Share on

International standards bodies such as the "Global Food Safety Initiative" (GFSI, which encompasses the main food safety standards, such as BRC, IFS, FSSC), as well as the "International Organization for Standardization" (ISO), have been promoting the development of internal audits of management systems as an action for continuous improvement in the company. All these standards require consistent internal audits to validate the recertification. Specifically, the certifications require:

  • Establishment of internal audits plan,
  • Implementation of raw material's supplier audits,
  • Implementation of services’ suppliers audits (I.e. sorting, storing and distribution services).

This positioning has been reflected, for example, in clause 3.5 of the BRC standard, which incorporates as a fundamental clause:

"The company must be able to demonstrate that it verifies the effective application of the requirements of the Standard and any applicable module through internal audits."

It is also reflected in clause 9.2.1 of the ISO 9001 quality and 22000 food safety standards:

“The organization should conduct internal audits at planned intervals to provide information on whether the quality management system:

a) complies with:

1) the organization's own requirements for its quality management system;

2) the requirements of this International Standard;

b) is effectively implemented and maintained. "

In this publication, we talk about the internal audit plan, focusing on explaining its functionality as a continuous improvement tool and how to implement it. Let us begin!

What are the objectives of internal audits?

The main objective pursued when implementing an internal audit plan in a company is to detect improvement opportunities through the development of the Continuous Improvement Cycle PDCA (Plan / Plan-Do / Make-Check / Verify-Act / Act). The PDCA cycle, also known as the “Deming Cycle”, is used as a continuous improvement strategy in various systems used in organizations to manage aspects such as quality, environment, occupational health and safety, or food safety.


Internal audits play a fundamental role in the Verification stage of the PDCA. These allow to collect information for later analysis and thus understand how efficiently the system is running. The verification of the system allows identifying those possible risks or non-conformities and creating new opportunities for proactive improvement. This improvement is achieved through the development of a corrective and preventive action plan, also known as CAPA plan (Corrective And Preventive Actions), which must be implemented in the next stage, Act.

What is the CAPA plan?

When the root cause of a problem is properly understood, it can really be solved. CAPA (Corrective And Preventive Actions) is a plan that derives from the application of different tools used to approach the analysis of a problem in a systematic way in order to achieve control of the processes and, ultimately, help prevent a costly incident of quality or food safety.

It is essential to base the CAPA plan on the identification of the cause of the problem, beyond what happened, it is necessary to know what started the problem. Some of the most used tools for root cause identification are:

  • The 5 Whys: Ask "why" about the problem as many times as possible until the initial root cause is determined. It is not necessary to come up with 5 whys, sometimes the root cause is detected earlier and in others it is not even detected beyond the 5th why. In these cases, it is necessary to approach the analysis with other tools.
  • Ishikawa or Fishbone Diagram: Factors or probable causes are divided in six categories, common in manufacturing environments: people, method, machine, materials, measurements, and environment. In each category the origin of the failure is analysed.
  • Pareto diagram: Useful in trend analysis, it allows classifying the different problems presented by priorities and is based on the 80-20 rule, a statistical phenomenon whereby in any population that contributes to a common effect, it is a small proportion that contributes to most of the effect. In other words, in an analysis of product defects, 20% of defects explain 80% of defective product.

Once the initial cause has been detected, it is time to manage the non-conformities. For this we must define the corrective and preventive actions that are necessary to close them. What is the difference between a corrective and a preventive action?

  • Corrective action (corrective action in ISO terminology): Immediate action to solve a problem. In the case of a customer claim, it could be the replacement of the non-conforming product.
  • Preventive action (preventive action, corrective action in ISO terminology): Action to eliminate the root causes of a problem and prevent its recurrence. In the case of the previous customer claim, the root cause must be identified, and an appropriate action plan proposed to avoid its repetition for any customer. The action plan is integrated into the PDCA continuous improvement plan.

How can we evaluate the effectiveness of the CAPA plan?

PDCA continues to be a wheel that turns and turns, so that the search for opportunities for improvement never stops. Planning an effective approach to managing this process is key, and not only from a regulatory point of view, but also to ensure the company's processes and operations. It must be demonstrated that the root cause analysis and the actions that were previously planned have been effective and have made it possible to definitively resolve that discordant non-conformity. If, on the contrary, we detect the recurrence of the problem, the actions have not been enough and the CAPA plan has not been effective. In most cases it happens because the root cause analysis was not effective, either because there was no single root cause or other contributing factors were not observed, etc.

Thanks to internal audits, it is possible to reassess with a certain frequency the management system of the companies and thus detect new non-conformities or the reappearance of problems that had already been analysed previously. With this, it is possible to detect those CAPA analyses that have been ineffective and promote new solutions to achieve the objective of continuous improvement of the system.

No company, regardless of size, can afford not to have an effective internal audit program. These audits can be customized to suit the process and will differ from company to company. The internal audit program can be viewed as verification of the system and to be used properly it must ensure that all PDCA steps are completed. It is essential to ensure corrective actions / CAPAs are implemented and evaluated to show continuous improvement.

With a good plan, your internal audit or review process will certainly be successful. Do you need more help? At RepaQ you will find expert technical consultants to help you implement a CAPA audit and analysis plan throughout the organization. And remember we are the only official BRC Packaging consultants in Spain. Contact us!