Overview of EU legislation and international standardsD1+P02+Overview... · EU legislation and international standards. 1. EU legislation and international standards ... ISO 19011:2011

“Training on Conducting an audit”

Overview of EU legislation and international standards

Bilbao, Spain, 6 to 9 March 2012

CB-D1-P2

1. EU legislation and international standards

2. Organisation of official controls

3. Monitoring official controls through AUDITS

4. Decision 2006/677/EC - AUDIT GUIDELINES

5. ISO 19011:2011 STANDARD

6. ISO/IEC 17020 STANDARD

7. Compliance & operational audits and auditson FBO

EU legislation on official controls

• Regulation (EC) n° 178/2002 of 28 January 2002 on general principles and requirements of food law

• Regulation (EC) n° 882/2004 of 29 April 2004 on official controls

• Regulation (EC) n° 854/2004 of 29 April 2004 specific rules for the organisation of official controls on products of animal origin intended for human consumption

1. EU legislation and international standards

1. EU legislation and international standardsOther EU legislation dealing with MS CONTROL PLANS:

• Decision 2007/363/CE - guidelines to assist MS in preparing the single integrated MANCP provided for in Reg. 882/2004

• Decision 2008/654 - guidelines to assist MS in preparing the annual report on the single integrated MANCP provided for in Reg. 882/2004

Specific EU legislation dealing with INTERNAL/ EXTERNAL AUDIT:

• Regulation 882/2004 on official controls

• Decision 2006/677 giving guidelines to conduct audits under Reg. 882/2004

1. EU legislation and international standards and other references

ISO 22000

ISO 17021

ISO 17021ISO 17011

ISO 17020ISO 17025

ISO/TS 22003

ISO 19011

BRC, IFS, Global Gap,….

2. Organisation of official controls

Reg. 882/2004: Art.2 Definitions

“competent authority” [CA]: the central authority of a MS competent for the organisation of official controls or any other authority to which that competence has been conferred.

“official control [OC]” : any form of control that the CA or the Community performs for the verification of compliance with feed and food law, animal health and animal welfare rules.

Reg. 882/2004: Art.2 Definitions

‘‘control plan’’: a description established by the CAcontaining general information on the structure and organisation of its OC systems.

CA - Competent AuthorityOC - Official Control MS – Member State

2. Organisation of official controls

2. Organisation of official controls

Reg. 882/2004 - Art.4 Designation of Competent Authorities (CA) and operational criteria

2. a) « The CA shall ensure the effectiveness and appropriateness of OC on live animals, feed and food at all stages of production, processing and distribution, and on the use of feed; »

Art 8.1Art 6

Art 3.1Risk based

prioritisation

Art 3.3Any Process, material,Activity or operation

MANCPArt 42.2.(b)

Risk categorisation

Art 4.3: between CAArt 4.5: within CAsArt 5.2(f): with DCB

Art 6: trainingArt 8.1: proceduresArt 30: certification

Art 9.2 Reports

Shall containDescription of

-Purpose-Methods-Results-Action

Art 54Actions in case

Of non-compliance

Art 55Sanctions

Art 8.3(b)Corrective actionAnd update doc

procedures

Art 8.3(a)Shall verify theEffectiveness

Of controls

Art 4.6Shall carry out

Audits…

Art 42.1(b)Regularly updateArt 42.3(b)

Emergence of new…42.3(d)

Results of controlsArt 42.3(g)

Scientific findings

Art 4.6…shall take appropriate

Measures in the lightOf their results

Plan

Do(implement)Act

(review)

Check(supervision,

Audits)

F&F-chain and Othere.g. ScientificInformation,

Art 31 (registrationAnd approval)

Art 5.3Shall organise

Audits or inspectionsOf control bodies

Art 4.2(a)Shall ensure the

Effectiveness andAppropriateness

Of official controls

Annual reportArt 44.1

Results of controlsAny amendments to MANCP

Coordination

NB: this might actually alsobelong to the planning process?

Strategicobjectives

Art 10Methods& Techniques

44

9

Art 4.2(a)Shall ensure the

Effectiveness andAppropriateness

Of official controls

PDCAPDCA

CA are requested to describe and update their OC system in the single integrated Multi-Annual National Control Plan (MANCP)

2. Organisation of official controls

Decision 2007/363/CE - guidelines to assist MS in preparing the single integrated MANCP provided for in Reg. 882/2004

The MANCP should:•cover a minimum period of 3 years and not exceed 5 years •include a description of the arrangements in place for IA and EA

2. Organisation of official controls

Decision 2008/654 - guidelines to assist MS in preparing the annual report on the single integrated MANCP provided for in Reg.882/2004

The annual report should summarize the extent to which the audit programme, developed by the CA, for the reporting period was achieved

3. Monitoring official controls through AUDITS

Reg. 882/2004 - Art.4 (6)

«CA shall carry out internal audits [IA] or may have external audits [EA] carried out,

CA shall take appropriate measures in the light of their results, to ensure that they are achieving the objectives of Reg. 882/2004.

These audits shall be subject to independent scrutiny and shall be carried out in a transparent manner.»

3. Monitoring official controls through AUDITS

Internal audit or External audit

New ISO 19011:2011

Reg. 882/2004 leaves the CA chose the most suitable audit system

Reg. 882/2004 does not provide definitions for internal / external audit

if the audit is requested by the CA, it is internal audit, even if it is carried out by an external audit body

Reg. 882/2004: Art.2 Definitions

‘‘ audit ’’ : a systematic and independent examination to determine

whether activities and related results comply with planned arrangements

and

whether these arrangements are implemented effectively and are suitable to achieve objectives

3. Monitoring official controls through AUDITS

4. Audit Guidelines

Decision 2006/677/EC setting out the guidelines laying down criteria for the conduct of audits under Reg. 882/2004

Art.3 The definitions from the following standards apply

ISO 19011:2002 “ guidelines for quality and/or environmental management systems “

ISO 9000:2005 “ Quality management systems –Fundamentals and vocabulary”

4. Audit Guidelines (Dec. 2006/677/EC)PURPOSE AND SCOPE (annex – point 1)

« These guidelines seek to lay down principles to observe rather than stipulating detailed methods with a view to facilitating their application to the diversity of MS control systems. »

The scope is to cover all activities, which includes implementing control activities, carried out by all CAs and control bodies involved

Annex 4 general guidance

4. Audit Guidelines (CD 2006/677/EC)Many useful definitions given in Decision 2006/677/EC will be developed during this training session. 2 of them need to be introduced in this module:

Audit system: the combination of one or more audit bodies carrying out an audit process within or across competent authorities.

Where a combination of audit systems is introduced in a MS, the audit systems should cover all control activities under Reg (EC) No 882/2004, and include the activities of all agencies or control bodies involved. (General guidance point 4.).+ « ISO 19011:2002 should be referred to for general guidance »

4. Audit Guidelines (CD 2006/677/EC)

Audit process: set of activities described in Section 5.1. (Systematic Approach)

The nature of the audit process is based on 4 main principles (Annex – point 5.):

Systematic ApproachTransparencyIndependenceIndependent Scrutiny of the Audit Process Concepts that will be specify further during this training session

5. ISO 19011:2002Guidelines for quality and/or environmental management systems auditing

It provides guidance on:

the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits,

the competence of quality and environmental management system auditors.

It is applicable to all organizations needing to conduct IA or EA or to manage an audit programme

It gives very clear diagrams on audit process and audit activities

"Audit programme“: a set of one or more audits planned for a specific time frame and directed towards a specific purpose. It should be set up taking into account risk-based priorities of the CA.

Concepts that will be specify further during this training session

5. ISO 19011:2011

Risk-based audit approach is the latest "best practice" in the evolution of internal auditing, aimed at maximizing the impact of audit by focusing on the major strategic, regulatory and operational risks areas and activities that confronts an organization.

Managing an audit programmeAuthority for the audit programme AP

Establishing the audit programme

Implementing the AP

Monitoring and reviewing the AP

Improving the AP

PLAN

DO

CHECK

ACT

5. ISO 19011:2001

DO Implementing the AP

Competence and evaluation of auditors

Audit activities

Initiating the auditConducting documents review

Preparing for the on site activitiesConducting on site audit activitiesPreparing, approving distributing

the audit reportCompleting the audit

Conducting audit follow up

5. ISO 19011:2011

5. ISO 19011:2002

Competence and evaluation of auditors

Quality- specific/Generic/ Environmental-specific knowledge and skills

Education + Work Experience + Auditor Training+ Auditor experience

Personal attributes

6. ISO/IEC 17020General criteria for the operation of various type of bodies performing inspections

Many of its requirements are similar to those of Reg. 882/2004

It is useful because most of the time internal audits related to the scope of Reg. 882/2004 are focused on inspection activities.

All combined, IA carried out following the 677 guidelines that refers to ISO 19011 standard, can improve the reliability of

the CA official control system

OOr r ggaann

iis s aa

t t

ii

oonn

Administrative Administrative requirementsrequirements

Independance Independance -- Integrity Integrity ––Impartiality Impartiality ––ConfidentialityConfidentiality

Chap.II art.4 pt.2b+ pt.4 + art.7

Methods Methods Chap.II art.8

pt.1

Subcontracting

Chap.II art.5

PersonnelPersonnelChap.II art.6

Organization Organization & &

managementmanagement

Facilities and Facilities and equipementsequipementsChap.II art.4 d)

Service order Service order --

programmingprogrammingChap.I art.3

Technical Technical Reference Reference

SystemSystem

Resources Resources

HUMAN RESOURCES: NBRE, COMPETENCE, ETHICS

MATERIAL RESOURCES

SupervisionChap.II art.8 pt.3 Handling Handling

inspectioninspection--samplesample

Chap.III art.1 pt.7

OFFICIAL CONTROL OFFICIAL CONTROL SYSTEMSYSTEM

Reach EC objectives

Reg 882/2004

2006/677/EC

ISO/IEC 17020

7. Compliance & operational audits and audits on FBO

Compliance audit involves a rigorous check of current practices against established policies and procedures as well as with existing laws and regulations.

Operational audit involves a rigorous check as described before together with the following two step evaluation:

Activities performed are implemented effectively?

and are suitable to achieve objectives?

Reg. 854/2004 laying down specific rules for the organisation of OC products of animal origin intended for human consumption describes Audits on Food Business Operators (FBO) activities

Audits of good hygiene practices (art.4)

Audits of HACCP based procedures (art.4)

Auditing tasks related to animal by-products and some operator’s procedures guarantees on meat (Annex I Chapter I)

Those type of audits are considered as official controls carried out by competent authority (the official veterinarian) at FBO.

7. Compliance & operational audits and audits on FBO

Thanks for your attention

Any question