Introduction: Why Internal Audits Matter More Than Ever
On November 19, Karine Lawrence of Sirocco Food + Wine Consulting joined Felicia Loo of SFPM Consulting to co-host a focused, high-value webinar on one of the most misunderstood tools in food safety: internal audits. Together, they clarified what internal audits really entail, how they support SQF certification, and what food businesses can do to strengthen compliance, reduce non-conformities, and build a stronger food safety culture. Below is a summary of the combined insights from both Felicia and Karine:
Internal Audits as a Diagnostic Tool
What an Internal Audit Actually Is
Karine opened the session by reinforcing a foundational message: internal audits are not box-checking activities. They are structured, planned evaluations designed to uncover gaps before an SQF auditor does. She expanded on this definition by highlighting that audits must be conducted by trained, independent internal auditors who rely on objective evidence including records, interviews, and direct observations to confirm compliance with SQF requirements. Rather than treating internal audits as administrative tasks, Karine encouraged businesses to see them as diagnostic tools that reveal weaknesses early, protect your brand, and strengthen operational resilience.
Key characteristics of a strong internal audit:
- Planned and risk-based
- Conducted using structured checklists
- Supported by objective evidence
- Fully documented
- Followed by corrective actions and verification
- Treated as continuous improvement, not a one-off task
Understanding the Three Types of Audits
Felicia outlined the three audit categories to help teams understand where internal audits fit within the broader compliance ecosystem:
First-party audits – internal audits performed by your own trained staff.
Second-party audits – audits conducted by customers or performed on suppliers.
Third-party audits – certification audits conducted by an accredited body.
This distinction helps internal teams prepare appropriately and understand their role in each type of audit
What SQF Internal Audits Must Cover
SQF requires internal audits to evaluate three key components of your food safety management system:
Product, Process, and System Audits
Karine and Felicia explained the three layers of internal auditing under SQF, and the slides deepen this understanding with examples:
Product Audits
Verify that finished products meet:
- Safety requirements
- Customer specifications
- Labeling accuracy
- Regulatory expectations
Process Audits
Assess whether procedures are being followed consistently. Examples include:
- Labeling accuracy (especially allergens)
- Sanitation steps
- CCP/PC monitoring
- Metal detection
- Storage conditions
System Audits
The most comprehensive level, evaluating:
- HACCP / Food Safety Plans
- Preventive Controls
- PRPs and GMPs
- Document control
- Training programs
- Supplier approval
- Food defense and food fraud
- Validation and verification activities
The system audit ensures the entire food safety management system works as a connected, functioning whole.
Essential Audit Terminology
Karine walked participants through foundational terminology:
- Conformance/Compliance: Meeting the requirement of the standard or procedure.
- Non-conformance: Failure to meet a specified requirement.
- Correction: Immediate fix (e.g., relabeling a product).
- Corrective Action: Long-term fix addressing root cause.
- Objective Evidence: Facts gathered through interviews, observations, and records.
Her emphasis: No assumptions. No hearsay. Only facts.
Internal Audit Requirements Under SQF
Felicia reviewed essential SQF expectations, supported by the slideshow:
- Internal audits must cover all applicable SQF elements at least annually.
- Auditors must be trained, competent, and independent.
- The audit program must be documented and include scope, criteria, frequency, and responsibilities.
- Internal audits are not the same as site inspections. GMP inspections may support audits but cannot replace them.
- Facilities must retain documentation, implement corrective actions, and verify closure.
Common SQF Non-Conformities to Focus On
Both Karine and Felicia shared recurring gaps seen during internal and third-party audits:
- Gaps in HACCP or Food Safety Plans
- Incomplete sanitation records or weak validation of cleaning procedures
- Environmental monitoring program weaknesses
- Pest control deficiencies
- Poor ventilation or airborne contamination risks
- Inadequate document control
- Insufficient training records
- Food defense and food fraud risks undocumented
- Metal detection or X-ray verification failures
These are areas internal audits should prioritize, especially if past NCs have occurred.
Using PDCA to Close Internal Audit Findings Effectively
Felicia introduced the PDCA framework as a cornerstone of effective corrective action management. Karine expanded with practical tools and examples:
PLAN
Identify the issue, gather evidence, perform root cause analysis.
DO
Implement corrective and preventive actions. Update procedures, retrain staff, revise records, or modify equipment as needed.
CHECK
Verify whether corrective actions were effective. Review records, observe operators, and test the system to ensure the issue doesn’t recur.
ACT
Standardize the improvement or re-enter planning if the issue persists.
Karine expands this with RCA tools:
- 5 Whys
- Fishbone diagram
- Pareto analysis
- FMEA (Failure Mode & Effect Analysis)
These help teams identify why problems occur instead of repeatedly retraining employees.
Internal Audits as a Dress Rehearsal for SQF
Felicia stressed that internal audits should simulate the real certification experience. Karine added tactical guidance for preparing teams to:
- Answer auditor questions
- Retrieve documents quickly
- Explain processes confidently
- Demonstrate understanding of food safety responsibilities
- Engage with auditors rather than fear them
Both Felicia and Karine agreed: the more realistic the internal audit, the smoother the certification.
Food Safety Culture: The Foundation of Audit Success
One of the strongest themes in Karine’s presentation was that internal audits are only as strong as the facility’s food safety culture.
Karine highlighted several important points:
- 23% of companies report their FSMS is underdeveloped.
- Turnover is a top threat to food safety culture.
- Certification success depends on leadership engagement.
Karine emphasized leadership’s role:
- Attend opening and closing meetings
- Participate in HACCP reviews
- Support corrective actions
- Provide resources and time for training
- Demonstrate visible commitment to food safety
- Strong culture directly improves audit performance.
Strategies for Stronger Internal Audits
Drawing from both Karine’s slides and Felicia’s practical guidance, the top strategies included:
- Use risk-based scheduling
- Review previous NCs before beginning
- Provide annual internal auditor training
- Use internal audit roadmaps and checklists
- Incorporate interviews, observations, and record reviews
- Use mock audits to simulate certification
- Verify corrective actions, not just record them
- Involve management in audit cycles
- Ensure auditors stay independent from the areas they review
These steps help ensure internal audits truly improve system performance.
Final Takeaway: Competency Comes from Practice
Felicia encouraged new auditors to start small and build confidence gradually. Karine closed with a reminder that internal auditing is a developed skill, not innate-experience builds fluency, consistency, and impact.
Need Support with Internal Audits or SQF Certification?
Sirocco Food + Wine Consulting supports food businesses across Canada and the U.S. with:
- Internal auditing
- SQF development
- HACCP, PCP & FSMA compliance
- Gap assessments
- Auditor-ready documentation
If your facility needs help strengthening your internal audit program or preparing for SQF certification, Sirocco is ready to support your team.
