“Heads up”, we’re raising a number of BRC audit non-conformances due to missing scope on internal audit reports.
Clause 3.4.1 of the BRCGS Food Safety Issue 8 states that, “Each internal audit within the programme shall have a defined scope and consider a specific activity or section of the HACCP or food safety plan.”
It’s a new requirement for the standard and easily overlooked, being right at the end of the clause.
So what is accepted as a defined scope? Well it’s certainly not just the audit title. It’s also not the entire content of the actual audit. It’s something that should be thought through before the audit commences and during the planning stage.
Actually I think it’s a great idea. You and I both know what happens when someone is allocated an internal audit. The first thing they tend to do is look at what the previous auditor did (even if it’s to remind themselves what they covered if they were the previous auditor). And then they repeat it. But ask yourself how comprehensive an internal audit tends to be? It’s a snap shot. It doesn’t encompass all aspects of the subject of the audit, does it? So year on year it’s quite possible that the same things are being audited and the same things are being missed.
A good scope will state clearly what will be included in the activity and what will be excluded, together with a good justification. For example: “This audit of the supplier approval process will include the approval procedure V3 relating to raw materials, packaging and purchasing from agents. Four suppliers will be audited who have not been audited within the last two years. The exception process will be excluded as this was the subject of the recent non-conformance ref. 2019-83a.”
Let us not forget, that while it is easy to allow internal audits to slip down the “to do” list when the day job is difficult enough to cope with… internal audits are our very best defence in the ongoing task of preventing issues. It’s a chance to not only check for current and past compliance, but a chance to risk assess the potential for failure. And who better to take on this task than staff who are aware of a site’s strengths and weaknesses.
Director, Trainer and BRC Third-Party Auditor