I recently attended a food safety conference where I presented on the topic of 3rd party audits, specifically around expectations and trends in supplier audit programs. As I was preparing for my session, I decided that it wouldn’t make sense to only talk about supplier audits since most everyone in the audience could be considered both a customer and a supplier within the food supply chain. And we have all been dealing with the increasing burden of audit requirements. Whether we are talking about GFSI or ISO, customer due diligence, supplier verification or now FSMA, having a comprehensive audit management program is a necessary component of your Food Safety Management System (FSMS).
Importance of 3rd Party Audit Programs
So the big question is—why so many audits? Well, it all comes down to the adage “trust but verify.” In this new age of stricter food safety regulations and legal responsibility, everyone is going to want ensure they have verified that their supply chain is up to snuff. This means digging deeper into what is happening both up and down stream of our business. Which equates to the need for more visibility and control. The result—a never-ending cycle of me auditing you and you auditing me…but there are ways to streamline the process. The challenge to the industry is to have effective verification systems in place while not overly stressing everyone by requesting they do the same thing over and over again. Audits are a critical tool to assess food safety programs, determine gaps or weaknesses, document findings and corrective actions, and initiate prevention and improvement activities so we don’t want them to go away. We just want to do less of them in a more efficient, effective manner.
Types and Uses of Different Audits
Audits can be used for both internally to review your own processes or externally to verify your partner’s programs and practices. There are a number of different audits we can use to ensure that our supply chain is safe.
You can use internal audits to assess yourself. This could include:
- An annual review of your entire food safety and quality plan—which should cover what a GFSI or other 3rd party food safety and quality audit would.
- Monthly GMP audits—where you will look closely at food safety and GMP behaviors, records, and the physical condition of facility and equipment, tools, etc.
- Weekly walkthroughs—which are less formal reviews of the overall state of the facility, again looking at behaviors and physical conditions. You may want to quiz your employees on their food safety knowledge and complete any on-the-spot individual retraining that is needed.
- Daily sanitation and maintenance assessments—will help you ensure that your sanitation crew has cleaned and sanitized properly prior to restart of production and that maintenance is being completed in a manner to prevent food safety concerns.
- Corporate compliance and risk audits—that verify that the FSQA department has covered all the necessary bases and the company won’t have to deal with any catastrophic adverse events due to negligence.
Learn more about Audit Management in My Podcast
(Or listen to the podcast here)
Supplier Audits are reviews that you perform on your suppliers, contract manufacturers, co-packers and other partners to ensure that their FSMS is equal to or exceeds your requirements and expectations. History has shown that a lot of recalls are a result of an upstream product issue.
Some options to use to complete supplier audits include:
- Desk or virtual audit—look at what you can accomplish remotely. Request copies of their food safety programs and records, other audit reports including their findings and corrective actions, and/or use electronic tools to view documentation.
- Accept a GFSI or ISO audit—the original goal of GFSI certifications was to reduce the number of audits that were being used by and on food and beverage businesses. This can be a great way to verify their systems without having to physically visit their facility.
- Use your internal audit team—having an internal audit team provides some additional assurances that your auditor has been trained to your requirements and expectations and can focus more specifically on your individual business needs.
- Use a 3rd party audit resource—often businesses will outsource the audit to a 3rd This helps to free up internal resources for other activities and adds an element of objectivity.
- Complete a targeted audit—lastly, you could look at narrowing the focus of your audit. If you can complete a comprehensive desk or virtual audit, your visit to the supplier may only need to include a review of specific programs that showed weaknesses or gaps and areas of the facility that are directly related to your product.
The last type of audit is a Customer or Certification Audit that is completed on your business. This could be a customer requirement to obtain a GFSI certification or a business need around organic, non-GMO or kosher certification. It could be a customer coming in with their own specific audit—either with a 2nd or 3rd party auditor. The list we provided above for supplier audits would be applicable to these types of audits as well. Don’t be afraid to share your 3rd party audit reports, findings and corrective actions. You may find that customers will ask for a less rigorous audit/visit if you are transparent with other audit information. And your internal audit findings can be put into play here as well. It’s about providing transparency to allow them to trust you and your systems. After all, the safety of their brand is in your hands.
How to Make Audit Data Work for You
Lastly, we need to think about audit findings as actionable data. What do you do with all that audit information? How does it relate to your FSMS? Does it affect other parts of your business? Are you inputting it into different tools to determine risks, new hazards, trends, changes in behavior, gaps in current processes, and so on? There is a lot you can do with your audit data if you are recording and managing it correctly. I like to break audit data down into 2 categories— findings that result in compliance activities and findings that provide us with improvement activities.
Compliance Activities would include:
- Corrective Actions—which involves fixing any problems that were identified during the audit.
- Preventive Actions—which help to put measures in place to preventive problems from recurring.
On the flip side, audits should also be identifying positive observations and areas within your FSMS. These can then be used proactively to drive enhancements within your business.
Proactive Activities would include:
- Best Practices—should be noted and documented so that they can be shared across the company.
- Continuous Improvement—initiatives can be driven by items noted within the audit process. You can utilize auditor or customer recommendations to take your business to the next level.
I challenge you to take some time to really go through your audit program and understand all the different information that you are capturing to both help streamline your audit processes and determine how you can use that data to elevate your compliance and improvement activities.
There are a number of ways that you can leverage technology in order to support your audit management program. Software solutions that allow automation, integration, standardization, organization and good data management will help ease the burden of the numerous audit requirements that have become the norm these days.
Feel free to listen to our podcast to learn about some practical guidelines you can follow to implement a comprehensive Audit Management Program.
For more information on this topic, register below for our live webinar “A Review of the Expectations & Trends in 3rd Party Supplier Audits.” Visit us at www.etq.com for more information on Food Safety Management System resources.