16 replies to this topic

[Madam A. D-tor]

The IFS is frequently referring to risk analyses.

Does anyone know if these risk analyses have to be documented?

[YongYM]

To Madam A. D-tor:

I am not too sure about IFS but if it is documented, then it will become a strong evidence that you are actually doing the risk analysis and this document will be a good source of reference for other people to refer.


Yong

[Charles.C]

Dear Madam A. D-tor,

Sorry that I hv never seen an IFS standard text but if it is anything like BRC (and it should be since both are now considered equivalent within GFSI) then some documentation is required. The more tricky decision is how much documentation ? If you search this forum you will seee several recent BRC threads specifically on this due to a large expansion of the use of the term in latest version. People who hv been audited for BRC ver5 seem in general to hv successfuly submitted very elementary evaluations, basically demonstrating that various possible contributory factors hv been analysed within the final choice of procedure. This is in comparison to the HACCP section where the customary detailed matrices or d-tree tables are almost mandatory.

Any auditees pls feel free to disagree with above, hopefully with an example.

Rgds / Charles.C

[Madam A. D-tor]

Hello all,


I will explain why I post this question.

I find myself a very pragmatic auditor.
A time ago. I had a discussion with a German (!) college. My college states that all the risk assessments required in IFS should be documented.

Example:
5.1.1Internal audits shall be conducted according to an agreed plan. Scope (including outdoor areas) and frequency shall be determined by risk analysis.If I find an internal audit plan, in which the freq for one department is annually, for another department is 2 times a year and for a third department is 4 times a year (and this all seems logic: production department more often then financial department), I am happy. I can see a risk analyses in that audit plan and I do not want to see a documented risk analyse for this. My college however, does want to see a documented risk analyse.

The same thing for personal hygiene rules, retention time of records, verification of cleaning and disinfection and analyse plan. --> I think that the result shows that there have been an risk analyse some how.
Other requirements regarding risk analyses I also think are needed to be docuemted (e.g. glass procedure, metal detection, situation of changing rooms, outside storage, etc)

Because my college is German (and IFS also) I think I'm wrong. But I hate to ask for these risk analyses.

So I wonder what is the experience of the forum members in this case.
I want to know if I am to pragmatic to do a proper IFS-audit.

[Charles.C]

Dear Madam A. D-tor,

I suspect yr use of the word "pragmatic" accurately summarises the situation.

Don’t know if you hv seen this thread which contains some links to various viewpoints on risk analysis. ?
http://www.ifsqn.com...showtopic=10905

One problem I think is that the meaning of “risk analysis” varies depending on the topic, eg Australia and UK have“risk based” methods on the IT for determining their frequency of factory inspection procedures based on factors like product risk type (Ready-To-Eat etc) and production volume. The Americans also include a scoring system in their inspection sheets which enables continuous updating, bit like the old MIL.Stds type methods. BRC, (and I guess IFS) themselves use a comparable procedure also of course.

It is obviously possible to do something similar for other parameters, eg sectioning internal audit procedures, such as using the above mentioned characteristics plus maybe corrective action statistics etc etc. either in a quantitative way or via matrix type layouts whatever. I hv seen such an approach used to control the detailed internal testing applied to sourced materials / ingredients although it can rapidly get quite complicated. However the (predictable) reality seems to be that most operators in the food business simplify everything to the absolute minimum consistent with audit acceptability. The few posted comments here for BRC also suggest that auditors don’t usually expect much more than a token interpretation of a risk analysis similar (I think) to yr own comments. The suspicion is that the ‘risk analysis” phrases everywhere in the standards hv really been added to satisfy due diligence type legal requirements.

Would definitely be interesting to hear any experience comments from any other users and auditing personnel.

Rgds / Charles.C

[Dawn B]

While I am not an auditor, and am located in the US, I believe Charles.C has hit the point exactly.

"The suspicion is that the ‘risk analysis” phrases everywhere in the standards hv really been added to satisfy due diligence type legal requirements."

In my factory and R&D experience this has been the case. Risk analysis will never be black and white - there is always room for interpretation. I've handled most of our documentation with the understanding that it shows due diligence and as long as the justification for each point is documented, we are covered.

Another point worth mentioning: "One problem I think is that the meaning of “risk analysis” varies depending on the topic" - in US industry, the term "risk analysis" is sometimes "not allowed" we definately cover our risks, but the term hazard is preferred.

Risk analysis definately comes down to symantics and technical discussion - not usually clear answers. So, from an auditors perspective, does it make sense that the simpler the better?

[Charles.C]

Dear DawnB,

Thks for yr comments and welcome to the forum

I delayed responding to allow some contrary opinions to appear but seems there is a (silent) consensus.

Rgds / Charles.C

[Madam A. D-tor]

Dear Charles C, Dawn B and Young YM,


Thanks for your responses.

I share your thoughts, opinions and feelings about the risk assessment/analyses.

I actually was wondering if some IFS-auditees were ever confronted with a requirement from auditors to document all those risk-analyses.

Probably the IFS certified companies on this forum, have not have this experience and I am really glad for it. To document those "simple" analyses does not make better implemented food safety management systems.

Edited by Madam A. D-tor, 15 March 2009 - 07:59 PM.

[Charles.C]

Dear Madam A. D-tor,

I think you may find this thread interesting if not seen already (noticed it in searching something else) -

http://www.ifsqn.com...showtopic=10184

Although it relates to BRC ver5, the contents are related to the area of yr question.

Rgds / Charles.C

[Madam A. D-tor]

Thanks Charles.

[Jason H.Z.C.]

Dear Madam,

As I know, IFS changed the phrase "risk analysis" to "hazard analysis".....You can

download the UP-TO-DATE IFS doctrine on IFS official website, below is the link....

So I think you problem will be finished:) However, for me, new problem presents...

How should we conduct an internal audit plan based on hazard analysis?

Any one could help me? Thanks very much:>

Jason

Attached Files

•  IFS_Doktrin_uk_811.pdf   197.97KB   412 downloads

[Charles.C]

Many thks for this Jason

I hv never seen the IFS standard but judging from this assistance item, it may be even more obscure than BRC. Nonetheless, one has to admire their effort to explain the primary version, this is only marginally attempted by BRC on their website (I think).

I skipped the middle for fear of sleeping but did notice a few peculiarities, eg

Topic 1: Scoring a KO-requirement with N/A

Clarification:
A KO can not be scored as N/A (non applicable); it shall only be scored as A, B or D. In the IFS
Food, there is one exception to this rule: the KO-requirement 2.1.3.8 about monitoring of CCP
might not be applicable according to the company and the products processed.

The word “clarification” is somewhat ironic – Surely everyone understands N/A but “KO” is as in boxing or what ? Only applies to southpaws perhaps ?

In the IFS Food version 5, risk analysis shall be changed to hazard analysis, for all the 22 requirements.
………
Clarification
This hazard analysis shall be understandable by the auditors. This can be done in written format
e.g. within the HACCP-hazard analysis concerning e.g. personal hygiene, cleaning and
disinfection etc. but also in the form of other evidences which shall be clear for the auditor.

This is a clarification?. I think not. So what was the intention behind the change ? They now require you to state the hazard but not how to prioritise / control it ??

Glossary

Procedure
“Procedure shall be implemented and the elaboration of procedures can be done by documents
or process description”.
In the standard, it is precised when a procedure shall be documented or not.

Confusing. How do you achieve a “process description” without a document ? I guess they mean by “flow charts” or purely textual presentation. If so, this is at least seemingly more precise(d?) than BRC.

I know, one shouldn’t over-nit-pick at these well-intentioned documents but it’s getting near the weekend. I repeat, IFS should to be applauded for the effort.

Rgds / Charles.C

PS - sorry, I forgot to address yr specific query. I think this is discussed elsewhere, somewhere, on this forum in the form of an extended version similar to that referred in Madam A. D-tor's post. If I can find it I will add to this thread as a separate post. Or anybody of course.

[Jon5]

Charles:

A "knockout" is a fundamental item which you must have in an audit, or you automatically fail. It's just basic IFS vocaulary, like a BRC "fundamental."

Keep in mind you're dealing with a translation here....

It seems in the "new" version 5 they've change the term "risk analysis" to the term "hazard analysis" simply as a point of clarification. Rather than muddle things up by using a term that, by their definition, implies communication and management of hazards, they really just want to refer to the actual document containing the analysis. You really need to take changes in the context of the entire document.

Regarding the question of document versus process description, has anyone ever seen electronic communication? How about Toyota's visual-based instructions that have no actual words in them? These standards need to adapt to the changing times. I applaud them for trying - as you also do, clearly.

The IFS standard is, in fact, very similar to the BRC but does have its unique nuances. In some ways it is, quite a bit more strict. Its auditors are put through some very tight hoops before they are qualified as an auditor. Additionally, I happen to know that a facility can be failed in an audit if personnel are found to be carrying candy wrappers with them on the floor - the implication being that the candy was presumably eaten on the floor, and that the wrapper can be a source of contamination that is controllable. It's evidence of a lack of buy-in from personnel, I guess. But it's pretty strict.

Many thks for this Jason

I hv never seen the IFS standard but judging from this assistance item, it may be even more obscure than BRC. Nonetheless, one has to admire their effort to explain the primary version, this is only marginally attempted by BRC on their website (I think).

I skipped the middle for fear of sleeping but did notice a few peculiarities, eg



The word “clarification” is somewhat ironic – Surely everyone understands N/A but “KO” is as in boxing or what ? Only applies to southpaws perhaps ?




This is a clarification?. I think not. So what was the intention behind the change ? They now require you to state the hazard but not how to prioritise / control it ??



Confusing. How do you achieve a “process description” without a document ? I guess they mean by “flow charts” or purely textual presentation. If so, this is at least seemingly more precise(d?) than BRC.

I know, one shouldn’t over-nit-pick at these well-intentioned documents but it’s getting near the weekend. I repeat, IFS should to be applauded for the effort.

Rgds / Charles.C

PS - sorry, I forgot to address yr specific query. I think this is discussed elsewhere, somewhere, on this forum in the form of an extended version similar to that referred in Madam A. D-tor's post. If I can find it I will add to this thread as a separate post. Or anybody of course.

[Charles.C]

Dear jon,

Thks for yr input. Looks like you are doing GFSI's job for them

Rgds / Charles.C

[Jon5]

How should we conduct an internal audit plan based on hazard analysis?

Any one could help me? Thanks very much:>

Jason

Jason:

I have just implemented an FMEA approach based on area audited, and the different risks in each area. You could try that.

Jon

[Jason H.Z.C.]

Dear Charles and Jon,

Thanks for your explanations on my problem, I am still puzzled by the headache clause...I have NO idea on how to conduct a hazard analysis which the frequency and scope of the internal audit could be determined by means of? By the way, Jon, if you could add some explanation on your "FMEA" method, I will appreciate a lot. Would you like share a little bit of more of your knowledge with us ?

Hi Charles, it seems that you really have not seen the IFS 5 standard until now(I guess) . KO in IFS is really like the knock out in boxing, if a factory gets a KO requirement with the rating D, 50% of the rating will be subtract from the total getting rating. The benchmark of getting a fundamental level in IFS is 75%. If the factory gets one KO and the total rating of it is 80%, it could only get half of the total rating---40% in the final report. 40% could certainly not enable the factory get the IFS certificate.

In personal opinion, I guess the intention of the sentence "procedure can be expressed by process description" is that it could be imparted by production manager to workers, supervisor etc. Therefore, the factory could decrease their paper work. So I think maybe the objection of IFS is to make factory management more and more simple and to release the employees from day to day paper work.

All of I said just reperesnts my own opinion:) Any one has new idea could feel no obstacle to express. AND FOR MY PROBLEMS...PLEASE HELP ME...THANK YOU IN ADVANCE.

Jason

[Jon5]

http://www.google.co...;oq=FMEA templa

FMEA is an approach to risk analysis commonly used by those trained in the Six Sigma discipline, as well as by some engineers I've met. I might also mention that you'll find it all over the place in automotive. It's usually in a spreadsheet.

I'm attaching a good example - it's a lot like the common ZHA format used in HACCP plans, as it identifies the severity of the effect of failure, and the likelihood of failure. But it also addresses the question of how likely a failure is to be detected, should it occur. Finally, it multiplies the three numbers to arrive at a final risk number. I've modified mine to include a column indicating the number of CCPs in the area being audited.

Attached Files

•  Copy_of_fmea_template.xls   30.5KB   317 downloads