18 replies to this topic

[Auditgeek]

Hi there - anyone use NSF to audit and find they are super slack?  I started with a company recently and am absolutely stunned that they've even passed their audits, nevermind get high marks.  When I sat in on the Audits, I was floored.

 

This normal?

[kconf]

It's not uncommon to have that perception when you start at a new place. There are endless things auditors can write NCs for, but they don't. Maybe you caught those things, but the overall game is not as bad maybe. 

[Setanta]

I don't have anything to compare NSFwith when it comes to GFSI/SQF audits, but when I had just plain AIB or Silliker audits, they were not as stringent as NSF/SQF.

[TimG]

Hi there - anyone use NSF to audit and find they are super slack?  I started with a company recently and am absolutely stunned that they've even passed their audits, nevermind get high marks.  When I sat in on the Audits, I was floored.

 

This normal?

 

NSF can only go by the standard being audited against. Are you claiming NSF found audit non-conformities for the standard being audited and completely ignored them? Or are you saying you felt they 'shouldn't pass their audit' based on personal belief? Those are completely different things.

 

I will say I have had the opposite experience. I have one certification to a standard that is..let's just in its early stages and working on the standard still. The auditor hit me for minors based on the audit provided them from the standard, even if those items were not IN THE STANDARD. That's not NSF's fault; that's the fault of those who created the standard. 

You have more than just the auditing body at play for audits..

 

Edit: Or looking at your name, are you a bot trying to drum up business for your own auditing..lol

Edited by TimG, Yesterday, 03:06 PM.

[Auditgeek]

I would like to think its just me at a new company, but here are a few examples :

 

- the QC Lab takes no notes.  None. Not even a notebook IN the lab.  Only reports results on a spreadsheet, which can easily be deleted and is accessible by multiple people.

- there are no versions on documents, or document control - at all. All docs are Word documents, again accessible by several people and modifiable. There are no ink signatures, or official copies etc.  It can be changed on the fly to suit the situation. 

- Incidents are never verified effective .  There are sometimes root causes, but no follow up if any corrective action worked

- Inspections have no criteria listed prior to being complete, so - the requirement to pass, also can change on the fly..... 

It goes on....

 

IRT personal feelings - I'm speaking from the angle that they shouldn't pass based on the fact that they are non compliant to many of the specific areas of the requirements.   

 

It seems to me that now that a lot of it was overlooked - and now since its the same auditor almost all the time they can't now go back and point out all the things they should have found before?   Or maybe NSF wants to keep the business? 

 

I'm not trying to drum up business.  I'm concerned the audit oversight is a sham. 

 

Edited: the standard is one for food safety.

Edited by Auditgeek, Yesterday, 03:59 PM.

[kconf]

None of this surprises me. It is observed in both small and large companies. You are shocked because you just came from a different place. 

[Setanta]

What happened to "If it isn't documented, it difdn't happen?"  How do you (they) proof anything?!

[kconf]

Well everything is documented (in OP's case). It's just poorly done. It has been proven. It's not like records are being falsified. 

 

Those points are insignificant in the grand scheme of things. 

[LostInTheWoods]

We've had 2 NSF auditors for our 2 SQF audits. The first was very competent and fair. We had small issues, and he found some of them and wrote them up. The second wasn't as thorough. He spent a lot of time rehashing old grievances with a former employer (huge food brand). Of course, we were more than happy to indulge him  .

 

I think NSF contracts its audits out individually, and the auditors themselves can contract with multiple CB's for whichever audits they like. My point is that your particular slack auditor for NSF may be a slack auditor for a different CB when they audit your neighbor.

Edited by LostInTheWoods, Yesterday, 06:20 PM.

[GMO]

Auditors across all companies are getting worse in my experience.  The old guard are retiring and they don't pay enough to attract experienced people into a thankless job where you're never at home.  You may have been lucky in having a good auditor with your old CB but I suspect all CBs currently have the same problem.

[kconf]

I thought it was a lucrative career. Maybe not in food industry. 

 

Auditors in engineering, pharma, tech get royal treatments. Huge allowances, first class flights, great hotels, clients order food, etc. 

[TimG]

I hear the pay hasn't increased in years (not even to match inflation). Also that things being run 'more like a business' with NSF since the new management took over (I never verified this, but heard it from 2 different auditors) and that it's hard to attract good auditors now.

 

I mean, they have to be on the road A LOT..add that to meh pay and you aren't going to get great folks.

[Scampi]

I would like to think its just me at a new company, but here are a few examples :

 

- the QC Lab takes no notes.  None. Not even a notebook IN the lab.  Only reports results on a spreadsheet, which can easily be deleted and is accessible by multiple people.

- there are no versions on documents, or document control - at all. All docs are Word documents, again accessible by several people and modifiable. There are no ink signatures, or official copies etc.  It can be changed on the fly to suit the situation. 

- Incidents are never verified effective .  There are sometimes root causes, but no follow up if any corrective action worked

- Inspections have no criteria listed prior to being complete, so - the requirement to pass, also can change on the fly..... 

It goes on....

 

IRT personal feelings - I'm speaking from the angle that they shouldn't pass based on the fact that they are non compliant to many of the specific areas of the requirements.   

 

It seems to me that now that a lot of it was overlooked - and now since its the same auditor almost all the time they can't now go back and point out all the things they should have found before?   Or maybe NSF wants to keep the business? 

 

I'm not trying to drum up business.  I'm concerned the audit oversight is a sham. 

 

Edited: the standard is one for food safety.

None of that would EVER be caught in an audit           they aren't there near long enough to notice all of those things.................they can only audit on what they see AND against the standard

 

We use NSF, as have previous employers and the experience depends VASTLY on the auditor.  Last year was a total book audit, year before we spend hours wandering around because our auditor insisted he had to spend 50% of his time on the floor

[MDaleDDF]

As soon as my cert from my last audit arrives, I'll comment on NSF.....lol

[Auditgeek]

Well everything is documented (in OP's case). It's just poorly done. It has been proven. It's not like records are being falsified. 

 

Those points are insignificant in the grand scheme of things. 

 

I'm the original poster and I"M telling you NOTHING is documented. So I guess I can agree nothing is falsified.  As for it being insignificant?  It doesn't appear you understand auditing and Quality if that is what you think.  

[Auditgeek]

None of that would EVER be caught in an audit           they aren't there near long enough to notice all of those things.................they can only audit on what they see AND against the standard

 

We use NSF, as have previous employers and the experience depends VASTLY on the auditor.  Last year was a total book audit, year before we spend hours wandering around because our auditor insisted he had to spend 50% of his time on the floor

 It could totally all be caught in an audit. What happened to looking at records, not procedures?  Section 3.1 of the standard specifically states version numbers are to be included - you can check that on any single document you review.

But I agree - vastly different per auditor.  Its the same auditor all the time unless they are forced to get a different one, and then the mark goes down - but not as far as it could/should really.   

 

Letting  companies off doesn't help them - it just allows them to have shitty systems and processes which bites them later in some way or another. 

[Auditgeek]

Auditors across all companies are getting worse in my experience.  The old guard are retiring and they don't pay enough to attract experienced people into a thankless job where you're never at home.  You may have been lucky in having a good auditor with your old CB but I suspect all CBs currently have the same problem.

 100% agree this seems to be the case.   It has left me completely disheartened that any system or person has integrity.  It's all politics and getting the business for the third party auditors it seems - a check box that is just lip service.  Its only when something really goes wrong and people die that its even mentioned - and even then it seems to be swept under the rug for profits!

[Scampi]

 100% agree this seems to be the case.   It has left me completely disheartened that any system or person has integrity.  It's all politics and getting the business for the third party auditors it seems - a check box that is just lip service.  Its only when something really goes wrong and people die that its even mentioned - and even then it seems to be swept under the rug for profits!

 

Been singing this song for a decade

My background is in heavily regulated commodities   you cannot hide from CFIA but you sure can with a 3rd party auditor if you chose to

[GMO]

I think some of your expectations of what will be detected on an audit are slightly overblown.  A 3rd party audit, as they're at pains to point out, is only a sampling exercise.

 

Would I expect someone to write notes as they're doing tests?  No.  Would I expect where results are recorded to be prevented from being altered (whether electronic or hard copy)?  Yes.  Recording test results and nothing else doesn't mean undocumented in my view but interested in others.  Some testing doesn't require you to take notes.  It depends a lot on the test.  You've not shared that so it's a bit difficult to know.

 

Would I expect good document control?  Yes and I'd expect lapses to be detected as that's easy to spot.

 

Would I expect some document security?  Yes but that would be easy to hide if it were poor so I'd expect an auditor might miss it.  I know of few auditors who check this well.

 

Do I expect documents to be signed?  No.  Electronic approval is fine.  Ink signatures are not required.

 

Do I expect follow up on efficacy of RCA?  It's good to do and in theory required but in practice, most sites are so poor at doing RCA, if at all, that's unlikely to be something you see widely in the food industry.  Should we do more of it?  Hell yes but most GFSI auditors will miss this or not raise or rather will only obliquely raise it.  For example, if you have a rash of repeat incidents despite RCA, it proves the efficacy of your RCA was poor which is probably more direct in proof of your failure to assess efficacy than having a record of that check.

 

It depends what you mean by inspections.  Monitoring for HACCP should have clear criteria.  GMP audits or similar should be structured to a degree, audits the same but there needs to be freedom to record what you see and not tie yourself up in a tick box mentality.  There is benefit in following your nose with auditing of "that doesn't look quite right."  In that way, requirements CAN and SHOULD change on the fly according to what the risk is.  

 

So out of your list, I would expect an auditor to raise if records can be altered and if documents are not controlled.  The remainder, I'm not sure that your focus is risk more that it's compliance.  The two are not the same.

 

BUT should you spot all of the above on your internal audits?  Yes you should, if the points are all justified, e.g. if you genuinely need notes being taken in the lab for example.  Your internal audits should be 10x tougher than the external as you have more time over the year to do them.

While I don't think all of the gaps which you're shocked by are really all that bad, I stand by my previous comment that auditors in the food industry are not well paid, are hard to find and are not (sadly) treated to first class and fine dining.  Some CBs who contract in staff don't even pay for travel time believe it or not even when you're travelling internationally and cannot "sell" that time to anyone else.  You get what you pay for.  But also there is a level of pragmatism that SHOULD be there for all auditors.  When I audit as an external consultant, I'm looking vs. the clauses but my main focus is always where there is risk that's present now or likely.

 

Also...

 

It doesn't appear you understand auditing and Quality if that is what you think.  

 

Bad day?  

Trust me I think everyone has told me I'm lacking in some area of my fundamental faculties on here as a professional or as a person at one time or another.  I know I can be an intransigent curmudgeon at times. But we're all here to help and because we're passionate about food safety and quality at heart.  We're not the bad guys.