
Correction
Action
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Definition of Food Safety
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 Process Model
Check
Act Do
Plan
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Terms that are often confused
Hazard = agent causing the illness or adverse health affect.
See ISO 22000:2005 3.3
Risk = probability of getting ill be ingesting a certain hazard &
the severity of that illness
Hazard Analysis = Industry task
Risk Analysis = Governmental task
Monitoring – during implementation, verifying that the control
measure functions as intended. See ISO 22000:2005 3.12
Verification – after implementation, verifiable evidence that
the monitoring works and the degree of intended control has
been delivered See ISO 22000:2005 3.16
Validation – prior to implementation, verifiable evidence that
the control measure is capable of delivering the needed
objectives See ISO 22000:2005 3.15
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Purpose of a Food Safety
Management System
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Food Safety Risk Management
as a Strategic Business Driver
• Secure in the knowledge that the product is safe when
reaching the marketplace
• Legal requirement
• Saves money by targeting resources and reducing the
requirement for end product testing
• Will yield a safer product in less time and at lower cost
which will satisfy customers’ requirements
• Establishes priority for improvement actions
• There is a demand from customers for a recognised
food safety standard
• Assists new product development
• Concept of due diligence
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Historical aspects of public
health and food safety provision
• Hunter gatherer to communal life
• First food laws written in 2500 B.C
• Preservation methods – a preventative response
• HACCP predecessors
• HACCP and the space program
• FDA and HACCP
• Regulatory requirement since 1998
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Social aspects of public health
and food safety provision
• Food safety management is more important now than ever
before due to:
– Increased number of pathogens on raw foods due to
intensive farming, intensive production and reduced
number of slaughterhouses
– Increase in meals consumed outside the home
– Increase in ready prepared foods
– More foreign holidays
– Increased amounts of exotic imported foods
– Increase in numbers of susceptible people (elderly)
– Reduction in the use of preservatives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 3 - Objectives
• Students understand and can describe the CODEX HACCP
based control system (IRCA K4.1.2c,f;K4.2.2a)
• Students understand what is a pre-requisite program and its
importance within a FSMS (IRCA K4.1.2f)
• Students can evaluate the appropriate attribution of risk to
identified hazards and the effectiveness of the organization’s
management of risk through its food safety risk assessment
and control planning (IRCA K4.1.2c,d,e,f; S4.4.2)
• Students determine appropriate operational controls for specific
food safety hazards and evaluate the implementation of
operational risk control, monitoring and measurement (IRCA
S4.4.3)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
CODEX - Application of a HACCP
based hazard control system
Five Steps Seven Principles
• Assemble the HACCP team • Carry out Hazard Analysis
• Describe the product and list the control measures
• Identify the intended use • Determine the Critical Control
• Construct a flow diagram Points (CCPs)
• Confirm accuracy of the flow • Establish Critical Limits for
diagram each CCP
• Establish monitoring system
for each CCP
• Establish corrective actions
• Establish verification
procedures
• Establish documentation and
record keeping
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Definition of a Control
Measure
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Definition of a Pre-Requisite
Program (PRP)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Definition of an Operational
Pre-Requisite Program O-PRP
PRP identified by the hazard analysis as essential in
order to control the likelihood of introducing food safety
hazards to and/or the contamination or proliferation of
food safety hazards in the product(s) and safe food for
consumption
ISO 22000:2005 3.9
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
HACCP/FSMS Relationship
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
HACCP based control system v’s
ISO 22000:2005 (FSMS)
• Starting point Flow • Starting point Output/Input
diagram • Controls needed/not needed
• What can go wrong (events) ? • Focus on determining the
• Focus on determining the CCPs control measure combinations
• Limited documentation of • Full documentation of hazard
hazard analysis analysis
• Tends to result in a static • Encourages dynamic control
control system systems
• Semi-quantitative approach • Enables a quantitative
(zero-tolerance/ALARA) approach (FSO/PO approach)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Products or new products
authorizations
Representative Prerequisite Programs
Food Safety Management System
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Evolution of ISO 22000:2005
Standard Series
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 Standard
Series Objectives
• Complying with CODEX HACCP principles
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 Standard Series
ISO 22000:2005 is the first in a family of standards that includes
the following documents:
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 5 Objectives
• Students understand the International Accreditation Forum
(IAF) interpretations and guidelines for 3rd party Certification
Bodies (Registrars) (IRCA K4.3.1b)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
International Accreditation
Forum (IAF)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
IAF Guidance Documents GD Series
• IAF publishes Guidance documents commonly called GD
documents. IAF Guidance documents are not intended to
establish, interpret, subtract from or add to the requirements
of any ISO/IEC Guide but simply to assure consistent
application of those Guides.
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Infra-structure for Registration
of Management Systems
International
Accreditation Forum
Regional Accreditation
National Accreditation
Board(s)
Quality/
Environmental
Application For Product Approval Personnel Approval
Management NAB AUDIT
Accreditation EN45011 EN45013
Systems
EN45012
Certification Body
Industry
Consumers and
Purchasers
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Roles Of Accreditation &
Certification Bodies
Accreditation Body Certification Body
• Operate the Accreditation • Provide a service in line with
system for Laboratories, the requirements of the EN
Attestors/Attestation bodies 45000 series/ISO Guide 62 and
and Certification Bodies or shortly ISO 17021:2006
Registrars
• Provide certification in line with
• Provide accreditation in line their accredited scope
with their accreditation field
• Issue a Certificate of
Registration to organisations
who meet the requirement of
the relevant System Standard
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Types of Conformity Assessments
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Private Schemes - BRC
• In 1998 the British Retail Consortium, responding to industry
needs, developed and introduced the BRC Food Technical
Standard to be used to evaluate manufacturers of retailers
own brand food products.
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Private Schemes - EurepGap
• EurepGAP started in 1997 as an initiative of retailers
belonging to the Euro-Retailer Produce Working Group
(EUREP). It has subsequently evolved into an equal
partnership of agricultural producers and their retail
customers. Our Mission is to develop widely accepted
standards and procedures for the global certification of Good
Agricultural Practices (GAP).
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 6 Objectives
• Students identify and describe the documents and records
required by ISO 22000:2005 including hierarchy and
benefits of a documented FSMS. This includes the
difference between a document and a record (IRCA
K4.2.2c)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Objectives of ISO 22000:2005
Standards
• ISO requires (and always has required) a
“Documented food safety management system”,
and not a “system of documents”
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Typical FSMS Documentation
Hierarchy
POLICIES
OBJECTIVES
Hazard Analysis/
Control Measure
Combinations
PROCESSES
SUPPORTING
DOCUMENTATION
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Benefits of a documented
FSMS
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 7 Objectives
• Students understand the framework of relevant regional,
national and local legislation, codes of practice etc., and the
interaction between the food organization and the relevant
authorities (IRCA K4.2.4)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Origins of Food Safety Legislation
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Food Safety Problems
• Labeling
• Hygiene Standards
• Enforcement controls
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Issues for Industry
• Consumer concerns
• Labelling
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
“The Response”
• International
– Establishment of the Food Safety Agency (FDA, EFSA)
– Closer integration with International Bodies, e.g. United
Nations’ Codex Alimentarius, World Trade Organisation
etc.
• National
– Establishment of National Food Safety Agencies
– Sector Quality Schemes
• Local
– Service contracts
– Switch from reliance on inspection alone to audit and
inspection
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Business Response
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Types of Legislation
• Regulations
– same law throughout Community
• Directives
– sets out aims to be achieved for countries to enact local
laws
• Decisions
– as regulations but addressed to specific individuals,
companies or states
• Recommendations
– not binding, but may influence policy
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
European Union Food Safety Policy
Objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
European Union Food Safety Policy
Principles
• Shared responsibility
• Subsidiary principle
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Topics of Legislation
• Food Law, European Food Safety Authority
• Hygiene
• Residues
• BSE
• GM Food
• Hormones
• Supplements
• Contaminants
• Additives
• Labelling
• Flavourings
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 Requirements
• General Requirements, reference 4.1
• Documents Control, reference 4.2.2
• Management Commitment, reference 5.1b, 5.2b
• External Communication, reference 5.6.1c
• Internal Communication, reference 5.6.2h
• Competence, Awareness and training, reference 6.2.2a
• Prerequisite programmes (PRPs) reference 7.2.2/7.2.3
• Product characteristics, reference 7.3.3
• Process steps and control measures, reference 7.3.5.2
• Hazard analysis, reference 7.4.2.3
• Product withdrawals, reference 7.10.4a,b
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 8 Objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 22000:2005 Human Resource
Requirements
• People are competent rather than qualified
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
ISO 9000:2005 Definition of
Competency
• ISO 9000:2005 defines competency as “the demonstrated
ability to apply knowledge and skills” – what a person
needs to be doing to demonstrate he or she is competent
• Competencies needs to be defined for hourly and
management staff
• Competencies may be established for a specific position,
family of positions or cluster of jobs
• There are essentially two types of competencies, namely
soft (visible leadership, good listening skills) and hard
(planning, scheduling, controlling work or processes)
• Minimum competencies for managers and supervisors,
whereas for hourly personnel the focus is typically on the
hard skills
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 9 Objectives
• Students understand the scope, principles, terms and
requirements of ISO 19011:2002
• Students will understand the key auditing terms and
principles of auditing
• Students will understand what is expected of an audit
management program and show to assess the
effectiveness of an organization’s internal audit
program
• Students will understand the life cycle of an audit and
key activities (IRCA K4.3.2a)
• Students will understand the competencies required by
Auditors including the relevance of ISO 17024:2003
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Introduction and Scope of
ISO 19011:2002
• Both the ISO 9000 and ISO 14000 series of standards emphasise
the importance of audits as a management tool for monitoring
and verifying the effective implementation of an
organization's policy for quality and/or environmental
management
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Key Terms
• Audit,
Audit a systematic, • Audit findings,
findings results of the
independent and documented evaluation of the collected audit
process for obtaining audit evidence against audit criteria.
evidence and evaluating it • Audit conclusion,
conclusion outcome of
objectively to determine the an audit, provided by the audit
extent to which audit criteria team after consideration of the
are fulfilled. audit objectives and all audit
• Audit criteria,
criteria set of policies, findings
procedures or requirements • Auditor,
Auditor person with the
• Audit evidence,
evidence records, competence to conduct an audit
statements of fact or other • Audit Programme,
Programme set of one
information, relevant to the or more audits planned for a
audit criteria and verifiable. specific time frame and directed
towards a specific purpose
• Audit Plan,
Plan description of the
activities and arrangements for
an audit
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Principles of Auditing
• Ethical conduct – the foundation of professionalism
• Fair presentation – the obligation to report truthfully
and accurately
• Due professional care – application of diligence and
judgment in auditing
• Independence – the basis for the impartiality and
objectivity of the audit conclusions
approach the rational method for
• Evidence-based approach–
reaching reliable and reproducible audit conclusions in a
systematic audit process
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Auditor Competency
Auditor Competence
Quality Generic
Environmental /
Quality Specific knowledge and Food Safety
knowledge and skills skills (7.3.1
and 7.3.2) Environmental /Food safety
(7.3.3)
Specific knowledge and skills
(7.3.4)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 10 Objectives
• Students understand the process approach including its
significance when auditing management systems (IRCA
K4.2.2a)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Understanding the Process
Approach
• ISO 9000:2005 defines a Process as:
– “set of interrelated or interacting activities which transforms
inputs into outputs”
• Processes in an organisation are generally planned and carried
out under controlled conditions to add value
• Data should be gathered to establish process capability and
analyse process performance including input and output
characteristics
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
The P-D-C-A Cycle
ACT PLAN
How to improve What to do ?
next time
How to do it?
CHECK DO
Did things happen Do what was
according to plan? planned
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Approach to Audit Planning
• Verify the organization’s role in the food chain including
scope of registration sought
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Understanding the system
approach to management
• Individual processes rarely occur in isolation, namely
outputs from one process typically form part of inputs into
subsequent processes
• Simply stated, a food safety management system comprises
a number of interrelated processes
• Inputs and outputs of these processes can often be related
to both internal and external customers
• Customer feedback of a process output is an important
input to the continual improvement of an organization’s
FSMS
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
High-Level Process Map
S I P O C
Model
S C
U U
P S
P T
L Inputs Process Outputs O
I M
E E
R R
S S
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
SIPOC Example
Suppliers Inputs Process Outputs Customers
Statutory &
Various
Regulatory
HACCP Plan FSMS team
Codex Codex Guidelines
Hazard
Customer Product Analysis
Customer Requirements O-PRP Plan Auditors
Process Steps
Validation of
Hazard Hazard
Preliminary Data Control Measure
Identification Evaluation
Combinations
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Emergency Preparedness and
Response
• Identifying potential emergency and accidents
• Emergency and accident response procedure
• Emergency and accident response command and
control structure
• Competence, awareness, and training
• Emergency preparedness and response plan
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 11 Objectives
• Students understand basic audit terminology
• Student understand the audit terms, pre-registration,
initial registration, surveillance and re-registration and
the difference between them from an audit perspective
(IRCA K3.3.6e)
• Students understand the purpose of 1st, 2nd, and 3rd
party audits (IRCA K3.3.2a)
• Students understand the qualities and responsibilities of
auditors and the management responsibilities of the
Lead Auditor in managing the audit and the audit team
(IRCA K3.3.3)
• Students understand the need for effective
communication with the Auditee throughout the audit
process (IRCA K3.3.3c; K3.3.5b)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Key Terms
• Audit,
Audit a systematic, • Audit conclusion,
conclusion outcome of
independent and documented an audit, provided by the audit
process for obtaining audit team after consideration of the
evidence and evaluating it audit objectives and all audit
objectively to determine the findings
extent to which audit criteria • Audit client,
client organisation or
are fulfilled. person requesting an audit
• Audit criteria,
criteria set of policies, • Auditee,
ee organisation being
procedures or requirements audited
• Audit evidence,
evidence records, • Auditor,
Auditor person with the
statements of fact or other competence to conduct an audit
information, relevant to the • Audit team,
team one or more
audit criteria and verifiable. auditors conducting an audit,
• Audit findings,
findings results of the supported if needed by technical
evaluation of the collected experts
audit evidence against audit • Audit Plan,
Plan description of the
criteria. activities and arrangements for
an audit
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Types & Roles
Internal External
Audit of one’s
1st Party own
organisation
Audit of a
2nd Party Supplier by a
Customer
Audit by an
3rd Party
independent
Body
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Systems vs. Conformance /
Effectiveness
Operational Practices
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Main Purpose of 1st Party Audits
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Main Purpose of 2nd Party Audits
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Main purpose of 3rd Party audits
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Personal Qualities of an Auditor
• Precise • Integrity
• Reasonable • Organised
• Objective • Not afraid of reporting the
• Fair facts
• Energetic • Astute and analytical
• Sensitive • Listener
• Supportive • Sensitive to local customs
PROFESSIONAL’S
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
IRCA Code of Conduct
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Communication during the Audit
• The audit team should confer periodically to
– Exchange information
– Assess audit progress
– Reassign work between audit team members as needed
– Discuss concerns about any issues outside the scope of
the audit
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Auditor Responsibilities
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Lead Auditor Duties and
Responsibilities
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Sub-Team Leader Responsibilities
• Assemble evidence
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Trainee Auditor Duties and
Responsibilities
• Conduct the audit under the supervision of a
Competent Auditor/Lead Auditor
• Provide feedback to audit organization on learning
experience
• Establish and maintain good relations with
employees
• Comply with audit organization’s audit rules and
guidelines
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Technical Expert Duties and
Responsibilities
• Conduct the audit under the supervision of a
Competent Auditor/Lead Auditor
• Take notes
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Translator Duties and
Responsibilities
• Comply with audit organization’s audit rules and
guidelines
• Take notes
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Observer Duties and
Responsibilities
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Guide Duties and Responsibilities
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Consultant Duties and
Responsibilities
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Auditee Responsibilities
• Create the ‘right environment’ for the audit to take place
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 12 Objectives
• Students know the activities and task to be completed during the
planning phase of the audit life cycle (IRCA K3.3.4a, c; S3.4.1)
• Students know how to approach an organization which does not
have a formal documented FSMS based on ISO 9001:2000 (IRCA
K3.3.4f)
• Students have the skill to conduct a document review, determine its
conformity and whether there is adequate arrangements to justify
proceeding with the on-site audit (IRCA K3.3.4b; S3.4.2a)
• Students have the skill to develop an audit plan based on the scope
of registration sought and the food chain process steps of the
organization (IRCA K3.3.4 S3.4.2d)
• Students have the knowledge and skill to develop and technically
assess a process based checklist (IRCA K3.3.4e, f; S3.4.2e)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Main activities during the
Planning Phase
Initiating the Audit Preparing for the Audit
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Establishing Initial Contact with
the Auditee
• Establish communication channels with Auditee
Representative/FSMS Team Leader
• Confirm the authority to conduct the audit
• Request access to relevant documents, including records
• Provide information on proposed timing and audit team
composition
• Establish what, if any applicable site safety rules and
PPE
• Make arrangements for the audit
• Agree attendance of Trainee Auditors, Observers and
the need for Guides
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Determining the Feasibility of
the Audit
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Team Selection
• Audit objectives, scope, criteria and estimated duration
of the audit
• Statutory, regulatory, contractual and accreditation/
certification requirements
• Overall competence of the audit team to needed to
achieve the objectives of the audit including audit team
assignments
• Independence from the activities to be audited including
conflict of interest
• Ability of the audit team to interact with the auditee and
work together
• Availability
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
What is an Audit Plan?
ISO19011:2002
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Factors to be considered when
developing an Audit Plan
• The audit objectives, scope and criteria including the role
of the organization in the food chain
• Persons to be interviewed
• Competency of auditors
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Team Briefing
• Introduce team members
• Present a briefing statement about the auditee
• Assign roles and responsibilities
• Distribute relevant audit working documentation
• Ensure specialist team members / technical expert are
clear on the area(s) they need to focus on
• Discuss any queries with the audit plan
• Reconfirm commitment, availability and independence
and impartially of the audit team
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
What is a Checklist?
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Benefits of a Checklist
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Key points when developing a
Process-Based Checklist
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Types of Checklists
Standard Customised
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 13 Objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Reasons for an Opening Meeting
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
A Typical Opening Meeting Agenda
• Introductions, if applicable
• Confirmation of the objectives, scope and criteria of the
audit
• Confidentiality Statement/Sample
• Confirmation of audit plan
• Outline the audit process and approach
• Explain the reporting method
• Confirmation of availability and roles of guides
• Provide any clarifications which may be required
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
How to Manage the Opening
Meeting
• Be prepared
• Be professional
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
What information can be gathered
at an Opening Meeting
• Who the Guides are
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 14 Objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Main activities during the
Performance Phase
• Opening Meeting
• Gathering Evidence
• Writing Audit Finding Reports
• Collating and generating the Final Audit
Report
• Preparing for the Closing Meeting
• Closing Meeting
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
What is Evidence?
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Procedure for Gathering Evidence
Question/Analyze
Observe/Analyze Check
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
General Points on Questioning
Techniques
• Use appropriate types of question
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Typical Questions
• Information Verification
• How • Show me
• What
• When
• Where
• Who
• Why
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Types of Questions
• Open
• Closed
• Hypothetical
• Obvious
• Answered
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Observation
• People
• Processes
• Information systems
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Taking Notes
• Product identification
• Rough sketches
• Surroundings
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Mental Notes
• Workload
• Employee behaviour
• Management approach
• Organisation
• Reactions
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Reaching Audit Conclusions
Sources of information
Collecting by
appropriate sampling
and verifying
Audit Evidence
Audit Findings
Reviewing
Audit conclusions
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Sampling
• Sample frame/Sample
• Representative
• Random
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Role of the Technical Expert
• Listen
• Watch
• Audit
• Provide expertise
• Take notes
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Importance of Audit Team
Performance
• Manage delays
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Communication Skills
• Verbal
• Body language
• Facial
• Range of literacy
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Handling Difficult Situations
• Discrimination • Deception
• Hostility
• Obstruction
• Avoidance
• Usurping Control
• Finger Pointing
• Flattery
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 15 Objectives
• Students understand what a non-conformity audit finding
is and the typical content of a non-conformity and are able
to describe and apply the risk classification system used
(IRCA K3.3.6a,b)
• Students are able to write both a non-conformity (NCR)
and Opportunity for Improvement (OI) audit finding
(S3.3.4a,d)
• Students understand the contents of an audit report and
are able to write one (IRCA S3.4.4b,e)
• Students understand who gets a copy of the audit report,
when, and the retention period
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
What is a Nonconformity?
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Typical Root Causes of
Nonconformities
• Organisation structure
• Resources
• Information
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
NCR Definitions
• A Major nonconformity is where there is a total break-down or
absence of objective evidence to satisfy one or more food
safety management system requirements, or a situation which
would, on the basis of available objective evidence, raise
significant doubt as to the safety of what the organization is
supplying.
• A Minor nonconformity is where there is a defined and
documented system which generally satisfies one of more food
safety management system requirements, or a situation which
would, on the basis of available objective evidence, raise
concern as to the potential safety of what the organization is
supplying, e.g. the system and/or one or more processes have
not reached an acceptable maturity level.
• An observation/Opportunity for Improvement is a remark by
an Auditor which warrants clarification or investigation so as to
improve the overall effectiveness and/or efficiency of the
organization's Food Safety Management System.
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
An Audit Report is
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Contents of an Audit Report
• Audit objectives, scope and criteria
• Statement of the confidential nature of contents
• Audit conclusions
• Strengths and Weaknesses
• Number of nonconformities (including classification) and
observations, if any
• Nonconformity/Observation Reports
• Recommendations (risk assessment audit findings), if any
• Obstacles encountered
• Follow-up activities
• Audit Plan
• Audit Checklists (Appendix)
• Identification of the Lead Auditor and team members
• Identification and contact details of Auditee
• Opening/Closing Meeting Minutes
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Reporting Principles
• Never loose sight of the basic aim of an audit, namely
to get management commitment to act on the findings
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Report Approval
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Report Distribution, Timing &
Retention
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 16 Objectives
• Students understand the activities to be covered during a
final team meeting including its importance
• Student can describe the process for collating the findings
of the audit team
• Students know how to manage situations where the
organization’s QMS is deemed not to conform and to
correctly assess the maturity of the organization’s QMS
and risk to the integrity of the registration and supplier
approval (IRCA S3.4.4e, f)
• Students understand the ISO policy on recommendations
and offers of advice
• Students understand the importance of audit follow-up;
the terms correction, corrective action and CAPA process
including responsibilities including the objective evidence
required to demonstrate effective implementation of
CAPA (IRCA K3.3.6c, d; S3.4.4g)
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Activities to be covered during the
Final Team Meeting
• Review the audit findings against the audit objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Process for Collating the Audit
Findings
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Lead Auditor’s Facilitation Role
• Remain objective
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
If the Auditee does not conform
• Be mindful of the level of your authority
• Maintain control
• Double check the findings are based upon sound
evidence
• Do not waiver from the intended message
• Ensure the Auditee does not see it as purely a
negative message
• Check the tone and choice of language used
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Offers of Advice – Are they a
good idea?
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Risks associated with Offers
of Advice
• Ownership
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Contributions during the Closing
Meeting
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Follow-up, why is it
important ?
• Corrective action takes place in a timely manner
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Session 17 Objectives
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Purpose of a Closing Meeting
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Who attends the Closing
Meeting?
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
A Typical Closing Meeting Agenda
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Hidden Agenda
• Preparation
• Objectivity
• Control
• Constructive attitude
• Avoid traps
• Timing
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Evaluating CAPA Proposals?
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Methods for Closing Out Corrective
Actions
• Documentation review
• Re-audit
- Partial
- Full
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0
Audit Objective
Copyright © 2007 Business Edge, All Rights Reserved | ISO 22000:2005 Auditor Lead Auditor Course Ireland Revision 4.0