An Introduction to Internal Audits

BRC Global Standards. Trust in Quality

 Internal Audits

Internal Audits (Section 3.4 excluding 3.4.4)

An internal audit is any audit completed by or on behalf of the company, rather than conducted by a second or third party. For example, a
company with a commercial interest e.g. a supplier audit, or an independent organisation such as a Certification Body.

Effective internal audits are vital to your business as they enable a site to demonstrate whether control systems are working correctly and
effectively, and help you identify areas for improvement.

Senior management should therefore consider internal audits as critical to the business’s operation.

1.0 Requirements of the BRC Global Standard for Food Safety

The Standard defines an audit as a systematic examination to substantiate whether activities and related results comply with planned
arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives.

In section 3.4 of the BRC Global Standard for Food Safety it states:

The company shall be able to demonstrate it verifies the effective application of the food safety plan and the implementation of the
requirements of the Global Standard for Food Safety.

This shall be achieved by means of a planned internal audit programme.

So your internal audit should have two aims:

• To ensure the inspected systems are adequately designed to meet the requirements of the BRC Standard i.e. has your company
identified the correct things to do to meet the Standard.

• To ensure your staff are completing the procedures correctly in line with the documented system.

Therefore, the scope of the internal audit program must cover all areas of food safety and quality systems, including all the requirements
of the BRC Standard, for example, implementation of the HACCP programme, prerequisite programs and procedures and cover both the
systems in place and work practices.

2.0 Planning for effective internal audits

Your internal audit schedule should be prepared in advance so that different areas or activities are scheduled throughout the year. A single
internal audit of all areas on a single day is not recommended.

See Appendix 1 for an example of an internal audit plan. It includes areas that need auditing along with a proposed schedule for
completion. The example also highlights that the frequency of internal audits may vary, with activities in key areas such as hygiene, good
manufacturing practice, foreign body risks and critical control points (CCPs) needing to be audited more frequently than those in some
other areas.

How often an area is audited may be influenced by risk, known issues within the company, best practice or customer requirements.
However, all activities should be covered at least once a year.

3.0 What’s included in the audit and who should carry it out?
An internal audit should examine the process or activity in detail and will usually include:

• Observing how activities are completed

F059 Issue 1 Introduction to Internal Audits

28/8/2013 Page 1 of 6
Internal Audits

• Asking relevant staff how an activity is completed or why it’s completed in a specific way

• Reviewing procedures and records to confirm whether the activity has been completed and recorded correctly
Internal auditors must be independent of the process being audited. For example, it’s not acceptable for workers on one shift to audit
workers on another shift, if they’re completing the same work. This is to ensure that the audit is rigorous and thorough. Also it’s easier for
an auditor to identify corrections or improvements if he or she is not biased or influenced by an in-depth knowledge of that area. External
auditors can be used if required or preferred.

Auditing is an acquired skill and auditors need to be trained to ensure they are carrying out the function effectively. Training shall include
auditing skills, as well as relevant technical knowledge for the area being audited.

4.0 Completing effective audit reports

The use of a checklist or tick list is unlikely to achieve the level of detail required for an internal audit as evidence of the audit must be
documented in a report that contains details of conformity as well as non-conformity.

Where a non-conformity is identified, it’s important that corrective action is completed. The corrective action and the timescales for
completion should be agreed by the auditor and the relevant area manager, and documented on the audit report. The auditor will also
record when the action is satisfactorily completed.

Appendix 2 shows an example of a completed audit report.

5.0 Further Information

The BRC has published a Best Practice Guideline to Internal Audits that can be obtained from www.brcbookshop.com

Quick Tips

• Schedule the whole year of internal audits based on risk assessment

• Ensure all areas of the food safety and quality management system are included

• Ensure that there are sufficient, trained, internal auditors

• Don’t assume auditors can just squeeze an audit in. Sufficient time must be made available

• Set a format or template to ensure consistent records

• Ensure auditors are independent of the areas being audited

• Don’t try to complete all the audits at one time e.g. all on one day or within one week. Use a risk based schedule

These short guides are designed for companies involved in the enrolment program and aim to help you interpret the Standard, and design
robust systems and procedures that meet the requirements. Examples are given to explain the types of documents and procedures and
the level of detail typically required. However, you’ll need to consider the context relevant to your business. The implementation of the
Standard, and whether a resulting system is considered to be conforming or non-conforming by an auditor, is an objective judgement
which can only be based on the evidence collected and observations made during the audit.

Further details regarding the BRC Global Standard for Food Safety can be obtained from enquiries@brcglobalstandards.com

F059 Issue 1 Introduction to Internal Audits

28/8/2013 Page 2 of 6
28/8/2013
F059 Issue 1
Method Frequency Auditor Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec

- Review process
- Check all products & processes
HACCP included 1 X
- Review actions from HACCP
team meeting

Management - Action points from previous

meeting 1 X
Review - Schedule
- Procedures
Approved - Supplier register
Suppliers - Monitoring records
2 X
- Review records
Raw Material - Complete & up to date
documentation eg risk 2 X X
Specifications assessments
- Certificates & test reports
- Forward & Backward traceability
Traceability exercise & associated paperwork 1 X X
- Overview of system
- Investigations & subsequent
Complaints actions 3 X
Appendix 1 – Example of an Internal Audit Schedule

- Trend analysis

- Documentation eg contract,
Pest Control procedures, records 1 X X X
- Corrective actions

- Records

Page 3 of 6
- CCPs
Production - Document Control 1 X X X X
- Changeovers
- Calibration

Introduction to Internal Audits

Internal Audits
 Area Requirement: Control of Non-Conforming Product Date: 14 February 13 Auditor: A Checker
Internal Audits

28/8/2013
F059 Issue 1
BRC Requirement Site Policy Evidence Complies

The company shall ensure that any out of
specification product is effectively
managed to prevent release.
Procedure QM11 & form QRec11
All non-conformities trended for inclusion in management review Y
meetings (log reviewed and management report for 1/9/12)
Waste disposal records checked (Sept – Dec12) against records N
of non-conformities – disposal of outer packaging on 1/1/12
unaccounted for.

Documented procedures for identification,
storage, referral to brand owner,
responsibilities for decision making &
disposal of products.
Procedure QM11 - specifies all requirements –
non-conforming products are stored in
identified area and labelled ‘on hold’, ‘reject’
or ‘QC pass’. Form to be completed and
attached, with copy sent to specified
management. Sign off approved staff only.
Form QRec11 for recording information
Procedure QM11 version 3 dated 1/2/13 in use. Y
Records for Aug 12 – Dec 12 checked and indicated correct sign off.
Random staff check on staff numbers 94, 157 & 196 – queried what Y
they should do with incorrectly baked product.
N

Records of the decision on use or
disposal and records of destruction
where product is destroyed for food
safety reasons.
Form QRec11 for recording information
Records comply with disposals instructions. Y
One pallet of product (failed customer quality checks) segregated for
disposal, correctly labelled and authorised for disposal. Y
Records for 12/1/13 reviewed – correctly completed. Y
Appendix 2 – Example of an Internal Audit Report

Non-conformities Identified:
Non-Conformity Action Responsibility Due By Verified as Complete

Page 4 of 6
Staff numbers 157 & 196 were unclear of procedure Retraining to be completed against QM11 Production Manager 21/2/13 A Checker 22/2/13

Waste disposal records checked (Sept – Dec12) Investigate cause and introduce corrective action. Production Manager 24/2/13 A Checker 25/2/13

Introduction to Internal Audits

against records of non-conformities – disposal of Ensure staff aware of procedure.
outer packaging on 1/1/12 unaccounted for.
 Internal Audits

Notes

F059 Issue 1 Introduction to Internal Audits

28/8/2013 Page 5 of 6
 BRC Trading Limited
21 Dartmouth Street, London SW1H 9BP
T. +44 (0)20 7854 8900 F. +44 (0)20 7854 8901 E. info@brcglobalstandards.com
www.brcglobalstandards.com