The
Unannounced Audit
Unannounced
audits are simply explained as audits occurring without prior notice, because
it is human nature to relax or drop the guard until they get close to audit
time if organization knows exactly when to expect it, which creates an entire
set of issues. Hence, unannounced audits are introduced, first in the medical
device industry and its spreading across various industry sectors, where those checks
are in addition to scheduled surveillance audits or main audits. Under the new
regulations, auditors have a right and duty to conduct unannounced audits,
where unannounced audits are designed to ensure that a product is being
manufactured in compliance with the quality management system. Hence, companies
selected for audit must provide full access to their manufacturing processes,
as well as quality, batch, and purchasing records. On the other hand, plants
that do not know when to expect a visit from their third-party auditors are
likely to be more diligent at ensuring that their documents, operations, and
personnel are continually prepared. When organizations are always potentially liable
to face an unannounced visit, they are more likely to ensure everything is in
place. The practice will improve the skills of the employees and thereby
improving overall efficiency of the facility, because once adapted it is easy
to maintain.
Once
an unannounced audit is started,audit team usually conduct regular inspections
of the entire facility, then small facilities will generally conduct quality
self-inspections in one day, but large facilities will be considered for
dividing their plants into four areas or zones that are inspected weekly. When
you try to perform a self-inspection of a large facility in one day, it is difficult
to stay on course due to all the other duties that self-inspection team members
have. Thus, what often happens when you try to inspect too large of a facility
in one day is that the first part of the inspection is detailed and thorough,
then the inspection tends to go quicker as the audit continues, so key items
and areas are often overlooked.Hence, audit teams also switch up the inspection
and conduct it in different areas and on different days, where employees will
not have clues to predict the day or area in which inspections would occur in
the next time auditor comes.
The
changing nature of food safety compliance arising from the shift towards
unannounced audits which usually require food companies to bring their systems
up to full compliance in the months or weeks before a scheduled audit. In a
regular audit, tasks, process and procedures which went incomplete day to day
could be brought up to date prior to the audit date, where unannounced audits
change the phenomenon and perhaps in ways which most food businesses are
unaware of, because the most significant impact arising from unannounced audits
is the reduction of the compliance window to a just single day. In other words,
companies who have to date operated the above activities now have to take steps
to ensure compliance is maintained daily, which
is very important since it is a fact that food companies may simply fail
to close out scheduled actions due to insufficient resources. It may also be
due to the fact that food safety systems demand human input and memory to
ensure tasks are alerted, completed and closed out, where systems depend on
human inputs to this extent it is evident that tasks will get overlooked.It is
very common that the real impact in the shift to unannounced audits won’t be
felt until the first audit is completed for many companies, but only then it
will come to the attention of senior management, expose gaps in resources and
highlight the difficulties of manual paper based systems. 
However,
there are steps that can be taken now to reduce adverse impact of the change in
audit schemes. One of the key strategies is to prepare the employees by
training and updating their practical knowledge as well as skills on the
specific areas under their activities. Nonetheless, regular meetings can be
conducted with all departments to discuss self-inspection and internal audit
results, and to keep them alert to the third-party audit that could occur any
day, because keeping employee morale high during this time was very important. Unannounced
audits are like getting ready for a surprise party, but not knowing when it
would occur. Certain areas of the plant that are having special concerns should
be assigned to specific departments for compliance. Everyone need to assign
with a small role which will be a part of the big picture of ensuring the plant
is ready for any visit.
Documentation
is one of the last items that you should look at, which must include maintenance
records and work orders, master cleaning schedules, and even employee training
records. As to the current developments, if you are facing a FDA audit, they
can view more records under the Food Safety Modernization Act, which is very
important that these documents are complete and accurate at all times.The
self-inspection concept is similar to mock recalls, where you are testing own systems
to ensure they are ready for the real event. The time to find out that there
are gaps in your food safety system is not when your third-party auditor or FDA
inspector is in the building, thus test your systems regularly so that when the
auditor arrives you are ready and able to perform.
The
FSSC 22000 states that audits must be completed at least once every 3
years, but not as a certification or recertification audit. The frequency
is at least one audit for the current version which hopefully will be extended
based on the risk of the product, compliance history, or specific reasons to
suspect non-conformities. These audits will be no less than one day in
length and require at least two auditors on site according to EU regulations.
The
audits are usuallyfocused on:
Ongoing manufacture
Linking
manufacturing to the documented information and technical specifications
Product
identification and traceability
Verification of raw
materials and ingredients
Witnessing of
product testing
Auditors will also
look at two of the following:
Design controls
Establishment of
material specifications
Purchasing and
control of incoming materials
Device assembly
Sterilization
Batch release
Packaging
Product quality
control
Unannounced audits are random sampling checks of the
food safety/quality management systems by notified bodies with the aim of
i) finding out if manufacturers
are working in conformity with their quality management system (e.g. according
to FSSC 22000, FDA, EU),
ii) being able to identify
deviations and react quickly and
iii) to uncover fraud in a more
reliable way.
How to Prepare for an Unannounced Audit
That’s a lot to consider, but there are
seven key steps you can take to prepare for a successful unannounced audit.
Read and Prepare Your Team
Read the relevant recommendations according
to the certification organization (FDA, EU or FSSC 22000 Auditor, etc.) as well
as standards to be followed. Create the awareness, compliance requirements and
ensure that you and your company thoroughly understand how this affects the
organization, as well as your suppliers. Manage food safety team to follow
detailed review of each and every department with any specific concerns to be
addressed before the audit.
Review Supplier Quality Procedures
Create or update procedures that cover
supplier quality while adapting to supplier requirement policies. Provide
supplier training and awareness programs if necessary where, every organization
should identify which suppliers are critical subcontractors, which are crucial
suppliers, and define the criteria for evaluation. Apply more stringent
criteria to suppliers of products and services that have a direct impact on the
safety and performance of the product.
Effective procedures should describe the
frequency of monitoring and re-evaluating suppliers. For example, a less
critical supplier could be re-evaluated on an annual basis through a supplier
questionnaire, an annual visit whereas a supplier who performs contract manufacturing
may require multi-annual on-site visits as well as announced or unannounced
supplier audits. The procedure should also include how non-conformances by the
supplier will be addressed, responsibilities, and the method of communication
between organizations.
Review Quality Agreements
Create or update quality agreements with
the suppliers, while making sure your supplier understands that they are a
critical supplier for your organization, which makes their organization subject
to unannounced audits. Quality agreements should require mandatory
notification of any changes the supplier makes to the purchased product,
service, or new sub-tier suppliers. The agreement must also include the
stipulation that the notified body auditors will not be turned away and will
receive full access to the manufacturing area and all pertinent records.
Contact Your Certification Authority
Start the discussions with your
certification authority if you have not already, which will give an understanding
of how your contract is likely to change and have a full understanding of the
costs associated with the audit. Note that the cost of unannounced audit
is paid by the legal manufacturer even if the audit is conducted at a critical
supplier’s facility.
The total cost includes the audit itself,
travel costs for both assessors, as well as any products that are tested during
the audit. Once the audit has concluded, the audit report will be sent
along with any non-conformances to the legal manufacturer. It is the legal
manufacturer’s responsibility to share it with the appropriate suppliers and
develop a plan to address any non-conformances.
Update Supplier Folders
Update all critical supplier and crucial
supplier folders. Ensure that you have the details of device types for
which activities are performed and at what frequency. Make note of the
facility details. These may include:
Hours of operation
Shut down periods and holidays
Contact names and phone numbers
Languages spoken on-site
Health and safety requirements
Any travel requirements
For example, if a visa is required to visit
a supplier, the notified body is likely to ask for a “non-dated” invitation to
obtain a visa in advance of the audit.
Supplier Monitoring
Continuous monitoring of all outsourced
processes is key, where review and document everything is very important. You’ll
need to review each supplier’s third-party certification status (such as an ISO
22000) and monitor compliance terms within the quality agreement. It’s
also best practice to perform on-site visits to confirm compliance at the
intervals stated in the quality agreement. Review all documents that relate to
the audit focuses listed above as well as:
Design control and material specifications
Purchasing and control of incoming materials
Primary processing, secondary processing, manufacturing, sterilization,
and batch release
Packaging and product quality control
Ensure that each procedure and quality
record is accurate and up to date. If a procedure is deficient, then
revise the procedure.
Customer Monitoring
Continuous monitoring of distribution and sales
processes is key. Thus, review and document everything. You’ll need to review
and monitor compliance terms with storage conditions and traceability
requirements. It’s also best practice to perform on-site visits to confirm
compliance at the intervals. Conduct mock-recalls and record and evaluate
effectiveness as well as efficiency of the product recall system.
Prepare Your Network
Once you have a good understanding of how
to prepare for an unannounced audit, your first step is to schedule an organizational
meeting to discuss what departments are responsible for which actions.
Consider bringing in outside help as it can be overwhelming to manage
documents and agreements and implement the new procedures.
Brief your organization and suppliers on
unannounced audit procedures. The auditors will arrive onsite and present
identification. They will speak to the most senior person and provide a brief
explanation of the visit.
Note: This is not a formal “opening meeting,” which occurs in
other regulatory audits.
The assessors will then go to the
manufacturing sites and audit the areas described above. To conclude, the
assessors will provide a brief closing meeting and may provide
details of the findings.Third-parties are also better equipped to remain impartial
and provide successful and accurate audit preparation.
Your report will be provided within one
week of the audit. You should follow up on non-conformities as you would
any other audit. You may want to consider drafting a new procedure or
updating an existing procedure to address this type of audit and ensure it runs
smoothly. Remember, any problems conducted during an audit pose a risk to
your compliance certificates.
Knowing what you’re up against and
following given tips will make sure your audit go smoothly, which never hurts
to put your best foot forward and show the auditors that your company is both
organized and prepared. Consider getting through this important process
as a stepping stone on the way to bringing a successful product to market.
