BRC packaging internal audit, section 3.5 has been updated quite a lot for issue 6, so let’s go through the changes and what you need to do.
The BRC Packaging Internal audit is a fundamental section of the BRC, so it’s really important that we get it right. Failure to comply, can result in the failure of your audit. An effective internal audit system is the backbone of everything we do – if we look after our internal audits, the internal audits will look after everything else.
There are 6 key elements in this section:
- Audit program
- Audit scope
- Frequency based on risk
- Report writing
- GMP inspections
We’re going to go through each one of these, so you can assess your current system against them – to check you’ve got everything covered.
The standard clearly states that the program needs to audit hazard analysis, your pre-requisites and procedures implemented to meet the BRC standard. So, basically, it’s saying it needs to audit everything in the BRC standard.
We often see an audit program at site when we’re auditing that only covers a handful of the elements in the BRC standard. We can understand why sites do this, carrying out a lot of audits is a real burden to the site, however – if you don’t audit all the requirements, how can you know that they are working effectively?
The easiest way to ensure that you meet all of the requirements of the BRC standard is to have an audit for each section. If you don’t do this at the moment, go through the sections of the BRC standard and compare them to your current audit program – are all of the requirements covered?
This is one point that quite often gets missed. Your audits need a scope. This means each audit needs to have a documented scope, detailing what is going to be audited. If you’re using the clauses of the BRC standard, your scope can be all the clauses you’re going to audit against. If you audit to your own procedures, your scope should list the document references of the procedures that you’re going to audit.
Tip – make sure the scope for each audit starts with a point which checks to make sure that the non-conformances from the previous audit have been closed out.
Frequency based on risk
The frequency of your internal audits needs to be based on risk. Which means you need to carry out a risk assessment and you’ll need to work out a method, for what result = what frequency. For example, low risk may be annually, medium risk may be 6 monthly and high risk might be quarterly. Make sure that your maximum frequency is annual though, as this is a requirement of the BRC.
What we find sites forget to do however (which is clearly stated in the standard), is risk assessing: “the risks associated with the activity and previous audit performance”
When it says the risks associated with the activity, the activity is the scope of the audit. So, for example, for calibration (which would include scales for average weights) what would be the risk of calibration not being effective?
It also says the risk associated with the previous audit performance. So, you need to take into account the number and type of non-conformances that were raised on the last type this audit was completed. Which means, if no non-conformances were picked up because the systems were found to be effective, you can reduce the frequency of the audit (as long as it’s no less than annual). Or, if there were a lot of non-conformances raised because the systems were found to not be effectively working, then you would want to increase the frequency of the audit.
Tip – although it’s not part of the BRC Packaging Standard, it’s a good idea to schedule your audits throughout the year. The BRC Food Standard and the BRC Agents & Brokers Standard, say you must have at least 4 days scheduled throughout the year. Now, in theory you shouldn’t get a non-conformance for not having at least 4 days throughout the year, unfortunately it may come down to the interpretation of the auditor. The fact the other Standards say 4 days, this sort of sets a precedent.
Your auditors need to be trained to do internal auditing. And, they must not audit their own work, so you need enough auditors to be able to do this. We’ve written an article all about internal audit training, which you can read here: Internal audit training and why it doesn’t work: https://techni-k.co.uk/internal-audit
We’ve also written an article on what makes a great auditor which you can read here: Nine habits of a great auditor!: https://techni-k.co.uk/auditor
When writing the audit up, you need to write about compliance and non-compliance (for systems audits, this doesn’t apply to GMP inspections – which we’ll come onto). The requirements around audit evidence have also been increased, in the other Standards, so you’ll find that your auditors expectations will have increased. This means that we need to not only say what was right (compliance) and what was wrong (non-compliance) but we now need to provide evidence of what we audited. This is to stop audits being carried out as a tick box exercises.
If you need to write down evidence of what you looked at, the BRC are hoping that they will be done properly. Recording evidence means that you need to record things like; who you spoke to, the document reference and version you audited, the date and document reference of the records you audited, the date that someone was trained and what document reference they were trained to and photos etc. Basically, you need to make sure that if an auditor checks the audit, they can see the same documents that you were auditing and come to the same conclusions about the result.
If you’re a high hygiene site, you now need to do GMP inspections. A GMP inspection, is not a systems audit, so you don’t have to record evidence of compliance and non-compliance. It’s a more practical assessment, hence why we call it an inspection and you can use more of a tick box exercise to show whether the points are compliant or not. And then, where there is a non-compliance, then you need to provide more detail of what was wrong and what needs doing to correct it.
Do you need help with this?
If you need to update your BRC Packaging internal audit systems in line with the changes to the Standard, we can help. We have both internal audit packs for you to use (which includes GMP inspections for high hygiene sites) and also a gap analysis pack, which you can use to assess your systems to see what you need to do to update them to meet issue 6.