BRCGS 3.5.5 - Non Conformance for not scheduling audits based on risk assessment
We recently (yesterday) finished our unannounced BRC packaging 6 audit during which we received a NC for our internal
auditing system, under clause 3.5.5, we carry out internal audits on a monthly basis and process audits on an annual basis, the NC
was for the audits not being scheduled on a Risk based analysis. A couple of questions has anyone else fallen foul to this one and if so
do you have a RA template you would like to share.
TIA
Ian
Safefood 360 has a great risk assessment outline for use with internal auditing, just make sure the risk assessment is complete and transparent to each standard section using emphasis on fundamentals within the clause.
Attached is a fictitious RA for audit frequency example. It is also not for packaging, but i think you will get the idea. Just an idea
Attached Files
I just include the word "risk" in my justification for frequency in annual audit plan.
Attached is a fictitious RA for audit
frequency example. It is also not for packaging, but i think you will get the idea. Just an idea
That looks remarkably familiar :secret: ;)
We recently (yesterday) finished our unannounced BRC packaging 6 audit during which we received a NC for our internal
auditing system, under clause 3.5.5, we carry out internal audits on a monthly basis and process audits on an annual basis, the NC
was for the audits not being scheduled on a Risk based analysis. A couple of questions has anyone else fallen foul to this one and if so
do you have a RA template you would like to share.
TIA
Ian
Hi Ian,
A simple matrix as posted above should be fine to fulfil the requirements. Attached is a combined RA/ schedule based on the risk. It is always good to add a column for comments on your risk assessment, I do that on a separate sheet in a remarkably similar format to the file posted by kingstudruler1 :smile:
BRCGS Packaging Issue 6 Audit Plan with Risk Rating.png 923.01KB 0 downloads
You don't need to carry out as many audits as the schedule shown but obviously you should prioritise based on risk.
Kind regards,
Tony
We received a non-conformance on this section as well. Part of the NC was due to our risk assessment only listing Likelihood, Severity, and overall scores with justification details. We were assessing it as a generalized failure (L/S) of the category and didn't have specific criteria laid out in the assessment, so we were dinged on that.
What they had "seen done in other facilities" was listing quality, legality, authenticity, integrity, performance, financial gain, food safety, non-conformances - each with their own subsections of criteria to consider. Some of which were considered in the assessment but weren't specifically detailed on the RA. Something to consider.
Why are GFSI schemes starting to become you must risk assess everything? Risk assessing your internal audit schedule now?! Seems a bit of an over reach to me. I just don't get it...