Need help closing Non-conformance on Internal Audits
Respected members, I have a observation during external audit which is ''Internal audit planning is not performed risk based, and also, it is not clear which department audited when on the checklist.'' I need guidance to close this ncr.
Hello Saeed.
Is this an 'observation' as you mentioned, or a non-conformance? If it is an official non-conformance (you did mention an ncr), there should be guidance info associated with the NCR in how they would like it closed.
If this is a true 'observation' and it was simply mentioned as an area to improve, I would give the following advice:
Internal audit planning is not performed risk based- If you audit different areas at different frequencies, re-evaluate this based on risk and document this on an internal audit policy/procedure. It could very well be that you only inspect once a month for certain things (building maintenance for example), but high risk inspections (like pre-operational or HACCP point inspections) might be at a much higher frequency. Put this risk based reasoning on a document and make sure the logic is sound.
it is not clear which department audited when on the checklist- I am assuming this means that you do not list which areas/department area being inspected on the inspection form. If that's the case, you will want to update the inspections to define which areas and exactly what are being inspected. It could be something as simple as "Warehouse A-Interior; Warehouse-B restrooms; Building 4 break room" and then break that down with WHAT you are looking for in those areas. Without some type of designation, you will have trouble knowing if you have repeat issues in the same areas, which means you will have trouble correctly solving non-conformance issues.
Respected members,
I have a observation during external audit which is
'' Internal audit planning is not performed risk based, and also, it is not clear which department audited when on the checklist.''
i need guidance to close this ncr.
Standard ??
it is an observation raised in fssc22000 v5 audit.i need any guidance document.
Hi Saeed,
I don't have a specific response for fssc22000 but here is a SOP for BRC which illustrates one methodology -
http://www.ifsqn.com...dit/#entry95362
As you can see, it simply follows the clause structure of the Standard.
There is also a simpler "block" risk assessed sampling scheme posted elsewhere on Forum for BRC as developed by Tony-C
A third, more generic, approach which is perhaps simpler than the above is referenced in this Post -
https://www.ifsqn.co...cy/#entry100811
(involves a little more "philosophy" than the 1st link approach)
It seems like your check list does not clearly show who was audited. Revising your audit schedule to show the audit area, process owner, process guides, which elements your are auditing them against and the auditor as well as the date of the audit could help with this.
The way I interpret the risk based is after my internal audits are complete I evaluate the findings and if there are a lot of findings in that area or they are pretty serious I will re-audit them. If I re-audit I will give them time to close out the internal audit NCs. So my proof of the risk based is my evaluation of the internal audits and their findings.
It seems like your check list does not clearly show who was audited. Revising your audit schedule to show the audit area, process owner, process guides, which elements your are auditing them against and the auditor as well as the date of the audit could help with this.
The way I interpret the risk based is after my internal audits are complete I evaluate the findings and if there are a lot of findings in that area or they are pretty serious I will re-audit them. If I re-audit I will give them time to close out the internal audit NCs. So my proof of the risk based is my evaluation of the internal audits and their findings.
Hi patti,
Thks for the input.
Yr approach is a simpler version of the last method referenced in Post 5