Welcome! This series of blogs by Professor John Spink provides a clear step-by-step guide through food fraud prevention best practice and terminology, starting from first principles.
Spink's Food (Fraud) for Thought
- 1. Scope
- 2. Types of Fraud
- 3. Types of Products
- 4. Risk and Vulnerability
- 5. Mitigation and Prevention
- 6. Risk Management
- 7. Likelihood
- 8. Consequence
When considering any new subject, the most important starting point is to define the terms and the scope.
- 2011: Food fraud was first defined in a scholarly journal article in 2011 (Spink and Moyer, 2011).
- 2014: The Global Food Safety Initiative (GFSI), foundation for most of the world’s food safety management system standards, provided a similar key definition and scope.
- 2018: The International Standards Organization (ISO) published a definition of:product fraud: “wrongful or criminal deception that utilizes material goods for financial or personal gain.” (ISO 22300:2018 updated from ISO 12931:2012)
- 2018: ISO 22000 Food Safety Management added a note that food fraud was to be considered as a root cause of food hazards.
- 2019: Spink et al conducted an International Survey of Food Fraud and related terminology
- 2023: The Food Authenticity Network published a review of global definitions of food fraud
- Active: CEN and Codex Alimentarius have working groups that are actively developing their definitions of food fraud and related terms.
The simple definition is:
Food fraud is “intentional deception for economic gain using food”.
The scope of product fraud and food fraud is intentionally broad in order to cover all types of fraud.
Food fraud was first clearly defined in 1820 by Frederick Accum in ‘A Treatise on Adulteration of Food and Culinary Poisons.’ Over the next two hundred years, the subject continued to be reviewed as a food science or food safety problem, as by Wiley and other pillars of scholarship. Along the way, ‘someone else’ was relied upon to actually prevent the problem. The ‘someone else’ was never assigned.
Interdisciplinary areas of study converged over time, to enable the shift to focus on prevention. In the 1970s, criminology theory expanded from focusing on the criminal and punishment to prevention. In the 1980s, quality management became a separate area of business theory with a shift to understanding and reducing the root causes of problems. In the 2000s, risk management became more formalized, such as in ISO 31000 Risk Management, which focused on likelihood and consequence as well as risk and vulnerability. In the 2010s, Enterprise Risk Management expanded the resource allocation decision-making to evaluate not only how to mitigate but also to prevent problems.
This holistic view of vulnerability applied criminology concepts to all criminal acts and all possible targets. For food products, that led to the need to define the ‘types of food fraud’ and the ‘types of products.’ If we are going to prevent food fraud, we need to consider all types of actions and products. This led to the holistic and all-encompassing definitions:
Type of Food Fraud & Definition (from various sources including GFSI and SSAFE):
- Adulterant-Substances (Adulterant/ Adulteration):
- Dilution: The process of mixing a liquid ingredient with a high value with a liquid of a lower value.
- Substitution:The process of replacing an ingredient or part of the product of high value with another ingredient or part of the product of lower value.
- Concealment: The process of hiding the low quality of a food ingredient or product.
- Unapproved enhancements: The process of adding unknown and undeclared materials to food products in order to enhance their quality attributes.
- Mislabeling or Misbranding: The process of placing false claims on packaging for economic gain.
- Grey market production/ diversion:
- Gray Market: A market employing irregular but not illegal methods.
- Theft: Something stolen and then covertly re-entered into commerce.
- Diversion/ Parallel Trade: The act or an instance of shifting a product from one intended market to another, which is unauthorized but either legal or illegal.
- Counterfeiting (IPR): The process of copying the brand name, packaging concept, recipe, processing method, etc., of food products for economic gain.
The types of food fraud are intentionally broad – holistic and all-encompassing - to frustrate the criminal against action of any kind.
References:
- https://publicdomainreview.org/collection/a-treatise-on-adulteration-of-food-and-culinary-poisons-1820
- Spink, J, and Moyer, DC, (2011) Defining the Public Health Threat of Food Fraud, Journal of Food Science, Volume 75 (Number 9), p. 57-63. (ISI 1.791; SJR 0.378), URL: https://ift.onlinelibrary.wiley.com/doi/full/10.1111/j.1750-3841.2011.02417.x
- Spink, John, Bedard, Brian, Bruner, Leon, Keogh, John, Scimeca, Joseph, Goodridge, Lawrence, Moyer, Douglas C, & Vasan, Akila (2019). International Survey of Food Fraud and Related Terminology: Preliminary Results and Discussion, Journal of Food Science, 84(10), 2705-271800, URL: https://ift.onlinelibrary.wiley.com/doi/full/10.1111/1750-3841.14705
Early food fraud research and publications focused on what food fraud is or how big the problem is. The research evolved into several paths: incident reviews, detection or authentication development, criminology, and strategic management. Some of the strategic management research included our peer-reviewed, scholarly, SCOPUS-listed publication on Defining the Public Health Threat of Food Fraud, Introducing the Food Fraud Initial Screening model (FFIS), Introducing the Food Fraud Prevention Cycle (FFPC), and Defining the types of counterfeiters, counterfeiting, and offender organizations. Together, the research projects revealed that criminals will attack in just about any way imaginable and most quickly and easily. Together, the research projects emphasized that criminals will be attacked by ANY fraud act against ANY product. Thus, to holistically reduce food fraud, we need to focus on ALL types of fraud and for ALL products. We can either complain about this very broad scope or be practical and expand our collective focus on all types of fraud and for all products.
Here, the ‘products’ are not individual commodities such as olive oil, seafood, or spices, but are supply chain inventory types of products such as raw materials, ingredients, work-in-process, or finished goods (see MSU Introduction to Supply Chain Management/ SCM303).
The broad focus on ‘all hazards’ – or for food fraud prevention, for ‘all vulnerabilities’ – is consistent with food safety and HACCP. For example (emphasis added): “HACCP is a management system in which food safety is addressed through the analysis and control of biological, chemical, and physical hazards from raw material production, procurement, and handling, to manufacturing, distribution, and consumption of the finished product”(FDA 2017).”
A food fraud incident can occur in any type of product, so all are within the scope of a food fraud prevention strategy.
While a manufacturer or producer has the most control of THEIR raw materials and incoming goods, their customers are worried about fraud at any point along THEIR entire supply chain – or all products.
Food Fraud & Definition (From various sources including GFSI and SSAFE with definitions from adapted from Supply Chain Management textbooks):
- Raw Materials/ Commodities: A component of a food, feed or packaging that has not undergone processing (GFSI).
- Incoming Goods/ Ingredients: A component that is being received including food, or feed that has undergone processing (GFSI).
- Incoming Goods/ Packaging: A component that is being received including packaging that has undergone processing (GFSI).
- Work-in-process-manufacturing: product that is actively being transformed from ingredients to finished goods.
- Work-In-process-inventory: product that is actively being transformed but is being held idle while waiting for an additional to complete the transition finished goods.
- Finished goods in inventory: product that has completed a transformation and is ready to deliver to a customer but it is being held in storage.
- Finished goods in the marketplace: product that has completed a transformation and is being held in a location or format that is ready for a customer to procure.
- Distributors, Wholesalers, and Resellers: firms that sell or deliver merchandise to retail stores or other types of customers.
- Returned goods and reverse logistics: the process of moving finished goods that have been distributed to the marketplace back to the origin or a location to receive, dispose, or rework product.
- Waste disposed, used packaging, and off-specification products: products that have been partially consumed or otherwise determined to be used or unacceptable for further use.
The types of food products are intentionally broad – holistic and all-encompassing- to frustrate the criminal against action of any kind.
References:
- Spink, J, and Moyer, DC, (2011) Defining the Public Health Threat of Food Fraud, Journal of Food Science, Volume 75 (Number 9), p. 57-63, URL: https://ift.onlinelibrary.wiley.com/doi/full/10.1111/j.1750-3841.2011.02417.x
- Spink, John, Moyer, Douglas C, & Speier-Pero, Cheri (2016). Introducing the Food Fraud Initial Screening Model (FFIS), Food Control, Volume 69, November 2016, Pages 306-314, URL: http://www.sciencedirect.com/science/article/pii/S0956713516301219 .
- Spink, John; Zhang, Guangtao; Chen, Weina & Spier-Pero, Cheri; (2019). Introducing the Food Fraud Prevention Cycle (FFPC): A Dynamic Information Management and Strategic Roadmap, Food Control, 105 (November 2019), 233-241, URL: https://www.sciencedirect.com/science/article/pii/S0956713519302567
- Spink, J., Moyer, DC, Park, H., and Heinonen, J. (2013/2017) Defining the Types of Counterfeiters, Counterfeiting, Offender Organizations, Crime Science Journal, Volume 2, Number 8, pp. 1-10, URL: http://onlinelibrary.wiley.com/doi/10.1111/1541-4337.12033/abstract
Frederick Accum first defined the general food fraud concept in the 1820 publication of ‘A Treatise on Adulterations of Food and Culinary Poisons.’ It was almost 200 years until there was a holistic and all-encompassing approach to not just detection but prevention of food fraud. Over those years, one group (food scientists) completed their task of identifying and detecting the problem. The missing link was the interdisciplinary approach needed to shift from focusing on microbes and chemical contaminants to the human adversary (Social Science and Criminology). There were two paradigm shifts (Reference 1):
- “The need to assess a food fraud event shifts the focus from the traditional internal process controls and human health risk assessment to prevention and vulnerability reduction.”
- “The goal is not to catch food fraud but to prevent the event from ever occurring -- food fraud prevention.”
Before getting into the definitions, it is important to note that this study uses the ISO 31000 Risk Management based term “event.” Later, the terms will be reviewed in more detail, including “incident,” “threat,” and “hazard.” This does not conflict with other laws, regulations, standards, and certifications.
Event, Incident, Hazard, Crisis, and Threat
Words and concepts are situational and based on past use and related activities. While there are many casual or informal uses of these terms, it is best to use the terms as they are specifically defined to avoid confusion.
- Event: is essentially “something” that occurs (ISO, 2002; CNSSI, 2010; Merriam-Webster, 2004). There is no evaluation yet of the change in the consequence.
- Incident: a type of event that has occurred and is evaluated and could have a negative consequence (DHS, 2008; ANSI, 2009; CNSSI, 2010).
- Hazard: an event that has not occurred and could cause harm if not addressed (ISO, 2007b; PAS 96, 2014, NRC, 1996; 21 CFR, Merriam-Webster, 2004) -- this includes damaging potential (ISO, 2007b).
- Crisis: an event that has occurred or is occurring -- that has confirmed harm (ANSI, 2009), and this includes imminent hazard (21 CFR), attack, emergency (ISO, 2007b; 21 CFR, FDA. 2016), disaster, etc.
- Threat: the cause of an unwanted event that includes generally known variables or attributes of the source of the negative consequence (“threat source”) (ISO, 2012; ISO 2002; 21 CFR 121, ANSI, 2009; PAS 96, 2014, FSMA, 2016; NIST, 2002; CNSSI, 2010; UNODC, 2010; DHS, 2013) e this includes incident, hazard, damaging potential, etc.
Risk and Vulnerability
During the early food fraud prevention research, it was fascinating to find that risk and vulnerability had been formally defined as separate concepts in formal publications such as by the International Standards Organization (ISO) or the U.S. National Institute of Standards and Technology (NIST). They are related topics but explicitly and implicitly different.
- Risk: an uncertainty of an outcome that is assessed in terms of likelihood and consequence (ISO, 2007a; NIST, 2002; CNSSI, 2010; DHS, 2013). Often, the consequence is subdivided into other factors such as onset, severity, or other. Risk is based on factors such as the threat's probability and vulnerability susceptibility (NRC, 2009). In other applications, it is an unwanted outcome (DHS, 2008; Codex Alimentarius, 2014, 21 CFR 50 (A) (.3)(k), Merriam-Webster, 2004).
- Vulnerability: a weakness or flaw that creates opportunities for undesirable events related to the system (“system design”) (ISO, 2007a; ISO 2002; ISO, 2012; DHS, 2013; NIST, 2011; CNSSI, 2010; NRC, 2009; COSO 2014; Merriam-Webster, 2004).
The expansion from just risk to vulnerability was key in the early development of the food fraud standards – including the landmark work by the Global Food Safety Initiative (GFSI, and the related standards from BRC/BRCGS, IFS, SQF, FSSC 22000, and others). This expanded focus on vulnerability was key to enabling the early adoption of the programs. It was also efficient to focus on the root causes.
References:
- Spink, John, Ortega, David, Chen, Chen, and Wu, Felicia (2017). Food Fraud Prevention Shifts Food Risk Focus to Vulnerability, Trends in Food Science and Technology Journal, Volume 62, Number 2, Pages 215-220, URL: https://www.sciencedirect.com/science/article/abs/pii/S0924224416304915
- Spink, J, and Moyer, DC, (2011) Defining the Public Health Threat of Food Fraud, Journal of Food Science, Volume 75 (Number 9), p. 57-63, URL: https://ift.onlinelibrary.wiley.com/doi/full/10.1111/j.1750-3841.2011.02417.x
The early food fraud prevention activities were created in response to ongoing incidents. Incidents such as Sudan Red, melamine, and horsemeat were ongoing events requiring quick action to find the product, remove it from the marketplace, and select detection tests to support immediate monitoring. This was the activation of ‘risk mitigation’ plans in terms of ‘rapid response systems.’ It seems that the early food fraud prevention activities were a natural continuation of ‘risk mitigation,’ so the concept of ‘mitigation’ was the critical focus of laws, regulations, standards, certifications, and industry practices (e.g. the GFSI requirement of a food fraud mitigation plan).
Risk mitigation is important, and the focus is reducing the impact of an event AFTER it occurs. During the response to an active crisis, mitigation was the critical focus.
HOWEVER, “The goal is not to catch food fraud but to prevent the event from ever occurring.” (Reference 1) While a food fraud mitigation is important, the more holistic and all-encompassing concept is ‘food fraud prevention.’ The proactive focus is on prevention, reducing the possibility that the event could occur.
Mitigation Shifting to Prevention
The following are excerpts from our article “Food Fraud Prevention Shifts Food Risk Focus to Vulnerability.” (Reference 1)
Fraud countermeasures include mitigation and prevention.
- Mitigation is intended to reduce the consequence of the event (ISO, 2007a; ISO, 2007; ISO, 2007b; DHS, 2013; Merriam-Webster, 2004). This assumes the hazard event will occur, so the goal is to mitigate or reduce the negative consequence. This focuses on reducing the risk that cannot be eliminated.
- Prevention is intended to reduce or eliminate the likelihood of the event occurring (ISO, 2007; ISO, 2007a; ISO, 2007b; ISO, 2008; Merriam-Webster, 2004). This focuses on identifying and eliminating or reducing vulnerability
Plan Shifting to Strategy
It might seem like an academic discussion, but it is also important to consider the expansion of a ‘plan’ to a ‘strategy’ – from a food fraud mitigation plan to a food fraud prevention strategy.
- Plan (ISO 15289, 24748): information item that presents a systematic course of action for achieving a declared purpose, including when, how, and by whom specific activities are to be performed
- Strategy (ISO 9000, 29995) plan to achieve a long-term or overall objective (3.7.1); plan to accomplish the organization’s (3.2.1) mission (3.7.18) and achieve the organization’s vision (3.7.17)
So, a ‘mitigation plan’ was key during the initial crisis management, but the longer-term goal was a ‘prevention strategy.’
References:
- Spink, John, Ortega, David, Chen, Chen, and Wu, Felicia (2017). Food Fraud Prevention Shifts Food Risk Focus to Vulnerability, Trends in Food Science and Technology Journal, Volume 62, Number 2, Pages 215-220, URL: https://www.sciencedirect.com/science/article/abs/pii/S0924224416304915
- Spink, J, and Moyer, DC, (2011) Defining the Public Health Threat of Food Fraud, Journal of Food Science, Volume 75 (Number 9), p. 57-63, URL: https://ift.onlinelibrary.wiley.com/doi/full/10.1111/j.1750-3841.2011.02417.x
International Standards – and specifically the International Standards Organization (ISO) – are efficient places to start when considering terms, definitions, and basic management system standards. Specifically, ISO 31000 Risk Management provides a crucial fundamental reference. Also, it is crucial to review what is published in this type of consensus-based, government-endorsed, official publication or what is part of informal documents or meeting notes (several of the widespread food fraud-related terms were published in workshop reports or even just meeting invitations). ISO 31000 Risk Management was published as a formal standard in 2009 after many years of a contensious consensus-driven process involving national standards organizations. This superseded more informal reports or informal guidance such as ISO Guide 73 Risk Management Vocabulary.
The publication of ISO 31000 was often contentious since some industries used terms in different applications. With the publication of ISO 31000, some people would need to change to achieve harmonization. Fortunately, food fraud prevention was developed after ISO 31000 was published (e.g. ISO 31000 significantly impacted my research and projects). Thus, from the start, food fraud prevention has focused on vulnerability and presenting the assessment in terms of “likelihood” rather than “probability” and “consequence” rather than “severity.”
ISO 31000 and Risk
In ISO 31000, a risk or vulnerability is defined in terms of likelihood AND consequence. It is critical to note that the assessment must cover both if the event occurs but also this impact. For example, jaywalking and murder are both clearly crimes, but the risk response is more based on a function of the consequence. An interesting – and often uncomfortable realization for food safety professionals – is that ‘risk’ does not only have negative consequences. Admittedly, food safety almost exclusively uses ‘risk’ for situations where there is an ‘unacceptable risk’ or a “hazard that requires a preventive control.” Understanding that, in the big picture, ‘risk’ does have an upside, such as financial investments.
- Risk (ISO 31000): “effect of uncertainty on objectives;”
- NOTE 1: An effect is a deviation from the expected — positive and/or negative.
- NOTE 3: Risk is often characterized by reference to potential events (2.17) and consequences (2.18) or a combination of these.
- NOTE 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (2.19) of occurrence.
Then, a type of risk is a vulnerability.
- Vulnerability (ISO 31000 citing Guide 73): “intrinsic properties of something resulting in susceptibility to a risk source (3.3.10) that can lead to an event (3.3.11) with a consequence (3.3.18)."
“ISO 31000 includes a consideration for the preliminary or general assessments that may not require data that is very detailed, accurate, precise, certain, or robust decisions. What is often important is that ‘a’ risk assessment is conducted as long as the specification of the low certainty and low robustness is clearly defined. For food fraud prevention decisions, there may not be a lot of detail needed for a decision, or details may not be provided (at least not yet).” (Reference 1)
It is very important and of great value that ISO 31000 Risk Management provides a common set of terms.
References:
- Spink, John W (2019). Food Fraud Prevention – Introduction, Implementation, and Management, Food Microbiology and Food Safety series, Springer Publishing, New York, URL: https://www.springer.com/gp/book/9781493996193
This chapter builds on the Chapter 6 review of the ISO 31000 Risk Management to dive into the risk assessment concept of “likelihood.” Chapter 8 reviews the second half of a risk assessment, which is “consequence.” Likelihood alone is only half of the risk assessment.
For example, the concern about an event with a 5 percent chance of occurring is based on the consequence. A 5-percent chance of stubbing your toe at night may not require you to take any precautions, even as simple as turning on the light (“risk acceptance”). A 5-percent chance of drowning while swimming would lead you to at least wear a life jacket (“risk treatment”) or find another way to cross a river (“risk avoidance”).
To recap, a vulnerability is a type of risk. A risk is determined by the combination of “likelihood” and “consequence.” Remember:
- Risk (ISO 31000): “effect of uncertainty on objectives;
- NOTE 1: An effect is a deviation from the expected — positive and/or negative.
- NOTE 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (2.19) of occurrence.
- NOTE 3: Risk is often characterized by reference to potential events (2.17) and consequences (2.18), or a combination of these.
Then, a type of risk is a vulnerability.
- Vulnerability (ISO 31000 citing Guide 73): “intrinsic properties of something resulting in susceptibility to a risk source (3.3.10) that can lead to an event (3.3.11) with a consequence (3.3.18)."
It is interesting to examine the level of detail and insight that went into the ISO definitions. The use of “likelihood” even considers the information interpretation of the terms. Specifically, the term “probability” often insinuates a statistical or mathematical determination.
- Likelihood (ISO 31000): “chance of something happening” (Note: yes, that is the exact text) [Reference 1]
- NOTE 1: In risk management terminology, the word “likelihood” is used to refer to the chance of something happening, whether defined, measured, or determined objectively or subjectively, qualitatively or quantitatively and described using general terms or mathematically (such as a probability or a frequency over a given time period).
- NOTE 2: The English term “likelihood” does not have a direct equivalent in some languages; instead, the equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted as a mathematical term. Therefore, in risk management terminology, “likelihood” is used with the intent that it should have the same broad interpretation as the term “probability” has in many languages other than English.”
The Efficiency of the Likelihood Concept as Opposed to Probability
When food fraud prevention was first being considered as a specific concept, some experts estimated it would take five years to complete a formal assessment. This was unacceptable, especially since the GFSI requirements were due in 12 months. It was efficient and supported by ISO 31000 concepts to focus on a “vulnerability assessment” rather than a “probabilistic risk assessment.” A key fundamental concept was to start by focusing on the more informal and qualitative “likelihood” than “probability.”
“ISO 31000 includes a consideration for the preliminary or general assessments that may not require data that is very detailed, accurate, precise, certain, or robust decisions. What is often important is that “a” risk assessment is conducted as long as the specification of the low certainty and low robustness is clearly defined. For food fraud prevention decisions, there may not be a lot of detail needed for a decision, or there may not be details provided (at least not yet).” (Reference 2)
It is very important and of great value that ISO 31000 Risk Management provides a common set of terms that have been created through an international and government-endorsed consensus-based process.
References:
- ISO 31000 – Vocabulary, definition of ‘Likelihood, URL: https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-1:v1:en
- Spink, John W (2019). Food Fraud Prevention – Introduction, Implementation, and Management, Food Microbiology and Food Safety series, Springer Publishing, New York, URL: https://www.springer.com/gp/book/9781493996193
Food Fraud Prevention – Understanding ISO 31000 and Consequence in Risk Management
This Chapter expands on the Chapter 7 discussion of ISO 31000’s ‘likelihood’ component in risk assessment to explore the final key concept of ‘consequence.’ In Chapter 9, we will complete the risk assessment process by applying COSO-based Enterprise Risk Management (ERM) to set a precise risk tolerance level.
To recap, a vulnerability in risk management combines ‘likelihood’ and ‘consequence’ to assess potential outcomes. Both elements are essential for comprehensive risk evaluation. Let us consider this with a familiar example: the consequence of a 5% chance event varies widely depending on the context. A 5% chance of stubbing your toe at night might require no precautions beyond possibly turning on a light (‘risk acceptance’), while a 5% chance of drowning would prompt more significant measures, such as wearing a life jacket (‘risk treatment’) or finding an alternative way to cross the water (‘risk avoidance’).
To recap, a vulnerability is a type of risk. A risk is determined by the combination of ‘likelihood’ and ‘consequence.’ Remember:
Risk Assessment Essentials in ISO 31000
- Risk (ISO 31000): “effect of uncertainty on objectives; [Reference 2]
- NOTE 1: An effect is a deviation from the expected — positive and/or negative.
- NOTE 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (2.19) of occurrence.
- NOTE 3: Risk is often characterized by reference to potential events (2.17) and consequences (2.18), or a combination of these.
ISO definitions are carefully crafted through years of review across disciplines, emphasizing the importance of structured and universal terminology in risk management.
- “Consequence (ISO 31000): outcome of an event affecting objectives
- NOTE 1: An event can lead to a range of consequences.
- NOTE 2: A consequence can be certain or uncertain and can have positive or negative effects on objectives.
- NOTE 3: Consequences can be expressed qualitatively or quantitatively.
- NOTE 4: Initial consequences can escalate through additional effects. [ISO Guide 73:2009, definition 3.6.1.3]”
These guidelines provide a thorough framework for organizations assessing risks, helping them identify and respond to various outcomes more effectively.
The Importance of Consequence vs.Severity in Risk Management
To help frame the problem in a broader business sense, ‘consequence’ considers a broader interpretation of the terms. Specifically the term ‘severity’ insinuates only a negative outcome. Some methods refer to other more neutral terms, such as ‘impact’ or ‘outcome.’ In a business, there is a need for some level of risk-taking to meet performance growth and financial goals. However, the term ‘consequence’ covers a broader range of possibilities, including positive, neutral, and negative results. In the context of food safety, for instance, risk is not just about avoiding undesirable outcomes—it is about managing them to meet an organization’s goals. “Many Food Scientists and Food Safety managers use the term ‘risk’ to define an unacceptable or intolerable level.” [Reference 3] This aligns with business risk-taking, where managing risk appetite allows for opportunities that may bring rewards.
For example, buying a stock involves risk, but it is a controlled risk with the potential for reward. Risk assessment, in this sense, includes both ‘likelihood’ and ‘consequence,’ ensuring that resource allocation aligns with both risk tolerance and potential outcomes.
The Formula for Risk: Likelihood x Consequence
Effective risk management must account for both likelihood and consequence to allocate resources wisely. While every event is bad and disruptive, the likelihood of an event is important ONLY in relation to the consquence, and vice versa. It should be noted that a food fraud incident – or known fraud in a supply chain – is illegal. Unless the operators are a criminal organization, the likelihood would be defined as ‘100%,’ and the consequence is ‘illegal product,’ so this situation is an ‘intolerable risk.’ In this case, addressing vulnerabilities shifts from reacting to incidents to eliminating root causes that could lead to fraud.
Adjusting terminology to align with ISO 31000 can simplify this process, but defining your organization’s risk tolerance threshold is crucial—and often complex.
Coming Next: Determining Your Risk Tolerance and Risk Appetite
Chapter 9 will cover determining your organization’s risk tolerance, examining both likelihood and consequence. Traditional risk assessment frameworks often assign this threshold to an undefined “someone” within the organization. However, this step is both critical and complex in the risk assessment process and requires careful consideration.
References
- (R1) Spink, John W (2019). Food Fraud Prevention – Introduction, Implementation, and Management, Food Microbiology and Food Safety series, Springer Publishing, New York, URL: https://www.springer.com/gp/book/9781493996193
- (R2) – ISO 31000 Risk Management, International Standards Organization (ISO), Updated 2023, https://www.iso.org/iso-31000-risk-management.html
- (R3) – Applying Enterprise Risk Management to Food Fraud Prevention (ERM2), 2017, Food Fraud Prevention Academy, https://foodfraudpreventionthinktank.com/wp-content/uploads/2021/05/BKGFF17-FFI-Backgrounder-2016-ERM-ERM2-v46-2.pdf
Further Information
John W Spink, Ph.D., is the Director and Lead Instructor for the Food Fraud Prevention Academy. Also, he is an Assistant Professor in the Department of Supply Chain Management (SCM) in the College of Business at Michigan State University (MSU). His food fraud prevention research focuses on policy and strategy to understand and prevent these supply chain disruptions and implement procurement best practices. He is widely published in leading academic journals and has helped lead national and global regulatory and standards activity. More recently, his teaching and research have expanded to supply chain disruption management and procurement best practices. He is also on the Advisory Board of the Food Authenticity Network. For more information, including online learning and training, please visit: www.FoodFraudPrevention.com