Third-party audits are critically important to food companies. They are the primary tool your customers use to determine if adequate food safety systems are in place. This article covers some of the strategies and tactics you should employ to maximize your chances of a successful audit.
A big audit is coming up. The plant has been preparing for months and this is the final team meeting before the auditor arrives. At some point during the meeting the plant manager turns to the QA manager and says, “Are you ready for the audit?” The QA manager swallows hard and responds, “As ready as we are going to be.”
So much stress and so much pressure just to get a “good score”. Corporate wants to know what happened before the auditor even leaves the plant. Performance evaluations, raises, year-end bonuses and sometimes even jobs are at risk. It’s no wonder people worry about audits so much.
What if I told you it doesn’t have to be that stressful? It doesn’t if you implement some of the things I have learned over the years.
I informally define an audit as verification that things are being performed to established rules. Those rules can be a customer contract, an audit scheme such as SQF or government regulatory standards. For this article, we are going to talk specifically about independent third-party audits.
An auditor is a person.
It’s easy to forget sometimes. They are people with their own story, training and experience. They may be a retired QA director from a major food company with decades of experience. They may be a former plant QA manager in the automotive industry with no food experience. This may be their first audit. They have a story and that will influence your audit.
Few people know that you can choose who audits you. Make sure the person who is coming in to evaluate your plant has the right experience and temperament to work with you. Ask the audit company to provide you with three to five resumes of auditors that they would like to send to your facility. Arrange for interviews with them and choose the one that fits best. You are looking for the right mix of experience and temperament. You don’t have to take who they want to send.
An audit is an answer to a series of specific questions and how you meet them. This is key to how you should approach an audit. The PDCA model is an ideal way to remember this point (see Figure 1).
Let’s address these one at a time.
What is the standard they are using to evaluate you? You need to clearly understand the confines of the audit. This is critical to your success, because a lot of times the auditor will venture outside of those limits.
An important point to remember is that it should also not address things that are not included in the standard.
If you are auditing to SQF, only talk about SQF in your documents. Do not include other requirements from other standards or activities in the facility. Have those in a different system. Keep it simple and to the point. Your goal here is a direct answer to a question in the standard and nothing else.
Know your standard inside and out. You need to know it better than the auditor so you can speak with authority when something comes up that you don’t agree with. You need to be an expert. Besides, how can you write a good program without a thorough understanding of rules of the game?
This is the meat of the audit. The auditor has asked about a requirement under the standard, and now you need to show him how you do it. This needs to be written down in a controlled procedure.
For example, SQF 7.2 Section 2.2 deals with document control and states:
188.8.131.52 The methods and responsibility for maintaining document control and ensuring staff have access to current documents shall be documented and implemented.
184.108.40.206 A register of current SQF System documents and amendments to documents shall be maintained.
220.127.116.11 Documents shall be safely stored and readily accessible.
Your goal here is to lead the auditor down a straight and clear path. The auditor reviews the document for compliance to the standard and moves on to his next question. You don’t want to have to move back and forth between multiple documents and piece together an answer. It needs to be direct and clear.
You need to show in your procedure that you cover all the points made in the three sections. If it doesn’t, you can expect a finding.
Based on the requirements of Section 2.2, the auditor is going to want to see:
These are your recording forms. Evidence that you did what you said you did. The auditor will also observe behavior to see if it matches what you say.
You go over the procedure with the auditor and then he will want proof that it was done according to procedure. In the document control example, it’s going to be a list of all your controlled documents. Maybe it’s a file in which you keep the master documents. What can you show the auditor to demonstrate that this is how you do things?
You may at this point bring up other areas where you test your system as well. Do you do internal audits to verify the accuracy of your list? Do the control numbers match? Evidence is the key to satisfy the auditor here.
Once the auditor is satisfied, move on to the next topic of the audit. Keep it moving and don’t backtrack once a topic is closed.
No system is perfect. If an auditor sees a perfect system, it means that it is probably not how things actually work in the plant. They will then dig to see if that is true. You want a system that reflects how you do things—why bother if it doesn’t?
They expect to see errors in your system; they expect to see that things didn’t go as planned.
The key to satisfying the auditor here is what you did about it. This is your corrective action procedure. Just like document control, it operates the same. In the case of SQF, section 2.5.5 deals with Corrective and Preventive Action. So, just like document control, you need a procedure that addresses the requirements and proof that it is followed. Your errors are your proof. Once you show the auditor that you have a system in place, that will cover this section as well.
They want clarity.
They want a clear “yes” or “no” to each section of the audit, and they want it as efficiently as possible. Auditing is difficult, and they need to assess your entire system by asking hundreds of questions in a short period.
Make it easy for them by using the Plan, Do, Check, Act model to demonstrate compliance. Make it easy for the auditor and they will make it easy for you.
About the Author
Bryan Armentrout worked as a quality assurance executive in the dairy and bakery spaces for more than 20 years leading quality at companies such as WhiteWave Foods and Boulder Brands. He founded a quality assurance and regulatory consulting and advisement business based in Loveland, Colorado. He served as the vice chair of the SQF Technical Advisory Council and has written a best-selling book on business management
This article was first published in Food Safety Tech, and is reproduced with permission.