Embed Size (px)
DESCRIPTION
LRQA Business Assurance Whitepaper discusses how independent third party audits have had a positive effect on food safety.
Citation preview
Why third party audits are good for food safety Alex Briggs, Editor www.businessassurance.com
Introduction
The global food supply chain has become increasingly complex over the last 50 years. Raw
materials are grown on one continent, processed on another, packaged on yet another and
then shipped and sold all over the world. This has led to new logistical challenges and a
dramatic increase in risks to both consumers and global brands as they battle for share of
supermarket shelves. An incident in any part of the supply chain can have legal, brand and
even criminal repercussions for the food brand names that are a part of our daily lives. To
help mitigate such risks and to have better product traceability and control over their supply
chain, many manufacturers and retailers have implemented a range of food safety
management systems standards and schemes, many of which have been independently
certified. For most of the world, this has driven continual improvement, helped mitigate risks,
led to increased efficiencies across the supply chain and helped suppliers reduce costs.
However, in the US, two food safety crises over the past three years have led certain
interested parties to question the role and even complicity of both second and third party
certification industry in managing risks in the food supply chain.
To help put into context where we are today, we should revisit a particular incident that
occurred on Jan. 13th, 2009. On that date, the Peanut Corporation of America issued a recall
for products it had made over the past six months, after five people had died and more than
400 had fallen ill with salmonella poisoning as a result of contamination. Two weeks later, the
recall was extended to more than 400 consumer products made since Jan. 1, 2007, while the
toll from the contamination had reached eight dead and more than 500 sickened in 43 states,
half of them children. The company's factory in Blakely, Ga., which was the source of the
contamination, supplied some of the largest food makers in the nation. The outbreak
illustrated the complexities of the industrial food chain, and left consumers scrambling to
figure out if the food in their cabinets posed a danger. The Peanut Factory salmonella crisis
led to a fundamental review of the approach to food safety in the US. The crisis was directly
linked to the US Government’s Food and Drug Agency (FDA) and their impossible task of
inspecting the plethora of food organisations in the US. Media articles, including an in-depth
one in the New York Times, highlighted the failures in the auditing process, the lack of
relevant experience of the auditor and auditing company as well as the lack of a robust
standard against which the audit was carried out. The article was accompanied by a range of
supporting material that included insight from key food safety stakeholders, each stating what
they thought was wrong with the inspection approach to auditing in the US food supply chain
and outlining possible solutions.
Out of this crisis came a new FDA plan, one which recognized the need for best practice and
more knowledgeable, better skilled auditors. Addressing best practice, the FDA studied the
approach to food safety taken by Australia, Holland and other nations who were considered to
be more successful in mitigating food supply chain risks. To address the limited resource
issue, the FDA installed a system that gave preferential treatment to organisations who could
demonstrate a voluntary commitment to third-party inspection through independent audits and
reports.
Note the word inspection here, as that was the part of the approach that remained
unchanged after the FDA review post Peanut Factory crisis. This fact would come back to
haunt the food sector less than three years later.
Fast forward almost three years and, once again, third-party auditing was at the centre of a
food safety crisis in the US. Between September and December of 2011, a canteloupe-borne
Listeria outbreak killed 30 people, the deadliest food borne illness outbreak in the US in over
25 years. As well as the deaths, 146 people became ill and a pregnant woman miscarried.
A US federal investigation into the cantaloupe listeria outbreak found that the farm that
produced them had ignored government safety guidelines. FDA officials who visited the
Jensen Farms' facility stated that the outbreak could have been prevented if Jensen Farms
had maintained its facilities in accordance with existing FDA guidance. They found 13
samples of Listeria monocytogenes obtained from processing equipment and cantaloupes
and cited several deficiencies in Jensen Farms' facility, such as dirty water pooling around the
food processing equipment, inappropriate food processing equipment which was difficult to
clean and no antimicrobial solution in the water used to wash the cantaloupes.
The congressional investigation report notes that Bio Food Safety, a subcontractor for Primus
Labs, a third party food safety auditor, which was hired by Jensen Farms, gave the facility a
96% rating, "despite finding several major and minor deficiencies". Bio Food said the audits
only deducted from the score if a method or technique was inconsistent with FDA regulations,
but not if FDA guidance was not being followed – hence the rationale behind the high ratings.
What is apparent is that the Jensen Farms audit was a ‘checklist approach’ and not a process
based audit which looks at the whole series of interacting processes that form a management
system. In parallel, and from widely available reports, it appears that the auditor from the
sub-contracted firm to Primus had little or no food sector experience which only added to the
problem, raising even more questions about the 96% rating awarded to the site.
If you are starting to think “wait a minute, haven’t we been here before?”, you are not alone.
Both of these seismic events have highlighted weaknesses in the US approach to food safety.
These incidents demonstrate how much is still left to do in order to mitigate food supply chain
risks, how important experienced, competent, qualified auditors are in the assessment and
certification process and the importance of moving away from snapshot-in-time style audits
and towards a process-based management systems approach to audits that look at the
systems and processes that organisations have in place.
What steps should the FDA, as the government organisation who can single-handedly
influence the behaviour of organisations across the food supply, now take? A start could be
the acceptance and even insistence on industry developed, globally accepted standards and
schemes. Following the GFSI lead, FSSC 22000 and ISO 22000 could be a very good
starting point. The FDA has hinted at an accreditor type role (in other words, they would be
the gatekeeper for auditing bodies, ensuring that only competent auditors with relevant
sector-specific experience are performing audits). Further, this would hold certification bodies
and registrars to a higher level of scrutiny and transparency than is currently the case. That,
in turn, would help build confidence in the assessment process and in the resulting certificate.
While a certificate on the wall will always be a part of the process, it need not be the end all
be all. Ensuring the effectiveness of the systems and processes that govern an organisation
and making sure that risks are properly assessed and managed, that is the true value of
independent assessment.
Transformation - harmonisation of standards
Globally, food has never been safer. Driven by food scares and a heightened focus on risk
mitigation, there has been a move by Governments, manufacturers and retailers to join forces
and put independent third-party assessment and certification at the heart of food safety.
Today’s global food supply chain is exponentially more complex than it was 50 years ago and
yet, the food products that are grown, processed, packaged and sold in all corners of the
globe are significantly safer than they have ever been. That these apparently conflicting facts
can simultaneously exist is largely an output of the collaboration and transparency that is
being led by the most influential food manufacturers and retailers. Two particular areas have
worked together to bring this about; the first of these is the harmonisation of standards.
Harmonised, robust food safety management system standards and schemes have brought
increased transparency and best practise sharing across sectors and geographies.
The Global Food Safety Initiative (GFSI) was formed in 2000 by leading global retailers and
manufacters specifically to address food safety issues and the lack of harmonisation in food
safety standards and schemes. Together with the International Organisation for
Standardisation (ISO), they have drive the move towards a manageable set of globally
accepted management systems based standards and schemes. This move has benefited
suppliers as well, driving down costs by significantly reducing the number of audits they have
to undergo, and ensuring the audits that take place are addressing potential risks. In 2004,
ISO 22000, the first global food safety management system was issued. FSSC 22000, a
complete food safety certification scheme, was developed in 2010 to meet the needs of food
supply chain stakeholders. FSSC 22000 is owned by the Foundation for Food Safety
Certification, an independent, not-for-profit organisation. January 2012 marked the 1000th
FSSC 22000 certificate being issued.
Through the harmonisation of standards, the market at large could now easily benchmark
against international standards and GFSI-recognised schemes such as ISO 22000 and FSSC
22000
As Mark Overland, Director for Global Certification at Cargill commented. “We are rolling out
FSSC 22000 to over 1,000 plants in 67 countries. Having the same level of food safety
execution at every plant is an expectation from our customers.”
Along with the Foundation for Food Safety, both the GFSI and ISO have to be applauded as
very important initiatives. The GFSI’s work on harmonising standards and schemes has
resulted in there now being only 12 approved standards from a starting point of 100, this is
clearly a significant achievement and we may expect the number will decrease in the future.
Transformation – process based approach
The second area is that of an evolving assessment approach, one driven by the strategic
needs of clients and the technical expertise of auditors, which has led to a transition in the
role of assessments and auditors. The days of “a single snapshot in time” checklist style is
fading into the history books and is being replaced with dynamic process-based management
systems audits. Delivered through auditor competency and sector specific expertise, these
audits focus on the systems and processes that strategically underpin organisations and their
supply chains, and it is this holistic approach that is gaining a foothold amongst retailers,
manufacturers and suppliers.
As LRQA client ACP Europe explains, food safety is embedded in their culture. As a
specialist in the provision of carbon dioxide, ACP cannot afford any food safety issues.
“FSSC 22000 delivers a whole new approach to risk management and quality assurance,”
explains Mr Speelmans, Safety Health Environmental Quality Manager “Through LRQA
Business Assurance, the whole network of interacting processes is assessed and monitored
thus providing greater assurance to both internal and external stakeholders and protecting our
brand reputation.”
Whilst FSSC may have come in for some criticism for being costly, the cost savings in real
terms are potentially huge and the value of harmonisation is clearly supported by Wrigley, a
subsidiary of Mars, Incorporated, who stated that, 'Wrigley's North American factories saw on
average a 25-50% reduction of audits by retailers with the adoption of FSSC 22000.'
In direct opposition to the holistic approach embedded into FSSC 22000, the certification
body that undertook the audit at Jensen Farms which lies at the heart of the Lysteria outbreak
commented that “the audits are intended to assess whether the client’s operations are in
compliance with current baseline industry standards—not to improve those standards or push
a client towards best practices.” This is a crucial difference with the management system
audit approach where improvement and best practices are a significant part of the process.
Transformation – auditor competency
A thorough and probing certification process can only be led by auditors with in-depth
knowledge and sector-specific expertise who are able to help organisations minimise risks,
improve systems and processes and delivers confidence for stakeholders throughout the food
supply chain. Martin Bucknavage, member of the Department of Food Science at
Pennsylvania State University, reviewed two of the audits conducted at the Georgia Peanut
Factory plant. His findings included:
• Manufacturers need to be more critical of audits, including determining “What are the
credentials of the auditor?” and
• “Are they familiar with the type of processing operation they are auditing?” and finally
• “Did they evaluate all of the risks associated with that type of operation and the type
of product they make in performing the audit?”
The integrity of the audits and the integrity of the certificate are of the utmost importance. As
Cor Groenveld, Global Product Manager Food Services at LRQA recently commented; “I truly
believe that these can only be delivered by a trained auditor who knows audit skills but also
who knows the sector. I think that this is often a weak spot and we have seen too often with
other companies in other certification bodies, that auditors do not have enough knowledge of
the sector they are auditing so making sure that the auditor has that knowledge is crucial -
that is a starting point.”
The second thing that is really important is that an auditor has to ensure that he really looks
in-depth at the corporate objectives and strategies and understands the vision of the
company. From there the auditor needs to find out what are the real risks in the organisation
and the processes and try to focus on these risks. It has to be a risk-based approach, which is
the only way that an auditor can do an effective audit. Essentially an effective auditor needs to
be bilingual – they need to be able to speak the language of the shop floor as well as that of
the board room to achieve a complete understand of an organisation.
Thirdly, the certification process has to be linked to driving improvement. Again, the technical
expertise of the auditor and the certification has to support the company to drive continuous
improvement. An auditor can challenge the organisation, without being a consultant of
course, and support the organisation by doing a robust and an in-depth audit.
Finally, and with criticism being levied at the auditing process that sparked the Cantaloupe
Lysteria outbreak last year, the point needs to be made that what happened at Jensen Farms
was a second party audit. There is widespread lack of understanding on the difference
between a second party and a third party audit. The official definition according to the
International Register of Certified Auditors (IRCA) is that a 2nd
Party Audit relates to audits of
contractors/suppliers undertaken by or on behalf of a purchasing organisation. IRCA goes on
to define 3rd
Party Audits as audits of organisations undertaken by an independent
certification body or registrar or similar third party organization. What happened at Jensen
Farms was not a 3rd
party assessment but a 2nd
party audit because it was done to a Primus
standard not a certification standard or scheme.
Transformation – the role of certification
The responsibility for driving positive change across the food supply chain is not solely the
responsibility of regulators, retailers and manufacturers. Certification bodies have a vital role
to play in bringing confidence to the stakeholders of assessment and certification. With
organisational objectives focused on delivering safe food, at LRQA, we take our responsibility
seriously as do many of our counterparts within the certification industry. We are actively
driving change by putting in place the mechanisms to effectively train our existing assessors
to ensure that their sector and technical expertise is maintained and enhanced. In parallel,
we are continuing to invest in recruiting new assessors to ensure that we can meet the
‘stakeholder demands of tomorrow.’
But who governs the certification industry? Well, ISO/IEC 17021: 2011 - the standard for
certification bodies - ensure that the regional or country-specific accreditation bodies assess
the certification industry against a consistent standard. It has also extended the competence
requirements to encompass all staff engaged in the certification process. ISO/IEC 17021 has
clear benefits for certification bodies that are looking to set themselves apart through their
transparency, expertise and independence. For these reasons ISO/IEC 17021 offers
tangible, consistent benefits that translate into increased trust and confidence for all
stakeholder groups.
In parallel, there are many legislative controls in countries throughout the world that that add
another layer of protection for consumers in terms of regulating the food supply chain. Yuri
Cosco, from LRQA explained further; “In Belgium, we have a system which is called Self
Checking Guides, which is government regulated. The different food sectors can set up
guidelines that have to be used as a basis for the Food Safety Management System of the
companies in the sector. The government then authorises CBs (after accreditation and the
necessary paperwork) to audit the companies with the specific guide as a basis. There are
several advantages for the companies:
• Financial incentive (up to €15.000 per year)
• Less government audits (which normally have to be paid)
• For some sectors, it facilitates export
This approach means that the government then can focus on companies that are not
assessed by CBs, and that are thus considered as higher risk. The government has already
done studies that point out that companies having a certified system have fewer
nonconformities from the government during official inspections.
Influential organisations in food are helping to position food safety management systems
firmly on the corporate and regulatory agenda. LRQA’s key alliances with organisations such
as the GFSI and the Foundation for Food Safety will deliver added value to clients through
technical insight and enable us, along with other major certification bodies to extend their
sphere of influence. Referring to the calls by the FDA for reforms to third party auditing, Vel
Pillay Food Safety Programme Manager LRQA Americas made an insightful remark; “There is
a general lack of understanding in the difference between certification and accreditation. If
we take the FDA as an example; initially, the FDA indicated that they wanted to become a
certification body to grant certification to third party auditors or audit body. They since have
changed their statement to becoming an accreditation body to certify 3rd
party auditors and
audit body. Fortunately there is a group of very powerful people from the industry currently
working with FDA to educate them on the role of audit bodies and as the FDA does not have
the resources to inspect all food manufacturing institutions, this may be a way of getting more
resources from the Government akin to the Belgium model.
Commenting further on the calls for reform, Cor Groenveld, Global Product Manager for Food
Services at LRQA said; “Using GSFI recognized certification delivered by licensed and
accredited certification bodies is the way forward. Although certification will never be a
guarantee things will not go wrong, the controls put in place by using GFSI and accreditation
enlarges the level of integrity of the audits themselves and in turn the certification.”
Conclusion
At LRQA, we believe that the auditing processes, which were essentially checklist driven,
coupled with the alleged lack of relevant experience for the auditor were complicit in
producing a less than effective report, contributing indirectly to both the 2009 Peanut Factory
crisis, as well as the 2011 Jensen Farms crisis. The systems and processes of both
organisations were clearly ineffective. A robust assessment approach, one that looked at their
systems and processes, embedded continual improvement as a fundamental component and
featured a risk-based methodology would certainly have mitigated the risks to all of the
stakeholders of both organisations to a greater extent, including, most importantly the
consumers whose lives and health were put at risk.
LRQA have proactively worked with food safety stakeholders, including manufacturers,
retailers, suppliers and industry experts to move the food sector away from a checklist based
approach to auditing towards a process-based management systems approach. This
approach looks at the underlying systems and processes that organisations have in place
rather than the ability of that plant or factory to convince an auditor on a given day that that
they comply with a series of items on a checklist. But, it is not enough to have a strong
standard or scheme, organisations need registrars or certification bodies that;
• offer auditors that have extensive experience and proven competence in the sectors
they are auditing in
• can provide a robust process based management systems approach to auditing
• stand up to the client when non-conformities are found and finally
• help the organisations being audited to reduce risks, improve food safety
performance and link their food safety management systems objectives to their
overall corporate objectives.
What is clear is that organisations across the food supply chain, including some of the world’s
leading manufacturers and retailers, are increasingly recognising the benefits of independent
assessment and certification, not only in terms of the cost savings, but also in terms of the
benefits and value it brings. Those organisations that are prioritising potential auditor CV’s
and certification body methodology’s and credentials rather than focusing on price have
clearly understood what is at stake, as well as the benefits that independent, robust 3rd
party
assessment can offer. This approach is helping to drive consumer and other key stakeholder
confidence as well as ultimately helping to safeguard the lives of people around the world.
On the road to food safety, this can only be seen as a positive step.
END
