Copyright © Global Coalition for Sustained Excellence in Food & Health Protection, 2011 and ALL subsequent years: Unauthorized use and/or duplication of this material without express and written permission from this blog’s authors and/or owners is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Global Coalition for Sustained Excellence in Food & Health Protection with appropriate and specific reference and/or link to the original content.

Thursday, 23 May 2013

The Continuing Case for Effective Internal Food Safety Audits


Why does the auditing industry demand internal audits but remain afraid of them and how long can this go on? Why are well-qualified auditors continuing to be under-utilized in a system that requires them to simply fill out checklists and issue superficial certifications?

I believe we can do better and, thankfully, I am not alone. Many people have raised this issue. Richard F. Stier is one of these people . You may read his article on the Food Safety Magazine website. A link to the article is provided at the end of this post.

What Differentiates Internal from External Audits?

An audit is a good way to expose the weaknesses of implemented food safety and quality assurance programs for remedial action but the dynamics of external audits generally go against this function of audits. In the commercialized food safety auditing scene, passing the audit is the main focus of the audited parties. The focus should be on exposing and addressing all points of weakness in the implemented programs as it is in most internal audits. No audited party, though fully aware of the weaknesses that exist, would voluntarily disclose such weaknesses to a third-party certification auditor.

Well developed internal audit programs may be the solution to a lot of the issues facing the industry. The issues include: auditors and consultants conflict of interest; litigation against third parties; complications of the touted "command and control" provisions; imposition of convoluted cookie-cutter sets of requirements; confusion of audited parties about why they are subjected to subjective, constantly changing and a growing varieties of audit rules; insufficient time for the completion of thorough audits due to cost concerns; forced dishonesty of audited parties because of the pass-fail and critical business decision considerations that are associated with the audits; less than impressive results in the reduction of product safety issues in the marketplace; etc.

The usual argument that operations do not know enough or cannot be trusted, therefore they need third-party audits instead of internal audits, is actually disrespectful to the well qualified individuals who manage these operations. Granted, some operations may have incompetent managers but so are some of the third-party auditors sent to audit their systems. Many third-party auditors are highly knowledgeable and experienced, but not all.

Absolutely nothing is wrong with utilizing external parties to conduct internal audits. Under more effective and efficient arrangements, the same pool of experienced experts conducting third-party audits can be utilized as internal auditors and coaches. Companies may directly employ individuals from this pool to conduct true value-added audits. Operations may use their own well researched and properly developed audit guidelines. An operation, with the help of a good coach, can develop an audit guideline for its operation that will beat any of the generic and commercialized guidelines any day. Operation personnel know best about the areas of strength and weaknesses in their operation. External auditors who are complete strangers to the operation can only rely on cookie-cutter guidelines since they cannot truly know the operation as the internal personnel. These alone are sufficient arguments in support of internal audits. An operation may choose to simply use an existing (commercialized) audit guideline for its internal audit but not without properly customizing it. Otherwise it will most likely remain irrelevant to the operation.

Checklists may be used for audits but good audits can be conducted without using monotonous checklists. The industry has sadly become accustomed to the idea that the repeated use of the same convoluted audit checklists with a fixed number of requirements prepared by a committee of individuals with mostly desk-top experience will do the job during every audit.

A summary of some possible differences to consider:

Auditor Protection & Fulfilment:
  • Internal audits are legally safer for auditors
  • Internal audits tend to be more professionally fulfilling (because results achieved against the ultimate goals for the operation are more readily visible)
  • External audits are conducted against externally developed and generic set of requirements;
  • Internal audits are against internally determined and more realistic (real to the operation) set of requirements
Time Availability
  • Internal audits have more time availability than external audits, and can be conducted throughout the year
  • Internal audits provided greater opportunities for deep-dive assessment of deviating instances
  • Unlike external audits that are based on pre-determined sets of requirements, internal audits are designed to have surgical precision, using the modulated audit plan approach and mostly looking with greater intensity at areas where the operation needs improvement.
Bogus Claims

Taking advantage of the natural progression of things that improve with time, some outside parties (purporting to have contributed to such improvements) make fraudulent claims about how successful they are in helping food operations.

The present market place is replete with quack consultants and audit service providers who have capitalized on the status quo. They also dupe unsuspecting clients. Taking advantage of natural progression of things, outside parties capitalize on the fact that most businesses naturally progress by default. Businesses naturally improve their systems, programs and strategies. These may be in the form of increased communication with employees or employee training, better documentation of programs, record-keeping and filing systems that permit ready-access to records, better operation controls, improved work supervision strategies, etc. Since pursuing such improvements is the natural tendency of operations, it is unfair for outside parties to take credit for them simply because they asked some audit questions. With the “conflict of interest” rules that are normally associated with third-party audits, the auditors cannot advice the operations about how to proceed with these improvements. Therefore, it is fraudulent for the auditor to take credit for the improvements.

Based on these facts, any claim by any external party conducting external audits based on externally developed scheme that it has helped you to prevent recalls is bogus. Your company must roll up its sleeves to prevent recalls.

What is more fraudulent is for any third-party audit system to claim the credit for consumer safety improvements simply because certain things improve such as operator participation, systems documentation, reactionary modifications to regulations or requirements, communication between parties, et cetera. In a sense, these may contribute to product safety but they are not the right parameters to measure in arriving at the correct conclusion about consumer safety improvements. The true and measured reduction in the number of product safety failures is a better parameter. Without actually measuring such reductions before and after involvements with a third-party audit system and comparing the data, any attribution of credit to the third-party audit system is fraudulent. The default natural progression of operations with or without the third-party audit system must also be considered.  
Far from being a radical or crazy thought, the call for an honest re-assessment of what the industry is doing is long overdue. A paradigm shift and decisive actions are now needed. 

Fitting Shape to Shape
A dynamic system such as the food safety and quality assurance system that is ever-changing due to numerous variables requires a dynamic assessment approach. This can be most reasonably achieved through internal audits. Only in an internal audit environment can the many variables governing food safety and quality assurance be studied and effectively addressed. The unique dynamism within an operation cannot be effectively addressed by so-called standardized audits that are, by nature, generic with typically fixated sets of requirements. Standardized snapshot audits tend to provide a bulk of information that becomes obsolete as soon as the assessment is completed. Hence the phrase: "at the time of this audit" is frequently found or implied in generic audit reports. Audits need to be designed or (shaped) to fit the dynamic systems that they evaluate.

As I said in the post titled: "The Myth of Standardized Third-Party Assessment Programs", if things continue exactly the way they have always been in spite of observable failures, the industry will continue to experience sporadic but catastrophic failures as it has always experienced.

We cannot continue like those who wait for a storm to hit without taking any action. That, I’d say, is the crazy thing to do. 

You can say something and you can do something. Let the world benefit from your passion for consumer safety.

Read: Article by Richard F. Stier. It also discusses some of the points that have been discussed in other posts.

Posted by Felix Amiri
Felix Amiri is currently the chair of GCSE-Food & Health Protection. He is also the Director of Technical Services at Amiri Food Industry Support Services (AFISS) and the Canada/U.S representative for the World Food Safety Organisation.

No comments:

Post a Comment