28 replies to this topic

[D-D]

Does anyone have any experience of sending on a BRC audit report to customers? As far as I was concerned we pass (at a certain level and get a certificate), or fail (and get a list of actions to follow up). It seems some of our commercial people anticipate sending out the report too; is that normal? Thanks.

[mind over matter]

What's the reason for sending out an audit report to customers?

[asshijie]

I'd like to sent a copy of the certification. But if the customer really want it, you have to. Some of them just want to see it.

[Simon]

Many customers request a copy of the audit report as well as a copy of the certificate as part of their due diligence. If it saves a customer audit then IMO it's well worth it...unless you've got something to hide.

Regards,
Simon

[Charles.C]

Dear D-D,

Well, it's either Yes, No or compromise.

There was previously an analogous thread here on the appropriate response to a request for one's complete company HACCP plan. Created a very polarised collection of all 3 of the above plus various +/- comments similar (and some much stronger) to previous post.

Some companies / subsidiaries hv a group policy to allow observation of such items for visitors to the source location (ie option 3rd). Other people seem to just love to distribute all their internal "secrets" away.

Overall, people were (IMO) surprisingly uncaring of maybe finding all their dirty washing aired on the IT, etc. Of course, if you hv achieved perfection, perhaps you will cheerfully risk an Icarus.

I suppose it comes down to leverage blended with risk evaluation. You can guess where i stand.

Rgds / Charles.C

[mind over matter]

Many customers request a copy of the audit report as well as a copy of the certificate as part of their due diligence. If it saves a customer audit then IMO it's well worth it...unless you've got something to hide.

Regards,
Simon

I understand the transparency part but it may send the wrong impression if audit reports are flawed (or incomplete) IMO.

[Simon]

I understand the transparency part but it may send the wrong impression if audit reports are flawed (or incomplete) IMO.

Well yes, but if you are getting flawed or incomplete audit reports then you need to be asking serious questions of your Certification Body or looking for a new one. Whatever the cause of a report you would be fearful of sharing; it's your responsibility to take control and give yourself confidence.

Regards,
Simon

[D-D]

I think the request comes for a couple of reasons.
Firstly, we have for years been telling customers we are working towards BRC accreditation but never delivered. I have now set a date for it and we will see how it goes. Inherently, our products are low risk and non-hazardous so I am hoping... If we pass (even a 'C') I will not mind sharing the report but if we fail and have to share it, that is going to be a different situation.
The other reason is that we had another 3rd party interim audit earlier this year and while we technically 'passed' we had a number of corrective actions, two of which were raised as 'Critical', though both were easy fixes. That report was distributed to some customers so probably raised some doubts.
I was just wondering what other experiences were with this; it doesn't sound like a common request.

[mind over matter]

I think the request comes for a couple of reasons.
Firstly, we have for years been telling customers we are working towards BRC accreditation but never delivered. I have now set a date for it and we will see how it goes. Inherently, our products are low risk and non-hazardous so I am hoping... If we pass (even a 'C') I will not mind sharing the report but if we fail and have to share it, that is going to be a different situation.
The other reason is that we had another 3rd party interim audit earlier this year and while we technically 'passed' we had a number of corrective actions, two of which were raised as 'Critical', though both were easy fixes. That report was distributed to some customers so probably raised some doubts.
I was just wondering what other experiences were with this; it doesn't sound like a common request.

Well, there are variety of comments from this thread and food safety is the more critical factor than customer satisfaction. Is there a need to meet the customer requirement for this case? I don't see anything wrong when your audit report is serving a good cause. My only worry is the posibility of your customer "to over react" is high if they don't have sufficient understanding of your processes to fully comprehend and place appropriate perspective on what an audit report says.

Edited by mind over matter, 07 October 2011 - 05:51 AM.

[Dr Ajay Shah]

I personally do not believe in giving out audit reports as they are confidential documents. I would be happy to give out a copy of the certificate and this would inform them that you have addressed all the criteria required to achieve BRC accreditation.

Regards

[Simon]

I think the request comes for a couple of reasons.
Firstly, we have for years been telling customers we are working towards BRC accreditation but never delivered. I have now set a date for it and we will see how it goes. Inherently, our products are low risk and non-hazardous so I am hoping... If we pass (even a 'C') I will not mind sharing the report but if we fail and have to share it, that is going to be a different situation.
The other reason is that we had another 3rd party interim audit earlier this year and while we technically 'passed' we had a number of corrective actions, two of which were raised as 'Critical', though both were easy fixes. That report was distributed to some customers so probably raised some doubts.
I was just wondering what other experiences were with this; it doesn't sound like a common request.

In my experience it is becoming a very common request. If you fail the BRC audit then you will not have a certificate and in that case I would not send the report to customers or even tell them about the audit if possible.

Under normal circumstances personally I would prefer to hand a customer a BRC certificate and copy of our report rather then suffer a customer audit.

Regards,
Simon

[D-D]

My only worry is the posibility of your customer "to over react" is high if they don't have sufficient understanding of your processes to fully comprehend and place appropriate perspective on what an audit report says.

A very good point. In lieu of BRC, we had a third party audit earlier this year and submitted the report to a customer, They were not impressed and raised our risk category. While we worked hard on corrective actions, the customer visited recently and commented that the audit report could have been issued for another company as there was little correlation between how it read and our actual operation.

[Foodworker]

Good Morning DD

If you had a 3rd Party audit it is almost certain that you paid good money for that. You are therefore entitled (assuming you have agreed this as part of the price) to receive a good, thorough report.

If your customer has made very critical comments about the report you should go back to the auditor/ organisation who did the audit and raise these concerns with them.

As a general point about sending a report on to customers, I wouldn't unless there is some commercial advantage (such as avoiding a customer audit as stated)or it is a requirement of the customer.

The nature of the customer should also be considered. There are some customers who really don't need the report and it is just a tick box on their supplier approval procedure or are perhaps more interested in learning somehing that they can implemented in their own operations.

Retailers expect the report as it is part of their due diligence. They do not make the products and their defence is to understand the operation of their suppliers and any shortcomings. As they are in the front line, what the law views as a reasonable level of control is greater than it would be if you were supplying to another manufacturer in the chain. They will go through any non conformities and probably seek additional confirmation that they have been fully corrected.

It is for this reason that when BRC reports are put on the BRC website there is a section where you have to nominate any retailers who you permit to access the report directly. If you don't supply any of these retailers, obviously you don't need to nominate any, but you can if you wish

[Charles.C]

Dear Foodworker,

Retailers expect the report as it is part of their due diligence. They do not make the products and their defence is to understand the operation of their suppliers and any shortcomings. As they are in the front line, what the law views as a reasonable level of control is greater than it would be if you were supplying to another manufacturer in the chain. They will go through any non conformities and probably seek additional confirmation that they have been fully corrected.

Not my area but i suspect the legal reality is that the actual requirements of "due diligence" are indeterminate so that retailers simply maximise their demands for info. as far as possible. Potential leverages can also be accumulated along the way. (for some commodities, a decade or so ago this situation would hv produced guffaws from external suppliers so perhaps BRC (or Eurozone?) can be complimented for some of this change).

Personally i believe it is only the (positive) result of a BRC assessment which is a reasonable request. i would hv thought due diligence (FWIW) is thereby satisfied (assuming that a BRC "pass" is entitled to such an extrapolation). I do seem to remember that the BRC website itself makes such a claim ?

Rgds / Charles.C

[mind over matter]

If you had a 3rd Party audit it is almost certain that you paid good money for that. You are therefore entitled (assuming you have agreed this as part of the price) to receive a good, thorough report.

It is a fact that (there are) lousy systems obtain and maintain certification. It is like having a driver's license, but It does not tell your driving record.

Edited by mind over matter, 11 November 2011 - 06:58 PM.

[mind over matter]

I personally do not believe in giving out audit reports as they are confidential documents. I would be happy to give out a copy of the certificate and this would inform them that you have addressed all the criteria required to achieve BRC accreditation.

Regards

Been thinking it for quite sometime but have to say now that if the registrant is paying for the service, then the audit report should be their property, not the CB's. What's your opinion on this?

Edited by mind over matter, 11 November 2011 - 07:00 PM.

[D-D]

Thanks for the discussion, very interesting. I also do not believe in giving out reports but as you stated, there may be commercial pressure that forces us.
I also think the report is the property of the paying client i.e. the auditee and not the CB / auditor.

[GMO]

I'm always open about this. If I'm working in a company where I don't want to share the BRC report, I would question why I was here.

I think sometimes 'X minors' sounds worse than reading the list. Often the minors feel pretty petty to your customers as well.

Think of it this way, if you share your BRC audit where you've closed out all of the issues, they then think "I'll check non conformance 3 is still closed out" and you get an easy win for your next customer audit.

[Simon]

I know for a fact that during Tesco audits they expect to see a copy of all BRC audit reports held by their suppliers for their suppliers.

[trubertq]

It has been my experience that customers are requesting access to the report more an more. I also think, though I may be wrong, that the report actually is the property of BRC, as you are willingly applying to be certified to their standard... and that is why your report is up on their website. It's like being part of any club, you sign up you follow the rules.

 

The time has come for the attitude to audits and reports to change. These are opportunities for improvement. If a customer regards that having a third party audit and then clearing out all the non-conformances raised is a 'bad' thing then I think they need to re calibrate their attitude.

 

Surely the willingness of a potential supplier to undergo what is a time consuming, costly, and frankly sometimes painful (and I am only an external support ) process can only be regarded as a point in their favour regardless of the outcome?

 

I know I know, I am naive for one so middle-aged.......

[mavrek2010]

Well, it's either Yes, 

[cazyncymru]

I have a problem with this one.

 

We are a co-packer, and the raw material is supplied by our customer.

 

During a Tesco PIU , the auditor asked me for a copy of their BRC report, and they refused to give it to me; why did I need it, they weren't my supplier but my customer.

 

Result, a non-conformance from Tesco PIU

 

Ay suggestions how I get around this one?

 

Caz x

[cazyncymru]

Unfortunately , audits are changing, and I'm not sure if its for the better.

 

In principle, I agree with an unannounced audit scheme. But for everybody to do it??

 

I've now signed up, against my better judgement, to unannounced BRC & ASDA. I already have a couple of unannounced customer audits. I don't mind doing an unannounced audit, we've nothing to hide.

 

Last year, 1 of my customers conducted 12 audits. 12 I hear you say! 4 from my technologist ,  2 of their customers came on 2 consecutive days (then I had an unannounced from one of their customers on the 3rd day), and the rest were their customer visits. And to top it, after conducting 4 audits, my technologist asked me to complete an SAQ!!!!

 

This has taken out 12 days of my time. Never mind the time it takes out of my peers days. Those are 12 days I'm never going to get back.

 

Now, by signing up to ASDA unannounced, I'm sure I can expect a CIP audit, a HACCP audit and a FB audit. On top of this, I have just paid for the (un)ethical audit. The costs of all these audits and for my time, far out weight any profit we are making on the product.

 

I keep a rag report of all of our non-conformances, from all of my audits (BRC, customers etc) and last year, that barely made it into double figures.

 

I'm passionate about this (as Simon et al will probably agree with), apart from the costs , I'm almost inclined just to employ someone to conduct audits (internal , 3rd party etc); so I can actually get on with the job I'm employed to do!

 

 

So yes, they can have my bloody BRC report if it means they aren't going to darken my door!

 

Caz x

[GMO]

I think I'm on about 80 days of audits a year now Caz.  I feel your pain and I very much agree with this!

 

"So yes, they can have my bloody BRC report if it means they aren't going to darken my door!"

 

I have also had a PIU non con for not having an audit report for a supplier so I disagree that they don't expect it.  Seems to be a common issue.  We managed to pursuade them to let us audit them in the end.  No idea why this is better than sharing their BRC?

[debaduttajayaprakash]

I personally prefer to send out our audit reports along with  a one page document  , which contains all our emergency contact detail to all our customers deliberately and trust me I save a lots of time by escaping filling unnecessary SAQs and other questionnaire as they are my biggest nightmare. lol

 

We got around 200 + customers and I have created an excel sheet with each customers emails address and the date the certs, report and EC document sent to any specific customer along with our HACCP docs . There is a inbuilt macros prog behind the excel sheet ( thanks to one of my university techie friend) it allows to generate an automatic email  to myself just after 50th week to update the customer with all our new updated docs. 

 

So there is nothing to hide in the report as auditor never writes down the suppliers information as they do includes customer info as a mater of there visit and observation in the factory floor . Does it care ? not really as we supply to many customers and got a very open business plan to meet our long term customer's demand and respect the confidentiality