was successfully added to your cart.

Effective audits – the auditor and the auditee…

In this post we’re going to look at the requirements of internal auditors and also the benefits of getting the right people involved, focusing on clause 3.4.2 of the BRC Food standard.
3.4.2 Internal audits shall be carried out by appropriately trained, competent auditors. Auditors shall be independent (i.e. Not audit their own work).

Reference: BRC Global Standards for Food Safety

A trained & competent auditor…

Each auditor must be able to prove that they are:

  • Trained
  • Competent

Training can be completed either by attending an external training course (which may or may not be accredited), or by completing a training course in-house. If you provide an internal (in-house) training course, you will need to be able to provide the auditor with the training materials, so that they can assess if the training was sufficient.

Whoever teaches the course will also need to have:

a) A teaching qualification
b) a qualification in internal auditing.

The above qualifications do not need to be accredited, the idea is that you can prove that you are qualified to teach and also have enough understanding of what you’re teaching (in this case internal auditing) to be competent.

Auditors do not need to have completed a lead assessor course and do not need to have completed the BRC training course to carry out internal audits, in order to comply with the standard. They do need an understanding of what they are auditing, which can be quite a challenge at times – to find enough auditors, who are trained, know the topic and who are also not auditing their own work (I’ll come onto that in a second). I find the best way to provide the auditor with enough information so they know enough to audit the topic, is to provide them with a set of comprehensive questions or things to check for each topic.


In our BRC Internal Audit Pack we do this by providing a set audit template for each audit, which is made up of questions and things to look for, with instructions for each topic. That way the auditor doesn’t need to know the topic inside out, because they’ve got everything they need in the audit template.


The auditor needs to be competent. So basically this means that they must carry out the audits correctly and to a good standard. This element of the standard would only normally be challenged if your BRC auditor thought that the internal audits that had been carried out were not reflective of the standards they were seeing during the audit.

For example, if the internal audits said everything in the factory was fine, with no non-conformances raised – but the BRC auditor could see that this wasn’t the case because of the number of issues they were finding. If this was the case, the BRC auditor would probably ask the internal auditor questions to gauge their understanding and competency.


Auditing your own work…

The clause is very clear that auditors cannot audit their own work – as they would be bias.  For small teams this can be a challenge; when members of the team wear many hats – and it can, in some cases mean that external assistance to complete some of the audits is required.  If you do this however, make sure that you get copies of your external auditors training, so you can prove that they are competent during audits.

The standard not only states that you shouldn’t audit your own work, but you also shouldn’t audit work that you are responsible for. Not all BRC auditors will audit this exactly to the letter, but you need to be aware that a BRC auditor could expect you to comply with this fully.  This means that you can’t audit your own work and you also can’t audit any work that a member of your team has completed.

Think about how you apply this requirement for GMP audits too – as a GMP audit covers so many areas and responsibilities, which means findings someone that is independent can be tricky.


Having the right people involved…

In order to make an internal audit system effective, it’s really important that the right people are involved.  They also need to be really engaged in the process. It’s easy to focus on just getting the internal audits done, because doing that is hard enough at times, and to forget to involve those that are responsible for what is being audited.

Without involving the auditee, they are not engaged in the process and this will massively reduce the effectiveness of the audit – it’s a bit like only carrying out half an audit, because only half of the people needed are actually involved.

When organising internal audits, make sure that you organise not only the person that is going to carry out the audit, but also the person who is being audited.  This helps to drive improvement – for both the auditee, because they understand more about what is required and also the for the auditor as they learn more about practical aspects of the topic. It also helps to make sure that the auditee understands any non-conformances that are raised, as this will help to ensure that the correct element is rectified.

Although the BRC standard does not state that the auditee must be involved in the audits, personally I think it’s a really key element.  Your internal audit system should catch any issues before they cause a problem and to make it really effective, both auditor and auditee are essential.

I’d love to know if you currently assign an auditor and an auditee to each of your internal audits, and if you have any other tips about how to make sure your internal audits are really effective?  Please add your thoughts to the comments below – I’d love to hear from you!


  • John Inglis says:

    Hi Kassy

    Like you said, in a small team we don’t have the time nor resource for full scale internal audits, this has the plus side that our external auditor has a ‘fresh’ pair of eyes of the site so may notice things other employees wouldn’t have thought of.


    • Kassy Marsh says:

      Hi John
      Thanks for your comment – I agree, a ‘fresh’ pair of eyes is always a really good idea and external auditors can also be really helpful in bringing new ideas on how to tackle or correct things too.
      Thanks, Kassy

  • clement griffiths says:

    I have set up a program where we have dumped the standard into Excel and have included a questionnaire against each clause.
    We audit as a team there is a lead auditor and a team member. The process is slow because after they conduct the audit it comes to me and I function as a technical reviewer , this means that I ensure that they have interpreted the clause correctly and that they have asked the tough questions needed to get good answers. Similarly I challenge the team to use our incident history over the year to challenge if processes are both documented ad effective.
    Typically an audit coming to me as completed is weak on objective evidence has zero to 1 non conformances and needs a lot of work so I step in make the changes and send the audit back to the team This however is only our second year doing our own internal audits.
    Adding audit questions against each clause is helpful. Also useful is including an NCR summary with each audit. By the way I do the root cause and corrective action.

    • Kassy Marsh says:

      I love that you’re providing your auditors with questions, that’s just what we’ve done in our internal audit pack. Having a lead auditor and a team member on the audit is great too, and by checking their work when they’ve completed and helping them to understand what they’ve missed – you’re helping them to improve each time they do an audit. Sounds like you’ve put a great deal of work into this, to set it up and run it – no doubt it’s paying off! Thanks for sharing this, there are lots of great tips in your comment. 🙂
      Thanks, Kassy

Leave a Reply