7 replies to this topic

[Juan Meng]

Hi all 

 

Recently, our company reinitiated the process to audit our suppliers. 

 

However, more and more suppliers with GSFI certification, eg BRCS certification, are requesting for audit exemptions? 

 

I am still in the view that apart from certification audits, we should still conduct supplier audits, albeit not as thorough as certification audits. I conducted risk assessment on the suppliers and would schedule yearly audits for the high risk suppliers. 

 

Would exemptions be accepted or are there other mitigation steps? I would appreciate any advice from anyone who can share their experience. 

 

Thank you. 

 

[Dorothy87]

Hi Juan, 

 

All dependant on your risk assessment criteria and risk assessment monitoring

 

Case scenario 1 

 

High risk supplier with BRC certificate in the risk assessment is scored as low risk based on good VACCP and for example BRC Grade AA+ (plus other criteria like micro, allergens, physical & radiological, chemical hazards etc) , however this year the supplier reported that they achieved Grade B, based on your risk assessment criteria you would normally ask for BRC report to see what kind of of NC`s they received. This is a significant, as this could give you a completely different view and will change supplier status from low risk to high risk. 

 

Case Scenario 2

 

Supplier refused traceability exercise / or the traceability was unsuccessful (usually agents & brokers due to the length of supply chain), supplier is a BRC company with grade A, and your risk assessment score for this supplier is high risk due to long length of supply chain. The BRC audit report showed a few minor NC`s for section 3.9 Traceability. Clearly, something is not okey there. 

 

Case Scenario 3 

 

Low risk nuts supplier scored as low risk (no issues BRC AA+, everything scored as low) ,but suddenly your customer discovered Alphatoxins in your final product, based on your root cause analysis, it seems that Pistachio nuts were contaminated. Certificates of analysis were all fine, however you decided to do extra testing based on EU guidance's.. and you discovered that the supplier didn't follow the right testing regime. This cost you a product recall & additional issues with customer. 

 

a good risk assessment and a bit of investigation would show more than certificates,

 

 

[MDaleDDF]

Are you talking about actual on site audits of your suppliers?  Or just asking them for tons of paperwork, etc?

 

I rate suppliers annually during my review, etc, but I don't have any interest in auditing someone with NSF certification of any kind.   To me, that's the whole point of the certification:   I don't have to worry about this supplier, they're already certified.  If this isn't the case, what in the world is the point of the cert?

I'm sure that will vary wildly for many different reasons though.  We're a small place, with a good deal of suppliers.   So if we wanted to audit everyone it'd basically be almost a full time job for someone.  Not to mention some things we use in minimum amounts, and I don't want to go poking the 'ol beehive there, or they might tell me to shove off, your little amount isn't worth dealing with any hassles such as audits.
 

[Brothbro]

I also think that suppliers who maintain 3rd party certifications (GFSI) are reasonably in expecting to be exempt from supplier audits. It does help to encourage other suppliers to get a GFSI certification. Your decision to audit a supplier in person should be based on risk; do you have problems with their product despite them having a certification? That may warrant taking a closer look at their operation.

[MDaleDDF]

I was recently asked for a site visit from a customer, and politely declined.   I was then sent an email with their entire top brass copied, ordering me to do it.   Again, I copied everyone on the email, and politely declined.   I then received a phone call with multiple top brass on the line demanding I allow the site visit or lose their business.   I told them I totally understand, and politely declined again, and said I understand they have to do what they have to do for their own self interest, just as I do.

Haven't heard a word since, other than their last order.....

[jfrey123]

I've had mixed results with prior companies charging their customers to participate in these 2nd party audits.  If they want to pay $1,000+ to come look inside our shops, then we'd entertain the idea, but generally they're a burden and we really only do it for our biggest customers. 

 

Customer 2nd party audits, for me, have historically been some of the most troublesome to deal with: 

-They'll sneakily ask for a "visit" when in reality they want to audit you;

-They'll audit you to a standard you are completely unaware of and act as if your non-compliance with it is the end of the world (had a customer show up and randomly hold my spice facility to the Campbells standard, totally unrelated and beyond the scope of what goods we provided to them);

-They'll push whatever standard they like while ignoring your compliance with a GFSI scheme (I remember a customer arguing with me that I was not SQF compliant because I didn't have a temperature log for my break room refrigerator, regardless of the fact my actual SQF auditors didn't call for any such silliness...).

 

GFSI was supposed to be the end all/be all that made 2nd party audits obsolete.  But then the schemes got so stringent in supplier approval, it left many companies feeling like they have no choice but to physically audit their GFSI certified suppliers...  

[Scotty_SQF]

I've had the same experiences with customer audits.  I got 10 points off one because we didn't do 6 mock recalls a year like they wanted.  We only did 2 that covered us for our SQF certification.  This came up after a long already 10 hour day of being audited and getting various points because we didn't conform to what the customer deemed a standard.  I was at my breaking point.  When asked if we would increase our mock recall frequencies, I calmly said "If we try to conform to all our 50+ customers supposed standards, we would never get any actual product to any of you in a timely manner.  We are audited to the GFSI scheme of SQF and that is what we will continue to follow and strive to be in compliance too."  Customer auditor turned a bit red, but didn't have anything to say.  Needless to say the audit ended pretty soon after as I believe they realized I was done with this 'show'.

 

Point blank, the only way I would audit a supplier is if I had some big concerns and wanted to calm my nerves or justify my concerns.

Edited by Scotty_SQF, 06 November 2023 - 08:52 PM.

[Leila Burin]

hello,

Sometimes it is part of the contractual agreement signed between both parties; that 2nd party audits shall be received // beyond the result of a risk analysis. And, with all due respect, I believe that the auditor who goes with the corresponding (client´s) checklist should not be in the middle of the discussion about whether or not it "applies" to be audited. If the auditor is there, it is because he shall do his job, and the audit criteria, by definition, is the checklist that the audit client decides

 

best regrds,

Leila