4.1 and 4.2 expresses that you must identify those things that could affect your strategic direction as it relates to achieving the goals of your FSMS. Typically this is done in a SWOT matrix. It includes looking at polical, economical, social, technological, legal, and environmental aspects (PESTLE).
4.1 = your results of a SWOT/PESTLE analysis
4.2 = your results of evaluating the needs of interested parties
4.3 = the scope of your FSMS
6.1 tells you take what you determined from 4.1-4.3 to document what your significant risks and opportunities are, and what actions you are taking to mitigate or enhance, accept as is, etc. those risks and opportunities
You don't need a documented procedure for risks and opportunities; however, many companies have one.
Regarding the auditors insight, it depends how you documented your scope (4.3). if it is broad and covers several departments then 4.1 and 4.2 would include looking at each department, but generally it is not a separate document for each department. Typically the SWOT looks at the company as whole in regards to the facility under certification. Looking at the company as a whole means you've considered each department
I've never heard a claim against 4.1-4.3 being so specific, it is evidenced by how the clauses are written that it is a holistic view rather than a microscopic analysis of each department. Most of your problems aren't necessarily going to be departmental risks but rather broader things that impact the company:
Strengths:
- Low turnover rate
- Highly skilled employees with longevity within the company
- Very accurate forecast and scheduling
Weaknesses
- Old equipment requires constant maintenance to keep running
Threats
- Natural disasters
- Competition is beginning to expand SKU which could take more market share
Opportunities
- New technology exists to increase production efficiency by reducing maintenance burden and increasing product quality and consistency
- New technology exists to broaden SKU development and increase market share
