Potential Clients asking for the entire audit
Hello all,
I have received a few requests recently from clients for the entire audit.
We gladly share our certification and even score.
But the last two potential clients that asked for the whole audit (SQF) I declined to provide it.
The SQF audit is 16 pages of observations and CAR. I don't feel as though we should share ALL of that. I feel as though it is dirty laundry to be washed in private, not hung up out front.
Thoughts?
It is more of a business decision if you want to share your complete report or not.
In this case, where a potential customer requires a full report and you are pressed to shared it, I would prefer to only show the non-conformities noted on the report.
If they insist it further (even after sharing the summary), I usually involve my Sales head or the company's owner/CEO and put the ball in their court to make that decision.
The other way to go around it to notify the customer, that the full report is available on site only (however, keep in mind this can call for a customer audit/risk assessment of your facility).
Tell 'em they can read it on site.
I feel as though it is dirty laundry to be washed in private, not hung up out front.
This might be exactly why your potential clients want it ;)
As FSQA notes, it's a commercial decision to an extent - how much does your business want the custom?
In the UK it's now pretty much routine to share full audit reports - indeed the BRC system is set up such that an increasing number of our clients receive direct access to our report at the same time we get it, so we don't even get chance to check it for errors before they see it!
Obviously it's technically "optional" to share, but a significant number of customers would go elsewhere if we declined.
This doesn't seem to be as commonplace elsewhere yet, but I'm starting to see it more from clients in Europe. And for what it's worth, our suppliers elsewhere in the world (including the US) seem to accept it as a necessity for the UK and generally share SQF/FSSC22000/IFS reports quite freely.
We still have a few that decline, and I can sympathise to an extent - BRC reports are written with the expectation of being shared, so genuinely confidential details are in the auditors report but not reproduced in the published version. The other GFSI-benchmarked standards don't seem to follow this practice, but maybe that will change as there seems to be an increasing drive towards transparency in supply chains?
I guess the other view is: what have you actually got to hide?
You've passed the audit, achieved the certification, and there are pretty much no sites that are perfect.
I remember the first time I helped a company to develop and implement their SQF program.
It was a seafood company, good sized operation in Florida.
Sitting there in the conference room the owner walked in and said tell me what I need to do next to which I said - please contact all of your suppliers and tell them you want copies of their most recent GFSI, 2nd or 3rd party audits and get their corrective actions as well as a copy of closeouts for each one.
He looked at me and said - OK.
He got on the phone and proceeded to call 70 suppliers - he was told everything from NO to we have never been audited - there was only 2 suppliers that complied.... this was about 10 years ago.
We discussed the issue and over the next several days he called each one again and said they were no longer interested in doing business with the other 68 suppliers unless they comply with new requirements in order to re-qualify as a supplier.
Some just wanted to give a copy of their certificate or there own self-audit (funny people.)
He pressed onwards and the results at the end of his gathering project was 80% compliance with the balance audited by an audit team.
Several indicated that the company could visit the supplier and see the audit - look, that is really bogus to demand that a valued customer has to travel to your facility to review your audit package.
A certificate is nice but your customer wants to know the issues and how you corrected them even if your certificate shows you in good standing - they want the details - not the cover page - because they are seriously not interested in buying your product when it comes with a side helping of risk.
By the way, fast forward to our clients today and we find compliance with providing the audit package by suppliers to be close to 100%... on the first request and without the kicking and screaming on the the part of the supplier.
Give it up to any customer (large or small) or potential customer that asks, you'll have more stable relationships with your customers, more business and many times we now see our clients helping their suppliers with issues they may have - that is the side benefit of having an open and free exchange.
Telling a customer they can look at the audit at the supplier location is an open invitation for the customer to demand a full audit of your facility and documents thus the horse and pony show will be replaced with a day or longer audit. Suppliers really can not afford having to add on audits for all customers - the labor costs are staggering to having to dedicate an employee for a day or more plus the costs involved (travel, audit fees, etc.) and then closing out corrective actions to the satisfaction of the customer.
Audit packs (Certificate/Audit/Issues/Corrective Actions and close out information) are ready to be printed and sent (yes, by mail) to any customer or potential customers that requests them from our clients after each SQF Audit package is completed.
They are not sent electronically.
For some reasons (in the minds of suppliers) this appears to be an issue - providing the audit package... but primarily in the United States, while it is common practice in most other countries.
Hello all,
I have received a few requests recently from clients for the entire audit.
We gladly share our certification and even score.
But the last two potential clients that asked for the whole audit (SQF) I declined to provide it.
The SQF audit is 16 pages of observations and CAR. I don't feel as though we should share ALL of that. I feel as though it is dirty laundry to be washed in private, not hung up out front.
Thoughts?
Hi Plastic Ducky,
This question, in various ways, is a Forum Favorite.
IMEX the decision is often, ultimately, based on "Leverage" in which respect the reply is likely to range from (a) all to (b) "minimal/minimum". IMEX it's a question of Policy. And Risk.
UK has, I suspect, become a model example of (a).
Previous thoughts here cover the "whole gamut", some random examples -
https://www.ifsqn.co...-audit-reports/
https://www.ifsqn.co...s-to-customers/
https://www.ifsqn.co...with-customers/
https://www.ifsqn.co...and-flow-chart/
https://www.ifsqn.co...with-customers/
https://www.ifsqn.co...-audit-reports/
Why should you NOT send it? Unless you have something to hide (dirty laundry as said in the start of the topic).
I think nowadays it is more then normal to send your full audit report, also to potential clients. Mostly those reports are checked by the quality team of the client and you will perhaps get some additional questions on the close outs of any NC's discovered during your audit.
Sending an audit report, shows you are open, and is a first step towards trust between your company and your potential client. That is imo much more important then to decline to send it.
As SQF Consultant said, a certificate does not tell you everything. My experience the past three years, is that more and more potential clients don't care if you have BRC, IFS or what ever GFSI program, they just send an auditor (announced or unannounced) to do a 1 day audit, before the client is even considering business.
Like others have said, it is best to share the full audit report. if you have something to hide, get it fixed so next year's report is an improvement. We require the full reports of our suppliers.
IMO Share the full report and if possible sign a NDA between your company and the client. We recently had to sign a NDA when we asked a client for their audit certificates
I think the new edition BRC did require "full report of third party certification" from supplier.
(Correct me if Im wrong. I'm in SQF, just read through BRC briefly and was surprised to see this clause)
I remember the first time I helped a company to develop and implement their SQF program.
It was a seafood company, good sized operation in Florida.
Sitting there in the conference room the owner walked in and said tell me what I need to do next to which I said - please contact all of your suppliers and tell them you want copies of their most recent GFSI, 2nd or 3rd party audits and get their corrective actions as well as a copy of closeouts for each one.
He looked at me and said - OK.
He got on the phone and proceeded to call 70 suppliers - he was told everything from NO to we have never been audited - there was only 2 suppliers that complied.... this was about 10 years ago.
We discussed the issue and over the next several days he called each one again and said they were no longer interested in doing business with the other 68 suppliers unless they comply with new requirements in order to re-qualify as a supplier.
Some just wanted to give a copy of their certificate or there own self-audit (funny people.)
He pressed onwards and the results at the end of his gathering project was 80% compliance with the balance audited by an audit team.
Several indicated that the company could visit the supplier and see the audit - look, that is really bogus to demand that a valued customer has to travel to your facility to review your audit package.
A certificate is nice but your customer wants to know the issues and how you corrected them even if your certificate shows you in good standing - they want the details - not the cover page - because they are seriously not interested in buying your product when it comes with a side helping of risk.
By the way, fast forward to our clients today and we find compliance with providing the audit package by suppliers to be close to 100%... on the first request and without the kicking and screaming on the the part of the supplier.
Give it up to any customer (large or small) or potential customer that asks, you'll have more stable relationships with your customers, more business and many times we now see our clients helping their suppliers with issues they may have - that is the side benefit of having an open and free exchange.
Telling a customer they can look at the audit at the supplier location is an open invitation for the customer to demand a full audit of your facility and documents thus the horse and pony show will be replaced with a day or longer audit. Suppliers really can not afford having to add on audits for all customers - the labor costs are staggering to having to dedicate an employee for a day or more plus the costs involved (travel, audit fees, etc.) and then closing out corrective actions to the satisfaction of the customer.
Audit packs (Certificate/Audit/Issues/Corrective Actions and close out information) are ready to be printed and sent (yes, by mail) to any customer or potential customers that requests them from our clients after each SQF Audit package is completed.
They are not sent electronically.
For some reasons (in the minds of suppliers) this appears to be an issue - providing the audit package... but primarily in the United States, while it is common practice in most other countries.
Hello,
Thanks for sharing. I always find your posts useful.
I'm curious that what would your client do if more than half of his 70 suppliers failed to give an audit report. It would be a huge cost and impact on the business to switch that many suppliers. Was the company SO determined, that they would go towards SQF at any cost?
Hello,
Thanks for sharing. I always find your posts useful.
I'm curious that what would your client do if more than half of his 70 suppliers failed to give an audit report. It would be a huge cost and impact on the business to switch that many suppliers. Was the company SO determined, that they would go towards SQF at any cost
I think it became more of a challenge to him that he wanted to win! and not "at any cost".
As to what would happen, there are alternates to getting the audits and as it turned out we dumped about 12 suppliers due to dismal audit results.
Tell 'em they can read it on site.
Glenn,
I have already acknowledged that you are a Jedi of QA production of various categories. AND must have OBVIOUSLY used the Jedi Mind Trick to get all those suppliers to comply. As I speak on these principles with my own Procurement and Purchasing their eyes glaze over and they go into a "meditative, hibernation stasis".
THE STRUGGLE IS REAL!
Sincerely,
Plastic Ducky
Just send it...give it up. Who cares? Really, what do you have to hide? If there is anything "shocking" or "significant" on a 3rd party audit report then you really have bigger problems to deal with.
As others have said, it helps to establish trust with your customers. Don't you want your supplier 3rd party audits? How do you react when they are averse to sending them?
Companies need to get over this stuff and share it...it will help make the entire food supply chain more accountable and safer overall. If your customers question your audit findings then have that discussion, be frank and courteous. You may find they can help to provide a solution or solutions...I've had it happen to me before with some larger customers who have that expertise.
I think a lot of people are afraid the report might indicate a company "secret" - not always hiding the bad stuff (I'm sure many do for that reason), but maybe a process that is proprietary to some extent.
An experienced GFSI auditor knows just how much information to share on a report. We usually would indicate to our auditor that a process or ingredient was proprietary so additional care would be taken to make sure only important aspects were included in the report.
We always shared our report if asked. It wasn't a big deal for us, but it is usually a company decision. Most suppliers I've dealt with comply with the request for a report, or ask for an NDA as was mentioned in an earlier post.
I think the new edition BRC did require "full report of third party certification" from supplier.
(Correct me if Im wrong. I'm in SQF, just read through BRC briefly and was surprised to see this clause)
No, BRC has it's share of wacky ideas, but does not require full audit reports for GFSI-benchmarked certification - the requirement is that the certification scope covers the materials supplied, and is "valid", i.e. there is an expectation that you have the supplier's certificate and have verified via the BRC/SQF/FSSC etc directories that it is genuine, hasn't been withdrawn etc.
The "full audit report" requirement is for approval without GFSI certification, as it would be necessary so as to be able to confirm that the scope covered all the required areas in sufficient detail.
Nonetheless many BRC certified sites seem to approach this on the basis that you've stated, and want the full audit report irrespective of certification. We have no problem sharing ours, but I do have my doubts about how many people actually read/use it, rather than just get a copy of it as a box-ticking exercise...
There is obviously more than one side to this. Sure, the "If you have nothing to hide" argument is valid but why not look at it as an opportunity to show off your facility for it's accomplishments? If you have a good score and actually practice continuous improvement, the audit report actually bears that out and should help improve your standing. We have several customers that just ask for the certificate, but many of them ask for the full audit report and we send it to them. We have never had a negative outcome from this and as stated in previous posts, transparency is almost always appreciated and treated as good will, strengthening the relationship. Send it with a statement like: "We are happy to share the success of our 6th (or 8th etc.) consecutive certification and audit report with our valued customers." or similar positive "spin". Leave the focus on the multitude of accomplishment and not the few minor issues, which you have mechanisms in place to correct which is also a positive.
This is a subject which comes around again and again.
Honestly, the reason they are asking for it is so you can't hide the dirty laundry! But probably the positive for you is that with the audit, they're less likely to want to visit and audit themselves. So for that reason alone I have been prepared to share audits in the past. Yes there's always stuff you'd rather not share but it just saves a lot of pain. Saying "no" makes them assume far worse. Just get them signed up to some kind of NDA.