4 replies to this topic

[Mariann]

Hi,

 

Most of the GFSI standards state that each requirement of the standard should be audited annually. Does this mean that every requirement of the standard should really be reviewed every year?  Or is it possible to select on a risk basis those topics that probably have room for improvement or are important for the production of a high-quality final product? 

 

I've read several topics here about internal audits and I'm a bit confused.

 

Some say that they audit their operations according to their own written instructions and practices. How does this style take into account the requirements of the standard? You may have an error in the document or practices that does not comply with the standard requirements. This error is ignored because it is not checked that the requirements of the standard are also met. If someone could tell me in a little more detail how this kind of audit is done, I would be grateful.

 

Some, on the other hand, use e.g. the IFS or BRC checklist, which has all the requirements of the standard. In this case, the requirements are reviewed generically, compared to the company's documentation, operations and practices. I have used this method myself. 

 

[Hoosiersmoker]

We are an SQF certified packaging manufacturer (folding paperboard packaging) and my process is to have the code with me during all IAs. I pull all related documents, review them for compliance to the code, take them to the person responsible for that area of our process(es) and we review them for accuracy in comparison to our processes. Any changes needed are made and, if necessary, a new revision is issued and training scheduled (If necessary). I only use the checklist for recertification audit preparation just to confirm the reviews / IAs are completed. That way, every part of the code is reviewed annually. I break the code into 12 parts and review / audit one part each month. I also review (or send for review) all internal procedures on a separate 12 month schedule. This is the way I have the process written in our system. The code states the elements used must be reviewed annually, but it doesn't say how that works so you have to determine that and write your system based on that determination. But any instructions you create on the application of the code have to satisfy the requirements of the code. Hopefully that helps clarify it a little.

[SQFconsultant]

Review and audit are two different things - one is a glance and the other (audit) is conducting a comparison against the known standard. The audit actually includes a review.

[jfrey123]

Speaking to SQF specifically, they require you to audit your program to the standard annually.  And they require that you document affirmative evidence that you are compliant with each code, meaning you must list the language from your programs that prove they meet the code requirements.  This, along with reviewing these programs, are where you're expected to discover the grammatical errors or gaps in the SOP.

[GMO]

If you're talking BRCGS then guess what?  It's risk assessment time!  But I always when I've done one make sure that we include our factory inspections into that audit because if you're doing a GMP inspection every week or month, you don't (in my mind) need to be specifically auditing that clause that you're covering off more regularly.  Likewise there may be other areas you'd cover more than once a year or partially cover in your GMP auditing then cover in more depth in a systems audit, e.g. your CCPs.

 

I have seen plans where some sections are excluded from audit over 12 months completely.  They kinda got away with it at audit, in that there was no non conformance raised against the internal audit section BUT when you looked at their non conformities, they were often in areas they didn't internally audit.  So there's a "well duh" moment for you!