Third-party audits are a fact of life in today’s food processing industry. They are also an integral part of doing business. Food and beverage processors, ingredient suppliers and packaging manufacturers must successfully complete audits to maintain supplier relationships and be accepted as a new supplier.
Ideally, companies should view audits as an integral element of their continuous improvement programs. Unfortunately, far too many operators view audits simply as something that they have to pass.
I have conducted audits on six continents. One question that I have been asked all over the world is, “What score do we need to pass?” This indicates that the company is a bit unclear on the concept. Not everyone has adopted this attitude, however. Another response that I prefer is:
“We really don’t like these audits, but we realize that they are a necessary part of doing business, so we welcome them as a tool for improving our food safety management system.”
Among the many different audit schemes, there are four processor-focused Global Food Safety Initiative (GFSI) schemes, plus a number of private schemes. The GFSI benchmarked schemes, including SQF (Safe Quality Foods), BRC (British Retail Consortium), IFS (International Federated Standard) and FSSC 22000 are the gold standards for food safety. A large number of other schemes are industry dependent, and may or may not have undergone review by GFSI and are truly private audit schemes.
Here are a few possible audit goals:
- Assuring the safety of products, raw materials and packaging.
- Meeting the demands of current and potential customers.
- Identifying food safety management system gaps to continuously improve.
- Informing customers and potential customers about a processor’s operations.
However, the industry should ask itself one question with each audit scheme: Does it need revised? There is a disturbing trend with some audit schemes evolving (some say devolving) into what are called checklist audits.
A checklist audit is just like it sounds. The auditor looks at the operation and evaluates each element on his or her checklist by checking the box under that section. Depending upon the audit, the boxes might read, “yes, no or not applicable” or “fully compliant, partially compliant or not compliant.”
The auditor can complete a checklist more quickly and does not have to be as well-educated or trained. It takes more education and training to properly conduct an assessment than to check a box.
As an example, let us suppose a company has a critical control point or process preventive control that requires a validation study. The auditor should have the ability to properly evaluate the validation study. Was it properly done? Did the group doing the validation select the proper test organism, or did they do the necessary heat distribution studies?
The auditor should not simply check a box that says that the company has established a program in an area. Rather, the auditor should have the skills and knowledge to critically examine the program and assess whether all the elements and programs comprising the food safety management system are effective. The lack of an assessment is the audit report is perhaps the most significant weakness in checklist audits. This is especially true since the audit is usually shared with existing and potential clients. Receiving a report that describes different elements as being “fully compliant” or “partially compliant” tells the reader very little about what goes on in suppliers’ operations.
Another element vanishing from checklist audits is a detailed description of the evaluated company. The audit report should include complete information on the processing facility, including size, construction, products, work schedules, products manufactured, and other details about the site and grounds.
Reading through third-party audit reports in the last few years has become quite frustrating. The lack of a description about plants and food safety management systems, along with endless pages listing audit elements with no supporting details, provides no real understanding of the operation. This lack of detail leads some buyers, whether processors or market chains, to conduct their own audits—something that I fully understand.
Perhaps the greatest concern is the checklist audits’ simplicity makes it easier to “just pass the audit,” as many are looking to do. Operators may not focus on excellence and only meet basic requirements. This attitude is counter to a basic HACCP principle: strive to continually improve food safety programs. How can a prerequisite program, such as cleaning, be done better? Faster? More efficiently?
So, the industry is doing itself no favors by accepting checklist audits. Processors would do better to encourage audit firms to be more critical and eliminate the checklists.