FLEP Working Party on Audit

"I am not young enough to know everything. " - Oscar Wilde (1854-1900)

1. Background Within the European Union, a whole new approach has developed to the way food hygiene and safety rules are written. Once regulations were quite prescriptive in that the dos and donts were set down in detail. Now the law lays down objectives which have to be reached, but does not prescribe, in as much detail, how to reach those objectives. At the same time, certain underlying principles of food law are beginning to emerge. Amongst these is the concept that primary responsibility for food safety lies in the industry. Against this background, the food industry has had to undergo a cultural change from a system of dependence on state regulation to one of self-regulation, but self-regulation based on legal compliance and the best standards achievable. State regulatory systems have, at the same time, therefore to become less the inspector of prescriptive rules and rather more the auditor of industry food safety management systems. In recognition of this development, the Commission had proposed in draft legislation that officials in the food control authorities of the competent authorities in the Member States have adequate knowledge and training of auditing. Increasingly it has been observed that the Food and Veterinary Office, during its missions to assess the competence of the food control authorities in Member states, has sought evidence that national officials use auditing techniques. Given that inspectors have to increasingly adopt the role of auditor, it is opportune to consider what are the training needs of inspectors. A number of MS have proposed to provide their officials with training in auditing 2. Terms of Reference The working group was given the following terms of reference To look at the knowledge and skills in audit that food law enforcement practitioners need to ensure their competence and consider the training implications 3. ISO 10011 Series It is important to note that the International Standards Organisation has developed the ISO 10111 series namely ISO 10011-1 Guidelines for Planning and Performing Audits ISO 10011-2 Guidelines for Selecting Quality Auditors ISO 10011-3 Guidelines for Managing Quality Auditor Programmes Whilst this series was developed to compliment the ISO9000 series, nevertheless, certain general principles have been set down. It is important therefore that any training includes familiarisation with the general protocols. For instance the standards provide advice on The Purpose of an Audit A lead Auditors Role An Auditors Role

June 2001 Raymond Ellard

3.1 Purpose of a quality audit. Quality audits are performed in order to: Determine to what extent a quality system: Achieves its objectives. Adheres to corporate requirements. Complies with regulatory requirements. Meets customers' contractual requirements. Conforms to a recognised quality standard. Improve the performance of a quality system. List a quality system in the registry of an independent agency. Verify that a quality system continues to meet requirements. 3.2 Lead Auditor's role Manage the audit. Assign audit tasks. Help select auditors. Orient the audit team. Prepare the audit plan. Define auditor qualifications. Clarify quality audit requirements. Communicate audit requirements. Prepare audit forms and checklists. Review quality system documents. Report major nonconformitys immediately. Interact with auditee's management and staff. Prepare and submit audit reports. 3.3 Auditor's role Evaluate the system. Carry out assigned audit tasks. Comply with audit requirements. Respect all confidentiality requirements. Collect evidence about the quality system. Document audit observations and conclusions. Safeguard audit documents, records, and reports. Detect evidence that might invalidate audit results. Determine whether the quality policy is being applied. Determine whether quality system procedures are being followed. Establish whether quality system is able to achieve its objectives. The Standard also details the essential elements of an audit namely 1. 2. 3. 4. 5. The auditor should begin planning the audit by reviewing documents which describe the quality system and explain how it is attempting to meet quality system requirements. Prepare an audit plan. Begin the audit with an opening meeting with the auditee's senior management. Prepare audit working papers.(Checklists and forms) Collect evidence. Audit evidence can be collected by: 6. Interviewing personnel. 7. Reading documents. 8. Reviewing manuals. 9. Studying records. 10. Analysing data. 11. Observing activities. 12. Examining conditions. Confirm interview evidence. Investigate clues. Document observations. List nonconformitys or non compliances Draw conclusions.

13. 14. 15. 16. 17.

June 2001 Raymond Ellard

18. 19. 20. 21. 22.

Discuss results Prepare audit report. Submit audit report. Take remedial action Schedule follow-up audit.

3.4 Auditors The Standard also provides guidance on the selection and abilities of auditors Auditors should be educated, knowledgeable, trained and experienced Draw rational conclusions based on evidence. Evaluate evidence in a fair and impartial manner. Auditors should be competent. In order to assure competence, auditors should be evaluated at regular intervals and their current knowledge should be confirmed. It is recommended that they be selected by an evaluation panel.

3.5 Audit Programmes Part three of the standard explains how to manage an audit program. A number of key issues emerge. Audit managers must have practical experience and be able to identify the standards that are to be used to perform the audit. They should have the technical and professional qualifications needed to carry out a proper audit. They should be able to ensure consistency between auditors. It an essential role that they support continuous improvement. of the audit process 4. Current Experience 4.1 United Kingdom Currently planning to introduce audit training for inspectors. It is intended that the course will satisfy ISO 9000 and also incorporate a Lead Assessor qualification. 4.2 Spain Due to the importance of the fishing industry to the economy of it was decided to start with accrediting this industry - a Quality Management Manual is completed and a protocol document on inspection is under preparation. In order to inspect fish premises an officer must be accredited to ISO 10011. Protocols under EN 45004 are also being developed. All inspectors have undergone some training in HACCP some completed a course on HACCP under ISO 10011. 4.3 Norway The Norwegian Food Control Authority (SNT) is responsible for 1,000 premises and delegates responsibility for inspection to Local Food Control Authorities (KNT) who act as their paid agents. Local Authorities have 39,000 premises approximately for whom they are responsible. It is the responsibility of each premise to be aware of legislation and incorporate relevant legislation into their business practices. The SNP in co operation with Det Norske Veritas (DNV) run a 3 day course in auditing of quality assurance systems, which is offered to staff of KNT. The course is run on a company's premises and course attendees carry out audit of that company. Copy of the course programme attached. When carrying an audit, the company is contacted prior to the visit to agree a date and to give sufficient time to go through some of the company's paperwork. At the opening meeting, which lasts for approximately 15 minutes the officers, will go through their audit plan. They will then interview relevant people, go through system, observe employees and check for non-conformities and action to be taken by company when they occur. At the closing meeting they will inform the company of what they found, the legislation that applies to them etc. 4.4. Ireland The Food Safety Authority of Ireland in conjunction with control officials and training agents developed an audit training course for Environmental Health Officers. The course has since been validated by a national University and is now offered to all suitable graduates. Approximately 200 of the 350 officers have attended this course. The course takes about 140 hours to complete and includes classroom time, private study, written assignments, a supervised audit of a food premises, two unsupervised audits, submission of the three audit reports and a two hour written examination.
June 2001 Raymond Ellard

4.5 Internal Auditor Training From research in the market place, a typical internal auditor training course for ISO 9002 takes about three days to complete and includes the following Quality principles Requirements of ISO 9000 Series Basics of auditing Audit preparation Using checklists Opening the audit Gathering information Psychology of auditing Efficient post-audit meetings Audit reporting - Writing Audit follow-up

5. Auditor Training for Control Officials Based on the requirements of ISO together with practical knowledge of current experience, it is suggested that any training course in auditing for food control officials should be practical as well theory based. It should also aim at auditing legal compliance as well as the food safety management systems in place. 5.1. Objectives On completion of the training programme, participants will be able to: Interpret the appropriate legislation and any relevant codes of practice Describe the various components of a Food Safety Management System and methods for their verification; Plan and schedule a food safety audit/ inspection programme Develop and document procedures/checklists for carrying out food safety audit/ inspection based on the relevant regulatory requirements. Conduct an audit, assess non-conformances in relation to risk to food safety and identify appropriate corrective actions. Prepare an audit report in accordance with prescribed format. 5.2 Programme elements The following elements should be covered Legislation and Codes of Practice Food safety and Quality Management Food safety Management Systems Validation Verification Audit Scheduling and Planning Auditing Skills Observation, Questioning, Recording Assessment of Non Conformances/ non compliances Audit Report Audit Practice 6.0 Harmonisation It is suggested that if it is intended that that auditor skills become a legal requirement for food control officials under European legislation, then the European Commission consider providing guidance on the nature and extent of the skills necessary. June 2001

June 2001 Raymond Ellard