In the BRCGS FS issue 9 standard, there is a requirement about ๐ฒ๐ฎ๐ฐ๐ต ๐ฎ๐ป๐ฑ ๐ฒ๐๐ฒ๐ฟ๐ ๐ถ๐ป๐๐ฒ๐ฟ๐ป๐ฎ๐น ๐ฎ๐๐ฑ๐ถ๐ ๐๐ถ๐๐ต๐ถ๐ป ๐๐ต๐ฒ ๐ฝ๐ฟ๐ผ๐ด๐ฟ๐ฎ๐บ๐บ๐ฒ ๐ป๐ฒ๐ฒ๐ฑ๐ถ๐ป๐ด ๐๐ผ ๐ต๐ฎ๐๐ฒ ๐ฎ ๐ฐ๐น๐ฒ๐ฎ๐ฟ๐น๐ ๐ฑ๐ฒ๐ณ๐ถ๐ป๐ฒ๐ฑ ๐๐ฐ๐ผ๐ฝ๐ฒ.
๐ ๐ฐ๐น๐ฎ๐๐๐ฒ ๐๐ถ๐๐น๐ฒ ๐ผ๐ป ๐ถ๐๐ ๐ผ๐๐ป ๐ถ๐๐ป'๐ ๐ฎ ๐๐ฒ๐น๐น ๐ฑ๐ฒ๐ณ๐ถ๐ป๐ฒ๐ฑ ๐๐ฐ๐ผ๐ฝ๐ฒ.
For a given clause, is the internal auditor required to:
- audit the site practices against the site procedures and the standard?
- or only against the site procedures as someone else will audit the procedures vs the standard?
- do they need to cover all relevant departments?
- or just a few selected departments because their audit is designed to follow up on a particular issue previously raised?
- do they need to go back 3 months? 6 months? a whole year? when checking records...
- or even further due to concerns in the organisation about archiving and back up systems?
- are they carrying the audit only on one site of a multisite group?
- or are they tasked with covering several/all sites within the group?
- ...
Each audit scope needs to be defined properly to ensure that the internal auditors are clear on what's expected of them, to ensure independence, also to ensure that 'nothing falls through the cracks' and all activities are audited, as per the standard requirements.
Comments