Audits provide an essential tool for improving and verifying compliance performance. Audits may be used to capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices. An audit is typically part of a broader compliance assurance program and can cover some or all of the company’s legal obligations, policies, programs, and objectives.

Companies come in a variety of sizes with a range of different needs, so auditing standards remain fairly flexible. There are, however, a number of audit program elements and best practices that can help ensure a comprehensive audit program:

1. Goals. Establishing goals enables recognition of broader issues and can lead to long-term preventive programs. This process allows the organization to get at the causes and focus on important systemic issues. It pushes and guides toward continuous improvement. Goal-setting further addresses the responsibilities and obligations of the Board of Directors for audit and oversight and elicits support from stakeholders.
2. Scope. The scope of the audit should be limited initially (e.g., compliance and risk) to what is manageable and to what can be done very well, thereby producing performance improvement and a wider understanding and acceptance of objectives. As the program is developed and matures (e.g., Management Systems, company policy, operational integration), it can be expanded and, eventually, shift over time toward systems in place, prevention, efficiency, and best practices.
3. Committed resources. Sufficient resources must be provided for staffing and training and then applied, as needed, to encourage a robust auditing program. Resources also should be applied to EHSMS design and continuous improvement. It is important to track the costs/benefits to compare the impacts and results of program improvements.
4. Operational focus. All facilities need to be covered at the appropriate level, with emphasis based on potential EHS and business risks. The operational units/practices with the greatest risk should receive the greatest attention (e.g., the 80/20 Rule). Vendors/contractors and related operations that pose risks must be included as part of the program. For smaller, less complex and/or lower risk facilities, lower intensity focus can be justified. For example, relying more heavily on self-assessment and reporting of compliance and less on independent audits may provide better return on investment of assessment resources.
5. Audit team. A significant portion of the audit program should be conducted by knowledgeable auditors (independent insiders, third parties, or a combination thereof) with clear independence from the operations being audited and from the direct chain of command. For organizational learning and to leverage compliance standards across facilities, it is good practice to vary at least one audit team member for each audit. Companies often enlist personnel from different facilities and with different expertise to audit other facilities. Periodic third-party audits further bring outside perspective and reduce tendencies toward “home-blindness”.
6. Audit frequency. There are several levels of audit frequency, depending on the type of audit:
   • Frequent: Operational (e.g., inspections, housekeeping, maintenance) – done as part of routine EHSMS day-to-day operational responsibilities
   • Periodic: Compliance, systems, actions/projects – conducted annually/semi-annually
   • As needed: For issue follow-up
   • Infrequent: Comprehensive, independent – conducted every three to four years

7. Differentiation methods. Differentiating identifies and distinguishes issues of greatest importance in terms of risk reduction and business performance improvement. The process for differentiating should be as clear and simple as possible; a system of priority rating and ranking is widely understood and agreed. The rating system can address severity levels, as well as probability levels, in addition to complexity/difficulty and length of time required for corrective actions.
8. Legal protection. Attorney privilege for audit processes and reports is advisable where risk/liability are deemed significant, especially for third-party independent audits. To the extent possible, make the audit process and reports become management tools that guide continuous improvement. Organizations should follow due diligence elements of the USEPA audit policy.
9. Procedures. Describe and document the audit process for consistent, efficient, effective, and reliable application. The best way to do this is to involve both auditors and those being audited in the procedure design. Audit procedures should be tailored to the specific facility/operation being audited. Documented procedures should be used to train both auditors and those accountable for operations being audited. Procedures can be launched using a pilot facility approach to allow for initial testing and fine-tuning. Keep procedures current and continually improve them based on practical application. Audits include document and record review (corporate and facility), interviews, and observations.
10. Protocols & tools. Develop specific and targeted protocols that are tailored to operational characteristics and based on applicable regulations and requirements for the facility. Use “widely accepted or standard practice” as go-by tools to aid in developing protocols (e.g., ASTM site assessment standards; ISO 14010 audit guidance; audit protocols based on EPA, OSHA, MSHA, Canadian regulatory requirements; GEMI self-assessment tools; proprietary audit protocol/tools). As protocols are updated, the ability to evaluate continuous improvement trends must be maintained (i.e., trend analysis).
11. Information management & analysis. Procedures should be well-defined, clear, and consistent to enable the organization to analyze trends, identify systemic causes, and pinpoint recurring problem areas. Analysis should prompt communication of issues and differentiation among findings based on significance. Audit reports should be issued in a predictable and timely manner. It is desirable to orient the audit program toward organizational learning and continual improvement, rather than a “gotcha” philosophy. “Open book” approaches help learning by letting facility managers know in advance what the audit protocols are and how the audits will be conducted.
12. Verification & corrective action. Corrective actions require corporate review, top management-level attention and management accountability for timely completion. A robust root cause analysis helps to ensure not just correction/containment of the existing issue, but also preventive action to assure controls are in place to prevent the event from recurring. For example, if a drum is labeled incorrectly, the corrective action is to relabel that drum. A robust plan should also look for other drums than might be labeled incorrectly and to add and communicate an effective preventive action (e.g., training or posting signs showing a correctly labeled drum).

Read the part 2 audit program best practices. 

A management system is the framework that enables companies to achieve their operational and business objectives through a process of continuous improvement. In its simplest form, a management system implements the Plan, Do, Check, Act/Adjust cycle. Several choices are available for management systems (ISO is commonly applied), whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.

Business Benefits of a Well-Documented Management System

The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.

Beyond that, there are a number of business reasons for implementing a well-documented management system (environmental, safety, quality, food safety, other) and associated support methods and tools:

1. Establishes a common documented framework to achieve more consistent implementation of compliance policies and processes—addressing the eight core functions of compliance:
   • Inventories
   • Permits and authorizations
   • Plans
   • Training
   • Practices in place
   • Monitoring and inspection
   • Records
   • Reporting

2. Provides clear methods and processes to identify and prioritize risks, set and monitor goals, communicate those risks to employees and management, and allocate the resources to mitigate them.
3. Shifts from a command-and-control, centrally driven function to one that depends heavily on teamwork and implementation of a common system, taking into consideration the necessary local differences and building better know-how at the facility level.
4. Establishes a common language for periodic calls and meetings among managers, facility managers, and executives, which yields better goal-setting, priority ranking, and allocation of resources to the areas with greatest risk or the greatest opportunity to add business value.
5. Empowers facilities to take responsibility for processes and compliance performance without waiting to be told “what” and “how”.
6. Enables better collaboration and communication across a distributed company with many locations.
7. Enables the selection and implementation of a robust information system capable of tracking and reporting on common activities and performance metrics across the company.
8. Employs a design and implementation process that builds company know-how, captures/retains institutional knowledge, and enables ongoing improvement without having to continually reinvent the wheel.
9. Creates consistent processes and procedures that support personnel changes (e.g., transfers, promotions, retirements) and training of new personnel without causing disruption or gaps.
10. Allows for more consistent oversight and governance, yielding higher predictability and reliability.

A well-designed and well-executed compliance assurance program provides an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice daily.

The following can show evidence of a living, breathing program:

• Comprehensiveness of the program
• Dedicated staff and resources
• Employee knowledge and engagement
• Management commitment and employee perception
• Internal operational inspections, “walk-abouts” by management
• Independent insider, plus third-party audits
• Program tailoring to greatest risks
• Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
• Tracking of timely and adequate corrective/preventive action completion
• Progress and performance monitoring

Best Practices

To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:

1. Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).
2. Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.
3. Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and then expectations set for operating managers to take responsibility for compliance.
4. Take action on issues and problems. Capture, log, and categorize noncompliance issues, process non-conformances, and near misses. Implement a corrective/preventive action process based on importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.
5. Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.
6. Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.

Companies are generating ever increasing amounts of data associated with business operations, leading to renewed interest in predictive analytics, a field that analyzes large data sets to identify patterns, predict outcomes, and guide decision-making. Companies are also facing a complex and ever expanding array of operational risks to proactively identify and mitigate. While many companies have begun using predictive analytics to identify marketing/sales opportunities, similar strategies are less common in risk management, including safety.

Classification algorithms, one general class of predictive analytics, could be particularly beneficial to the refining and petrochemical industries by predicting the time frame and location of safety incidents based on safety related inspection and maintenance data, essentially leading indicators. There are two main challenges associated with this method: (1) ensuring that leading indicators being measured are actually predictive of incidents, and (2) measuring the leading indicators frequently enough to have predictive value.

Kestrel’s article in the Q3 2018 edition of Petroleum Technology Quarterly (PTQ) features a case study to illustrate this process. Using regularly updated inspection data, the author developed a model to predict where broken rails are likely to occur in the railroad industry. The model was created using a logistic regression modified by Firth’s penalized likelihood method, and predicts broken rail probabilities for each mile of track. Probabilities are updated as additional data are collected.

In addition to predicted broken rail probabilities, the model identifies the variables with the most predictive validity (those that significantly contribute to broken rails). Using the model results, the railroad was able to identify exactly where to focus maintenance, inspection, and capital improvement resources and what factors to address during these activities. Validation tests of the model revealed 70% of the actual broken rail incidents occurred on the 20% of segments at highest risk for broken rails.
The same methodology could be used in the refining and petrochemical industries to manage risks by predicting and preventing incidents, provided that organizations:

• Identify leading indicators with predictive validity
• Regularly measure leading indicators (inspection, maintenance, and equipment data)
• Create a predictive model based on measured indicators
• Update the model as data are gathered
• Use the outputs to prioritize maintenance, inspections, and capital improvement projects and review operational processes/practices.

Read the complete article in PTQ.

Traditional processes tend to produce traditional results. You can’t expect technological innovation without technological integration. The key is identifying the traditional processes that yield benefits (most likely cost or time savings) from technological integration. Doing this allows companies to stretch and empower every limited resource.

Fix It & Find It

Take the business practice of internal auditing as an example. The most traditional practice for internal auditing (e.g., environmental, safety, DOT compliance, ISO 9001, food safety) is a “find it & fix it” cycle, where the internal auditor goes out into a facility and audits operations as they exist. During the audit, the auditor identifies issues based on a standard set of protocols. The auditor typically walks a facility with a notepad and pencil taking notes of field observations that aren’t in compliance. Following the audit, the auditor creates a report and shares the findings with a responsible party. This can take weeks or even months. The cycle is repeated when the auditor comes back at a later time to check the site again.

The “find & fix” audit cycle works, but only to a point. The difficult part comes next. What happens with that inspection form or accident investigation report after it is completed? It is likely reviewed by a few people, perhaps transcribed into electronic form by a data entry clerk, and filed away someplace for legal and compliance reasons, rarely (if ever) to be seen again.

Filing data away in a drawer is better than nothing because it does show some documentation of findings, but that is where the benefits end. What happens when the auditor is asked to compile year-long data from the findings? How do you evaluate patterns and trends to best allocate your limited resources for improvement initiatives? The paper method of recordkeeping makes compiling field data into a report an enormous task.

Electronic Data Capture

If the auditor were to capture all the field data via smart phone or tablet at the point of discovery, the task of generating a report to analyze trends would be much easier. When data is collected, uploaded, and stored in a database, accessing and reporting on the data becomes as easy as asking a question. Questions like, “How many deficient issues were there at the warehouse last year?” or “How many overdue action items does Bruce have in repackaging?” can be answered by simply making a request of your data.

Data entered in the field can be used in many ways. Some applications written for devices allow you to print reports immediately from the smart phone and tablet device. Others require the data to first be uploaded to a desktop computer. Either way, the reports generated can include photos at the point of discovery and reference information, along with field comments. These reports support the auditor’s findings and remove questions about what was observed or whether a situation is in violation of the protocol. Subsequently, these reports also become a valuable learning tool for employees in the field.

Once uploaded, the data is stored in a database for later reference. Assessments continue to be added as audits are performed to amass a large bank of data. In electronic format, that data (unlike handwritten notes) can be easily arranged for analysis. Reports can be generated using a large menu of criteria, including running statistics on a site over a period time or identifying instances of a certain violation. Mining your data in different ways helps identify root causes and end harmful trends so that real improvement can occur.

This is the third in a series of articles on food product recalls.

One form of protection from the economic and reputational damages of a food recall event can be to transfer risk through an insurance policy that is specifically designed to respond to a recall event.

Are You Covered?

Business Owner’s Insurance Policy “BOP” provides most enterprises with two main forms of coverage: Commercial General Liability (CGL) and Business Property. Many food and beverage companies believe that basic CGL insurance coverage will provide protection in the event of a product recall. In reality, CGL policies typically contain an exclusion (Recall of Products, Work or Impaired Property) that precludes coverage for any claims associated with a product recall or withdrawal.

Because most CGL policies do not cover recall-related losses, separate Product Recall, Business Interruption, or similar types of insurance can provide protection to reduce the potential financial impacts of a recall event. Companies can purchase either first-party or third-party Product Recall policies, or both.

First-party policies provide coverage for the company’s own economic loss incurred due to a recall. These losses may include:

• Business interruption
• Lost profit
• Recall expenses
• Expenses to respond to adverse publicity and rebuild a brand’s image
• Consultant and adviser costs

Third-party coverage applies to economic loss incurred by third parties (e.g., distributors, wholesalers, customers) who may be impacted by a recall event. This could include broad coverage for numerous costs associated with the following:

• Removal of recalled product from stores
• Transportation and disposal of the product
• Notification to third parties of the recall
• Additional personnel/overtime
• Cleaning equipment
• Laboratory analysis

Business Interruption insurance is another coverage that may cover not only catastrophic losses, but also food recall events. If purchased, it is important to make sure that the Business Interruption coverage works hand-in-hand with Product Recall coverage.

What to Look for in a Policy

Product Recall insurance should be specifically tailored to meet the needs of the company. Here are some things that a company should ask when exploring Product Recall/Contamination insurance:

• Will the policy cover recalls where there is limited likelihood of bodily injury (e.g., class II or class III recall that is less severe)? What if a recall is requested (vs. ordered) by the FDA or USDA?
• Will the policy cover loss from an FDA administrative detention?
• What happens if the company experiences financial loss due to a recall and then the facts underlying the recall turn out to be incorrect? Are those losses still covered?
• Does the policy exclude coverage if the recall was due to a problem with a competitor’s product? What if the product breaches a warranty of fitness?
• Does the policy provide coverage for claims by third parties (e.g., customers)?
• Does the policy cover lost profits/revenue? What about logistics and repair costs (e.g., shipping and destruction, public relations, product replacement, and reputation/brand damage)? How is the loss calculated?

*****
Read:

• Part 1
• Part 2

Chemicals are an important part of many aspects of our lives; however, improper handling and management of chemicals can result in catastrophic releases that have severe and lasting impacts—loss of life, injury, property damage, community disruption.

The USEPA’s Risk Management Plan (RMP) Rule (Section 112(r) of the Clean Air Act Amendments) is aimed at reducing the frequency and severity of accidental chemical releases. While the intent of the RMP Rule is positive, there has been much controversy over what the rule requires. This has resulted most recently in the RMP Reconsideration Proposed Rule, which was published on May 30, 2018.

The History of Modernizing RMP

RMP regulations were first created in 1996 to protect first responders and communities adjacent to facilities with chemical substances. Changes to the original RMP Rule have been in progress since former President Obama issued Executive Order (EO) 1365, Improving Chemical Safety and Security, in August 2013. Modernizing policies and regulations—including the RMP Rule—falls under this umbrella.

A July 2014 Request for Information (RFI) sought initial comment on potential revisions to RMP under the EO. This was followed by a Small Business Advocacy Review (SBAR) Panel discussion in November 2015. On March 14, 2016, the USEPA published Proposed Rule: Accidental Release Prevention Requirements: Risk Management Programs Under the Clean Air Act, Section 112(r)(7), outlining proposed amendments to the RMP Rule.

The much anticipated final RMP Amendments were published in the Federal Register on January 13, 2017. According to the USEPA, these amendments were intended to:

• Prevent catastrophic accidents by improving accident prevention program requirements
• Enhance emergency preparedness to ensure coordination between facilities and local communities
• Improve information access to help the public understand the risks at RMP facilities
• Improve third-party audits at RMP facilities

After the USEPA published the final rule, many industry groups and several states filed challenges and petitions, arguing that the rule was overly burdensome, created potential security risks, and did not properly coordinate with OSHA’s Process Safety Management (PSM) standard. Under the Trump administration, the USEPA delayed the effective date of the rule until February 2019 and announced its plan to reconsider the rule’s provisions.

Reconsideration

That brings us full circle to the RMP Reconsideration Proposed Rule that was published at the end of May. According to the USEPA, this reconsideration proposes to:

• Maintain consistency of RMP accident prevention requirements with the OSHA PSM standard.
• Address security concerns.
• Reduce unnecessary regulations and regulatory costs.
• Revise compliance dates to provide necessary time for program changes

What’s Going?

USEPA Administrator Scott Pruitt said in a press release, “The rule proposes to reduce unnecessary regulatory burdens, address the concerns of stakeholders and emergency responders on the ground, and save Americans roughly $88 million a year.”

To accomplish this, the reconsideration proposes making the following changes:

• All accident prevention program provisions have been rescinded in the reconsideration so the USEPA can coordinate revisions with OSHA and keep regulatory costs in check. This includes repealing the requirements for conducting:
  • Third-party audits
  • Safer Technology and Alternatives Analysis (STAAs) as part of the process hazard analyses
  • Root cause analyses as part of an accident investigation of a catastrophic release or near-miss
• Most of the public information availability provisions have been rescinded due to their redundancy and security concerns, particularly regarding specific chemical hazard information. The USEPA is proposing to retain the requirement for facilities to hold a public meeting within 90 days of a reportable incident.

What’s Staying?

Many of the emergency coordination and exercise provisions of the Amendments rule are staying–but are being modified to address security concerns and provide more flexibility. The Reconsideration Proposed Rule still requires facilities to:

• Coordinate response needs at least annual with local emergency planning councils (LEPCs) and response organizations, and to document these activities
• Provide emergency action plans, response plans, updated emergency contact information, and other information necessary for developing and implementing the local emergency response plan to LEPCs
• Perform annual exercises to test emergency response notification mechanisms (Program 2 and 3 facilities)

Looking Ahead

The proposed rule is available for public comment for 60 days after its publication date (May 30, 2018). In addition, a public hearing is scheduled for June 14, 2018. If the Reconsideration Proposed Rule is published, compliance dates will be as follows based on the effective date of the final rule.

For more information, visit the USEPA website on the RMP Reconsideration Proposed Rule.

This is the second in a series of articles on food product recalls.

The risk for all food companies of being affected by a recall is substantial—and to adequately respond to a recall claim is complex and expensive. Companies should always be prepared to prevent a recall from occurring.

Here are seven tips that can help your company prevent and/or manage a food recall:

1. Establish Food Safety Plan using HACCP approach or preventive controls. Always make sure the plan is kept up to date with facility production or product formulation changes to ensure potential risks are controlled.
2. Develop and maintain a written Recall Plan, as well as a Crisis Management Plan. These plans should be reviewed, tested, and updated at least annually. Lessons learned should be recorded and analyzed for possible improvements.
3. Conduct mock traceability exercises over a certain time period. In case anything occurs from within the supply chain, you should be in control of your own ingredients and finished products.
4. Establish a functioning approved supplier program.
5. Utilize third-party audit certification to establish a Food Safety Management System (FSMS), and gain senior management commitment and resources for maintaining the FSMS onsite. This may be in the form of commitment to a Global Food Safety Initiative (GFSI) benchmarked standard (e.g., BRC, SQF, FSSC 22000, IFS).
6. Implement thorough sanitation and hygiene processes.
7. Maintain all related documentation and records.

Read:

• Part 1
• Part 3

The new ISO 9001:2015 standard for Quality Management Systems (QMS) was issued in late 2015—which means the three-year transition period to become certified to the new version is now in full swing. Change can certainly present challenges; however, the ISO 9001:2015 update is designed to simplify the requirements, focus more on business needs, and make the ISO standards more user-friendly.

That being said, organizations will need to make adjustments to their QMS to meet the new requirements. The major impacts that organizations need to consider for ISO 9001:2015 certification include the following:

• Increased management responsibility
• Organizational identification of risks and opportunities
• Impacts of process implementation vs. guidance procedures
• Overhaul of internal audit requirements

Management Responsibility

The increase in management responsibility requires an organization’s objectives and targets to be:

• Business-driven
• More explicit in content
• Reviewed and monitored on a regular basis

Importantly, the QMS must be connected to the business strategy. This involves management taking ownership for the QMS and creating a vision and strategy for the organization, its employees, and customers to follow and interact with in a mutually beneficial manner. The idea is that this will foster a sustainable business plan.

Identification of Risks and Opportunities

The organization must identify and quantify the risks and opportunities presented by each new business endeavor or market driver they seek to enter. This will help management understand the full operational requirements and potential related consequences that must be addressed prior to moving the organization in a new direction.

The process of identifying risks and opportunities involves reviewing and evaluating employee skill sets, equipment capabilities, facility requirements, logistics requirements, environmental and safety risks, and others. In addition, quality control requirements must be reviewed in terms of possible training and equipment needs, and then verified as either adequate or in need of required changes prior to startup.

Process Implementation

The single largest change to the QMS is arguably the notion of written procedures guiding the organization vs. the use of a process approach to enhance the organization’s ability to exhibit systematic control over any/all changes to the products and/or services it provides. This change represents a shift in the approach regarding business operations.

Under a process approach, the management team must:

• Define inputs and outputs of each process
• Determine the correct performance indicator(s) to assure compliance and customer specifications have been met
• Assign appropriate responsibility for these steps

To comply with ISO 9001:2015, the organization must be able to stop a process and rectify the issues of concern prior to a nonconforming product and/or service being given to a customer. As such, employees are empowered to complete a root cause analysis and then notify management of possible change(s) required.

Internal Audit

Corresponding to the process orientation discussed above, the internal audit program will also need to be revamped to go from auditing a single clause to auditing an entire process. This may require additional auditor training for internal auditors, as well as an overall better understanding of the processes the organization follows in its daily business.

The following tips can all help modify the internal audit process to work under the ISO 9001:2015 standard.

1. Audit one complete process at a time. This will allow auditors to better assess the process itself, identify possible areas for review and improvement, and verify adequacy of current controls in place.
2. Develop flow charts that outline every step in the process(es) and the associated procedures, work instructions, and forms required to assure compliance of each identified step.
3. Look for areas throughout the audit where the product and/or service hand-off between departments and equipment cells may be unclear or confusing, leading to a potential nonconformance to the customer.

Big Steps toward Continuous Improvement

While any one of the changes discussed above would represent a significant improvement over the 2008 version of ISO 9001, taken together and implemented properly, the 2015 updates are set up to help organizations take large step towards continuous improvement.

Under ISO 9001:2015, day-to-day operations should:

• Be more functional and harmonious
• Allow for improvements in product and/or service hand-offs between departments
• Improve the consistency of delivering to the customer exactly what is requested
• Reward the organization with improvements to internal functions and lower costs over time

This is the first in a series of articles on food product recalls.

Salmonella outbreak in eggs; E. coli breakout in romaine lettuce. Both are getting a lot of attention right now. Unfortunately, no food company is immune to encountering situations like this that may lead to government warnings or a food product recall. Even plants with the best controls are at risk—human error, mechanical breakdowns, or sampling failures can happen at any time.

Growing Epidemic

The number and magnitude of product recalls has increased significantly in recent years. According to U.S. Department of Agriculture’s (USDA’s) Economic Research Service report entitled Trends in Food Recalls 2004-2013, the average number of food recalls between 2004 and 2008 was 304/year; the average number between 2009 and 2018 increased to 676/year.

Interestingly, the study does not cite riskier foods as the reason for this upward trend. Rather, the increase of food product recall events can be attributed to the following:

• An increasingly complex and global food supply chain system,
• Technology improvements in the detection of health risks, and
• Passage of two major food policy laws—FALCPA and FSMA—particularly related to the dramatic increase in undeclared allergen recalls.

Product Contamination Consequences

A full-scale recall involving food products can be detrimental to a food manufacturer or retailer. According to a survey conducted by the Grocery Manufacturers Association, 29% of companies that faced a recall within the prior five years estimated that the direct cost of the recall was between $10 million and $29 million—and that cost can be even greater when accounting for indirect costs.

There are three primary consequences of a major product contamination/recall event:

• Product recall expenses – product replacement costs, recall and redistribution expenses, product destruction costs, related crisis management consultation fees
• Business interruption – financial loss due to product unavailability, decontamination downtime, government action, brand damage, and loss of contracts
• Third-party liability – financial loss due to third-party property damage and bodily injury

In many cases, a recall event will result in decreased profits over the short run of 6-18 months. The long-term brand damage, however, can impact earnings over an even longer period. Given these trends and the potential associated impacts, every food business should be concerned with potential contamination risks.

Read:

• Part 2
• Part 3