Bookmark and Share

From: Food Quality & Safety magazine, October/November 2009

Avoid Auditing Pitfalls

High profile food recalls raise questions about purpose, credibility of third-party audits

by Arthur Rumpf

Food companies routinely conduct food quality and safety audits to qualify vendors both on an initial and ongoing basis. Over the years, many different audit schemes have been developed, resulting in significant improvements in food quality and safety. Recent high profile recalls, however, such as the one involving the Peanut Corporation of America, raise many questions about the purpose and credibility of third-party audits.

The peanut butter recall highlighted the pitfalls of depending on government regulatory agencies to help audit vendors. Governmental agencies suffer from inadequate resources and are overwhelmed by increased imports and food categories. Consider some of these statistics related to the U.S. Food and Drug Administration (FDA), which regulates about 80% of the food consumed in the United States:

  • The FDA has oversight of more than 136,000 registered domestic food facilities (including more than 44,000 U.S. food manufacturers and processors and approximately 113,000 U.S. food warehouses, including storage tanks and grain elevators).
  • The FDA or state and local authorities regulate more than 2 million farms, roughly 935,000 restaurants and institutional food service establishments, and 114,000 supermarkets, grocery stores, and other food outlets.
  • Approximately 189,000 registered foreign facilities manufacture, process, pack, or hold food consumed by Americans.
  • The FDA inspects food processing facilities once every 10 years, on average.
  • At the present time, the FDA does virtually no on-site inspection of foreign facilities that export to the U.S. and inspects less than 2% of imported food products at U.S. ports of entry.

Various measures to improve food safety and restore public confidence have been implemented. In November 2007, the FDA issued its Food Protection Plan, and the Interagency Working Group on Import Safety issued its Action Plan for Import Safety: A Roadmap for Continual Improvement. Both plans outlined the possible use of third-party inspections and certification programs to help verify the safety of products from a growing food establishment inventory, both domestic and foreign. The FDA also prepared a guidance document, Voluntary Third-Party Certification Programs for Foods and Feeds (, which discusses recognition and certification for third-party auditing programs.

In response to the recent high profile food recalls and public outcry, Congress has proposed a number of bills, including the Food Safety Enhancement Act of 2009, which requires each food facility to conduct a hazard analysis, implement preventive controls, and implement a food safety plan.

More specifically, the food safety plan requires the secretary of Health and Human Services to:

  • issue science-based performance standards to minimize the hazards from foodborne contaminants;
  • establish science-based standards for raw agricultural commodities;
  • inspect facilities at a frequency determined pursuant to a risk-based schedule;
  • establish a food tracing system;
  • assess fees relating to food facility reinspection and food recall; and
  • establish a program for accreditation of laboratories that perform analytical testing of food for import or export.

The clear direction being mandated by the federal government is a significant increase in auditing and testing effectiveness using a risk-based approach that puts pressure on both the federal regulatory agencies and the business and private sector to improve food safety and restore public confidence.

Business, Private Sector Responses

To help assure food safety and quality and protect their brands, many companies are not waiting for the government to implement new regulatory actions. They are raising the bar themselves, requiring their food vendors to become certified to newly created international or industry sector-specific standard auditing protocols as a condition of doing business.

In the past, companies might utilize internal quality assurance staff, contract with third-party firms to conduct audits of their supply chain vendors on their behalf, or accept a certificate showing evidence that the vendor had been audited by a third-party firm they recognize. For the individual vendor, especially those with a large customer base, this would typically result in a never-ending stream of customers and third-party auditors conducting on-site audits, looking for basically the same things but possibly using different protocols.

Economic and time pressures, along with the increasing size and diversity of the supply chain, made it clear that these repetitive audits were not a sustainable option. A more recent audit trend has been to accept a single, independent, accredited third-party audit using an industry-sector specific or internationally accepted audit scheme. This more efficient and improved process has allowed some companies to reallocate the potential cost savings to further strengthen the other elements of vendor quality, such as product compliance testing.

Today, for example, a lot of activity in the retail food industry is focused on different food safety and quality auditing schemes (BRC, Dutch HACCP, IFS, SQF, FSSC 22000) as related to the Global Food Safety Initiative (GFSI) Benchmarking Standard. The GFSI was launched in May 2000. The GFSI guidance document contains commonly agreed-upon criteria for food standards, against which any food or farm assurance standard can be benchmarked. GFSI does not undertake any accreditation or certification activities.

Retailers commonly accept certificates based on recognized standards or programs in order to assess suppliers of private-label products and fresh products and meat and ensure that production is carried out in a safe manner. While each auditing scheme differs in various aspects, under GFSI all are identified as containing common criteria defined by food safety experts, with the objective of making the manufacture of food as safe as possible. This, in turn, enables a retailer to accept certificates from different audit schemes that have been benchmarked, knowing that at least these common criteria have been evaluated.

While a mutual acceptance strategy for food quality and safety audits for vendor approvals has obvious benefits, it can result in potential drawbacks that should be carefully considered in your company’s overall vendor quality assurance program.


The following are some key points to consider and pitfalls to avoid when using mutual acceptance of a standardized audit protocol in your vendor quality assurance program.

Audit the auditor: Do not completely abandon vendor audits conducted by your company or a third-party audit firm you contract with—you still need to audit the auditor. Consider requesting authorization to be present for scheduled audits on your most critical vendors.

Identify any gaps: Understand the differences among the various audit schemes you are willing to accept. Assemble a team of your company subject matter experts and consultants from quality, engineering, production, and procurement to identify any gaps in the standardized protocols. Pay special attention to items that concern your company products and to processes that were examined in the past that may now be missing.

Reallocate resources to fill in the gaps: Make sure that all of the gaps identified in the standardized protocols are covered and addressed. For example, while vendor processing and laboratory testing record reviews may be part of the new accepted standardized protocols, the records and testing related to your products may not have been audited. Reallocate resources by conducting a supplemental focused audit or by conducting improved statistically based sample compliance verification testing to specification.

Trust, but verify: Never base vendor acceptance simply on “certification” against the mutually accepted audit protocol or on the fact that a vendor has a high rating. Ensure that an effective procedure is in place to have a subject matter expert review the mutually accepted audit findings and observations of your vendor. What might be considered an observation by the audit protocol and the auditor can be a significant issue to your products and process. Vendor audits are just one element of an overall vendor quality approval and surveillance program that should be supplemented with independent product testing by an accredited laboratory.

Stay in touch with your vendors: Under mutual agreement auditing schemes, there can be a tendency for the entire audit process to become more removed and distant from a vendor and a company. What gets lost are important things like vendor attitudes about the audit and vendor understanding of what is important to your company and products. Contact your vendor on a regular basis to review progress against any audit findings and to share your interest and concerns. This will ensure that corrective actions required against any non-conformances have actually been accomplished and confirmed as effective.

The movement by companies towards mutual acceptance of audits and audit protocols for vendor approvals will result in continuous improvements as well as more efficient use of limited resources. Companies that successfully make this transition will benefit from the brand protection that comes from assuring food safety and quality.

Rumpf is a senior technical consultant at Specialized Technology Resources (STR). Reach him at



Current Issue

Current Issue

February/March 2015

Site Search

Site Navigation