Upload
truongtuong
View
226
Download
1
Embed Size (px)
Citation preview
Federal Agency for the Security of the Food Chain Audit program 1
Risk based audit program
27/03/2015
Tom Lierman
Internal auditor FASFC
Federal Agency for the Safety of the Food Chain
Belgium
Federal Agency for the Security of the Food Chain Audit program 2
• Audit program: set of one or more audits planned for a specific time
frame and directed towards a specific purpose
• Systematic Approach (5.1): “A systematic approach should be
applied to the planning, conduct, follow-up and management of
audits”
Audit process should:
• be the result of a transparent planning process identifying
risk-based priorities in line with the competent authority’s
responsibilities under Regulation 882/2004;
• form part of an audit program that ensures adequate
coverage of all relevant areas of activity and all relevant
competent authorities within the sectors covered by Regulation
882/2004 at an appropriate risk-based frequency over a
period not exceeding five years.
Audit program – Decision 2006/677
Federal Agency for the Security of the Food Chain Audit program 3
Goal of the audit program:
• prioritize the work of audit body because auditing each year each
process in detail is not possible
• risk based: putting the audit work capacity (volume) on the right
scope
The principles of the NAS working group “Risk-based planning for
audits of official control systems” were taking into account
Development of the audit program (2013-2014)
Federal Agency for the Security of the Food Chain Audit program 4
Issues in Belgium:
• Quality system: ISO 9001, ISO 17020, ISO 17025
• Belgian legislation: COSO/INTOSAI
• FVO: cycle of 5 year
Based on audit universe structure: split in 2 parts (2 risk universes):
• universe of processes: all processes of FASFC 47 processes
• universe of FBO’s sectors (production chain): all types of FBO’s
40 sectors
Development of the audit program (2013-2014)
Federal Agency for the Security of the Food Chain Audit program 5
47 processes
• All activities of our Agency are classified in 47 processes
• Based on the process map of the FASFC-processes
• Simplification by:
– Business plan
– Structure of our organization
– Previous audit universe
– List of executed internal audits since 2007
Risk analysis:
• which process is the most important/most vulnerable one?
• 8 criteria
Process universe
Federal Agency for the Security of the Food Chain Audit program 6
8 criteria to measure the vulnerability of processes
1. Process included in the core business of FASFC (control, sample
analysis, regulation) or related to the realization of strategic objectives
– Yes: 10 (certainly)
– + / - : 5
– No : 1 (certainly not)
2. Processes that support overall the QMS (10, 5, 1)
3. Geographical dispersion or dispersion between several external entities
– 20: process applicable in the local offices/laboratories/external entities of
the FASFC
– 1: process only applicable in the central office
4. Non-conformity in this process causes potential risk for human health?
– Yes: 30 (certainly)
– + / - : 15
– No : 1 (certainly not)
Federal Agency for the Security of the Food Chain Audit program 7
8 criteria to measure the vulnerability of processes
5. Non-conformity in this process causes a potential financial impact for
FASFC (10, 5, 1)
6. Non-conformity in this process causes a potential economic impact for
FBO’s (10, 5, 1)
7. Topics / themes submitted by Management or audit committee:
identification of a specific risk
– 30: yes
– 1: no
8. Date of the latest internal audit
– 1: less than 3 years
– 5: between 3 to 4 years
– 10: later than 4 years
Extra criteria:
- subjective choices by internal audit service (sooner or later)
- choices have to be documented
Federal Agency for the Security of the Food Chain Audit program 8
Federal Agency for the Security of the Food Chain Audit program 9
40 sectors
• All items/scopes with activities under the Regulation 882/2004 and
Directive 2000/29 are classified in 40 sectors
• Based on our “activity tree” of the FBO
• Simplification by:
– Business plan
– Previous audit universe
– List of executed internal audits since 2007
Risk analysis:
• We consider that all sectors are equally important
• Which sector is the most vulnerable one?
• 5 criteria
Universe of FBO sectors
Federal Agency for the Security of the Food Chain Audit program 10
5 criteria
1. Date of the latest internal audit (10, 5, 1)
2. Topics / themes submitted by Management or Committee:
identification of a specific risk (30, 1)
3. Date of the latest evaluation mission inside the Control
administration (10, 5, 1)
4. Date of the last FVO mission (10, 5, 1)
5. Public awareness concerning this sector / Press releases in the
latest year? (10, 1)
8 criteria to measure the vulnerability of sectors
Federal Agency for the Security of the Food Chain Audit program 11
Federal Agency for the Security of the Food Chain Audit program 12
Audit
universe
40 sectors
47 processes
Risk analysis
Process universe: 8 criteria Sector universe: 5 criteria
Scores Results
P
R
I
O
R
I
T
I
S
E
Federal Agency for the Security of the Food Chain Audit program 13
• Semi-quantitative
• Several scores/weights: 1/5/10 – 1/15/30 – 1/20 – 1/30
strengthen the weight to some risk criteria
• public health (core business)
• input of management & audit committee (perception of
specific risks)
• geographical dispersion or dispersion between several
entities
• Multi-annual approach: prospection on 3 year planning
• Reviewed annually
Risk based audit program
Federal Agency for the Security of the Food Chain Audit program 14
Coverage of the universes (2012 – 2016) Covered
2012 - 2016
index
S: Sector
P: Process
Sector
DG FASFC
Sector / Process
YES
NO
PARTLY
Main
scope
Part of
scopeMain scope
Part of
scopeMain scope
Part of
scope
S01 DIS Community:
Milk kitchen, camping, barrack, cultural centre, party
room, sports hall, shelter, refuge centre, youth hostel,
holiday centre, holiday village, day-care centre, central
institutional kitchen, school, children's shelter, hospital,
institution (municipal, regional, federal), boarding school,
dining area, refectory, rest home, maternity clinic, prison,
trading partnership, factory
PARTLY2013-04
2013-18
S02 DIS Ambulantory retail trade in food and HORECAPARTLY 2012-07
2013-04
2013-18
S03 DIS Non ambulantory retail trade in food
Food bank, bakery-patisserie, ice-cream maker, retail
trade in drinks, fruit and vegetables, fish shop, dairy
products, butcher, meat products, confectionery,
chocolate factory, grocery, mini-supermarket, night shop,
hypermarket, points of sale distribution systems, cultural
centre, cinema, school, gas station,...)
PARTLY 2012-07 2013-04
S04 DIS HORECA non ambulatory:
cafe, snack bar, fast food restaurant, chip shop, pancake
restaurant, restaurant, sandwichbar, domestic caterer,...YES 2014-04
S05 DIS Distributor of plants and other products that are unfit for
human consumption
garden centre, wholesale trade and retail trade,
ornamental plants, wood, bark, Petfood, Feed, pesticide,
fertilizer, seeds for sowing, packaging, material in contact
with food,...
PARTLY 2012-07 2013-06
S06 DPA Slaughterhouse (all varieties)PARTLY 2012-25 2013-17
S07 DPA Production animal trade, auction, stable wholesale trader,
cattle market, collection centres, animal transportYES 2012-03 2013-07
S08 DPA (poultry) hatchery, establishment poultry for reproduction
and selection2015
S09 DPA Establishment with milk producing animals and
transportation of milkPARTLY 2014-06
S10 DPA Establishment with production animals: bees, frogs and
snails, lagomorphs, crustaceans and molluscs 2015
S11 DPA Establishment with production animals: aquacultureYES 2014-08
Audit Universe FASFC 2012 2013 2014
Federal Agency for the Security of the Food Chain Audit program 15
6
8
33
14
5
28
21
6
20
0
5
10
15
20
25
30
35
Completely covered Partly covered not yet audited
Process universe
31/12/2012
31/12/2013
31/12/2014
Coverage of the universes (2012 – 2016)
Federal Agency for the Security of the Food Chain Audit program 16
9
5
26
13
8
19 19
8
13
0
5
10
15
20
25
30
Completely covered Partly covered not yet audited
Sector universe
31/12/2012
31/12/2013
31/12/2014
Coverage of the universes (2012 – 2016)