Internal Audits

Aligned with FSSC 22000 – ISO 22000:2018 Clause 9.2: Internal Audit

Also Relevant: ISO/TS 22002-1:2009 – Clause 18: Verification of PRPs

Requirement Overview

FSSC 22000 requires organizations to plan, implement, and maintain an internal audit program to verify that the food safety management system (FSMS) conforms to planned arrangements, the requirements of the standard, and any additional regulatory or customer requirements.

Key Standard Reference:

•ISO 22000:2018 Clause 9.2.2 – The audit program must consider the status and importance of processes, previous audit results, and risk-based thinking.

•ISO 22000:2018 Clause 9.2.3 – Internal audits must be conducted by personnel independent of the process being audited.

•ISO/TS 22002-1 Clause 18 – PRPs must be verified to ensure ongoing effectiveness.

Internal audits are critical for identifying nonconformities, driving continual improvement, and ensuring readiness for certification audits.

Key Compliance Objectives

Step-by-Step Compliance Implementation

1. Develop a Risk-Based Internal Audit Program

  • Program Elements:

    • An annual audit schedule covering the entire FSMS and prerequisite programs (PRPs)

      Frequency based on risk, past performance, and regulatory requirements

      Assignment of competent, independent auditors

    Evidence to Maintain:

    • Annual internal audit plan/calendar

      Risk assessment to justify audit frequency

      Auditor competence records (training, qualifications)

2. Conduct Internal Audits Objectively and Thoroughly

  • Execution Requirements:

    • Use approved, process-specific checklists and audit tools

      Review documents, interview staff, and observe activities

      Focus on verifying actual implementation, not just documented intent

      Maintain impartiality by separating auditing from operational responsibilities

    Evidence to Maintain:

    • Completed audit checklists and field notes

      Photos or other supporting evidence

      Signed auditor attendance and training records

3. Report Audit Findings and Classify Nonconformities

  • Classification Guidance:

    • • Minor – Isolated issue with minimal risk to food safety

      • Major – Significant deviation from FSMS requirements (e.g., control charts)

      • Critical – High risk to food safety or legal compliance

    Evidence to Maintain:

    • Audit reports with clear evidence and classification

      Findings logged in an audit tracking register

      Formal notification to responsible process owners

4. Implement Corrective and Preventive Actions (CAPA)

  • CAPA Process Steps:

    • Perform root cause analysis (RCA) for each nonconformity

      Develop and assign corrective action plans with deadlines

      Verify implementation and effectiveness of actions taken

    Evidence to Maintain:

    • CAPA forms with documented RCA

      Action completion verification records

      Updated SOPs, training logs, or control records

5. Review Audit Results and Monitor Trends

  • Trend Review Activities:

    • Analyze frequency and types of nonconformities

      Identify recurring or systemic issues

      Adjust audit scope and frequency based on results

    Evidence to Maintain:

    • Quarterly or annual trend summaries

      Management review records reflecting audit data

      Updated FSMS documents incorporating improvements

Common Audit Findings & Recommended Fixes

Audit Finding Recommended Action
Missing or incomplete audit program Develop and document an annual audit plan with defined scope & risk
Repeat nonconformities in the same area Strengthen RCA process and verify CAPA effectiveness
Lack of audit evidence Retain all checklists, notes, and supporting records
No follow-up on corrective actions Track CAPA status and verify closure before marking complete

Auditor Verification Checklist (FSSC 22000)

Auditors may request to see:

  • Documented internal audit program and risk assessment basis

    Audit reports, findings, and classification records

    CAPA documentation with verification evidence

    Summary of trends and management review minutes

    Auditor competence and independence records

Implementation Roadmap

Build Your Audit Program

  • Create a documented, risk-based internal audit schedule

    Appoint trained, independent auditors

Train and Execute

  • Conduct audits using process-specific checklists

    Document objective evidence for all findings

Track and Follow Up

  • Record findings in an audit log

    Assign and verify corrective actions

Review and Improve

  • Monitor trends and systemic issues

    Update the FSMS and audit plan based on results

Why This Matters?

  • Supports compliance with FSSC 22000 and ISO 22000

    Enables early detection and correction of FSMS issues

    Builds a culture of continuous improvement and accountability

    Strengthens audit readiness and stakeholder confidence

Support Tools Available

Food Safety Systems provides:

  • Internal audit SOP and checklist templates

    Annual audit schedule planners

    Root cause analysis and CAPA forms

    FSMS audit trend analysis tools

GET STARTED NOW

Food Safety Systems is an independent consulting provider. We offer support services to help businesses prepare for FSSC 22000 certification but are not affiliated with, endorsed by, or certified by FSSC Foundation or any of its related entities. All trademarks, logos, and brand names are the property of their respective owners and are used for identification purposes only. Use of these names does not imply any official endorsement or partnership.

For official FSSC 22000 requirements and guidance, visit www.fssc.com.