Approved Auditor Manual
-
Upload
monching-adecer -
Category
Documents
-
view
223 -
download
0
Transcript of Approved Auditor Manual
-
7/30/2019 Approved Auditor Manual
1/42
-
7/30/2019 Approved Auditor Manual
2/42
Version 1.1November 2011 Page 2 of42
Contents1. Introduction ......................................................................................................................... 5
Audit of Export and Domestic Requirements ..................................................................................... 5
Legislative basis for the approval of auditors ................................................................................ 6
The legislation framework .................................................................................................................. 6
Approval of auditors ........................................................................................................................... 7
2. Purpose and Scope of this Manual ........................................................................................ 8
Definitions ........................................................................................................................................... 8
Introduction to the DAFF Biosecurity Approved Auditor Management System ................................ 8
The role and responsibility of DAFF Biosecurity ................................................................................. 9
The role and responsibilities of Approved Auditors ........................................................................... 9
The role and responsibilities of the Occupier/Registered Establishment ........................................ 10
3. Approval of Approved Auditors ........................................................................................... 11
Fee ..................................................................................................................................................... 11
Duration of auditor approvals........................................................................................................... 11
Approval process and criteria for Approved Auditors ...................................................................... 11
The Approved Auditor approval process .......................................................................................... 11
Commodity risk classification........................................................................................................ 12
Commodity experience.................................................................................................................. 13
Regions of Operation .................................................................................................................... 13
Qualifications ................................................................................................................................ 14
Conflicts of Interest....................................................................................................................... 14
DAFF Biosecurity Approved Auditor Manual................................................................................. 14
Approved Auditor Code of Conduct............................................................................................... 14
RABQSA equivalence ..................................................................................................................... 15
Units of Competency..................................................................................................................... 16
Declarations .................................................................................................................................. 16
Notice of Approval........................................................................................................................ 17
Approved Auditor Register............................................................................................................ 17
Review of decisions relating to approvals ........................................................................................ 18
4. Managing the Approved Auditor ......................................................................................... 18
Verification system ........................................................................................................................... 18
-
7/30/2019 Approved Auditor Manual
3/42
Version 1.1November 2011 Page 3 of42
Scheduled verification activities .................................................................................................... 18
Review of audit reports ................................................................................................................. 18
Refresher training ............................................................................................................................. 19
Changes in requirements and procedures ........................................................................................ 19
Maintaining the requirements for approval ..................................................................................... 19
Renewal of Approval ......................................................................................................................... 19
Surrender of Approval ...................................................................................................................... 19
Notification ....................................................................................................................................... 20
Confidentiality ................................................................................................................................... 20
Revocation or variation of approval ................................................................................................. 20
Complaints system ............................................................................................................................ 20
5. Approval of registered establishments to engage an Approved Auditor ............................... 20
6. Managing the audit process ................................................................................................ 21
Duties of Approved Auditors ............................................................................................................ 21
Scheduling the audit ......................................................................................................................... 21
Observation of processes .............................................................................................................. 22
Auditing of multi-sited food businesses ........................................................................................ 22
Audit teams ................................................................................................................................... 22
Planning the Audit............................................................................................................................. 22
Audit Criteria ................................................................................................................................. 22
Audit Scope ................................................................................................................................... 23
Documentation Review................................................................................................................. 23
Conduct the audit ............................................................................................................................. 23
Audit Findings................................................................................................................................ 25
Classification of Non-compliances ................................................................................................ 25
Corrective Actions ......................................................................................................................... 26Audit Outcomes/ Audit Frequency................................................................................................ 26
Audit Reporting ................................................................................................................................. 27
Finalisation / Closure of CARs/Non-compliance reports ............................................................... 27
Escalation policy............................................................................................................................ 28
Records ............................................................................................................................................. 28
7. Appendices......................................................................................................................... 28
Appendix 1 Application and Approval Process Approved Auditors ......................................... 29
Appendix 2 Approved Auditor Code of Conduct ....................................................................... 30
-
7/30/2019 Approved Auditor Manual
4/42
Version 1.1November 2011 Page 4 of42
1. Purpose and Application of the Code of Conduct..................................................................... 30
Purpose of the code of conduct .................................................................................................... 30
Application of the code of conduct ............................................................................................... 30
2. Definitions ................................................................................................................................. 31
3. Conduct Provisions .................................................................................................................... 31
3.1 Identification ........................................................................................................................... 32
4. Obligations ................................................................................................................................ 32
4.1 Respect for persons ................................................................................................................ 32
4.2 Natural justice ......................................................................................................................... 32
4.3 Health, welfare and safety concerns ...................................................................................... 32
4.4 Discrimination ......................................................................................................................... 33
4.5 Workplace harassment ........................................................................................................... 33
5. Behaviour and attitude ............................................................................................................. 33
6. Dress standards ......................................................................................................................... 33
7. Use of alcohol and drugs ........................................................................................................... 34
8. Conflicts of interest ................................................................................................................... 34
9. Acceptance of gifts .................................................................................................................... 35
10. Confidential information and public comment .................................................................... 35
11. Falsification of Results .......................................................................................................... 35
12. Failure to Comply .................................................................................................................. 35
13. Acknowledgement ................................................................................................................ 35
Appendix 3 Instrument of Approval Example only ................................................................. 36
Appendix 4 Legislation, Australian Standards and DAFF Biosecurity Guidelines list .................... 40
Appendix 5 Contact List ........................................................................................................... 42
-
7/30/2019 Approved Auditor Manual
5/42
Version 1.1November 2011 Page 5 of42
1. IntroductionDAFF Biosecurity is part of the Australian Government Department of Agriculture, Fisheries and
Forestry (DAFF). DAFF Biosecurity is the Commonwealth authority responsible for the regulation of
prescribed goods prepared for export as food from Australia. This maintains the integrity of theexported product and Australias reputation as a reliable exporter.
DAFF Biosecuritys role in providing export inspection, audit and certification services helps retain
wide access to overseas export markets.
As a result of the service delivery models agreed with the fish, dairy and meat export industries to
support export certification reform in 2011, it has been agreed that the audit of registered
establishments that prepare fish, eggs, dairy and some meat products for export as food may be
undertaken by persons approved by DAFF Biosecurity to carry out this activity Approved Auditors.
To facilitate this, DAFF Biosecurity has implemented the DAFF Biosecurity Approved Auditor
Management System to approve, manage and verify the performance of persons other than DAFF
Biosecurity employees to conduct audits of registered establishments on DAFF Biosecuritys behalf.
The system is based on both legislative requirements and the requirements of the National Food
Safety Audit Policy and the National Regulatory Food Safety Auditor Guideline (copies of these
documents can be found athttp://www.health.gov.au) and aims to reduce duplication of audits for
registered establishments.
Audit of Export and Domestic Requirements
Currently, a number of state regulatory authorities (SRAs) have responsibility for the conduct of
audits at DAFF Biosecurity registered establishments on DAFF Biosecuritys behalf. Conversely, in
some jurisdictions DAFF Biosecurity may conduct audits of export registered establishments for
compliance with both export and domestic requirements- these latter audits are conducted on
behalf of SRAs.
DAFF Biosecurity may approve auditors to audit on its behalf in all Commonwealth jurisdictions.
Where DAFF Biosecurity is responsible for the audit of both domestic and export requirements, the
approval of Approved Auditors by DAFF Biosecurity only applies to audits of export requirements.
Auditors who also wish to audit domestic requirements must make application to the appropriate
food regulator in that jurisdiction for approval.
In order to determine if approval as an auditor is applicable to a specific jurisdiction or a specific
commodity (i.e. fish, dairy, eggs &/or meat); reference should be made to the Service Delivery
Arrangements Table available at:www.daff.gov.au/ecri
It should also be noted that for some commodities, an importing country may place restrictions on
who can undertake audits. For example establishments that prepare or store meat for export to
the USA may only be audited by an DAFF Biosecurity employed auditor.
http://www.health.gov.au/internet/main/publishing.nsf/Content/foodsecretariat-policydocs.htmhttp://www.health.gov.au/internet/main/publishing.nsf/Content/foodsecretariat-policydocs.htmhttp://www.health.gov.au/internet/main/publishing.nsf/Content/foodsecretariat-policydocs.htmhttp://www.daff.gov.au/__data/assets/word_doc/mckenzie%20lisa/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/4S3VVBNT/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/mckenzie%20lisa/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/4S3VVBNT/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/mckenzie%20lisa/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/4S3VVBNT/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/mckenzie%20lisa/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/4S3VVBNT/www.daff.gov.au/ecrphttp://www.health.gov.au/internet/main/publishing.nsf/Content/foodsecretariat-policydocs.htm -
7/30/2019 Approved Auditor Manual
6/42
Version 1.1November 2011 Page 6 of42
Legislative basis for the approval of auditors
The legislation framework1
The framework for the Australian government to regulate prescribed goods for export as food
consists of:
1. an Act of Parliament: the Export Control Act 1982
2. subordinate legislation made by the Governor-General: the Export Control (Orders)
Regulations 1982, and
3. subordinate legislation made by the Minister: the Orders specifically:
a. the Export Control (Prescribed Goods General) Order 2005
and the commodity Orders:
a. the Export Control (Eggs and Egg Products) Orders 2005
b. the Export Control (Fish and Fish Products) Orders 2005
c. the Export Control (Milk and Milk Products) Orders 2005
d. the Export Control (Meat and Meat Products) Orders 2005
e. the Export Control (Poultry Meat and Poultry Meat Products) Orders 2010
f. the Export Control (Wild Game Meat and Wild Game Meat Products) Orders 2010
The Export Control Act 1982 (the Act) is the overarching legislation controlling the export of food and
other goods from Australia. The introduction of the Act provided a stable but flexible legal
framework for controlling the export of food and other goods.
The Act came into force on 1 January 1983. It has not been significantly altered since that date, but
Orders prescribed under the Act subordinate legislation have been amended and new Orders
have been established in line with changes in markets and industries, and in accordance with
international trade agreements.
The Act, its subordinate Regulations and Orders provide the legal basis for:
1. Controlling the export of prescribed goods from Australia
2. Setting conditions and restrictions for the export of prescribed goods
3. Conditions for registering premises for the preparation of goods for export
4. Powers for the Secretary and authorised officers to deal with prescribed goods and
premises, and
5. Offences and maximum penalties for contraventions of the Act.
The export legislative framework, through subordinate legislation specifically, the commodity
Orders provides the Secretary with the power to approve auditors to conduct audits in accordance
with legislative requirements.
1
Copies of all legislation cited in this document are available at:http://www.comlaw.gov.au
http://www.comlaw.gov.au/http://www.comlaw.gov.au/http://www.comlaw.gov.au/http://www.comlaw.gov.au/ -
7/30/2019 Approved Auditor Manual
7/42
Version 1.1November 2011 Page 7 of42
Approval of auditors
Schedule 10 of the Export Control (Fish and Fish Products), (Eggs and Egg Products), (Milk and Milk
Product) Orders 2005 and Schedule 9 of the Export Control (Meat and Meat Products Orders) 2005,
(Poultry Meat and Poultry Meat Products) and the (Wild Game Meat and Wild Game Meat Products)
Orders 2010 provide the legislative basis for:
The application and approval process of auditors
Assessment of auditor competence
Decisions to approve (or not approve) auditors
Conditions of auditor approval
Conditions for the revocation of auditor approval
Period of auditor approval
Issuing of identity cards
The maintaining of a register of Approved Auditors
The Secretary (or their Delegate) may approve a person as an auditor for the purposes of auditing
registered establishments against the requirements of the applicable commodity Orders when the
Secretary (or their Delegate) is satisfied that:
the applicant has the necessary knowledge, training, skills and experience to competently
carry out audits of the kind for which approval is sought; and
the audits conducted by the applicant will be objective, independent, fair and accurate and,
unless stated otherwise in the audit report, will be complete; and
the applicant will comply with the requirements of Division II of Part 6 of the applicable
commodity Orders; and
the applicant will comply with documented procedures for the conduct of audits; and
the applicant is a fit and proper person having regard to the matters specified in section 4.05
of the Export Control (Prescribed Goods General) Order 2005.
Additionally, the Secretary (or their Delegate) may:
take into account any real or perceived conflict of interest that could arise if the applicant
was to be approved
request that the applicant provide further documents or information
request that the applicant submit to assessment by interview, audit or written examination,
or any combination of those ways
apply conditions to the approval.
-
7/30/2019 Approved Auditor Manual
8/42
Version 1.1November 2011 Page 8 of42
2. Purpose and Scope of this ManualThis manual is provided by DAFF Biosecurity to inform Approved Auditors conducting regulatory
audits of registered establishments on behalf of DAFF Biosecurity, of the system that has been
implemented by DAFF Biosecurity to manage the approval process, the Approved Auditor and the
audit process.
Auditors approved under this system, known as Approved Auditors, may include independent, third
party or commercially employed auditors, but due to potential conflicts of interest may not include
persons in the direct employ of the DAFF Biosecurity registered establishment subject to the audit.
Definitions
In this document, terms have the following meaning:
Approved Auditor: is an auditor approved by the Secretary (or delegate of) under Schedule 10 of
the Export Control (Eggs and Egg Products) Orders 2005, Export Control (Fish and Fish Products)
Orders 2005, Export Control (Milk and Milk Products) Orders 2005 and/or Schedule 9 of the Export
Control (Meat & Meat Products) Orders 2005, Export Control (Poultry Meat and Poultry Meat
Products)Orders 2005 or Export Control (Wild Game Meat and Wild Game Meat Products) Orders
2010.
AMS: Audit Management System - DAFF Biosecuritys electronic system that manages all aspects of
audits.
Approved Arrangement (AA): the food safety management system in place at a registered
establishment, which is approved by DAFF Biosecurity for the identification, control, monitoring,
review and reporting of food safety hazards and compliance with legislative and importing country
requirements.
Registered establishment: Refers to an export registered establishment engaged in the preparation
(including storage, handling and loading) of prescribed goods for export.
Occupier: The individual, corporation or other legal entity (or any combination of these) in whose
name a registered establishment is registered.
SRA: State Regulatory Authority the state or territory authority responsible for food safety in that
jurisdiction.
Introduction to the DAFF Biosecurity Approved Auditor Management
System
DAFF Biosecurity has developed and implemented the DAFF Biosecurity Approved Auditor
Management System to:
-
7/30/2019 Approved Auditor Manual
9/42
Version 1.1November 2011 Page 9 of42
1. Approve, manage and verify the performance of persons other than DAFF Biosecurity
employees known as Approved Auditors who conduct audits of registered
establishments on DAFF Biosecuritys behalf
2. Manage the Approved Auditor
3. Approve Registered Establishments to engage the services of an Approved Auditor
4. Manage the regulatory audit process.
The responsibility for activity in the regulatory audit process is shared between DAFF Biosecurity,
Approved Auditors conducting regulatory audits and the registered establishments that require
regulatory audits.
The role and responsibility of DAFF Biosecurity
As part of effectively demonstrating compliance with legislative and National Food Safety Auditor
Policy requirements, DAFF Biosecurity has systems in place to approve, manage and verify the
activities of authorised officers and Approved Auditors, to approve registered establishments tooperate under the DAFF Biosecurity Approved Auditor Management System and, where applicable,
respond to audit findings and results of verification activities.
Within this system, DAFF Biosecurity maintains responsibility for any enforcement action that needs
to be taken in response to audit outcomes.
The role and responsibilities of Approved Auditors
The role of the Approved Auditor is to conduct regulatory audits of a registered establishments
compliance with:
The applicable requirements of the Act and the commodity Orders, and
The requirements of the establishments food safety management system, known as an
approved arrangement (AA) including any conditions that may apply, and
The applicable importing country requirements identified in the establishments AA,
for all aspects of the preparation (including storage, handling and loading) of the commodity or
commodities for export as food that falls within the scope of the auditors conditions of approval
and commodity risk classification.
The Approved Auditor is responsible for ensuring that:
The necessary knowledge, training, skills and experience required to conduct audits are
maintained, including the maintenance of any competencies or qualifications specified in the
approval criteria.
Audits conducted are objective, independent, fair and accurate and, unless otherwise stated
in the audit report, are completed.
Audits are conducted as expeditiously as possible and in a way that causes as little
interference as possible to the operations which may be the subject of the audit.
Any additional documented procedures provided by DAFF Biosecurity in relation to the
conduct of audits are complied with.The Approved Auditor Code of Conduct is complied with.
-
7/30/2019 Approved Auditor Manual
10/42
Version 1.1November 2011 Page 10 of42
DAFF Biosecurity is informed immediately of any circumstances that may affect the
Approved Auditors approval with regards to criminal activity or real or perceived conflicts of
interest.
A current Approved Auditor identity card can be presented on request.
Failure to competently undertake these responsibilities, which will be verified by DAFF Biosecurity,
may result in DAFF Biosecurity revoking auditor approval or requiring the Approved Auditor to take
agreed corrective action which may include, but is not limited to, the undertaking of additional
training.
The role and responsibilities of the Occupier/Registered Establishment
The role of the occupier of a registered establishment is to ensure compliance with legislative
requirements through the effective implementation and maintenance of their approved
arrangement.
The occupier of a registered establishment is responsible for ensuring that:
DAFF Biosecurity approval to engage an Approved Auditor is sought.
Their premises and approved arrangement is audited at the frequency outlined in the
applicable DAFF Biosecurity guideline.
The Approved Auditor engaged under the system has the appropriate scope of approval,
including the appropriate commodity risk classification, to conduct the regulatory audit.
As per the requirements of the legislation2, all necessary assistance is provided to the
auditor as is reasonably necessary to enable the auditor to perform the audit of their
operations, including, but not limited to:o The provision of information, explanation, documents, translations and
demonstrations of use of equipment; and
o Allowing the auditor to interview their employees, agents or contractors and export
permit issuers; and
o Allowing the observation of their procedures; and
o Use of their equipment for the purposes of accessing, examining, testing, sampling,
recording or reproducing any documents or thing at their premises; and
o Bringing onto the premises any equipment required to perform the audit.
Any corrective action agreed to be taken to address audit findings is implemented and
reviewed for effectiveness within the timeframes specified in the Audit Report.
The occupier and the Approved Auditor are responsible for organising and managing the audit
process. DAFF Biosecurity is not involved in any contract negotiations or agreement between the
occupier and an Approved Auditor.
Failure to comply with these requirements may result in a direction being given to the occupier by
DAFF Biosecurity to comply or the revocation of approval to engage an Approved Auditor. Where
approval has been revoked, audits will be conducted by DAFF Biosecurity.
2
Order 65 of the Export Control (Fish & Fish Products) Orders 2005, Order 60 of the Export Control (Eggs & Egg Products)and (Milk & Milk Products) Orders 2005 and Order 59 of the Export Control (Meat & Meat Products) Orders 2005, (Poultry
Meat & Poultry Meat Products) and (Wild Game Meat & Wild Game Meat Products) Orders 2010
-
7/30/2019 Approved Auditor Manual
11/42
Version 1.1November 2011 Page 11 of42
For additional information for registered establishments see: The Registered Establishment Guide to
the DAFF Biosecurity Approved Auditor Management System available at:www.daff.gov.au/ecri
3.Approval of Approved AuditorsAuditors seeking to become an Approved Auditor must apply to DAFF Biosecurity and demonstrate
that they meet the criteria for approval as described in this section.
Fee
There are currently no fees payable for the initial application or annual renewal of auditor approvals.
This is subject to change and it is the responsibility of Approved Auditors to monitor the ECRP
website atwww.daff.gov.au/ecrifor updates.
Duration of auditor approvals
The duration of an Approved Auditors approval with DAFF Biosecurity is 12 months from the date of
initial approval, unless revoked. Approved Auditors must undergo an annual renewal process to
maintain their Approved Auditor status.
Approval process and criteria for Approved Auditors
Auditors seeking to become an Approved Auditor with DAFF Biosecurity must apply by completing
the Approved Auditor Application form available at:www.daff.gov.au/ecri
Applications are to be submitted to: Certification Management
Food Division
DAFF Biosecurity
Department of Agriculture, Fisheries and Forestry
PO Box 858
CANBERRA CITY ACT 2601
A Contact List for all enquiries relating to Approved Auditors is provided atAppendix 5.
The Approved Auditor approval process
A flow diagram of the process is provided atAppendix 1.
The approval process consists of the following 6 steps:
Step 1 Submit application to DAFF Biosecurity
Applicants will be required to submit a completed application form and supporting documentation
that includes the following:
1. Personal / contact details.
2. Consent of the applicant to the publishing by DAFF Biosecurity of contact details in a public
register of Approved Auditors.
http://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/ecrphttp://www.daff.gov.au/ecrphttp://www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrp -
7/30/2019 Approved Auditor Manual
12/42
Version 1.1November 2011 Page 12 of42
3. Details of approval to work in Australia if not an Australian citizen (certified copies of valid
passport/current working/permanent residency visa if applicable).
4. Photographs (4) and signature sample.
5. Nomination of the commodity risk classification/s that the applicant is seeking approval for.
6. Details ofcommodity experience (medium and high risk).
7. Nomination ofregion/s of operation.
8. Details ofqualifications - Statements of Attainment / technical qualifications (certified copies
to be supplied) applicable to the commodity risk classification applied for.
9. Certified copy of professional indemnity insurance certificate.
10.Disclosure of any real or perceived conflicts of interest.
11.Disclosure of any pending criminal charges / denial of approval as a regulatory auditor.
12.Certified copy of an AFP National Police Check.
13.Certified copies of documents sufficient for a 100 Point Identification Check.
14.Acknowledgement of having read, understood and agreed to comply with the DAFF
Biosecurity Approved Auditor ManualandApproved Auditor Code of Conduct.15.A signed Declaration to the accuracy of the information provided.
The following section provides additional detail as to the requirements in italics in the above list.
Commodity risk classification
DAFF Biosecurity uses the risk classification system defined in Table 1 for commodities and processes
to determine:
The qualifications and experience required by Approved Auditors to effectively conduct
audits for some commodities.
The frequency of auditing of the approved arrangements implemented by the registered
establishments.
Applicants must indicate both the commodity and risk classification for which they are applying and
ensure that they have the appropriate qualifications and commodity experience.
Low Risk
Low risk classification is not commodity specific an auditor applying for approval to audit low risk
processes may audit any commodity / process classified as low risk. Storage includes dry, cool and
frozen storage.
Medium Risk
Medium risk processes include all processes not specifically noted as low or high and includes
processes that result in a product that will be subject to further processing or is intended to be
cooked by the consumer prior to consumption. Medium risk classification is not applicable to milk
products.
High Risk
High risk processes include:
-
7/30/2019 Approved Auditor Manual
13/42
Version 1.1November 2011 Page 13 of42
Heat treatment processes where the product is retorted or pasteurised with a nominated
refrigerated shelf life and commercially sterile, shelf stable product.
Cook / chill processes where minimally heat processed foods are distributed as chilled
products with a defined shelf life.
Ready to eat fish, egg, dairy and meat processes not included in the definition of heat
treatment or cook/chill that result in a ready to eat product.
Processing of bivalve molluscs where in-shore harvesting is included in the process to be
audited.
Please note:
Where an auditor has been approved for a medium or high risk commodity classification,
approval is automatically acknowledged for the lower levels of risk (i.e. medium risk
classification includes approval to audit low risk processes, high risk classification includes
approval to audit both low and medium), but only for the approved commodities.
Table 1: Commodity Risk Classification
Fish Eggs Milk Meat Poultry Game
Low Storage, packing live fish, packing of whole eggs
Medium Products to be further
processed
Products intended to be
cooked
N/A Slaughter, boning, processing &
packing of raw, chilled or frozen
meat, poultry or game
High Heat
Treatment
processes
Ready-to eat
Cook/chill
processes
Bivalves
Heat Treatment
processes
Ready-to eat
Cook/chill processes
Heat Treatment processes
Ready-to eat meat products
Cook/chill processes
Commodity experience
Applicants applying for medium and/or high commodity risk classifications must be able to
demonstrate recent commodity experience, such as relevant qualifications, industry experience
and/or audit experience.
Regions of Operation
Approved Auditors will be approved to conduct audits within all State and Territory jurisdictions.
However, the Approved Auditor Application Form requires applicants to nominate which state(s)
-
7/30/2019 Approved Auditor Manual
14/42
Version 1.1November 2011 Page 14 of42
and/or territory(ies) they wish to operate in. This will assist registered establishments in locating and
engaging an Approved Auditor within their state or territory.
Applicants may choose to select multiple jurisdictions; however consideration should to be given to
SRA requirements (seeintroduction).
Qualifications
See Step 2 for details of the minimum qualification requirements.
Conflicts of Interest
Applicants are required to provide details of any conflicts of interests (real or perceived) that may
exist, or may be likely to arise, if the applicant is appointed as an Approved Auditor. Applicants must
provide details of any relationships or positions of management or control that may have been
offered, are currently held or have previously been held, in regard to the operations carried out in
any registered establishment.
Payment to an auditor for carrying out the functions of an auditor does not constitute a direct or
indirect interest in a registered establishment.
Additional information in relation to what may constitute a real or perceived conflict of interest is
provided atAppendix 2 Approved Auditor Code of Conduct.
DAFF Biosecurity Approved Auditor Manual
Applicants are required to acknowledge that they have read, understood and agree to comply with
the requirements of this DAFF Biosecurity Approved Auditor Manual.
To ensure reference is made to the current version of the manual see:www.daff.gov.au/ecri
Approved Auditor Code of Conduct
Applicants are required to acknowledge that they have read, understood and agree to comply with
the requirements of theApproved Auditor Code of Conduct.
Where an allegation is made that an Approved Auditor has breached the Code of Conduct, DAFF
Biosecurity will investigate the breach and, if confirmed, revocation of the auditors approval may
occur.
Step 2 Application assessed by DAFF Biosecurity in accordance with Approval Criteria
In addition to meeting the requirements detailed in Step 1, applications will be assessed to ensure
that the minimum approval criteria are met.
Applicants must demonstrate achievement of the required competencies, qualifications and
commodity experience applicable to the scope of their application before the application can be
progressed.
It is a requirement of the National Regulatory Food Safety Auditor Guideline that regulatory auditorsmaintain the following units of competency from the Food Processing Industry Training Package
http://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrp -
7/30/2019 Approved Auditor Manual
15/42
Version 1.1November 2011 Page 15 of42
FDF103
issued by a registered training organisation (RTO) under the requirements of the Australian
Quality Training Framework (AQTF):
Low risk
FDFFSACA / FDFAU4001A Assess compliance with food safety program(This competency may be superseded by a person who has already obtained competency
FDFFSCFSAA/FDFAU4003A)
FDFFSCOMA / FDFAU4002A Communicate and negotiate to conduct food safety audits
FDFFSCFSAA / FDFAU4003A Conduct food safety audits
FDFFSCHZA / FDFAU4004A Identify, evaluate and control food safety hazards
Medium Risk
In addition to the above listed units of competency, regulatory auditors in the medium classification
must hold a Certificate IV or higher in food science or related field (including 40 hours of food
microbiology).
High Risk
In addition to the above requirements for auditing medium risk classifications, auditors applying for
approval to audit high risk processes must, where applicable to the commodity and process being
audited, have the following high risk units of competency4:
FDFFSCC4A / FDFAU4006A Audit a cook chill process
FDFFSHT4A / FDFAU4007A Audit a heat treatment process (retort & pasteurization)
FDFFSME4A / FDFAU4008A Audit manufacturing of ready-to-eat meat products FDFFSBM4A / FDFAU4005A Audit bivalve mollusc growing & harvesting operations
Where application is made for approval to audit processes that result in ready to eat fish, egg or
dairy products, applicants will be required to provide evidence of experience with both commodity
and process.
RABQSA equivalence
The following RABQSA-issued units of competency NFS 1-4 will be accepted as equivalent to the 4
nationally recognized units of competency for auditing where an auditor has applied for either low
or medium risk commodity risk classification:
RABQSA-NFS1: Assess compliance of food safety programs
RABQSA-NFS2: Communicate and negotiate to conduct food safety audits
RABQSA-NFS3: Conduct food safety audits
RABQSA-NFS4: Identify, evaluate and control food safety hazards
3Superseded Units of Competency (FDFFSACA, COMA, FSSA, CHZA) issued under the Food Processing Industry Training
Package FDF03 will be accepted until package FDF10 is superseded or if changes are made to the specified units or the
requirements of the National Regulatory Food Safety Auditor Guideline.4
Units of Competency FDFFSCOMA / FDFAU4002A, FDFFSCFSSA / FDFAU4003A, FDFFSCHZA / FDFAU4004A are a pre-
requisite requirement for any high risk units
-
7/30/2019 Approved Auditor Manual
16/42
Version 1.1November 2011 Page 16 of42
Auditors seeking approval for high risk commodity approval must provide evidence of having
obtained the applicable AQTF pre-requisite and high risk units of competency as listed above.
Units of Competency
Additional information on training packages, units of competency and registered trainingorganisations (RTOs) able to provide Statements of Attainment in the above listed units of
competency can be found at: http://www.ntis.gov.au/
DAFF Biosecurity may from time to time alter the required qualifications of Approved Auditors. DAFF
Biosecurity will notify Approved Auditors in writing of any changes to the requirements.
Declarations
If investigation reveals that any information provided by the applicant is intentionally false or
misleading, it may result in an application being questioned or rejected outright. If investigation
following the approval of a person reveals that substantial false and misleading statements havebeen made, the Approved Auditors approval will be revoked.
Step 3 Access provided to training in DAFF Biosecurity legislative requirements
Once the initial approval criteria have been met:
Applicants will be contacted in writing by DAFF Biosecurity and provided with a personal log-on to a
web-based learning management system where training in DAFF Biosecurity legislative requirements
is provided and is required to be successfully completed.
Applicant is to advise DAFF Biosecurity of the successful completion of training.
Step 4 -Assessment
On successful completion of the self-paced, self-assessed training at Step 3:
Applicants will then be required to undergo an on-site assessment or witness audit. This
assessment will assess the applicants skills and knowledge, understanding of the Act and applicable
commodity Orders and will verify that the prospective Approved Auditor can appropriately interpret
and apply the applicable legislation.
The assessment will be carried out by an DAFF Biosecurity officer who holds appropriate auditing
competencies, technical and educational qualifications and specialised endorsements. The
assessment(s) will be conducted to the highest commodity risk classification that the auditor has
applied for.
Approved Auditors wishing to change or upgrade their scope of approval must re-apply to DAFF
Biosecurity and may be subject to additional assessment.
http://www.ntis.gov.au/http://www.ntis.gov.au/http://www.ntis.gov.au/ -
7/30/2019 Approved Auditor Manual
17/42
Version 1.1November 2011 Page 17 of42
Step 5 -Notice of Approval / Identity Card
On successful completion of the assessment activities in Step 4:
Notice of Approval
Successful applicants will receive a Notice of Approval which specifies their responsibilities to DAFF
Biosecurity while undertaking the duties and responsibilities of an Approved Auditor. The Notice of
Approval will include:
a. Name of Approved Auditor
b. Date of Approval
c. Conditions of Approval including the following:
1. Commodity Risk Classification
2. Scope of Approval
3. Code of Conduct
The scope of approval of the Approved Auditor will be restricted to the requirements of the
legislation and commodity risk classification that the Approved Auditor has been assessed and
approved against. Approved Auditors must not conduct audits outside of their scope of approval.
SeeAppendix 3for an example of the Notice of Approval.
Identity card
The Approved Auditor will be issued with an identity card. On receipt of the card, applicants must
formally acknowledge receipt.
The identity card will be dated and is valid for one year. A new card will be issued upon successful
application for renewal.
The identity card remains the property of DAFF Biosecurity. If an auditors approval is revoked by
DAFF Biosecurity or expires, the card must be returned immediately to DAFF Biosecurity.
If the auditor identity card is lost or stolen, the auditor must notify DAFF Biosecurity immediately. A
new card will be issued. A fee may apply and is at the discretion of DAFF Biosecurity.
Step 6 Listing on the Approved Auditor Register
Approved Auditor Register
DAFF Biosecurity maintains a register of all Approved Auditors. This register will be made publically
available on DAFF Biosecuritys website atwww.daff.gov.au/ecriand will be updated as required. It
is the responsibility of Approved Auditors to ensure that the information they supply for the register
is accurate and updated as necessary.
The following information, collected from the Approved Auditor Application Form, is the minimum
information that will be listed on the Approved Auditor Register:
Approved Auditors name
http://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrp -
7/30/2019 Approved Auditor Manual
18/42
Version 1.1November 2011 Page 18 of42
Contact details (phone number and e-mail contact only)
Commodity risk classification
Operating regions
Once an identity card has been issued and the applicant has been listed on the Approved Auditor
Register, they may commence audits in their endorsed commodity/risk sectors.
At no time prior to receiving the identity card and being listed on the Approved Auditor Register may
any applicant conduct audits of registered establishments on DAFF Biosecuritys behalf.
Review of decisions relating to approvals
At this time, all decisions relating to approvals will be made by DAFF Biosecurity. If the decision is
made not to approve the applicant, the applicant will be advised of the decision and the reasons for
the decision in writing. Unsuccessful applicants may seek a review of the decision under Part 16 of
the Export Control (Prescribed Goods General) Order 2005.
4. Managing the Approved AuditorThe following section provides details of both DAFF Biosecurity requirements and the responsibilities
of Approved Auditors with regards management of auditor performance.
Verification system
The verification systems used by DAFF Biosecurity to check forcompliance to set standards, systems
and legislative requirements enables DAFF Biosecurity to assess and monitor the competence and
performance of Approved Auditors.
Verification activities may be scheduled or triggered by complaints, system reviews, trends, audit
reports or requests by registered establishments.
Scheduled verification activities
DAFF Biosecurity will conduct scheduled verification activities based upon the Approved Auditors
commodity risk classification. Outcomes of verification activities may result in requests for corrective
action, re-training or revocation of approval, if poor auditor performance is identified.
Scheduled verification activities may include:
a) an examination of reports made by the Approved Auditor in the course of auditing
operations at registered establishments;
b) an audit of at least one operation that was audited under the applicable commodity Order
or Orders within the previous six months by the Approved Auditor; and/or
c) observing the auditor while he or she is conducting an audit.
Review of audit reports
Audit reports will be reviewed by DAFF Biosecurity to ensure compliance with DAFF Biosecurityreporting requirements. The following may be included in the review:
-
7/30/2019 Approved Auditor Manual
19/42
Version 1.1November 2011 Page 19 of42
Audit duration
Review of the content of the audit report; clarity of findings
Relevance of non-compliances issued
Classification of non-compliances issued
Notification of critical non-compliances
Notification of audit failure or non-completion
Compliance with timeliness of report submission.
Approved Auditors will be notified in writing of any findings of the review of audit reports. This may
take the form of advice or information or it may result in the issuing, by DAFF Biosecurity, of a
corrective action request.
Refresher training
DAFF Biosecurity will provide refresher training where required by changes to legislative
requirements or procedures. Approved Auditors may also be required to undertake refreshertraining as a result of verification findings.
Changes in requirements and procedures
Approved Auditors will be advised by DAFF Biosecurity of any changes in requirements and
procedures by the posting of information to the DAFF Biosecurity website:www.daff.gov.au/ecri.
Approved Auditors are required to subscribe to the automatic e-mail notification function available
to ensure access to current requirements.
Maintaining the requirements for approval
Approved Auditors are responsible for maintaining the currency of the applicable competencies /
technical qualification and annual renewal of approval.
Renewal of Approval
Approved Auditors are responsible for applying for renewal of approval prior to the expiration date
detailed in the Notice of Approval. Approved Auditors must not perform audits without a current
approval. Approved auditors should apply for renewal at least 30 days prior to the expiry of their
approval to allow sufficient time for the processing of renewal applications.
Applications for renewal are available on the DAFF Biosecurity website at:www.daff.gov.au/ecri
Surrender of Approval
An Approved Auditor may request that their approval be cancelled should they decide not to
continue working on behalf of DAFF Biosecurity. It is the responsibility of the individual auditor to
ensure that they do not market their services as meeting DAFF Biosecurity requirements once they
have surrendered their approval.
http://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrphttp://www.daff.gov.au/__data/assets/word_doc/Wittich%20Mark/Local%20Settings/Temporary%20Internet%20Files/Content.Outlook/T9CB8WSF/www.daff.gov.au/ecrp -
7/30/2019 Approved Auditor Manual
20/42
Version 1.1November 2011 Page 20 of42
Notification
All Approved Auditors must, during the term of their approval, immediately notify DAFF Biosecurity
of any event or information which relates to or may affect DAFF Biosecurity's satisfaction that the
auditor is a suitable person to be appointed as an Approved Auditor including:
Unintentional or suspected breach of the Approved Auditor Code of Conduct
Conviction of an offence against the Crimes Act 1914, or another law of the Commonwealth
or a law of a state or territory
Threats, intimidation, bribery against the Approved Auditor
Complaints against the Approved Auditor
Conflict of interests (real or perceived) of the Approved Auditor.
Confidentiality
The Approved Auditor Code of Conduct requires that an Approved Auditor must not disclose certainconfidential information.
The Approved Auditor Code of Conduct states that Approved Auditors must keep all commercially
sensitive and official information confidential. If an auditor discloses such information without
appropriate consent, DAFF Biosecurity may revoke an auditors approval.
Revocation or variation of approval
Should DAFF Biosecurity find reason to vary the conditions of or revoke an Approved Auditor s
approval, DAFF Biosecurity will notify the auditor in writing. On receipt of that notice, the Approved
Auditor will have an opportunity to make submissions to DAFF Biosecurity for a review of the
decision.
Complaints system
DAFF Biosecuritys complaints system is accessible by registered establishments, Approved Auditors,
other jurisdictions and the general public. Complaints may be made via the website, email, phone,
fax or by letter. The complainant may remain anonymous if they wish.
Procedures for making complaints are detailed online at:
www.daff.gov.au/aqis/about/contact/compliments-complaints
5.Approval of registered establishments to engage an ApprovedAuditor
Registered establishments must seek approval from DAFF Biosecurity to engage an Approved
Auditor.
Granting of approval is contingent on several factors including consideration of the service delivery
arrangements that may be in place within the establishments state or territory jurisdiction.
http://mylink.agdaff.gov.au/team/femn/Document%20Library/Projects/Food%20Safety%20Auditor%20Competency%20Framework/AAO%20Manual%20and%20Est%20Manual/www.daff.gov.au/aqis/about/contact/compliments-complaintshttp://mylink.agdaff.gov.au/team/femn/Document%20Library/Projects/Food%20Safety%20Auditor%20Competency%20Framework/AAO%20Manual%20and%20Est%20Manual/www.daff.gov.au/aqis/about/contact/compliments-complaintshttp://mylink.agdaff.gov.au/team/femn/Document%20Library/Projects/Food%20Safety%20Auditor%20Competency%20Framework/AAO%20Manual%20and%20Est%20Manual/www.daff.gov.au/aqis/about/contact/compliments-complaints -
7/30/2019 Approved Auditor Manual
21/42
Version 1.1November 2011 Page 21 of42
When approved, the establishment will be provided with written notification from DAFF Biosecurity
that details their approval and the commodity risk classification/s of their establishment.
This will enable the occupier of a registered establishment to access the Approved Auditor Register
and contact an Approved Auditor within their local area that has the commodity risk classification/s
required to conduct an audit of their establishment.
6. Managing the audit processDAFF Biosecurity has developed procedures for managing the audit process where auditing is
undertaken by Approved Auditors.
The following section provides details of the duties of Approved Auditors and the overarching
procedures that must be complied with for the conduct of regulatory audits of registered
establishments.
Where the audit of specific commodities requires additional procedures, Approved Auditors will be
provided with documented procedures by the commodity program. Additional procedures may be
required for
determining the frequency of audit where frequency may be based on audit outcomes
audit reports and reporting (including provision of DAFF Biosecurity Audit Report
Templates).
Duties of Approved Auditors
An Approved Auditor conducting audits of registered establishments on behalf of DAFF Biosecurity
has the following duties:
a) to carry out audits of the approved arrangement approved and in place at the registered
establishment
b) to carry out any necessary follow-up action, including further audits, if necessary, to
determine whether action has been taken to remedy any deficiencies of any such approved
arrangement identified in an audit
c) to audit and report in accordance with legislation and DAFF Biosecurity requirements.
Scheduling the audit
Prior to scheduling the audit, Approved Auditors must ensure that the occupier of the registered
establishment has written approval from DAFF Biosecurity to engage an Approved Auditor.
It is the responsibility of the occupier to engage an Approved Auditor with the appropriate
commodity risk classification to conduct their regulatory audit. The registered establishment and the
Approved Auditor are then responsible for organising and managing the audit process.
These two parties must ensure that audit frequencies determined by DAFF Biosecurity as applicable
to the establishment being audited are met, taking into consideration that audit frequency may vary
dependent on audit findings.
-
7/30/2019 Approved Auditor Manual
22/42
Version 1.1November 2011 Page 22 of42
Observation of processes
Audits must be scheduled to coincide with production to enable actual processing operations to be
observed. However, where the establishment to be audited is a vessel where processing occurs at
sea, audits should be scheduled where possible to coincide with vessel unloads to provide access to
product and crew.
Auditing of multi-sited food businesses
Irrespective of whether an occupier operates from many sites, each site is an individual registered
establishment and must maintain their own approved arrangement and records and be audited
against that establishments approved arrangement.
The approved arrangement used on site must accurately reflect how export requirements and food
safety issues are being managed on that site.
Audit teams
There may be instances where teams of Approved Auditors, rather than individual Approved
Auditors, are required to carry out regulatory audits. Under these circumstances the lead auditor of
the audit team will be required to ensure that all auditors undertaking work as part of the audit
team are Approved Auditors and have the appropriate commodity risk classification to conduct such
audits.
Planning the Audit
Audit Criteria
All audits of registered establishments must be conducted against the appropriate audit criteria
that is, the requirements of the Act, the applicable commodity Orders and where applicable the
Australian Standards as referenced in the commodity Orders. Audit criteria can include the approved
arrangement as the system to ensure compliance with the requirements of the legislation. Criteria
may also include applicable importing country requirements where identified in the establishments
AA.
DAFF Biosecurity Audit Report templates include provision for selecting and indicating the applicable
criteria.
The Approved Auditor should ensure that they have access to all relevant legislation applicable to
the type of registered establishment that is to be audited. Copies of this legislation and any
applicable Australian Standards and DAFF Biosecurity Guidelines should be on hand during the audit
for easy reference.
SeeAppendix 4for a list of legislation, Australian Standards and DAFF Biosecurity Guidelines and
details of where these documents can be accessed.
-
7/30/2019 Approved Auditor Manual
23/42
Version 1.1November 2011 Page 23 of42
Audit Scope
DAFF Biosecurity Audit Report templates detail the scope of the audit in the form of a list of
elements that are to be audited and include provision for selecting the elements that are actually
audited at a given audit.
It is a DAFF Biosecurity requirement that, regardless of the frequency of audit, all elements are
audited within a 12-month period. It is the responsibility of the Approved Auditor to ensure that this
requirement is met through effective audit planning, consideration of audit frequency and the
elements audited at previous audits.
Where an establishments hazard analysis identifies critical control points (CCPs), the HACCP
element must be audited at each audit.
Documentation Review
Where an Approved Auditor requires documents for review prior to the on-site audit, the auditormust make the request directly to the occupier (or their agreed representative) of the establishment
to be audited. DAFF Biosecurity does not provide copies of AAs or HACCP plans directly to Approved
Auditors.
As part of audit preparation or entry meeting, the Approved Auditor is to obtain and review copies
of the previous audit report/s including any corrective action requests.
It is a requirement of the Export Control (Prescribed Goods General) Order 2005 that an
establishment display a current copy of their DAFF Biosecurity Certificate of Registration. This
document provides details of the commodities and operations that the establishment is approved byDAFF Biosecurity to prepare and undertake. The Certificate of Registration also provides details of
the persons listed by DAFF Biosecurity as being in management and control at the establishment and
may include details of importing country listings. This document should be available and reviewed
for currency at each audit.
Conduct the audit
All audits must be conducted at the registered establishment to be audited.
The time taken to perform the audit is not predetermined. An audit shall continue until the
Approved Auditor is satisfied that the audit of all elements of scope required to be reported to DAFF
Biosecurity have been completed effectively.
The table below outlines the minimum requirements expected when conducting a regulatory audit
of a registered establishment.
-
7/30/2019 Approved Auditor Manual
24/42
Version 1.1November 2011 Page 24 of42
Table 2: Minimum requirements for conducting an audit of a registered establishment
Audit Activity Minimum Requirement
Entry Meeting Approved Auditor to present Identity Card on request
Appropriate management must be present and recorded
Auditor to detail the audit criteria and the scope of the audit
Previous audit report/s reviewed and discussed
Where required, outstanding non-compliances discussed, including evidence and
verification that corrective action taken has been effective
Current DAFF Biosecurity Certificate of Registration to be available and reviewed
for accuracy
Approved Arrangement is available and on site
Monitoring records and any other documents applicable to the audit areavailable, current and on site.
Any changes to activities, products or processes conducted at the registered
establishment that may affect the establishments food safety risk and/or
compliance with legislative requirements are reviewed
Conducting
The Audit
Audit of approved arrangement including:
- Review of amendments to AA
- Review of audit elements as specified on DAFF Biosecurity Audit Report
Template
- Review of HACCP plan
- Inspection of the registered establishment and observation of processing
- Trace back of export eligible product transferred to another establishment or
exported to source / supplier to determine effective procedures to identify
and trace product
- Review of export documentation (where applicable may include a review of
procedures for the completion/validation of export documentation)
Review objective evidence to determine and classify any non-compliancesidentified
Document non-compliance/s identified
Where, in the Approved Auditors opinion, a non-compliance identified is to be
classified as critical, DAFF Biosecurity is to be contacted immediately as direction
may be required to be given by an authorised officer to the occupier for the
cessation of processing for export
Exit Meeting
Conducted at
completion ofthe audit
Appropriate management to be present and recorded
Audit findings to be presented including details of any non-compliances
indentified Agree appropriate corrective action/s, including the evidence to be presented and
-
7/30/2019 Approved Auditor Manual
25/42
Version 1.1November 2011 Page 25 of42
Audit Activity Minimum Requirement
the timeframes required for closure of any CARs issued as a result of non-
compliances identified
Overall audit outcome to be presented and discussed - if a criticalnon-
compliance has been identified, the occupier must be informed that they will be
contacted by DAFF Biosecurity regarding the action to be taken
Date of next audit to be confirmed
Copies of completed, acknowledged Audit Reports and Non-compliance Reports /
CARs must be provided to both the occupier and DAFF Biosecurity within 14 days of
the date of audit
The occupier and Approved Auditor are responsible for ensuring that all non-
compliances are actioned and CARs are closed out within the agreed timeframes
Audit Findings
Audit Reports must clearly state the audit findings that is:
(a) whether in the auditors opinion the audit was satisfactorily completed or was
terminated prior to completion; and
(b) whether in the auditors opinion:
(i) the applicable requirements of the Act and the applicable commodity
Orders; and
(ii) the requirements of the approved arrangement and its conditions; and
(iii) the applicable importing country requirements;
for all aspects of the operations in relation to the commodity for export as foodcovered under operations are complied with; and
(c) the reasons for the auditors opinion.
Approved Auditors must act on non-compliances observed during the audit by classifying and
documenting them as Corrective Action Requests (CARs) / Non-compliance reports
Classification of Non-compliances
DAFF Biosecurity requires the classification of non-compliances identified at audit as minor, major or
criticalwhich are summarised as follows:
Critical non-compliance:
Division II of Part 6 of the fish, egg, milk, meat, poultry and wild game commodity Orders requires
that should an Approved Auditor identify a failure (or a combination of failures) that amounts to a
critical non-compliance, the Approved Auditor must notify DAFF Biosecurity immediately.
A critical non-compliance when used in relation to the audit of a registered establishment means a
failure (or a combination of failures) to comply with
a) a requirement of the Act or the Orders or
b)
the requirements of any applicable approval, including an approval of an approvedarrangement or
-
7/30/2019 Approved Auditor Manual
26/42
Version 1.1November 2011 Page 26 of42
c) the applicable importing country requirements
that results in, or is likely to result in, the preparation or export of food that:
a) is not fit for human consumption or its integrity is compromised or
b)
does not comply with an importing country requirement orc) results in or is likely to result in the issue or giving of an export permit or government
certificate that is inaccurate or incomplete or
d) prevents an accurate assessment being made as to the above.
Under no circumstances can an Approved Auditor take enforcement action or act as an DAFF
Biosecurity authorised officer. At any time where an Approved Auditor feels that enforcement
action is necessary, they must contact DAFF Biosecurity immediately.
Major non-compliance:
Where a requirement of the legislation has not been addressed
An activity that is in direct contravention of the legislation
An activity that is in direct contravention of a procedure and could have a significant effect
on product or legislative compliance.
Minor non-compliance:
An isolated incident of a non-compliance with a system or procedural requirement with no
direct consequential effect on product or legislative compliance
Trends of minor non-compliances could lead to major non-compliance if several incidents of
the same deficiency are encountered.
Observations/ Advisory Findings
Where an observation or advisory finding is made, sufficient detail must be provided to clearly
determine that the finding is an observation only and could not be considered as a non-compliance
under the definitions provided.
Corrective Actions
The corrective action to be taken to address non-compliances identified at audit is to be determined
by the occupier of the establishment (or their representative) and detailed on the CAR /Non-compliance Report. Corrective actions are to be agreed between the occupier and Approved Auditor
that must be taken to prevent the reoccurrence of the non-compliance and must include actions
that will effectively address both the immediate and long term (systemic) issues.
CARs should include details of the evidence that the occupier will be required to provide to the
Approved Auditor to demonstrate that effective corrective action has been taken.
Audit Outcomes/ Audit Frequency
For some commodities, DAFF Biosecurity uses a non-compliance scoring system that results in an
establishment rating (A to E) to indicate audit performance and the required frequency of audit.
-
7/30/2019 Approved Auditor Manual
27/42
Version 1.1November 2011 Page 27 of42
Details of the specific commodity establishment rating system is detailed in the DAFF Biosecurity
Guideline applicable to the commodity and will be provided to the Approved Auditor by the
commodity program.
Where the audit outcome has resulted in the establishment being rated a D or an E, DAFF
Biosecurity may require additional audit/s of the establishment by a DAFF Biosecurity authorised
officer.
The purpose of these additional audits by DAFF Biosecurity is to provide DAFF Biosecurity with
evidence that the establishment has taken steps to comply with their export requirements and has
sustained compliance over a period of time.
If the registered establishment continues to not comply, appropriate enforcement action will be
taken by an authorised officer of DAFF Biosecurity.
Copies of enforcement action must be produced by the registered establishment at their next audit.
Audit Reporting
Approved Auditors will be provided with DAFF Biosecurity Audit Report Templates to be used for the
documenting of CARs/Non-compliance Reports and the Audit Report.
Templates may be completed either in the DAFF Biosecurity AMS system where the Approved
Auditor has been provided with a log-on by DAFF Biosecurity or in the form of a template to be e-
mailed to DAFF Biosecurity.
Finalised Audit Reports including details of agreed corrective actions and timeframes for action
must be acknowledged by the occupier of the establishment audited and copies provided to both
the occupier and DAFF Biosecurity within 14 days of the date of audit.
It is the Approved Auditors responsibility to confirm agreed corrective actions, receive
acknowledgement from the occupier and provide copies to DAFF Biosecurity within the required 14
days timeframe.
Finalisation / Closure of CARs/Non-compliance reports
It is the responsibility of the Approved Auditor to:
Carry out any necessary follow-up action, including further audits if necessary, to determine
whether the agreed corrective action has been taken to address the non-compliances
identified at audit within the required timeframes.
Provide DAFF Biosecurity and the occupier with copies of finalised CARs / Non-compliance
Reports within 14 days of completion.
Immediately advise DAFF Biosecurity when agreed timeframes for the corrective action to
be taken in the event of a major non-compliance have not been met.
-
7/30/2019 Approved Auditor Manual
28/42
Version 1.1November 2011 Page 28 of42
Escalation policy
Failure by registered establishments to rectify a minor non-compliance within the required
timeframe is to be actioned by the Approved Auditor by the re-issuing of the CAR and the escalating
of the classification of the CAR to a major with a maximum timeframe for action of 14 days.
DAFF Biosecurity will manage the failure to address a major non-compliance within agreed
timeframes for corrective action.
Records
Approved Auditors are required to use Audit Report Templates as provided by DAFF Biosecurity.
These documents must be filled in completely and accurately including:
All dates must be recorded as DD/MM/YY
Establishment numbers must be included where indicated on forms References to the name of the company must be the occupier name, not a trading name
Names of persons from the establishment who were involved in the audit
All handwritten notes must be clear and legible
It is important that Approved Auditors have a filing and record keeping system for all documents
that is consistent and enables accurate identification and timely retrieval of files.
All hand written notes, checklists and computer based documents may be required by DAFF
Biosecurity at short notice. This may be in response to a Freedom of Information request, a
Ministerial directive or as part of DAFF Biosecuritys verification program.
7.AppendicesAppendix 1 Approval process for Approved Auditors Flow Diagram
Appendix 2 Approved Auditor Code of Conduct
Appendix 3 Notice of Approval and standard conditions Example
Appendix 4 Legislation, Australian Standards and DAFF Biosecurity Guidelines list
Appendix 5 Contact List
-
7/30/2019 Approved Auditor Manual
29/42
Version 1.1November 2011 Page 29 of42
Appendix 1 Application and Approval Process Approved Auditors
Successful completion of
witness audit
Unsuccessful completion of witness audit
will result in a form letter sent to applicant
advising they were not successful
5. Notice of Approval issued: Successful
applicant provided with the Notice and
ID card
Verification of Approved Auditor performance (may include):
a) Review of audit reports
b)
Audit of operations at registered establishmentsc) Auditor observation while he or she is conducting an audit.
6. Listing of the Approved Auditor on the
Approved Auditor Register
1. Application to DAFF Biosecurity
2. Application assessed in accordance with Approval
Criteria
Applicant completes training satisfactorily
3. Satisfactory initial assessment: Applicant given access
to AQIS Legislative Environment training
4. Assessment of applicant
If applicant requires retraining or
reassessment invite them to reapply
at a later date.
-
7/30/2019 Approved Auditor Manual
30/42
Version 1.1November 2011 Page 30 of42
Appendix 2 Approved Auditor Code of Conduct
Approval by DAFF Biosecurity as an Approved Auditor is subject to the applicant agreeing to abide by
the Approved Auditor Code of Conduct.
Approved Auditor Code of Conduct
The Code of Conduct requires that an Approved Auditor, whilst undertaking audits on behalf of DAFF
Biosecurity, must:
behave honestly and with integrity;
act with care, diligence and professionalism;
treat everyone with respect and courtesy, and without harassment;
comply with all applicable Australian laws;
maintain appropriate confidentiality about client dealings;
disclose, and take reasonable steps to avoid, any conflict of interest (real or perceived) inconnection with their role as an Approved Auditor;
not provide false or misleading information to clients or DAFF Biosecurity;
not make improper use of:
a. commercially sensitive information, or
b. the Approved Auditors duties, status, power or authority,
in order to gain, or seek to gain, a benefit or advantage for the Approved Auditor or for any
other person;
behave in a way that upholds the integrity and good reputation of DAFF Biosecurity; and
comply with any other conduct requirement that is prescribed in the DAFF Biosecurity
Approved Auditor Manual.
The following provides guidance and explanation of the obligations and expected standards of
behaviour for Approved Auditors.
1. Purpose and Application of the Code of ConductPurpose of the code of conduct
This code applies to all auditors approved by DAFF Biosecurity to conduct audits of registered
establishments. Such persons are expected to conduct themselves with integrity, professionalism
and be accountable to the outcomes of audits they perform. The code sets out the minimum
standard of behaviour expected of Approved Auditors.
Application of the code of conduct
This code applies to all Approved Auditors.
Approved Auditors should:
Familiarise themselves with this Code.
Familiarise themselves, and comply, with all legislation concerning auditors, audits, audit
performance and the legislation to which they are auditing.
-
7/30/2019 Approved Auditor Manual
31/42
Version 1.1November 2011 Page 31 of42
Any Approved Auditor confirmed as failing to comply with this Code may have their approval
revoked by DAFF Biosecurity.
2. Definitionsreal conflict of interest- when DAFF Biosecurity would conclude that an Approved Auditors abilityto conduct an audit has been compromised by their private or business interests in the clients
business.
perceived conflict of interest- when DAFF Biosecurity would consider that the private or business
interests of an Approved Auditor may interfere with, unduly benefit, or disadvantage their ability to
conduct a fair audit of a registered establishment.
commercially sensitive informationmeans information:
a) provided to an Approved Auditor by a registered establishment during an audit of the
establishment, disclosure of which may impact the establishments commercial interests
b) provided by someone else other than the registered establishment concerning some
aspect of the registered establishments commercial interests, where, upon receipt of
the information, the Approved Auditor has been requested not to disclose the
information.
gifts means any item or benefit offered by:
a) an employee of a registered establishment, or
b) any other person acting on behalf of a registered establishment or in the interests of a
registered establishment
to solicit favourable treatment during an audit, or offered to an auditor in response to a finding of
non-compliance during an audit.
3. Conduct ProvisionsApproved Auditors shall:
Maintain their competencies and qualifications as specified in the DAFF Biosecurity
Approved Auditor Manual
Only conduct regulatory audits of registered establishments once approved by DAFF
Biosecurity Not audit registered establishments outside their scope of approval and commodity risk
classification
Conduct audits expeditiously and in a way that causes as little interference as possible to the
operations which may be the subject of the audit
Comply with reporting requirements, including timeframes for the provision of audit reports,
to both the occupier of the registered establishment being audited and DAFF Biosecurity.
Immediately inform DAFF Biosecurity of any criticalnon-compliances identified during
audits, in accordance with procedures dictated in the DAFF Biosecurity Approved Auditor
Manual
-
7/30/2019 Approved Auditor Manual
32/42
Version 1.1November 2011 Page 32 of42
Comply with any additional documented procedures provided by DAFF Biosecurity in
relation to the conduct of audit
Assist with enforcement activity taken by DAFF Biosecurity as a result of the Approved
Auditors auditing activities including, but not limited to, providing statements of evidence
for matters concerning legal prosecutions
Not seek or accept recompense from any client for failure to implement appropriate action
in relation to a finding of non-compliance detected during an audit. This includes, but is not
limited to, non-compliance of a legislative nature.
Maintain records relating to audits conducted as an Approved Auditor and make them
available upon request to DAFF Biosecurity.
3.1 Identification
An Approved Auditor shall produce their Approved Auditor Identity Card when requested.
4. ObligationsThe following provides further explanation of the Code:
4.1 Respect for persons
Approved Auditors shall behave in a fair manner and without undue favouritism, patronage or
prejudice displayed toward any person associated with a registered establishment.
Approved Auditors shall not let their personal beliefs influence the outcomes of audits they perform.
Auditors shall not use abusive, obscene or threatening language or behaviour towards any person
associated with the registered establishment.
4.2 Natural justice
Approved Auditors will follow the principles of procedural fairness (natural justice) when making
decisions. The principles of procedural fairness require an Approved Auditor to:
Provide opportunity for both sides of an issue to be heard and considered before decisions
are made.
Not allow any personal interest associated with an audit or a person associated with a
registered establishment to influence an audit outcome.
Act in good faith while conducting audits.
Provide sound reasons to support decisions made whilst conducting audits.
4.3 Health, welfare and safety concerns
Approved Auditors shall comply with all aspects of relevant Australian occupational health and
safety legislation, including the health and safety policies of registered establishments being audited.
Approved Auditors shall further respect the health, safety and welfare of all persons and/or animals
associated with a registered establishment while conducting audits, as well as to ensure their own
health, safety and welfare is not unlawfully put at risk while conducting audits.
-
7/30/2019 Approved Auditor Manual
33/42
Version 1.1November 2011 Page 33 of42
4.4 Discrimination
Approved Auditors shall not unlawfully discriminate against any emp