Jump to content

  • Quick Navigation
Photo
- - - - -

Internal audit risk assessment


  • You cannot start a new topic
  • Please log in to reply
9 replies to this topic

Rosemary4

    Grade - MIFSQN

  • IFSQN Member
  • 138 posts
  • 43 thanks
10
Good

  • United Kingdom
    United Kingdom
  • Gender:Female
  • Location:ashbourne

Posted 01 November 2016 - 04:50 PM

Hi, I'm really struggling to know how to present a chart to the BRC auditor showing how 'the frequency of the audits shall be established in relation to the risks associated with the activity and previous audit performance.'


We carried out an audit on each individual clause in 2015 with the result of 1 audit having 1 major & 2 minor ncrs, 2 audits having 2 minors each and 2 audits having 1 minor. With the exception of the one where a major was raised, there's no logic to auditing any more than annually (IMHO).

How do other packaging companies (high hygiene) approach 3.5 section?



Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 18,869 posts
  • 5253 thanks
1,229
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 02 November 2016 - 01:38 AM

Hi, I'm really struggling to know how to present a chart to the BRC auditor showing how 'the frequency of the audits shall be established in relation to the risks associated with the activity and previous audit performance.'


We carried out an audit on each individual clause in 2015 with the result of 1 audit having 1 major & 2 minor ncrs, 2 audits having 2 minors each and 2 audits having 1 minor. With the exception of the one where a major was raised, there's no logic to auditing any more than annually (IMHO).

How do other packaging companies (high hygiene) approach 3.5 section?

 

Hi Rosemary,

 

You might usefully have a look at the analogous charts for food. i suspect the (risk) concepts will be not so different for the high hygiene situation. (Low maybe less so).

 

"Risk-based" is BRC's "ants in the pants". They just can't resist putting it in, like the Scarlet Pimpernel. :smile:


Kind Regards,

 

Charles.C


redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 481 posts
  • 161 thanks
24
Excellent

  • Philippines
    Philippines

Posted 02 November 2016 - 05:41 AM

Hello Rosemary,

 

Your IA freq must be based on the out put of your risk assessment. Your risk assessment will be based on the history of previous audits. If that division has always had NC and involve safety and legality of the product, your audit freq must be shorter that those division that has lesser NC. But it should be put in writing e.g. Risk Assessment. The common mantra or cliche in food safety is "If you did not write it, you did not do it".

 

regards,

redfox



Rosemary4

    Grade - MIFSQN

  • IFSQN Member
  • 138 posts
  • 43 thanks
10
Good

  • United Kingdom
    United Kingdom
  • Gender:Female
  • Location:ashbourne

Posted 02 November 2016 - 03:35 PM

Hi Charles & Redfox, thanks for your responses.

 

I have attached my starting point but not sure whether this will pass muster with our external auditor. I'm really not sure how to make a risk assessment out of this.

 

Any thoughts would be gratefully received.

Attached Files



Thanked by 4 Members:

redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 481 posts
  • 161 thanks
24
Excellent

  • Philippines
    Philippines

Posted 03 November 2016 - 05:16 AM

Dear Rosemary,

 

In making risk assessment, you can make a scoring system where you can based your freq from previous audits. I'll give you example but it is an Approved Supplier Performance Monitoring but you can still make it as an example. The matrix is your guide to determine risk level and from there you can determine your freq and you can justify to auditor where you based your IA freq.

 

regards,

redfox

 

Attached File  3.5.1.2 Approved Suppliers Performance Monitoring Form_ifsqn.xlsx   22.9KB   491 downloads

 



Thanked by 2 Members:

martina.ferronatto

    Grade - Active

  • IFSQN Active
  • 6 posts
  • 2 thanks
0
Neutral

  • Brazil
    Brazil

Posted 03 November 2016 - 01:31 PM

Rosemary,

 

A score system will work. You can score the nonconformities by area/issue of previous period to establish the frequency on the upcoming period. More nonconformities per area/issue, more the time spent in the audit or more frequent audits. If you grade the nonconformities by major/minor you can use this as well.

 

Regards,

Martina



Rosemary4

    Grade - MIFSQN

  • IFSQN Member
  • 138 posts
  • 43 thanks
10
Good

  • United Kingdom
    United Kingdom
  • Gender:Female
  • Location:ashbourne

Posted 03 November 2016 - 04:53 PM

Hi Martina

I'm a little confused. If you open the document I published on this thread, I have listed the ncrs we had which are very small. As a result of that I have suggested that most of them are low risk (0 - 2 ncrs) and one audit per year or medium (2 audits for traceability and the audit which had a major). How do you suggest I improve on that to make the auditor happy?



Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 18,869 posts
  • 5253 thanks
1,229
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 05 November 2016 - 04:21 AM

Dear Rosemary,

 

In making risk assessment, you can make a scoring system where you can based your freq from previous audits. I'll give you example but it is an Approved Supplier Performance Monitoring but you can still make it as an example. The matrix is your guide to determine risk level and from there you can determine your freq and you can justify to auditor where you based your IA freq.

 

regards,

redfox

 

attachicon.gif3.5.1.2 Approved Suppliers Performance Monitoring Form_ifsqn.xlsx

 

Hi redfox,

 

Thks for the example. Very generous.

 

The basic methodology is fine IMO (and in use elsewhere) but it seems questionable to use the same scoring contributions for both safety-related and "quality"  defects (I assume there is no subsequent "correction" factors applied).


Kind Regards,

 

Charles.C


redfox

    Grade - SIFSQN

  • IFSQN Senior
  • 481 posts
  • 161 thanks
24
Excellent

  • Philippines
    Philippines

Posted 05 November 2016 - 09:06 AM

Dear Charles,

 

What posted is a monthly Approved Suppliers Performance Monitoring. I have a daily monitoring which have all the same criteria as monthly to detect non-conformities for every suppliers and make necessary actions. If safety and legality issue is concern, like metal, and reject (due to spoilage) as correction we immediately conduct an audit to the said supplier. But as of this time we dont encounter as such. 

 

regards,

redfox



Charles.C

    Grade - FIFSQN

  • IFSQN Moderator
  • 18,869 posts
  • 5253 thanks
1,229
Excellent

  • Earth
    Earth
  • Gender:Male
  • Interests:SF
    TV
    Movies

Posted 06 November 2016 - 07:08 AM

(ahem, slightly OT, sorry Rosemary)

 

Hi redfox,

 

Sorry, I probably phrased my previous post poorly.

 

Your risk assessment (RA) is being  basically assessed  for defects in 2 categories -  safety and non-safety (“quality”).

 

IMO, ignoring legality aspects, from a FS POV, risks relating to safety factors are relatively of more importance than those relating to quality. (I hope BRC will agree despite their due diligence side-additions).

 

Accordingly, if one wishes to directly combine (ie add together) the risks from these 2 different  categories so as to obtain  a single score, it is statistically questionable whether an identical  scoring scale is appropriate for both categories of defect.

 

In practice, the use of 2 identical scales can be applied but is then typically “adjusted”  in more sophisticated RAs by using a “correction factor”. For example, in a simple format, if S is the required combined score of defects in the 2 categories –

 

S = (sum of scores of individual safety factors).(a1) +  (sum of scores of individual non-safety factors).(a2)

Where a1, a2 are the “correction factors”.

 

Regardless, I daresay most (all?) FS auditors will be unaware (or uninterested) in such distinctions.

 

@Rosemary - IMO yr basic approach (Post 4) is not unreasonable but I do suggest you hv a look at some almost equally simple but perhaps slightly more elegant (no offence intended) BRC7 equivalents, eg this thread maybe posts 8,35 inter alia  -

 

http://www.ifsqn.com...udit-34-brc-v-7


Kind Regards,

 

Charles.C





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users