BRC Internal Audit Requirement
For the BRC requirement, is every clause of the standard required to be internally audited? Basically, when I set up the audits does each of the clauses of the standard have to be covered? I have not been through a BRC audit yet. I am assuming the BRC internal audit requirement is very similar to the ISO requirement.
The BRC standard requires that "Internal audits shall be schedules that all aspects of food safety and quality management system are audited at least annually". I do not have experience with the standard but am very familiar with ISO 9001:2000.
For the BRC requirement, is every clause of the standard required to be internally audited? Basically, when I set up the audits does each of the clauses of the standard have to be covered? I have not been through a BRC audit yet. I am assuming the BRC internal audit requirement is very similar to the ISO requirement.
Hi Mfsanlau
it's not the clauses of the BRC that you need to audit, but the documents in your quality system.
You will, for the BRC, need to risk assess how you have decided which documents to audit. As a rule of thumb, i would always audit annually the documents that correspond to your CCP's and your HACCP plans.
What i did was create a table with the title of each of my Quality Manual documents, and scored them, according to a risk assessment that took into consideration risk likeliehood and severity, if anything was wrong with that procedure. I also did it with all of the work instructons used, scoring those that were pertinent to CCP's highly so that they were audited.
hope this helps
Cx
I presume you are referring to section 3.5 et seq. Although I hv not been audited for ver5, the intent of standard’s main section text seems not radically changed from versions 3 > 5, ie is currently
Previous BRC versions also included the phrase “which are critical to product safety, legality and quality” after the word “procedures” in above 3.5 which simplifies the field down a bit compared to "cover ....Safety". I also agree with Caz that 3.5.1 (then and now) implies prioritisation is acceptable (and I suppose expected), I guess the crunch is how much prioritisation effort you want to do and how the auditors’s evaluate it (competency factor ?)3.5 Internal Audit
FUNDAMENTAL
The company shall audit those systems and procedures, which cover the requirements of the Global Standard for Food Safety to ensure that they are in place, appropriate and complied with.
Must admit my auditors seemed quite happy to review all the Quality system / Procedures / HACCP documentation and then to study routine 3-monthly internal surveillance / corrective responses of GMP controls (particularly tabulated to include the Standard’s defined items
Maybe the auditors are now simply getting smarter or are feeling the necessity to do more to justify their nice charges.
Very interested to hear some more experiences. I am predicting that not many people are as diligent / conscientious as Caz ?
Rgds / Charles.C
Melody
Thanks for the replies. They definitely help and I think we already have most of it in place accept for the risk assessment.
Melody
Just Risk Assess, Risk Assess and Risk Assess!!
it worked for me, i got an "A" on issue 5
Can anybody help me with risk assessing as this is new to me
A layout template maybe?
Thanks
C x
Our internal auditor is ISO-9001 trained - again this has not been a problem previously. Now we're also told the internal auditor should be lead-assessor qualified.
Does anyone know if internal auditors have to have lead-assessor? If not, what other qualifications are likely to be deemed acceptable? (we are a low risk processing site).
Many thanks.
PS Sincere thanks to all contributors to this website for their valued input and feedback!
We've just been through a pre-assessment audit today in preparation for BRC-5 in a few months' time. We have maintained an ISO 9001 QMS which has held us in fair stead in past years. It generated a NC last year for not covering the scope of the requirements, which we duly corrected in reference to the two areas of non-compliance under examination. Suddenly, now, our entire internal audit programme has been dismissed as "meaningless". We have the same auditor as for the past 4 years (a self-confessed disliker of ISO).
Our internal auditor is ISO-9001 trained - again this has not been a problem previously. Now we're also told the internal auditor should be lead-assessor qualified.
Does anyone know if internal auditors have to have lead-assessor? If not, what other qualifications are likely to be deemed acceptable? (we are a low risk processing site).
Many thanks.
PS Sincere thanks to all contributors to this website for their valued input and feedback!
At my site, i have about 15 internal auditors, who have trained with LRQA. we do not have ISO accreditation, although i do have Issue 5 BRC. LRQA will do their internal auditor training on site, and i must admit their training is excellent. i would think that 1 auditor is not enough to be honest.
I have done lead auditor training, but i do not conduct audits. i see myself as being the "referee". i plan the audits, and monitor the corrective actions etc.
The standard doesn't say that you have to have a lead auditor, just that the auditors need to be adequately trained.
Caz x
At my site, i have about 15 internal auditors, who have trained with LRQA. we do not have ISO accreditation, although i do have Issue 5 BRC. LRQA will do their internal auditor training on site, and i must admit their training is excellent. i would think that 1 auditor is not enough to be honest.
I have done lead auditor training, but i do not conduct audits. i see myself as being the "referee". i plan the audits, and monitor the corrective actions etc.
The standard doesn't say that you have to have a lead auditor, just that the auditors need to be adequately trained.
Caz x
Caz, many thanks. You must be running a large site. 15 people is 60% of our total staff!
I'll look into LRQA.
Thanks again.
PS To all - our auditor was already talking up Vers. 6, which he said was leaning towards unannounced audits as standard - not good news for anyone, especially small companies like ours (if true).
"Unannounced audits" sounds like excellent news for ISO 22000
Thks for the rumour.
Rgds / Charles.C
Dear ISO17205,
"Unannounced audits" sounds like excellent news for ISO 22000Or perhaps IFS ??
Thks for the rumour.
Rgds / Charles.C
You/re welcome Charles.
It is only a rumour, but did come from our BRC auditor. I wouldn't be surprised, as I wonder where else a Version 6 could go?
B/regards,
ISO17025
However, and this is the catch, they will audit anywhere between month 9 and 12.
So, if you are audited in January, you could have an unannounced audit in September, making that 2 audits in year 1. The next one could then be in June in year 2. The following year (3) it may be March. By year 4 the audit would again be in January. that means by year 5 you will have had 6 audits rather that 5 if you don't opt for an unannouced.
a nice little earner i think, knowing how much we pay for the audits!
Often, an unannounced / unscheduled audit is performed on an organization when a serious non-conformity had ocurred previously and customer needed an independent review of the potential residual risk but unusual for a conformity reconfirmation audit to be performed in this manner.a nice little earner i think, knowing how much we pay for the audits!
I can only suspect the only reason for an unannounced audit as what you had implied.
Often, an unannounced / unscheduled audit is performed on an organization when a serious non-conformity had ocurred previously and customer needed an independent review of the potential residual risk but unusual for a conformity reconfirmation audit to be performed in this manner.
I can only suspect the only reason for an unannounced audit as what you had implied.
Hi Suzuki
BRC version 5 gives you the "option" to have an unannounced audit, and this is the only way you can get an A*. they usually ask you in your closing out meeting if you want to opt for this.
As for having an unannounced audit to check on a major non-conformity, must admit i wouldn't know as i've never been unfortunate enough to have one.
caz x
I also set out my FSQ Manual in the same order as the BRC so it can be used to cross reference which parts of the FSQMS refer to which clauses.
Yes, I am that anal.
I also set out my FSQ Manual in the same order as the BRC so it can be used to cross reference which parts of the FSQMS refer to which clauses.
Yes, I am that anal.
I don't think thats anal at all (mainly because thats what I do as well). The easier the auditor can find the information they need for their paperwork the better if you ask me. Plus less chance of missing something out, especially with all the extra points that need covering with V5.
The optional unannounced audits are a hint of things to come IMO, the differences between V4 and V5 of the BRC have the big 5's stink all over them. The major multiples love the idea of unannounced audits and I believe that in version 6 these will no longer be optional.
I don't think thats anal at all (mainly because thats what I do as well). The easier the auditor can find the information they need for their paperwork the better if you ask me. Plus less chance of missing something out, especially with all the extra points that need covering with V5.
The optional unannounced audits are a hint of things to come IMO, the differences between V4 and V5 of the BRC have the big 5's stink all over them. The major multiples love the idea of unannounced audits and I believe that in version 6 these will no longer be optional.
Won't it be fun if Mr Tesco / Asda / Sainsbury's turn up at the same time as your unannounced BRC!
who will take precedent, and will we still have to pay for the cost of a (non)audit????
ps I'm anal too, as i audit my FSQ in it's entirety each year.
Simon
I used to be really, really anal, but over the past couple of years I've become more relaxed. And I have to say it feels quite good, almost liberating. That said I probably wouldn't pass a BRC audit, especially if it were unannounced.
Simon
MMM i'm with you Simon...i might scape it, but i'd be a nervous wreck!
At my site, i have about 15 internal auditors, who have trained with LRQA. we do not have ISO accreditation, although i do have Issue 5 BRC. LRQA will do their internal auditor training on site, and i must admit their training is excellent. i would think that 1 auditor is not enough to be honest.
I have done lead auditor training, but i do not conduct audits. i see myself as being the "referee". i plan the audits, and monitor the corrective actions etc.
The standard doesn't say that you have to have a lead auditor, just that the auditors need to be adequately trained.
Caz x
What do you mean with "adequately trained"?
I had a NC for not having adequately training (3.5.2). Nevertheless I have several certified training in GMP, HACCP, quality and food safety management systems (Iso 22000? ¿Is it obligatory to i have certified training as internal auditor?. The auditor told us that we had to do a certified training in issue 5 BRC, but we have certified brc each year since 2004 and we did a training on line about the issue 5.
What do you mean with "adequately trained"?
I had a NC for not having adequately training (3.5.2). Nevertheless I have several certified training in GMP, HACCP, quality and food safety management systems (Iso 22000? ¿Is it obligatory to i have certified training as internal auditor?. The auditor told us that we had to do a certified training in issue 5 BRC, but we have certified brc each year since 2004 and we did a training on line about the issue 5.
BRC v5 does not say you have to have a certificated auditor, just that they need to be "appropriately trained and competent". I can't see why the training you have already done shouldn't cover that. You need to argue the point with the auditor.
I recently watched a webinar about BRC and they mentioned that Internal audits should be completed prior to the audit. In all the BRC audits i've been in, it was always acceptable to show the schedule of when they are set to be completed. Can anyone shed some light on this?
Hi all,
I recently watched a webinar about BRC and they mentioned that Internal audits should be completed prior to the audit. In all the BRC audits i've been in, it was always acceptable to show the schedule of when they are set to be completed. Can anyone shed some light on this?
I completely agree with the webinar. I am shocked if any BRC audit allowed you to get away with that! Sorry mate, IME of being audited against the standard; every part of your FSQMS should be audited against the BRC standard prior to your first audit and on an ongoing basis need to be audited at least once a year (but the frequency should be risk assessed not just audit each part once.)