According to ISO (the International Organization for Standardization), an audit is defined as a “systematic, independent, and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” Historically, the word “audit” originated from the Latin word audīre which means “to listen.” Modern day auditing approaches tend to lean more towards conformance versus understanding the scope of the business and its organizational culture. As an internal auditor, below are a few actions that will enable you to both observe and listen objectively.
Plan, Review, and Plan Again
While checklists serve as a great guide to determining the scope of the audit, they are not necessarily intuitive. As an internal auditor, you have access to ongoing operations, personnel interactions (organizational culture), and potential changes to processes and/or products. Reviewing past audit findings and ensuring your current risk-based audit plan are in alignment with each other will help you develop a better plan for the upcoming audit. Consider new risks that may be arising due to the changes in processes, such as formulation, packaging, shelf lives, etc. Effective planning is not episodic but continual and it requires periodic reviews.
Utilize Assurance Mapping to Determine Ownership of Identified Risks
Assurance mapping is a visual tool that outlines the ownership of a specific set of risks and/or compliance requirements within the organization. Based on the Three Lines of Defense model introduced by the Chartered Institute of Internal Auditors, a similar approach can be applied to the world of food safety and quality assurance. The first line of defense is owned by personnel directly involved with end-to-end operations (start to finish), the second line of defense involves the risk management, safety, and quality assurance groups, while the third line of defense involves the auditing bodies (internal and external auditors). Utilizing the assurance mapping tool is a great way to keep cross-functional teams engaged, hold them accountable, and measure results frequently.
Proactively Set Expectations
Often times there is a mismatch between the intent and the impact of an internal audit. As an internal auditor, it is best practice to proactively set the right expectations by orienting the team(s) with what to expect during an audit and focus on the “why.” Food safety and quality is a shared responsibility and by helping frontline employees see the significance of their role in achieving this shared goal, the audit process will be insightful and impactful.
Establish Real-Time Documentation
Audit documentation is steadily migrating from paper-based systems to digital platforms. This ensures real-time updates, enhanced visibility, and transparency. Gaps in communication can be condensed by ensuring the auditor and auditee have gained the same interpretation of the observations and areas for improvement.
Share the Story Through Data Visualization
Reporting internal audit findings can be taken one step further by creating effective visuals that captures and summarizes the audit report. Having a side by side comparison enables the organization to monitor what is working well and what needs to be improved. From my past experiences with sharing the audit findings through data visualization, I noticed a peak in stakeholder and leadership engagement as they were able to visually understand and measure the impact their teams’ performance had on the overall food safety and quality management system.
Internal audits can monitor, engage, and improve the organization’s food safety and quality management system by bridging the gap between people and processes.