Internal BRC Audit: Delete or put N/A against inapplicable clauses?
Greetings!
We recently completed our annual BRC audit-- my first in the BRC world.
Prior to now, internal audits were completed using the open-ended question of "How does the program conform/non-conform?" and then plugging in a summary of all evidence of the section inspected.
Our auditor suggested using checklists for our internal audit would be simpler and ensure accurate conformance. I've downloaded from BRCGS Participate the self-assessment tool.
We are a raw product processing facility, we do not produce a final product. Our product is shipped to our clients with the express recommendation of further processing. As such, many of the BRC clauses do not apply to us.
My question: Would it be wiser to delete those clauses in our checklist, or put "N/A"? I'm hesitant to edit the BRC's self-assessment tool and open the door to "what else have you deleted?" But my colleague has suggested that including all clauses that don't apply increases our paperwork, negating our auditor's "simple/efficient" suggestion.
Thanks ahead!
The BRC standard is designed to cover a wide range of site / product / process types, so it's expected that not all clauses will apply to all sites in the same way.
For general internal auditing purposes I'd have no hesitation in chopping up the bits that make sense for you, and building these into your own internal audit checklist/guide.
I think including non-applicable clauses perhaps just risks confusing your internal auditors? If I was auditing your site, I'd wonder why you were using an audit list where some of the criteria don't apply ;)
The BRC checklist covers the whole standard, but may not necessarily cover all of your internal auditing requirements, so you may need to augment it.
Certainly it's a useful reference as it covers the BRC specific bits, but my approach has been to borrow/steal the relevant bits, and combine them into checklists that work for our business. For example, adding in a section to summarise the evidence viewed (e.g. procedures/records, dates/issue numbers etc), record a summary of recommendations and non-conformances from the audit etc.
The BRC standard is designed to cover a wide range of site / product / process types, so it's expected that not all clauses will apply to all sites in the same way.
For general internal auditing purposes I'd have no hesitation in chopping up the bits that make sense for you, and building these into your own internal audit checklist/guide.I think including non-applicable clauses perhaps just risks confusing your internal auditors? If I was auditing your site, I'd wonder why you were using an audit list where some of the criteria don't apply ;)
The BRC checklist covers the whole standard, but may not necessarily cover all of your internal auditing requirements, so you may need to augment it.
Certainly it's a useful reference as it covers the BRC specific bits, but my approach has been to borrow/steal the relevant bits, and combine them into checklists that work for our business. For example, adding in a section to summarise the evidence viewed (e.g. procedures/records, dates/issue numbers etc), record a summary of recommendations and non-conformances from the audit etc.
Thank you for your response! I like this idea, seems much easier to summarize evidence rather than put the same evidence for 3-5 sub-clauses at a time. I will think on this. One of the big challenges for me has been creating forms that will be EASY to use. I don't want to over-complicate things!
I agree with pHruit, and I can't see the auditor questioning you deleting criteria that isn't applicable; I'd expect them to be more likely to question why you haven't.
I'd definitely recommend adding in evidence detail too, especially in a non-conformance. Customer auditors seem to favour this, and it could help in the actioning and decreasing of non-conformances too if you record specifics. If you have any customers with their own standards, I'd look at them whilst going through the BRC to ensure your internal audit covers their requirements too. I have a few retail customers in the UK that have their own standards that can be more stringent than BRC in certain things -_- , so our internal audit system merges and covers all requirements from BRC and customers, to avoid having multiple audits on the same topic.
I agree with pHruit, and I can't see the auditor questioning you deleting criteria that isn't applicable; I'd expect them to be more likely to question why you haven't.
I'd definitely recommend adding in evidence detail too, especially in a non-conformance. Customer auditors seem to favour this, and it could help in the actioning and decreasing of non-conformances too if you record specifics. If you have any customers with their own standards, I'd look at them whilst going through the BRC to ensure your internal audit covers their requirements too. I have a few retail customers in the UK that have their own standards that can be more stringent than BRC in certain things -_- , so our internal audit system merges and covers all requirements from BRC and customers, to avoid having multiple audits on the same topic.
What a great system! I can definitely appreciate that technique-- combine all requirements so that you only have to do one form on the subject. Thanks! I appreciate your input!
Attached Files
I have attached how I do it. I use NAs as it reminds me of the section in case things change over time.
I do like this, too! So whoever is conducting the internal audit, they just go into this document and fill in the information?
I have attached how I do it. I use NAs as it reminds me of the section in case things change over time.
Sadly, in my FFox browser, picture is "microscopic text " = Unreadable. ?
Greetings!
We recently completed our annual BRC audit-- my first in the BRC world.
Prior to now, internal audits were completed using the open-ended question of "How does the program conform/non-conform?" and then plugging in a summary of all evidence of the section inspected.
Our auditor suggested using checklists for our internal audit would be simpler and ensure accurate conformance. I've downloaded from BRCGS Participate the self-assessment tool.
We are a raw product processing facility, we do not produce a final product. Our product is shipped to our clients with the express recommendation of further processing. As such, many of the BRC clauses do not apply to us.
My question: Would it be wiser to delete those clauses in our checklist, or put "N/A"? I'm hesitant to edit the BRC's self-assessment tool and open the door to "what else have you deleted?" But my colleague has suggested that including all clauses that don't apply increases our paperwork, negating our auditor's "simple/efficient" suggestion.
Thanks ahead!
JFI, the download for earlier versions of BRC used to have a "prefix" which included this comment -
While we hope that this tool is useful in helping you prepare for your audit it should not be considered as evidence of an internal audit and will not be accepted by auditors during an audit.
JFI, the download for earlier versions of BRC used to have a "prefix" which included this comment -
Are you referring to the BRC Self-Assessment tool?
Are you referring to the BRC Self-Assessment tool?
Yes
self assessment tool.PNG 34.61KB 10 downloads.
Ah okay, I see what you mean! I haven't seen the previous version. Was it much different than the vers. 8?
Although I don't see anything like that on the new version, I think the intent is probably that internal audits still need evidence to support the conformance or non-conformance. Thus, neither the new or old versions in and of themselves would be insufficient for an internal audit without such evidence.
What the auditor initially said was that we could use a checklist, which immediately made me think of the Interpretation guidelines for clause 3.4.3: "Note that tick lists showing that items have been assessed will not normally be accepted as the only form of evidence; information showing how the audited items have fulfilled the requirements, or how they are non-compliant, is required."
However, our auditor made what I think is a bit of a fine differentiation: A simple "yes or no" checklist is not acceptable; a "conforms" checklist with supportive evidence included in the audit is alright.
Hence, I'm thinking of using the Clause/Conforms format of the self-assessment, tailoring it to our processes, and including a mandatory box for supporting evidence on every internal audit.
Ah okay, I see what you mean! I haven't seen the previous version. Was it much different than the vers. 8?
Although I don't see anything like that on the new version, I think the intent is probably that internal audits still need evidence to support the conformance or non-conformance. Thus, neither the new or old versions in and of themselves would be insufficient for an internal audit without such evidence.
What the auditor initially said was that we could use a checklist, which immediately made me think of the Interpretation guidelines for clause 3.4.3: "Note that tick lists showing that items have been assessed will not normally be accepted as the only form of evidence; information showing how the audited items have fulfilled the requirements, or how they are non-compliant, is required."
However, our auditor made what I think is a bit of a fine differentiation: A simple "yes or no" checklist is not acceptable; a "conforms" checklist with supportive evidence included in the audit is alright.
Hence, I'm thinking of using the Clause/Conforms format of the self-assessment, tailoring it to our processes, and including a mandatory box for supporting evidence on every internal audit.
Hi Kit,
afaik BRC Internal Audit (IA) requirements have not changed that much over last few versions.
There are a variety of approaches in use for IA but I think yr basic understanding of the checklist method is workable.
I suggest to have a look at this 2016 thread which contains a lot of info regarding brc internal audit and some useful files -
I do like this, too! So whoever is conducting the internal audit, they just go into this document and fill in the information?
Yes. There are a lot of opinions on how to accomplish this. This is how a do it. For brc plants, I have a tab for each quarter and one for each month for the plant hygiene inspections.
the finding, score, assessment, root cause, corrective and preventative actions, date completed, etc are all right there. the entire document lives on sharepoint so that it can be updated by everyone
as corrective actions are completed.
Yes. There are a lot of opinions on how to accomplish this. This is how a do it. For brc plants, I have a tab for each quarter and one for each month for the plant hygiene inspections.
the finding, score, assessment, root cause, corrective and preventative actions, date completed, etc are all right there. the entire document lives on sharepoint so that it can be updated by everyone
as corrective actions are completed.
Nice!! I do love an easy-to-use, efficient system. Much appreciated for your input, friend!
Hi Kit,
afaik BRC Internal Audit (IA) requirements have not changed that much over last few versions.
There are a variety of approaches in use for IA but I think yr basic understanding of the checklist method is workable.
I suggest to have a look at this 2016 thread which contains a lot of info regarding brc internal audit and some useful files -
Thank you kindly, Charles. This thread has certainly been helpful to me.