Plan: What Are the Rules of the Game?
What is the standard they are using to evaluate you? You need to clearly understand the confines of the audit. This is critical to your success, because a lot of times the auditor will venture outside of those limits.
An important point to remember is that it should also not address things that are not included in the standard.
If you are auditing to SQF, only talk about SQF in your documents. Do not include other requirements from other standards or activities in the facility. Have those in a different system. Keep it simple and to the point. Your goal here is a direct answer to a question in the standard and nothing else.
Know your standard inside and out. You need to know it better than the auditor so you can speak with authority when something comes up that you don’t agree with. You need to be an expert. Besides, how can you write a good program without a thorough understanding of rules of the game?
Do: What Is Your Procedure?
This is the meat of the audit. The auditor has asked about a requirement under the standard, and now you need to show him how you do it. This needs to be written down in a controlled procedure.
For example, SQF 7.2 Section 2.2 deals with document control and states:
188.8.131.52 The methods and responsibility for maintaining document control and ensuring staff have access to current documents shall be documented and implemented.
184.108.40.206 A register of current SQF System documents and amendments to documents shall be maintained.
220.127.116.11 Documents shall be safely stored and readily accessible.
Your goal here is to lead the auditor down a straight and clear path. The auditor reviews the document for compliance to the standard and moves on to his next question. You don’t want to have to move back and forth between multiple documents and piece together an answer. It needs to be direct and clear.
You need to show in your procedure that you cover all the points made in the three sections. If it doesn’t, you can expect a finding.
Based on the requirements of Section 2.2, the auditor is going to want to see:
- A written document control procedure with clear responsibilities.
- A way that staff can access the documents.
- A listing (register) of all the documents in the system
- A document retention or storage system
Check: What Proof Do You Have that It Was Done?
These are your recording forms. Evidence that you did what you said you did. The auditor will also observe behavior to see if it matches what you say.
You go over the procedure with the auditor and then he will want proof that it was done according to procedure. In the document control example, it’s going to be a list of all your controlled documents. Maybe it’s a file in which you keep the master documents. What can you show the auditor to demonstrate that this is how you do things?
You may at this point bring up other areas where you test your system as well. Do you do internal audits to verify the accuracy of your list? Do the control numbers match? Evidence is the key to satisfy the auditor here.
Once the auditor is satisfied, move on to the next topic of the audit. Keep it moving and don’t backtrack once a topic is closed.
Act: What Happens if It Is Not Correct?
No system is perfect. If an auditor sees a perfect system, it means that it is probably not how things actually work in the plant. They will then dig to see if that is true. You want a system that reflects how you do things—why bother if it doesn’t?
They expect to see errors in your system; they expect to see that things didn’t go as planned.
The key to satisfying the auditor here is what you did about it. This is your corrective action procedure. Just like document control, it operates the same. In the case of SQF, section 2.5.5 deals with Corrective and Preventive Action. So, just like document control, you need a procedure that addresses the requirements and proof that it is followed. Your errors are your proof. Once you show the auditor that you have a system in place, that will cover this section as well.
Conclusion: What Do Food Facility Auditors Really Want?
They want clarity.
They want a clear “yes” or “no” to each section of the audit, and they want it as efficiently as possible. Auditing is difficult, and they need to assess your entire system by asking hundreds of questions in a short period.
Make it easy for them by using the Plan, Do, Check, Act model to demonstrate compliance. Make it easy for the auditor and they will make it easy for you.
In the next column, I will discuss how you should handle a regulatory audit.