Qualification of Internal Auditor
Hi reader, I would like to have clarification whether personnel that had undergo 'Internal Audit ISO 22000' training is qualified to be Internal Auditor of BRCGS?
Hi, welcome to the forum :welcome:
BRC doesn't stipulate a specific training requirement other than clause 3.4.2's "appropriately trained, competent auditors". The Interpretation Guide expands on this a bit and stipulates "formal training on internal auditing", but still doesn't go so far as to mandate a specific training standard, and notes that external or internal training may be acceptable.
Personally I'd expect ISO22000 internal audit training to be sufficient, so long as you can also demonstrate that the auditors are competent e.g. perhaps via some accompanied/shadowed audits initially.
Well, auditors are generally trained to equip them with knowledge, skills and techniques on how to conduct and effective audit, report its findings and make follow-ups where required for any gaps that could be identified. So generally speaking an ISO 22000 auditor is qualified to conduct BRCGS audit, technically though those trained for ISO 22000 faces challenges while auditing any GFSI Scheme standard, remember all GFSI scheme do not have provision for observation, opportunities for improvement, etc. BRCGS has only three audit findings options; YES, NO, or N/A. Moreover, BRCGS does not have partial fulfillment of a clause, if a clause has 5 bullets requirements, the approach to BRCGS audit is all the 5 bullets (sub-clauses requirements) must be fulfilled. It's therefore prudent to equip the BRCGS auditors with the technical approach that it deserves. When auditing ISO 22000, I usually report observations (may be where i judge that the organization is fulfilling the requirement but not to the best practice);, with BRCGS if its not fully implemented / fulfilled, Its a NO, that translate into a non-conformity.
That class is probably fine. The IFSQN course is very good and inexpensive.
Store - Practical Internal Auditor Training for Food Operations (ifsqn.com)
Auditor must be Independent of the work - I personally disagree with this at a small company as no one knows what a risk assessment is, they have no comprehension of BRC and how to interpret it and to be blunt and honest they just don’t get it. I’ve wasted valuable Internal Auditing time several times that added zero value - again my personal experience
Now an argument might be to team up and train - yes I agree and I love training but I shouldn’t be hit if I audit something independently that I am in charge of - I am likely going to catch a CAR NC before Susan from HR - No offense to Susans in HR
Now here is the strategy to avoid issues - you have every right to define what a competent trained auditor is to you and your company
I am a competent and trained person because of my year’s experience at a Manager or higher level, previous BRC/SQF/ISO Auditing Experience and Education
Make up your own definition if you truly have the skill set and ability to competently audit against BRC - just define it clearly within your Internal Audit SOP and make sure you know what to do - if at all uncomfortable then by all means take a class and do whatever builds your competency and confidence!
Now here is the strategy to avoid issues - you have every right to define what a competent trained auditor is to you and your company
I am a competent and trained person because of my year’s experience at a Manager or higher level, previous BRC/SQF/ISO Auditing Experience and Education
Make up your own definition if you truly have the skill set and ability to competently audit against BRC - just define it clearly within your Internal Audit SOP and make sure you know what to do - if at all uncomfortable then by all means take a class and do whatever builds your competency and confidence!
One more problem is to convince BRC auditors. Some of them urge to see certificate sheets. They refuse to try other ways to get evidence proving competence, e.g. interviewing auditees.
In my opinion - this is the one of the absolute worst BRC requirements and here is why:
Auditor must be Independent of the work - I personally disagree with this at a small company as no one knows what a risk assessment is, they have no comprehension of BRC and how to interpret it and to be blunt and honest they just don’t get it. I’ve wasted valuable Internal Auditing time several times that added zero value - again my personal experience
Now an argument might be to team up and train - yes I agree and I love training but I shouldn’t be hit if I audit something independently that I am in charge of - I am likely going to catch a CAR NC before Susan from HR - No offense to Susans in HR
Now here is the strategy to avoid issues - you have every right to define what a competent trained auditor is to you and your company
I am a competent and trained person because of my year’s experience at a Manager or higher level, previous BRC/SQF/ISO Auditing Experience and Education
Make up your own definition if you truly have the skill set and ability to competently audit against BRC - just define it clearly within your Internal Audit SOP and make sure you know what to do - if at all uncomfortable then by all means take a class and do whatever builds your competency and confidence!
You have a valid point. I have a client that is a one-man operation. Impossible for him to meet the requirement.
I could also argue that taking a course (which is most of what an auditor looks for when determining compliance with these clauses) does not make one a competent auditor (your point as well).
“X Company defines a Competent and Trained Internal Auditor as someone who has gone through a BRC, SQF, ect. Audit within the last 3 Years”
Internal Audits in my opinion are the most powerful tool to Audit everyone’s work including your own. I’ve caught many issues myself and wrote CAPAs for myself and if anyone tries to argue with that - then they are just ignorant to the fundamental value of Internal Auditing.
Plus - think about how much Auditors miss by coming to a plant for just 2-3 days - I have all year to audit and issue CAPAs - that is the true measure of FSQA Management success.
I break each subsection out into its own audit rather than do Section 3 at once - absolutely love Internal Auditing - absolutely cannot stand how standards interpret it
Sent from my iPhone using Tapatalk
One more problem is to convince BRC auditors. Some of them urge to see certificate sheets. They refuse to try other ways to get evidence proving competence, e.g. interviewing auditees.
There is no requirement for certificate sheets - as long as you have a definition within your Internal Auditing SOP - you are compliant.
A lot of Auditors tend to include their subjective opinions within an interpretation but that is not how it should work.