16 replies to this topic

[Miss Tammy]

So basicaly we need to do the entire BRC audit internaly?  We are a very small company, 2 facilities with about 120 employees each.  Our management staff is limited to Plant Manager, S&R Manager, HR Manager, Maintenance Manager, and Quality Manager (me).  Each department should be audited by someone outside of the department.  The problem is other than myself, none of the other managers know much about the other departments as related to the BRC standards.  How can I train the maintenance manager for example to audit our HACCP program so that he could be considered proficient?  HR will audit Pest Control?  This would end up being extremely time consuming, and as we all wear a lot of different hats, time is very valuable.  Any advise on how to handle this?  Our resources are limited as well, so an outside auditor is out of the queston.  Any help with this would be appreciated!

[Charles.C]

So basicaly we need to do the entire BRC audit internaly?  We are a very small company, 2 facilities with about 120 employees each.  Our management staff is limited to Plant Manager, S&R Manager, HR Manager, Maintenance Manager, and Quality Manager (me).  Each department should be audited by someone outside of the department.  The problem is other than myself, none of the other managers know much about the other departments as related to the BRC standards.  How can I train the maintenance manager for example to audit our HACCP program so that he could be considered proficient?  HR will audit Pest Control?  This would end up being extremely time consuming, and as we all wear a lot of different hats, time is very valuable.  Any advise on how to handle this?  Our resources are limited as well, so an outside auditor is out of the queston.  Any help with this would be appreciated!

Dear miss tammy,

 

maybe have a look at this current thread -

 

http://www.ifsqn.com...elp/#entry67152

 

Rgds / Charles.C

[Simon]

You need a team Miss Tammy, spread the load, spread the responsibility, spread the accountability, spread the knowledge.  It's the only way.  If you break down the entire BRC standard into chunks of related clauses and then divide them over 12 months and do a little auditing every week then it's not such a massive task.  Based on risk assessment you may choose to audit some clauses more than once a year (especially GMP related ones).

 

An added benefit is you are continually assessing and preparing yourself for the next BRC audit, thus heading off potential non-conformances and perhaps get a better result on the Certification audit.

[Zeeshan]

Agreed with Simon. One more thing. BRC and all other standards require to make a multi–disciplinary multi-functional team which would be responsible to manage all activities of system including internal audits. Logically it could not be possible to hire multi-talented personnel in every department. Since you are the only all.in.all, you have to teach and train other. Here are some guidelines.

1. Do not take tension. BRC is not a rocket science. It , however, takes some time and efforts to make the concepts simpler and digestable for other.

2. Assess competencies of all your personnel. Then judge who is more competent in one or more particular segments of brc standard.

3. Arrange short and interesting presentations. Simple assessment/ questionnaires. Highlight them about their shortcomings and mistakes in assessments.

4. Believe yourself and make other to believe in the golden principle- practice leads to success.

Edited by Zeeshan, 19 December 2013 - 04:48 PM.

[Charles.C]

You need a team Miss Tammy, spread the load, spread the responsibility, spread the accountability, spread the knowledge.  It's the only way.  If you break down the entire BRC standard into chunks of related clauses and then divide them over 12 months and do a little auditing every week then it's not such a massive task.  Based on risk assessment you may choose to audit some clauses more than once a year (especially GMP related ones).

 

An added benefit is you are continually assessing and preparing yourself for the next BRC audit, thus heading off potential non-conformances and perhaps get a better result on the Certification audit.

 

Yes. And a budget.

 

Charles

[Miss Tammy]

Yes. And a budget.

 

Charles

Thanks to all for taking the time to help.  We have our BRC certification (3 "A's" in a row).  We did a very simplified internal audit involving all managers, and did not receive a nonconformance. In fact, the auditor barely looked at it.  This year, we will have a different auditor and believe we may not be as fortunate.  If we use the same internal audit as in the past, can we argue that it was acceptable in 3 prior audits?

[Charles.C]

Dear Miss Tammy,

 

what kind of products / process are you doing ? RTE ?

 

Rgds / Charles.C

[Miss Tammy]

Yes.  We produce fresh and frozen bagels, so we ae very low risk.  I also read something about the BRC audit check list not being acceptable as an internal audit, only as a guide.  I think this was in the interpretation guide lines.

[Charles.C]

Dear Miss Tammy,

 

I also read something about the BRC audit check list not being acceptable as an internal audit, only as a guide.

 

My guess is you mean this –

 

While we hope that this tool is useful in helping you prepare for your audit it should not be considered as evidence of an internal audit and will not be accepted by auditors during an audit.

 

It doesn’t exclude you from editing the text of course.

 

I appreciate the FS logic in your/BRC’s  interpretation of “low risk” however some auditors may still  consider that any RTE product is a “significant” risk from a process POV and act accordingly.

 

Nonetheless, if you try a little searching on the IT, you will readily see that the BRC auditor expectations on this general topic, and sometimes for RTE products, show some acceptance across the whole range of the various proposals made here. An inevitable outcome of BRC’s  fascination with “risk-based” themes perhaps.

 

My personal opinion regarding yr “historical” query is that, at best,  most auditors will probably smile, profess “ignorance” and carry on in their own sweet way.

 

Here are some illustrative  comments for situations vaguely similar to that under discussion –

 

 auditing.png   210.12KB   16 downloads

 

(Some further inferences can possibly also be made from what is not stated).

 

Rgds / Charles.C

 

PS - (added later)  One other option (obviously at a price) could be to use an appropriate external "person" as yr internal auditor. I recall one of the UK (I think)  posters here was performing such a function  in a very recent thread. I note yr resources comment in OP but professional SQF "practitioners" in US might be interested in a little moonlighting perhaps?

[GMO]

Two sites; 240 people in total or 120 people(?)  Either way is not actually that small a company.

 

Have a think again about independence.  There aren't that many sections of BRC which are totally managed by you where you would need someone else to audit surely?  Is your pest control conducted by a contractor?  Yes?  Then you're independent if you audit it.

 

I think the key ones are things like HACCP, Internal audit and complaints where the QA Manager is likely to be the person who does the majority of the work.

 

As for competence in HACCP, are the other managers part of the HACCP team?  If so they must have some knowledge of it?  Remember you're the auditee as well so you can guide them through it? Alternatively if you want to, it might be worth getting in a contractor to audit your HACCP plan.  Yes interims are expensive but they could easily achieve that in one day.

 

TIme is valuable for all of us.  Have pity on those of us who don't just have to comply with BRC but TFMS, M&S COPs, Kosher, Halal... etc, etc. 

[KevinB]

To all who replied to this topic thank you very much.  I am in the same boat although much smaller than miss tammys.  We are a company of 20 that produces cheese. I have been having a very hard time wrapping my head around some of these concepts, auditing being one of the major ones, and how to implement them. The guidance is greatly appreciated. 

 

Kevin

[Tony-C]

So basicaly we need to do the entire BRC audit internaly?  We are a very small company, 2 facilities with about 120 employees each.  Our management staff is limited to Plant Manager, S&R Manager, HR Manager, Maintenance Manager, and Quality Manager (me).  Each department should be audited by someone outside of the department.  The problem is other than myself, none of the other managers know much about the other departments as related to the BRC standards.  How can I train the maintenance manager for example to audit our HACCP program so that he could be considered proficient?  HR will audit Pest Control?  This would end up being extremely time consuming, and as we all wear a lot of different hats, time is very valuable.  Any advise on how to handle this?  Our resources are limited as well, so an outside auditor is out of the queston.  Any help with this would be appreciated!

 

Hi Tammy,

 

You might want to try using BRC Global Standards Self-Assessment Tool FO037 17.5.2012

Sounds like you do need to invest in is training, as per BRC clause 3.4.2 internal audits shall be carried out by appropriately trained competent auditors. This would include HACCP training if the auditor designated is not competent in HACCP Systems.

Your audit schedule should be based on risk - I will post some examples later as I can't get files to attach to my posts at the moment.

So taking into account the resources available, you schedule your audits. If you find that audits are turning up many non-conformances then this is an indication that your schedule is insufficient and more audit resource is required.

If you have no comments previously regarding internal auditing, given it is a 'Fundamental' requirement it should have been scrutinised quite closely by auditors, it would be something you could complain about if a major non-conformance was raised. Having said that if the company is not putting the resources into internal auditing then this should be of concern. Have you asked for other auditors as they don't have to be management, the quality team are also used in many organisations?
 

Regards,

 

Tony

[bacon]

Yes, many of the observations above are good. Internal Audits have certainly been a focus in many of the GFSI benchmark new versions.

 

In the past I have taken each #.# section and boiled each #.#.# section down in to checklist essentials retentive to an annual audit (may have to be portioned out through the year as suggested above) for your facility (given your particular food risks, trouble spots, etc); given its relevance, this does not have to cover each of the itemized 200+ clauses. I have always thought about it as focusing on the clauses that are able to be sampled randomly and easily measured (though not always the case).  

 

This method can be used on monthly (a bit more granular than above) and an even more granular daily prp/gmp/ssop/pre-op checks.

 

I understand the 3.4.2 "independent" issue. Not usually an issue with monthly/daily audits but can sometimes be an issue with annual ones (given appropriate training/competencies, 3 tiers can usually solve this issue: QA Director, Manager, Tech or QA Manager, Supervisor, Tech ).

 

Some food for thought.

Cheers

[isabelle campbell]

The plant I work in is BRC certified with only 10 people.  Only two of our staff have training to perform internal audits.  While it would be possible for these staff to have independence from the areas they might audit, it just isn't feasible for them to do a good job what with all their other duties.  Our company retains the services of a company that offers internal auditing services (Perennia in Atlantic Canada) specifically BRC.  With their assistance/guidance, we are also grade A three years running.  Our rationale has been that an independent company who's job it is to audit, is going to do a way more thorough job than someone who does it intermittently through the year.

[Simon]

I believe it's a good idea to do some yourself and outsource what you cannot do due to lack of time or not being independent. It's good to have expertise from outside with a fresh set of eyes and can bring best practice from wider industry, but also critical to retain some internal ownership and ability for at least part of the internal audit program.

[Tony-C]

Hi Tammy,

Your audit schedule should be based on risk - I will post some examples later as I can't get files to attach to my posts at the moment.
 

Regards,

 

Tony

 

Hi Tammy,

 

Here are those examples:

 

 BRC Audit Plan with Risk Rating.pdf   202.04KB   427 downloads

 

 BRC Audit Plan with Risk Assessment.pdf   218.4KB   432 downloads

 

Regards,

 

Tony

[JSB531]

It seems the internal audit should be of your internal practices and procedures to comply with the standard, not another audit of the standard.