Act as a food safety subject matter expert who is asked to provide a

consultancy service to a food manufacture to design an internal

audit risk assessment methodology, which based on it you will
assess the degree of activities risk to be considered in the
preparation of internal audit annual program. identify all possible
variables for assessment and prepare the risk assessment matrix in
a form of table, the variables shouldn't be less than 3 to 4 relevant
variables as per the attached requirement
o design an internal audit risk assessment methodology for a food manufacturer based on the
provided requirements, we need to consider several key variables that impact the risk associated
with different activities. These variables will help us determine the frequency and scope of
internal audits.

Key Variables for Risk Assessment

1. Severity of Potential Food Safety Issues: The potential impact of a failure in this area
on consumer health and safety.
2. Likelihood of Occurrence: The probability of non-conformities or failures occurring in
a specific activity.
3. Previous Audit Performance: Historical data on the performance of past audits,
including non-conformities found and corrective actions taken.
4. Regulatory and Standards Requirements: The criticality of compliance with
regulatory and food safety standards.
5. Complexity of the Process: The complexity and number of steps involved in the activity
or process.

Risk Assessment Matrix

Previous Audit Regulatory Total

Severity Likelihood Complexity
Activity/Process Performance Importance Risk
(1-5) (1-5) (1-5)
(1-5) (1-5) Score
HACCP or Food
Safety Plan
Prerequisite
Programmes (e.g.,
hygiene, pest
management)
Food Defence and
Food Fraud
Prevention Plans
Procedures
Implemented to
Achieve the
Standard

Instructions for Filling the Risk Assessment Matrix

1. Severity: Rate the severity from 1 (low impact) to 5 (high impact) based on how critical
the activity is to food safety.
2. Likelihood: Rate the likelihood from 1 (unlikely) to 5 (very likely) based on the
probability of non-conformity occurring.
 3. Previous Audit Performance: Rate from 1 (excellent performance) to 5 (poor
performance) based on historical audit data.
4. Regulatory Importance: Rate from 1 (low importance) to 5 (high importance) based on
regulatory requirements and standards.
5. Complexity: Rate from 1 (simple) to 5 (complex) based on the number of steps and
intricacy involved in the process.

The total risk score for each activity is calculated by summing the values of all variables. Higher
total risk scores indicate activities that should be audited more frequently.

Example Calculation

Assuming the following ratings for the "HACCP or Food Safety Plan" activity:

 Severity: 5
 Likelihood: 3
 Previous Audit Performance: 2
 Regulatory Importance: 5
 Complexity: 4

The total risk score would be 5+3+2+5+4=195+3+2+5+4=19.

Implementing the Methodology

1. Data Collection: Gather relevant data for each variable for all activities.
2. Risk Scoring: Score each activity based on the collected data.
3. Audit Planning: Prioritize activities with higher risk scores for more frequent audits.
4. Review and Adjust: Periodically review and adjust the risk assessment methodology
based on new data and audit outcomes.

By following this risk assessment methodology, the food manufacturer can effectively design an
internal audit program that focuses on high-risk activities, ensuring compliance with food safety
standards and minimizing potential risks.
Act as a food safety subject matter expert who is asked to provide a
consultancy service to a ketchup and mustard factory to design an internal
audit risk assessment methodology, which based on it you will assess the
degree of activities risk to be considered in the preparation of internal audit
annual program. identify all possible variables for assessment and prepare
the risk assessment matrix in a form of table, the variables shouldn't be less
than 3 to 4 relevant variables as per the attached requirement

ChatGPT said:
ChatGPT
To design an internal audit risk assessment methodology for a ketchup and
mustard factory, we will follow a structured approach that incorporates key
risk variables relevant to food safety, quality, and compliance, as suggested
in the document you've shared. The primary goal is to identify the activities
that pose the highest risk and ensure they are appropriately audited.
Here’s how we can develop the risk assessment methodology based on the
information provided:
1. Key Variables for Risk Assessment:
Based on the guidance provided, the following variables should be
considered when conducting the internal audit risk assessment:
 Severity of Impact: The potential impact of failure in the
process/activity on food safety, authenticity, legality, and quality.
 Frequency of Occurrence: How often the process/activity occurs,
increasing the potential exposure to risks.
 Audit History/Previous Non-conformities: The history of audit
findings or non-conformances in this area during previous audits.
 Regulatory and Certification Importance: The importance of the
process in maintaining compliance with relevant standards (e.g.,
HACCP, ISO standards) or customer requirements.
 Control Effectiveness: How well the existing controls and preventive
measures mitigate the associated risks in the process.
 Complexity of Process: More complex processes tend to have more
critical points where things can go wrong.
2. Risk Assessment Matrix:
Below is an example of a risk assessment matrix, with a scoring system for
each variable. Each activity will be assessed against the variables and
assigned a score from 1 to 5, with 5 representing the highest risk.
Severit Frequency Previou Regulatory/ Total
Control
y of of s Audit Cust. Risk
Activity Effectivene
Impact Occurrenc History Importance Scor
ss (1-5)
(1-5) e (1-5) (1-5) (1-5) e
Raw
Material
Receipt
Mixing and
 Severit Frequency Previou Regulatory/ Total
Control
y of of s Audit Cust. Risk
Activity Effectivene
Impact Occurrenc History Importance Scor
ss (1-5)
(1-5) e (1-5) (1-5) (1-5) e
Blending
Packaging
and
Sealing
Finished
Product
Storage
Shipment
and
Distributio
n
Supplier
Approval
and
Evaluation
Hygiene
and Pest
Control
3. Scoring and Evaluation Criteria:
 Severity of Impact:
o 1: Minimal impact (no significant food safety or quality risk)
o 5: Critical impact (serious food safety or quality issues)
 Frequency of Occurrence:
o 1: Rare occurrence (less than once a year)
o 5: Frequent (daily operations)
 Previous Audit History:
o 1: No previous non-conformities
o 5: Significant or repeated non-conformities
 Control Effectiveness:
o 1: Highly effective controls in place
o 5: Weak or no controls in place
 Regulatory/Customer Importance:
o 1: Low relevance to regulatory or customer requirements
o 5: High relevance (directly linked to certifications or customer
specifications)
4. Using the Matrix:
 Each process is scored for all variables.
 The total risk score is calculated by summing the scores for each
variable.
 Activities with the highest total risk score are prioritized in the internal
audit program, potentially receiving more frequent audits.
This structured approach ensures that the audit program is risk-based, with
greater focus on high-risk areas that have a greater potential impact on food
safety, quality, or compliance.
Let me know if you would like to discuss any of the variables in more detail
or adjust the matrix for your specific requirements!

Example: Raw Material Receipt Risk Assessment

1. Severity of Impact (1-5)
 Explanation: The "Raw Material Receipt" process involves receiving
bulk ingredients such as tomatoes, mustard seeds, sugar, and other
additives. If something goes wrong here (e.g., receiving contaminated
ingredients), it can directly impact the safety and quality of the
finished product.
 Score: 4 (High risk of contamination or poor quality affecting the
whole batch).
2. Frequency of Occurrence (1-5)
 Explanation: Since the factory operates on a regular schedule and
receives ingredients frequently, this activity is common.
 Score: 5 (Daily operation with high frequency).
3. Previous Audit History (1-5)
 Explanation: During previous audits, the "Raw Material Receipt"
process has shown several non-conformities, such as improper
documentation of ingredients and suppliers not following proper food
safety practices.
 Score: 3 (Moderate number of non-conformities).
4. Control Effectiveness (1-5)
 Explanation: The factory has implemented supplier approval
programs and established protocols, such as receiving checklists and
supplier audits. However, there have been some gaps in adherence,
indicating that controls are not fully effective.
 Score: 3 (Controls are in place but have gaps).
5. Regulatory/Customer Importance (1-5)
 Explanation: Proper receipt of raw materials is critical to comply with
food safety regulations (e.g., HACCP), and it’s important for
maintaining supplier and customer confidence in the product quality.
 Score: 5 (High relevance to food safety regulations and customer
expectations).

Risk Assessment Matrix for Raw Material Receipt

 Severit Frequenc Previou Total
Control Regulatory/
Activit y of y of s Audit Risk
Effectivene Customer
y Impact Occurrenc History Scor
ss (1-5) Importance (1-5)
(1-5) e (1-5) (1-5) e
Raw
Materia
4 5 3 3 5 20
l
Receipt
Explanation of the Total Risk Score (20):
 The total risk score is 20, which is quite high, meaning that "Raw
Material Receipt" is a high-risk process in this factory.
 Based on this high risk score, the process should be audited more
frequently within the internal audit program—perhaps twice a year or
quarterly, depending on other factors within the organization.
Another Example: Packaging and Sealing Risk Assessment
1. Severity of Impact (1-5)
 Explanation: Packaging and sealing are critical to product safety, as
improper sealing can result in contamination or spoilage.
 Score: 5 (Failure to seal properly can result in safety risks, such as
bacterial contamination).
2. Frequency of Occurrence (1-5)
 Explanation: The factory packages products continuously, so the
activity is frequent.
 Score: 5 (Daily occurrence, high frequency).
3. Previous Audit History (1-5)
 Explanation: No significant non-conformities were reported in the last
few audits, indicating the process is well controlled.
 Score: 1 (No major issues in previous audits).
4. Control Effectiveness (1-5)
 Explanation: Automated machines handle the packaging, and these
machines are regularly maintained and checked for proper operation,
indicating highly effective controls.
 Score: 2 (Strong controls in place).
5. Regulatory/Customer Importance (1-5)
 Explanation: Sealing is a critical point in ensuring shelf life and
product integrity, important for regulatory compliance and customer
satisfaction.
 Score: 4 (Very important for compliance and customer requirements).
Risk Assessment Matrix for Packaging and Sealing
Previo
Severi Frequenc Total
us Control Regulatory/
ty of y of Risk
Activity Audit Effectivene Customer
Impact Occurren Scor
History ss (1-5) Importance (1-5)
(1-5) ce (1-5) e
(1-5)
Packagin 5 5 1 2 4 17
 Previo
Severi Frequenc Total
us Control Regulatory/
ty of y of Risk
Activity Audit Effectivene Customer
Impact Occurren Scor
History ss (1-5) Importance (1-5)
(1-5) ce (1-5) e
(1-5)
g and
Sealing
Explanation of the Total Risk Score (17):
 The total risk score is 17, indicating that while the risk is slightly lower
than "Raw Material Receipt," it still requires frequent auditing, given
the high importance of proper packaging for food safety and quality.
 This activity could be audited at least twice a year.
Risk-Based Audit Plan:
Based on the risk assessment matrix, we can now create an internal audit
plan:
Total Risk
Process/Activity Audit Frequency
Score
Quarterly (4
Raw Material Receipt 20
times/year)
Packaging and Twice a year (2
17
Sealing times/year)
Hygiene and Pest Twice a year (2
15
Control times/year)
Finished Product
13 Annually (1 time/year)
Storage
Supplier Approval 12 Annually (1 time/year)
Key Takeaways:
 High-risk activities like "Raw Material Receipt" need more frequent
audits because they pose a higher risk to food safety and compliance.
 Lower-risk activities like "Supplier Approval" can be audited less
frequently but should still be part of the audit program to ensure
compliance.