Jump to content

  • Quick Navigation
Photo

How to ensure independent internal audits in a small company?

Share this

  • You cannot start a new topic
  • Please log in to reply
17 replies to this topic

kmbauman

    Grade - Active

  • IFSQN Active
  • 5 posts
  • 0 thanks
0
Neutral

  • United States
    United States

Posted 30 December 2013 - 03:18 PM

We are a very small company (20 employees total) working on our BRC certification. This internal auditing section is very tricky as we only have a handful of staff. 

Any suggestions on how we can go about internal auditing using auditors "independent" from the audited department when we don't have anyone?



GMO

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,797 posts
  • 722 thanks
226
Excellent

  • United Kingdom
    United Kingdom

Posted 30 December 2013 - 03:37 PM

When you read through it, you actually find it's reasonably easy to be independent for most sections.  I would say the only ones where it's hard are; quality manual, complaints, HACCP and internal auditing.  The rest, unless everyone is hands on in making stuff, you should be ok.

 

What some places do in the UK is employ an interim for a couple of days to cover off the remaining sections.  If you get a good interim they will charge, maybe £300-500 a day but they should be able to cover those four audits in one day.  At least I managed it in the past anyway!  Or if you have a good working relationship with another food company, could you offer an exchange of staff to do each other's 'independent' audits?



Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5662 thanks
1,544
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 31 December 2013 - 02:22 AM

We are a very small company (20 employees total) working on our BRC certification. This internal auditing section is very tricky as we only have a handful of staff. 

Any suggestions on how we can go about internal auditing using auditors "independent" from the audited department when we don't have anyone?

Dear kmbauman,

 

Unfortunately, it's a common dilemma/frequent query on this forum.  The solution seems to vary from minimal to maximal, possibly related to available resources via "Company Policy". BRC auditors are also no doubt well aware of the difficulty. :smile:

 

This recent thread may be of some interest -

 

http://www.ifsqn.com...lly/#entry67354

 

Rgds / Charles.C


Kind Regards,

 

Charles.C


George @ Safefood 360°

    Grade - SIFSQN

  • Corporate Sponsor
  • 374 posts
  • 326 thanks
31
Excellent

  • United States
    United States
  • Gender:Male
  • Location:Ireland and USA

Posted 02 January 2014 - 01:15 PM

I have seen BRC auditors take varying interpretations of this requirement. It is a difficult one since in small companies the best individual for auditing HACCP (one of the most critical elements of the system) is usually the person responsible for HACCP (e.g. technical and quality manager) It may be worth the investment to bring in an competent external auditor twice a year to audit the entire system inducing those areas like HACCP where it is difficult to have independent, but more importantly, competent audits by internal team members.

 

George 



Tomato Country Girl

    Grade - MIFSQN

  • IFSQN Member
  • 85 posts
  • 17 thanks
2
Neutral

  • United States
    United States
  • Gender:Female

Posted 09 January 2014 - 06:28 PM

You can have say Production employee audit the QA area, or Packaging employee audit the Shipping area.  That way they are not auditing within their own department and will be looking at that area with a fresh set of eyes if you will.

 

Regards,

 

Susan

 



Thanked by 1 Member:

DP2006

    Grade - MIFSQN

  • IFSQN Member
  • 65 posts
  • 21 thanks
4
Neutral

  • United Kingdom
    United Kingdom
  • Gender:Male

Posted 13 January 2014 - 07:47 AM

It might be stating the obvious but in the cases mentioned above where the use of an external competent auditor has been identified as an alternative, this practice is allowable within the scope of BRC and ISO2000.

 

If you use this option, make sure you document the experience, expertise, qualifications of the external auditor you use.

 

I have provided this service to customers in the UK and they have these details documented.

 

I also totally agree with the comment on a "fresh pair of eyes" as an advantage of having internal auditors from other departments. Hopefully they will go into the area being audited without any prejudices, per-conceived ideas, will not be complacent and will have an "open mind", open eyes and open ears!

 

Good Luck!

DP2006 



Philips

    Grade - AIFSQN

  • IFSQN Associate
  • 49 posts
  • 11 thanks
3
Neutral

  • Kenya
    Kenya
  • Gender:Male
  • Location:Nairobi
  • Interests:Reading, sharing with other professionals,driving and a humble drinker

Posted 13 January 2014 - 12:53 PM

First and fore most  the context of small or large in management system doesnt apply; reason being one has to comply / conform with allthe requirements as stipulated unless of course if there are exclusions.

 

What we do in my country is we outsource internal audits; most important, state in your documents that internal audits shall be outsourced from compitent and qualified individuals or orgnanizations, then you establish a criteria of what compitence you are looking for. Myself, I am an auditor who work for so many organization on the basis of outsourced process.

 

We can do it online fordocument reveiw then you get someone in the country to do the site one.....,



Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5662 thanks
1,544
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 13 January 2014 - 03:16 PM

Dear Philips,

 

Thks for the input.

 

I am rather curious as to the typical  "criteria of competence" you mention. Do you mean not over-expensive ?

 

Personally i would have hoped that  "qualified" individuals would automatically be competent as far as auditing capabilities were concerned ?.

 

Rgds / Charles.C


Kind Regards,

 

Charles.C


GMO

    Grade - FIFSQN

  • IFSQN Fellow
  • 2,797 posts
  • 722 thanks
226
Excellent

  • United Kingdom
    United Kingdom

Posted 13 January 2014 - 05:01 PM

I think we've all experienced varying quality of auditors! 

 

If only I was still in interim work...  In all seriousness, I used to get through a lot of audits in a day, especially if I had things like the HACCP and FSQMS up front.  A decent auditor shouldn't waste your time.

 

I once had a site with three distinct, large factories on it and audited all of them against the 3/4 of the BRC audit plan which hadn't been completed in 9 working days.  I'm not saying all the actions were done in that time...



JSB531

    Grade - Active

  • IFSQN Associate
  • 10 posts
  • 2 thanks
1
Neutral

  • United States
    United States

Posted 11 February 2014 - 03:37 PM

It can be tricky to cover all the areas.  We have departments trade off to cover most areas.  For the areas that cant be covered we utilize someone that is properly qualified from our trade organization.  The cost is minimal and it satisfies the requirement.



teaks

    Grade - MIFSQN

  • IFSQN Member
  • 94 posts
  • 33 thanks
8
Neutral

  • United States
    United States
  • Gender:Female

Posted 11 February 2014 - 05:59 PM

What are the training requirements for internal auditors?  If you have people crossing department lines, do they really know what to look for?  How independent is it for the QC Manager to tell other people what to look for in auditing QC procedures?



Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5662 thanks
1,544
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 11 February 2014 - 11:34 PM

Dear ksullivan,

 

What are the training requirements for internal auditors?

Based on previous posts, this is typically defined for specific standards within their context. But the interpretations may still vary,eg Post # 4.

Or was yr question a professional one ?

 

If you have people crossing department lines, do they really know what to look for?

You mean internal auditors?

 

How independent is it for the QC Manager to tell other people what to look for in auditing QC procedures

Yr question is asking for the meaning of “independent”. Based on previous posts, the answer is unfortunately variable.

 

Rgds / Charles.C


Kind Regards,

 

Charles.C


trubertq

    Grade - PIFSQN

  • IFSQN Principal
  • 658 posts
  • 281 thanks
137
Excellent

  • Ireland
    Ireland
  • Gender:Female
  • Location:Donegal

Posted 05 March 2014 - 11:57 AM

What are the training requirements for internal auditors?  If you have people crossing department lines, do they really know what to look for?  How independent is it for the QC Manager to tell other people what to look for in auditing QC procedures?

You have to have Int specific Internal Auditor training to be an Internal Auditor for BRC.

 

The individuals auditing an area will be creating a checklist for that area from the sections of the Food Safety Management System relevant to that area. Therefore that will know what they need to see to prove compliance

 

Thus the audit is Independent from the QC manager, as the auditor will be following the policies and procedures as laid out by the FSMS... not from guidance given by the QC Manager.


I'm entitled to my opinion, even a stopped clock is right twice a day

osp

    Grade - Active

  • IFSQN Associate
  • 12 posts
  • 2 thanks
0
Neutral

  • United States
    United States

Posted 17 April 2014 - 04:07 PM

Suggestion -

 

Training: Have one person get 3rd party internal audit training. That person can develop a company internal auditing class to train other employees in your facility that will do internal auditing. Make sure all training is documented.

 

Management committment: Since in a small company everyone reports eventually to one person, state within your system that management supports unbiased and independent internal audits between department and functions. The intent is this person undertstands and values the benefits of unbiased internal audits and will not influence the outcome of the audits.

 

Your internal auditing policy can then define how your audits are accomplished e.g "Auditors must not be biased or influenced and therefore are required to be independent from the process or department being audited."

 

I posted a similar response here.

 

Regards



debaduttajayaprakash

    Grade - AIFSQN

  • IFSQN Associate
  • 43 posts
  • 14 thanks
0
Neutral

  • United Kingdom
    United Kingdom

Posted 20 June 2014 - 10:13 AM

If you are a small company like us where we work only 24 people . Just spend some money and get all departmental manager trained on internal audit . I am the technical manager and got a lead auditor certification , so I prepare the entire template of Internal audit. Our Sales Manager, Production Manager and my Technical assistant are all trained externally as well as by myself to carry out our internal audits . The production manager who has got around 17 years of experience does all technical portion of Internal audit , my technical staff and myself do the internal audit for the entire process bits and fortunately our sales manager is also HACCP trained so she does the HACCP internal audit with my technical staff . We raise all required non conformance without any mercy to each other :) and then set time frame for the corrective action accordingly. We carry out our internal audit over the 10 months for each and every section as per a risk assessment matrix which helps us to close all raised non conformance on time before our annual BRC audit. Because there are 10 different internal audits we include to our monthly management review meeting which accelerate the action and breaks all barrier if any in front of the higher management  making life and work easier. All audits are independent to the department and no conflict of interest arises at all as technical we are the policeman and rest are just doing there task as allotted. Because my Production and sales people too get involved in IA in a small company they enjoy the task and also understand more about the technical need from a QMS and third party certification scope perspective. 

 

 

I saw a post of using intern for internal audit which is waste of time as not only they are expensive they also do not understand the business so well in 2 - 3 days . Also they charge 330 - 500 per day which is also a lots of   for a small company like us.



it_rains_inside

    Grade - SIFSQN

  • IFSQN Senior
  • 341 posts
  • 98 thanks
46
Excellent

  • United States
    United States
  • Gender:Female
  • Location:Ohio

Posted 20 June 2014 - 12:28 PM

Suggestion -

 

Training: Have one person get 3rd party internal audit training. That person can develop a company internal auditing class to train other employees in your facility that will do internal auditing. Make sure all training is documented.

This is what I did also - Had our top QA receive Internal Auditor Training, then we developed a course to train the rest of the employees. Document Everything, and voila! There's your internal audit team, while it may only be made up of a few people, I also agree with what everyone else's suggestion is - try to have people auditing departments they are not familiar with/ do not regularly work in.

 

When we started this program it was very hard because the auditors had 1. No clue what an audit is really looking for 2. Anything about the material that they were looking at. The way that I remedied this problem, especially in the Internal Audit Inception phase was to have a "coach" sit in with on the audits. I had the more experienced auditors/ those who have sat through say, a BRC audit, coach the newbies on what they were looking for like if a topic takes you down a rabbit trail, how to get what you are getting at and move on, or how to assess that what the person being audited offers as evidence really satisfies the standard ... things like that. Having a coach with them made them feel less pressure and they quickly became aware of what was expected and how to conduct themselves as auditors. 

A book that really helped me develop this training (although it is ISO geared, the principals are really all the same) is called "An audit of the system, NOT of the people" By Edward P. Link (I think you can get them online for maybe $$10-15) This really hit home the point when we were struggling with audits. Every audit came back, well so and so was doing this wrong and this guy was violating this GMP and so on and so forth. When they understood that it wasnt the person that was failing, it was the system - it seemed to click what the audits were for.

As far as using 3rd party audits - just be careful! We had gotten sited once (when I was young and dumb and didnt know how to fight back) for using a third party audit in our open processing areas. 3.4.2 - All internal audits shall be carried out by appropriately trained competent auditors, who are independent from the audited department - We used a customers 3rd party inspection, but could not verify that they were appropriately trained. It does not talk about using 3rd party audits in the BRC standard - you need to look in the interpretation guide for the fine print (Section 3.4.2 Of the Interpretation Guide, the last two sentences** The use of external auditors may need to be considered if internal resources are insufficient. Note that training records for external personnel shall be available.

Hope this helps! Good Luck!!!


"Peace is the result of retraining your mind to process life as it is, rather than as you think it should be"

                                -Wayne W. Dyer

 


Mr. Incognito

    "Mostly Harmless"

  • IFSQN Fellow
  • 1,571 posts
  • 272 thanks
131
Excellent

  • Earth
    Earth
  • Gender:Male

Posted 20 June 2014 - 12:48 PM

Don't feel overwhelmed.

 

We have about 20 people and we have an internal auditing team of 6 people.  3 members of management and 3 people from around the factory... one quality two packaging.

 

Make a list of every section of code (I don't know BRC but the two standards I have seen had sections) like 2.3, 2.3.1, 2.3.2, 2.4, 2.4.1, etc.  And assign an auditor to audit that section of code.  The section may be one line it may be a paragraph.  Right now, for FSSC, I have each section of code being done once a year so I, mostly, split them up evenly through the year.  Some are harder to do in winter so I tried to keep those in the summer time.  We are doing them all once a year right now so that we can get used to auditing this way.  I hope I don't get hit for not having certain sections being audited more than once in the year but with 114 relevant sections of code and only 6 auditors it will be 19 sections of code each a year on average 2 a month.  And we will have a hard time doing them at harvest because everyone will be more busy.  It doesn't sound like a lot but it does take a lot of time to do them then time for management to review them.

 

We did have internal auditor training from our consultant company about how to audit and what empirical evidence is... etc.  It's been rough getting people to get them done sometimes but it's something we have to do.


____________________________________________________________________________________________________

Mr. Incognito


:tardis:

Mr. Incognito is a cool frood who can travel the width and breadth of the galaxy and still know where his towel is.

Thanked by 1 Member:

CBJuice

    Grade - Active

  • IFSQN Associate
  • 11 posts
  • 0 thanks
0
Neutral

  • Australia
    Australia

Posted 04 August 2014 - 04:40 AM

We are a small company and I too grapple with this as I am the only QA Person in the business. I am happy to perform Internal Audits for other sections but when it is required for my department I get the company C.E.O and Food Technologist to perform these for me. It works for us.





Share this

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users