Tag Archives: internal audits

Bug Bytes

Improving Audit Scores with Pest Management

By Nicole Keresztes James
No Comments

Pests of all varieties pose a significant hazard to the food industry, as they can facilitate the spread of foodborne illnesses by serving as carriers of microorganisms that are the causative agents of these illnesses. Common pests include rodents, insects and birds; depending on geography and climate, other critters can be of concern. Pests contribute to foreign material contamination and adulteration, as they can easily spread disease-causing microorganisms and parasites through their droppings, urine, saliva and body parts. Contamination of food left behind by pests is also a significant source of consumer complaints and negative social media interactions, which can severely erode consumer trust in a company and/or brand.

A common cause of many food recalls is contamination by pests. In 2022, the Canadian Food Inspection Agency issued a recall of food products contaminated by Salmonella due to a rodent infestation. This recall impacted a significant portion of the country, including the western and central provinces. That same year, 400 Family Dollar stores temporarily closed across the US due to a rodent infestation in just one warehouse. In 2023, grocery chain Trader Joe’s recalled more than 10,000 cases of broccoli cheddar soup in seven states due to the presence of insects in the frozen broccoli florets in the soup.

Pest contamination can severely damage both a business’s bottom line and reputation, leading to impacts that can be as significant as bankruptcy or closure. Given the reputational damage that pests can cause, it’s important to remember that a proactive integrated pest management program (IPM) is the cornerstone of any facility’s good manufacturing or good distribution practices program. Mitigating the risks posed by pests can reduce customer complaints and potential recalls.

Common Pests and Their Risks

The most common types of pests in food settings include rodents, insects, birds and other critters specific to the environment and geographic location.

  • Rodents: Rats and mice are often the creatures that first come to mind when thinking about pests. Both can carry diseases that pose significant health risks to humans. The CDC lists a wide variety of diseases caused by viruses, parasites, and bacteria that are directly or indirectly carried by rodents. For example, Salmonella bacteria transmitted through rodent droppings can contaminate food products. In addition to contamination that can lead to foodborne diseases, rodents can contribute to visible foreign material contamination of food products and raw materials (which generally causes an overwhelmingly negative reaction in consumers of the products). They can even be the causative agent of health and safety risks to humans, as they can chew through electrical wiring, which then becomes a fire hazard.
  • Insects: Whether flying or crawling, insects can be problematic in food handling environments. Flies can contaminate food by carrying foodborne pathogens and may also end up as foreign material contaminants in products. For example, studies have shown that the human pathogenic microorganism E. coli O157:H7 is carried by flies of several species from cattle production areas to leafy green crop fields (Berry et al, 2019). Due to their frequent contact with organic waste materials, flies also transmit other pathogens, such as Salmonella enterica, Listeria monocytogenes, Klebsiella spp., and Campylobacter spp. (Shahanaz et al., 2025). Stored product pests, such as beetles and moths, can be a scourge in dry ingredient facilities, including flour mills. Multiple generations of these types of insects can have a cumulative impact on products and facilities over time, resulting in a loss of quality and quantity of the stored food items. Hardy ants and cockroaches are notoriously difficult to eradicate, requiring multiple treatment cycles and, in many cases, structural reconstruction to eliminate them from the facility. The US Food and Drug Administration classifies four types of cockroaches and two types of ants within their “dirty 22” species list due to their ability to spread foodborne illnesses and act as indicators of unsanitary conditions in food processing and storage facilities.
  • Birds: Research shows that there are more than 80 diseases, including Salmonellosis, that can be carried by problem birds such as pigeons and starlings. Birds can carry disease-spreading insects, such as fleas and ticks, while their waste material can teem with bacteria. Bird feces, feathers and nesting materials can fall into food products or onto food contact surfaces, causing direct and indirect contamination. Like rodents, birds can also cause significant damage to the structural integrity of a food facility through their nests and corrosive droppings.
  • Other critters: Depending on the location and type of environment the facility is in, other pests can be just as adept at entering and establishing themselves in a facility. For example, in warmer climates, reptiles and invertebrates not already discussed above can be included on the list of pests that a facility can be vulnerable to. The changing climate globally is also impacting the spread of various pests to areas of the world that have not yet encountered these species. With that in mind, it is even more crucial for food processing and storage facilities to adopt a highly proactive approach to pest management.

Mistakes in Pest Management

The main error that facilities make in their pest management strategy is to take a “hands-off” approach, particularly when they contract the management of pests to a third-party organization. In addition, other common mistakes include failing to update pest management plans and train employees regularly, failing to maintain detailed and up-to-date records, and not fully addressing identified areas of noncompliance. All these mistakes can lead to failed audits and, worse still, negative impacts on food safety.

Implementing a comprehensive, proactive pest management program is crucial for mitigating the risks associated with pests in food operations. The organization must have a skilled and trained internal team of pest control professionals or contract a reputable third-party pest control operator (PCO). Even with a reputable PCO by their side, organizations must still take responsibility for maintaining an open dialogue and partnership with that PCO, recognizing that it is not the PCO who is ultimately responsible for the safety and quality of the products going out to the market. Regardless of who is responsible for the service, failure to continually update the program and train those involved in the pest management protocols is a recipe for failure. Audit standards look not only for inspection records, but also for trending and completed corrective actions that include preventive measures. Not having these aspects of the records available will likely result in points lost during audits.

At the forefront of any well-managed pest management program are controls that ensure that pests are excluded from the premises. Gaps under and around doors and windows are among the most frequently cited nonconformities during audit visits. Other common citations include the mismanagement of pest devices, such as interior rodent devices, insect light traps and bait stations. Ensuring that employees are empowered to report concerns they observe regarding the facility’s structure and the devices placed around the premises is a tremendous asset to the success of the pest program.

Easy, Implementable Fixes

Mistakes may be unavoidable; however, several fixes can quickly support an organization with better pest management. First, establish a close working relationship between the facility’s leadership team and the pest management team, as well as any third-party providers. Frequent discussions about pest pressures, incidents, concerns and trends can help ward off potential issues and develop more proactive solutions.

Second, conduct ongoing surveillance by both the pest management team and properly trained internal personnel, through the checking of pest devices and inspecting the facility for signs of pest activity, entry points and infestation. Concurrently, seek out and implement accessible solutions for adequate documentation. Many pest control providers offer electronic monitoring systems that allow for easily retrievable details during reviews and inspections.

Third, train the facility’s workforce on pests and management strategies as a whole. Work with your PCO to ensure that employees are as up to date as possible on the pest protocols and techniques being used in the facility. Train employees to be vigilant about excluding pests, including those that may enter the facility through employees’ items, and to report any concerns they observe.

Meeting Audit Requirements

Audit standards are rooted in food safety and typically have expectations regarding the establishment and full implementation of a pest management program, including the expertise required, the techniques used, the monitoring completed and the corrective actions implemented. Indeed, one of the best ways to get “audit-ready” is to engage with a competent, licensed PCO. However, regardless of whether working with a third-party PCO or sourcing that competency and knowledge from within the organization, all facilities must remember that pest management is the responsibility of every employee at the facility. It will be through the support of the management team in the implementation of a proactive pest management program that builds on the cooperation of all individuals within the organization (and without, in the case of a third-party PCO) that a positive culture around the elimination of pest-related hazards and, by extension, positive outcomes during audits can be realized.

References

Occurrence of Escherichia coli O157:H7 in Pest Flies Captured in Leafy Greens Plots Grown Near a Beef Cattle Feedlot

Elaine D. Berry, James E. Wells, Lisa M. Durso, Kristina M. Friesen, James L. Bono, Trevor V. Suslow

Journal of Food Protection, volume 82, issue 8, August 1, 2019

Flies as Vectors of Foodborne Pathogens Through Food Animal Production: Factors Affecting Pathogen and Antimicrobial Resistance Transmission

Eshita Shahanaz, KirstenM. Zwally, Cameron Powers, Brandon Lyons, Phillip Kaufman, Giridhar Athrey, Thomas M. Taylor

Journal of Food Protection, volume 88, issue 7, June 23, 2025

Audit

Audits: Internal, Regulatory, and Mock…. Oh, My!

By Jeb Hunter
No Comments
Audit

“Oh no, not another audit!” This is a phrase most professionals in Quality have either heard uttered in staff meetings and huddles or have actually spoken themselves. Audits, whether you embrace them or not, are a staple of every regulatory environment, and how you conduct and handle audits can impact all aspects of your business. When viewed as a means of continuous improvement and preparation, audits can also provide deep, meaningful understanding of your systems and expose gaps when they are embraced as a Quality tool to utilize.

Audits come in a variety of types, but the three main audit types that will be covered here are Regulatory Audits, Internal Audits, and Mock Audits. The ways a company handles, conducts and views these three categories of inspections will set them up for success.

Regulatory Audits – Know Your Regulations to Best Your Regulations

Regulatory audits are some of the most common audits to be had in regulated industries and therefore are also the most common type to need to be prepared for. There are several steps involved with being prepared for a Regulatory audit: Knowing the regulations, having a process, and having people assigned to that process.

The first step seems like it shouldn’t need to be stated out loud, but it does. Knowing the regulations, and more importantly, how those regulations apply to your business and how you can show compliance to those regulations is absolutely critical to ensuring your best chances of a smooth regulatory inspection when the time comes. Take the time to not only read the full text of the regulation you will be inspected against, but step through it clause by clause asking how the clause applies to the business and what would need to be shown documentation wise to an inspector to show compliance. Additionally, remember that regulations periodically update, so the first time you step through your regulation should NEVER be your last. Always keep up with how the regulation has updated year over year and ensure you are not behind the curve on a new or enhanced clause.

The second and third steps go hand in hand: Have a process and have people assigned to it.  Having a written procedure on how to handle regulatory inspections will help ensure trained staff are consistent and prescriptive in how an inspection is handled. This goes a long way to showing an inspector, for many of whom it will be their first time in your business, that you are ready, willing and able to show compliance to the regulatory standards. The written process should cover every aspect of an inspection from greeting an inspector, opening meetings, facility tours, handling of documentation requests including roles and personnel for back action rooms for documentation review prior to entering the audit room, and inspection follow-up.

The procedure should describe for each of these steps who is responsible for executing the step in the process as well as list potential backup personnel for responsibility in order to ensure smooth and complaint execution of your procedure should personnel be unavailable due to vacation, illness, or other leave of absence. Once this process is in place, all staff should be trained on the process and procedure, including personnel not necessarily involved with the process as they will need at least an awareness of what will occur during the inspection.

Once you have completed a review of the applicable regulations, and written and completed training for a procedure to follow, remember that the core mission of agencies like the FDA is public safety, and that inspections, while potentially stressful, are opportunities to engage with the agency and mitigate gaps in compliance with regulations.

Mock Audits – Practice Makes as Perfect as Possible!

Mock Audits are, as the name implies, practice audits against the applicable regulations and implemented processes and procedures to ensure compliance.  Mock audits follow the same cadence as a normal inspection would and should test each aspect of your procedure to ensure compliance. Mock audits, along with Internal Audits discussed next, are a great way to probe and test your Quality Management Systems and unit operational activities to expose and correct any compliance gaps before an actual inspection occurs.  Conducting Mock Audits on a regular basis will also reduce anxiety and uncertainty among your staff in preparing them for an actual regulatory inspection and how normal inspector interactions flow, especially staff members who might be new to the regulatory landscape.

A difference with a Mock Audit versus an Internal Audit will be that the “inspector,” who is a staff member or person contracted by your firm, should be in character at all times during the audit, and should expect to receive responses and documents as if they were not an employee. You will want your auditor in this case to have experience with both the regulations they are auditing against as well as the normal cadence and flow of a regulatory inspection. The auditor should not rely on standardized checklists but instead focus on open ended questioning of processes and procedures and speaking with employees at length to have them talk through the process they are performing. Doing this will benefit everyone involved in that compliance gaps will be identified and addressed, and employees who might not normally spend large amounts of time in the presence of a regulatory auditor or inspector will have the opportunity to learn the best ways to engage questioning.

Internal Audits – Better Me Than Them!

Finally, let’s cover Internal Audits. Internal Audits and associated internal audit programs are not only a good idea to have in place they are a requirement of several regulatory standards. Like Mock Audits, Internal Audits are a great way to identify and address any regulatory gaps you may have in your processes and systems before an actual inspection takes place. The approach here can be simplified down to “Who would you rather find this compliance gap: Me the internal auditor, or a Regulatory Inspector?” Additionally, Internal Audits provide a clear path for deep, thorough analysis of processes and procedures, allowing for processes and systems to be evaluated from a variety of standpoints throughout the internal audit cycle.

For an Internal Audit program, there should be a written defined procedure that covers not only the scheduling and cadence of internal audits but also defines the areas to be covered under the schedule (including Quality!), the process for the issuance of observations, reporting timelines, and auditor qualifications (an item that is often overlooked!).

As internal audits are often a deeper, more meaningful dive into a subject, it is best if possible, to have audit teams for internal audits consisting of a member of Quality as well as various subject matter experts versus a single auditor.  Caution must be taken in this team approach, however, to ensure that an auditor does not audit their own work.  This is especially important when auditing Quality, including an inspection of the Internal Audit Program. It is also a good idea to utilize checklists for audits to ensure that every clause of the applicable standard is reviewed, leaving nothing overlooked to ensure full compliance.

In conclusion, audits and inspections in the various forms they come in are not a requirement to be feared or dreaded.  Audits and inspections are a great tool that when utilized correctly via documented and implemented processes and procedure can help provide deep, meaningful insight into all aspects of a business and help prepare both a facility and the staff for complete compliance to any auditing situation that may arise.

Olvia Pitts

Tips for Building a Robust Internal Audit Program

By Olivia Pitts
1 Comment
Olvia Pitts

Developing an internal audit program does not have to be a dauting task. With a small amount of work upfront a program can be developed and implemented in a matter of weeks. In this article we discuss the key elements of a successful program and provide guidance to ensure that audits add value to the daily operations across the facility.

Have a Plan in Mind

The first step in any successful audit program is to identify the overall structure and format. Audit programs can be set up in a variety of ways ranging from an annual full system audit to monthly departmental audits. The format and structure should be unique to each individual organization. Determine what works best for the organization and stick with it.

Developing a concise schedule will help to ensure expectations are clear. This schedule should be communicated with team members via appropriate channels. Identifying a point person to routinely follow up on the progress of the audits will ensure the program is being managed as expected. Considerations should be made for potential scheduling challenges. Build in additional time for those areas that are known to encounter delays.

Staying consistent with the maintenance and review of the program will ensure all audit activities are conducted within the expected timeframe. This can be accomplished by establishing a routine review of the program. Monthly review meetings can be established to review the audit schedule, results of audits and pending action items. During this time necessary adjustments can be made as needed and communication plans can be established. This helps to drive engagement across the organization around the entire audit program.

Accurate maintenance of audit records is a crucial step in maintaining a successful program. Ensure all records are properly filed and protected by establishing a designated filing system. Developing an organized file structure aids in keeping files in one place and reduces frustrations around locating documentation in the future. Be sure to include records for both internal and external audits as they are a required input to management review and may be needed for future assessments.

Build a Strong Audit Team  

Having a good pool of auditors to pull from is critical. The number of auditors needed will vary based upon the size of the business and complexity of the processes. When considering the format of your team consider the backgrounds of the team members selected. There should be a good mix of experienced and new auditors to provide balance among the group. When assigning auditors to specific areas consider technical knowledge for those complex processes that may require a deeper understanding. Pairing auditors together is a great way for auditors to learn from each other as they work through the review of the data.

Auditing is often a required responsibility for QA/RA. Recruiting internal auditors from departments outside of QA/RA is beneficial, as they bring a different perspective and may ask questions that seem obvious to QA/RA professionals. All of the standards require auditors to be trained and/or competent in the auditing process. Training can be done externally or internally, and companies must show proof of training.

Selecting auditors from varying backgrounds is a great way to incorporate diversity within the team. Each auditor brings their unique experience to the group which builds a richer audit. Varying viewpoints helps to push the team to dig deeper to identify issues that may otherwise go unnoticed. Encourage the audit team to work together to build audit checklists that are specific to the area being audited. Conducting a review of the process and supporting documentation prior to the audit will enable the team to gain an understanding of the area under review. Encourage auditors to not become locked into the checklist but rather think of it as a guide. If audit trails within the scope of the audit arise during the audit be all means explore if time allows. This approach helps to empower the audit team by providing a sense of autonomy over their work.

When building the audit team, management should be mindful of the workload. For the program to be successful you want to ensure that audit team members are not overloaded. Often audits will be delayed due to competing responsibilities of auditors. To mitigate this issue, develop the audit schedule so there is a balance across the assigned audits. Ensuring that the auditor has plenty of time to conduct the audits within the specified timeframe. Overall, the audit team should feel supported and appreciated for their efforts and not be overwhelmed and burdened with the task. A poorly balanced workload only leads to a lack of interest and a disengagement among the audit team.

Provide Opportunities for Education

Providing an understanding of quality management systems and the standard being audited is imperative to the success of any audit program. There are two groups that require education. Education for the auditors and those that are participating in the audits. The auditors need an in-depth understanding of the standard and the requirements which they are auditing against. While the employees need awareness of how the management system is structured and their role in supporting it.

These educational goals can be accomplished both formally and informally across the organization. Auditors will need a more formalized structured training program that focuses on the details of the standard and auditing principles. While employee training can be incorporated into departmental meetings or shared through one-point lessons. Building education programs into existing activities is a great way of incorporating the audit program into the organizational culture. This helps to educate as well as share information with those in the organization who may otherwise not have awareness. This could be conducted via training sessions around processes and their linkage to the standard in which the organization is certified. Providing an understanding of the connections between the departments helps build collaboration between working groups. Employees gain exposure to what others in adjacent departments are doing and obtain a sense of understanding of challenges that may be faced by those groups. This in turn results in a collaborative team approach to the management of the overall system.

Involving employees from all parts of the business helps to drive the message that the system cannot operate in one department alone. Through education, employees will be able to understand their role in the system. This will lead to more engagement in the internal audit program. Employees will become excited to aid in audit activities and improvement initiatives because they will see positive results. They will gain understanding of the impact of their actions and how it impacts the overall system. This value-added approach will result in a favorable outcome for both the organization and the individual employees.

Promote Continuous Improvement

The support of top management is a very important element in the success of any audit program. Establishing a culture of continuous improvement will motivate the team and build engagement across the organization. This can be accomplished by frequently sharing status updates around the management system activities. A simple 15-minute update during sitewide meetings goes a long way. It demonstrates a commitment to the program and growth of the organization and its people.

Develop a format of communicating the details around the management system and any upcoming activities. This can be done by having a specific time each month when updates are provided. Putting this on the calendar will ensure that information is effectively communicated. Details should include both the negative and positive outcomes of internal and external audits. Include specifics around the audit findings and actions taken to address concerns. This will communicate to employees that the organization is serious about growing and is focused on improvement.

Sharing information helps to engage employees by bringing them into the improvement efforts rather than just being bystanders. These seemingly small actions can help drive excitement for the overall program and build a culture of quality. Lastly, be sure to celebrate the wins and ensure that team members are appreciated for their efforts. Building a successful internal audit program is a lot of work. Celebrating and acknowledging the efforts of the team is imperative.

Accomplish the Mission  

There are many ways to build a successful internal audit program. Taking the time and effort to think through the process of identifying the format, structure and team members is critical. By reviewing these items upfront roadblocks can be identified early on. There will always be unforeseen challenges yet having a plan is key to developing a successful program. With a strong commitment from top management and a mindset of continuous improvement an organization can establish a robust internal audit program that exceeds expectations.