Is preparing for third-party audits an oxymoron?
A friend of mine recently referred to the phrase “preparing for a third-party audit” as oxymoronic, and I agree with him, in part. Food processors should be ready for an audit at all times, whether the audit is announced or unannounced. Once a processor’s food safety management system has been developed, documented and implemented—including verification activities, worker education and training, and programs to ensure continuous improvement—the company should not need any preparation. Why? The audits developed by organizations such as AIB, Silliker Labs and others are basically GMP and food safety audits, and processors should be operating under these food safety protocols day in and day out.
However, if a processor is undergoing a first-time Global Food Safety Initiative (GFSI) audit or is committed to becoming ISO 22000 certified, preparing for an audit is necessary. But preparing for an audit means different things to different companies. Some conduct a complete review of procedures and work instructions, and sometimes rewrite many of them. Others may prepare for an audit by shutting down the plant. Shutdowns allow processors to conduct heavy cleaning, maintenance and other activities. A sure sign that a facility has shut down in preparation for the audit is the smell of fresh paint.
Many years back, I conducted an unannounced audit of a plant at the request of the company’s quality group. One finding was that the company shut down for a full week prior to all scheduled audits. There was also evidence that management was letting things slide somewhat, assuming they could fix problems prior to the audit. My recommendation to the corporate staff was they no longer announce third-party audits in the hope this would keep people on their toes. It worked.
Several years later, I saw the plant’s quality manager at a meeting. He told me things improved dramatically once they made a commitment to maintaining the quality, safety and sanitation programs rather than preparing for the audits. He also said the plant’s productivity had improved because the pre-audit shutdowns had been eliminated.
Preparing for an audit not only can adversely affect productivity, it can be very dangerous if the organization decides to rework its procedures. For example, if an audit is scheduled for March 1, and staff members work frantically to update procedures through the last days of February, where is the time to get the new protocols properly implemented?
Plus, when the audit starts on March 1, any good auditor will look not only at procedures, but also the dates. If he or she is shown a revised protocol dated February 28, the obvious questions will be: “Has this revised protocol been implemented?” and “Have employees been trained on the revised protocol?” All too often, the answer to each question will be no, which means the company is not following its documented protocols.
Consequently, if a processor intends to revise, update or create new procedures or work instructions, it should allow enough time to train its workers and implement the protocols, prior to the audit. The processor also must be sure everything—revisions, training and activities—is properly documented and verify the changes were implemented and effective.
For processors, the greatest challenge with third-party audits may be that they are often a moving target. Audit firms, GFSI, certification bodies and others are either constantly modifying their audit schemes or how they are interpreted. One manufacturer recently told me that the company was marked down in an audit because the procedure did not use the “expected language.”
Preparation is essential and necessary when a company adopts a new audit scheme. For instance, companies that have made a commitment to adopt ISO 22000 indicate they usually work for a year or more to develop, document, implement and maintain the system. (This includes worker education and training, and verifying the programs are not only working as designed but are effective.) However, once a company has gotten its systems in place, there should be minimal, if any, preparation for audits. If management is committed to maintaining the systems, then all should be well.