Are food fraud prevention audits really valuable? Yes, to meet the goal of identifying a compliant process and to ‘demonstrate implementation.’ But there is often confusion about the purpose of an audit versus an inspection, investigation, or prosecution.
There is often criticism that a food fraud prevention audit – such as for a GFSI-related food safety management system implemented by FSSC 22000, SQF, BRC, IFS, and others – is ‘just a checklist.’ While a thorough audit could be a ‘yes or no’ list of questions when a company creates its responses, there are often many discussions and reviews that occur before the final decision is entered. Often, many formal approvals are needed for a company to answer ‘Yes, we have a management system in place’ and ‘Yes, we have the sign-off from a company officer.’
As the audits evolve, there are more thorough questions such as ‘demonstrate implementation,’ and confirmation that they cover ‘all types of food fraud’ and ‘all products from incoming goods through to commercial products in the marketplace.’
In addition, if a company states that they are fully compliant with the food fraud prevention requirements then a customer can – and more frequently does – ask for that documentation. If you are fully compliant, those documents should be readily available. (To note, our recent Food Fraud Annual Update survey found that less than half of the companies were 100% sure they were compliant! Further, we found that of those companies, many were ‘overconfident’ when addressing the full scope of all types of food fraud.)
Webster’s Dictionary Review of the Terms:
- Audit (verb): (1) to perform an audit of or for [e.g., audit the company, audit the books].
- Audit (noun):
- (1) a methodical examination and review,
- (2) a formal examination of an organization’s or individual’s accounts or financial situation.
Also, definitions of the related terms:
- Inspect (verb):
- (1) to view closely in critical appraisal,
- (2) to examine officially,
- (3) a checking or testing of an individual against established standards.
- [Inspection (noun): The act of inspecting.]
- Investigate (verb):
- (1) to observe or study by close examination and systematic inquiry,
- (2) to make a systematic examination, especially: to conduct an official inquiry.
- [Investigation (noun): The act of investigating.]
- Prosecute (verb):
- (1) to bring legal action against for redress or punishment of a crime or violation of law,
- (2) to institute legal proceedings with reference to.
- [Prosecution (noun): The act of prosecuting.]
From the GFSI Food Fraud Technical Document
GFSI provided detail on the expectations of the audit and auditor. There is a realization that the audits for a new concept, such as food fraud, will start simple and then get more detailed and thorough over time.
- “During a food safety certification audit conducted against GFSI-recognized schemes, the auditor will review the documentation related to the vulnerability assessment process and confirm that a comprehensive control plan, as outlined in the [position paper] Appendix, has been developed and implemented by the company. ”
- “With this in mind, there is an awareness that addressing food fraud is new and different for those being audited as well as the auditors.”
- “The auditor is not expected to detect fraud or affirm that an anti-fraud program is capable of ‘preventing fraud.’ This approach is very much in line with the verification of a HACCP plan during the food safety audit.”
These comments clearly define the role of the audit rather than a more detailed inspection or investigation. In some cases, a more complex and in-depth activity is necessary, but it is a different activity.
Types of Audits
To go into detail, there are three types of GFSI-related audits for food fraud. Sometimes, you could pass an audit but not actually be compliant! There are three situations where the auditor asks:
1. All the relevant food fraud questions.
2. Some but not all of the food fraud questions.
3. None of the food fraud questions.
To note, the food fraud requirements were fully required in January 2018, and, logically, the depth and breadth of the audits have expanded in the last five years (side note: can you believe it’s already been five years since the start of the requirements?)
Receive a Certification but not Compliant?
It is possible that an auditor did not ask all of the food fraud compliance questions. In this case – which is decreasing as the auditors get more experienced with the topic – you could pass the audit and receive certification but not actually be compliant.
As a competent manager of your key job responsibilities, you want to know if you are NOT compliant. To try to figure this out, you can review your food safety management system specification for the details, you can check your audit reports to make sure all the questions were asked and reviewed, or you can conduct a gap analysis (for example, you can see our Primer on Food Fraud Compliance.
- Audits are effective for reviewing if a process is in place and is implemented – but an audit is not the same as a more detailed inspection or investigation.
- Just because you passed a food safety certification audit in the past does NOT mean that you are fully compliant with the complete food fraud prevention requirements – review the food fraud section of your last three audit reports.
- MAKE SURE to know if you fully comply with the GFSI-related food fraud compliance requirements – if you are not, then you have some time to do a gap analysis.
More definitions from the Food Fraud Terminology Glossary of Terms:
(Selected terms from the 800+ word list.)
- Audit (GFSI): A systematic and functionally independent examination to determine whether activities and related results comply with a conforming scheme, whereby all the elements of this scheme should be covered by reviewing the supplier’s manual and related procedures, together with an evaluation of the production facilities.
- Audit (ISO 22380): systematic, independent and documented process (3.180) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled; Note 1 to entry: The fundamental elements of an audit include the determination of the conformity (3.45) of an object (3.151) according to a procedure (3.179) carried out by personnel (3.169) not being responsible for the object audited [assessed].
- Audit Agent (FDA, FSMA, US CODE): The term ‘audit agent’ means an individual who is an employee or agent of an accredited third-party auditor and, although not individually accredited, is qualified to conduct food safety audits on behalf of an accredited third-party auditor.
- Audit, Consultative (FDA, FSMA, US CODE): The term ‘consultative audit’ means an audit of an eligible entity— ‘‘(A) to determine whether such entity is in compliance with the provisions of this Act and with applicable industry standards and practices; and (B) the results of which are for internal purposes only.”
- Auditor (GFSI): A person qualified to carry out audits for or on behalf of a certification body.
- Auditor (ISO 22380): person who conducts an audit (3.13)
- Auditor, Third-Party (FDA, FSMA, CFR): The term ‘third-party auditor’ means a foreign government, agency of a foreign government, foreign cooperative, or any other third party, as the Secretary determines appropriate in accordance with the model standards described in subsection (b)(2), that is eligible to be considered for accreditation to conduct food safety audits to certify that eligible entities meet the applicable requirements of this section. A third-party auditor may be a single individual. A third-party auditor may employ or use audit agents to help conduct consultative and regulatory audits.
- Inspection (Black’s law): The examination or testing of food, fluids, or other articles made subject by law to such examination, to ascertain their fitness for use or commerce. … Also the examination by a private person of public records and documents; or of the books and papers of his opponent in an action, for the purpose of better preparing his own case for trial.
- Inspector (ISO 22380): person who uses the object examination function (3.152) with the aim of evaluating an object (3.151); Note 1 to entry: Any participant (3.163) within an identification and authentication system can act as an inspector; Note 2 to entry: Inspectors can have different levels of qualification and training (3.265); Note 3 to entry: The inspector can be an automated system.