Internal audit schedule based on risk assessment
Hi all,
Can anyone help me, I am looking for an internal audit schedule based on a risk assessment for a 12 month period against the BRC std.
Does anyone know or have an example of this. I think the BRC require all of the fundamental clauses to be audited twice per year and the remaining only once, but how do they come to this conclusion.
Thank you in advance.
Tom.
Hi Tom, attached is a risk assessment and a sample Audit schedule. BRC require each section to be audited at least annually but some sections you will do more often.
Attached Files
Hello Tom!!
We also use BRC as our GFSI Benchmark, I've attached a starting Risk Scale Tool and Sample Assessment (Each has a tab on the document) and also the corresponding schedule for the sample assessment that was completed.
Everything is in Excel so you can mix and match as you like. The important thing for us is that sometimes the frequency that we found on the risk assessment does not match our operation - so i added a column to what our actual frequency of auditing is and the reason for the deviation.
I dont know anywhere where it says that each fundamental has to be audited twice per year (I know everything has to be at least annually) and I just had my audit the last week in Sept and we got an A with this - so hopefully it will work for you too!!
Hope this helps!
Attached Files
Dear It-rains-inside,
I liked yr layout concept but i don’t understand some of the data entries ?
For example, what is the meaning of N/A ? IMEX an audit of the appropriate implementation of Corrective Actions is regarded as a critical factor in an audit. Yr default(?) frequency (annual) seems to imply that it is considered to have no appreciable significance. And similarly some other items labelled as N/A. Perhaps i have misunderstood the N/A ?
I noticed that the Severity of “HACCP Validation” is equated to a "Product Recall", surely this is an underestimation in the context of a (health-oriented) FS system ? (I suggest that this kind of, IMO, defect is promoted by BRC's attempt to expand the standard scope as per SQF level 3)
and similarly Raw Material Reception ?
and similarly Sanitation ?
Rgds / Charles.C
PS - i guess the data may also relate to yr product risk potential , whole potato packing ? :smile:
It_Rains_Inside,
In your internal audit schedule what do you mean by Zone 1, Zone 2...?
Hi Tom, attached is a risk assessment and a sample Audit schedule. BRC require each section to be audited at least annually but some sections you will do more often.
Does anyone know if there is one like this or has one like this for SQF? Trubertq layout is very easy to read.
Does anyone know if there is one like this or has one like this for SQF? Trubertq layout is very easy to read.
You can adjust this template to suit whichever standard you are working with , and indeed, combine 2 or 3 standards on it.
I'd just like to add, this audit schedule and risk assessment has been through 4 BRC audits and this company has grade A with 5 NC s on the last audit :rock:
I'm not proud....... or tiring.......
Thanks everyone for the feedback - Im on the pigs back now.
Hi everyone,
So here is some clarification - Zone 1 is all open product processing areas for our plant, Zone 2 would be enclosed product processing, and Zone 3 is warehousing and auxiliary areas - Our entire facility is considered low risk by BRC's definition but we needed a way to further define our areas of concern and the risk associated with each one. All are "Low Risk" but with different risks to the product.
(to Charles - not whole potato packing, but aseptic, high acid; low pH fruit juices - not to brag but we really only deal with food spoilage / food quality issues just based on the nature of our operation, other pathogens / hazards wont survive in our products naturally. This is why "product recall" was the severity level chosen)
On the risk assessment, N/A is "not applicable" on the major programs, and you are correct, the reason that these were not scored is because they are done by default annually, or anytime that there are changes to the scope of the programs.
While we are performing monitoring activities throughout the year for all areas, formal internal audits that compare our systems to the standards are only performed at the frequency listed. We monitor raw material inspections every week, but only audit the program 2x per year.
Hopefully this clears some things up!
Dear It-rains-inside,
Thks for the additional info.
I presume this is some kind of pasteurized, ambient shelf-stable product which complies with the Juice Regulations.
If otherwise, experience/USFDA seems to indicate that hazards would not be a negligible factor for ""untreated" fruit juices, even those of low pH.
Rgds / Charles.C
PS - it's intriguing that i noticed a comment that unpasteurized fruit juice is considered low risk in UK, and it's apparently not required to be labelled as such in Canada also (at least in 2013). This RA discusses the hazards -
risk assessment unpasteurized fruit juices.pdf 1.61MB 624 downloads
Charles,
Pasteurized, and ambient / shelf stable. (And also, not 100% juices - these are regulated by FDA under juice HACCP, aseptic products are currently exempt)
Thanks
Rains
Hi Tom, attached is a risk assessment and a sample Audit schedule. BRC require each section to be audited at least annually but some sections you will do more often.
Hi trubertq,
Stumbled upon this post and what you shared is exactly what I needed. Could you please share your definition of LIKELIHOOD and CONSEQUENCE?
Thanks!
Lena
Hi Lena,
The definitions are on the second page,along with the scores or do you mean;
Liklihood = Probability, The liklihood of there being a problem or issue with the section of the standard
Consequence = Severity, the consequence of the problem, what are the likely outcomes of having a problem arise.
This point is very interesting and I like it, but I have a question...
"While we are performing monitoring activities throughout the year for all areas, [/size]formal internal audits that compare our systems to the standards are only performed at the frequency listed. [/size]"
In my case some of our activities are monitored/checked/audited daily. Not sure why one would Audit against a standard more than once a year?
This point is very interesting and I like it, but I have a question...
"While we are performing monitoring activities throughout the year for all areas, [/size]formal internal audits that compare our systems to the standards are only performed at the frequency listed. [/size]"
In my case some of our activities are monitored/checked/audited daily. Not sure why one would Audit against a standard more than once a year?
Hi refst,
You may get an answer but do note that you are querying a 3-year old thread.
Hi Tom, attached is a risk assessment and a sample Audit schedule. BRC require each section to be audited at least annually but some sections you will do more often.
Thank you for sharing this! After some minor adapting issues it work excellent for us.