As the result of numerous national and international outbreaks of foodborne illness, food industries worldwide have come under increasing pressure to ensure that their products are safe, wholesome, and meet government standards. FDA and USDA have the primary authority for our food supply nationally, while individual states typically regulate local food operations through state and county departments of agriculture and health.

The public health burden of foodborne illness in the US is significant, with many thousands hospitalized. The Centers for Disease Control and Prevention reports these agents are responsible for 5,000 deaths a year.

Outbreaks of foodborne illness cost the US food industry untold millions in claims and legal fees yearly, as well as cause crises and business disruptions. (One law firm alone has recovered over 500 million dollars in damages for clients affected by foodborne illness).

In response, the world’s major retailers now require that their suppliers, growers, packers, processors, and manufactures of food prove their adherence to their standards for safety and quality. Auditing companies, hired by the suppliers themselves, now inspect many thousands of food operations a year, globally. Such inspection numbers may actually rival or even surpass what government is able to do, making the private regulation of food safety both big business and an important public health issue.

Auditors follow a set of standards and guidelines developed by the auditing firms who employ them. The process for creating a “third party standard” is in itself regulated by the International Standards Organization, better known as ISO. Certification bodies use these private standards and pay a percentage of the proceeds from auditing back to the standard holder or owner. The standard is developed through an open and transparent consensus process that involves the buyers and sellers of products, government, the scientific community, and other interested parties. Many standards can be found on the websites of the organizations providing such services. In addition, there are guidelines produced that help to guide the auditing process and set policies and procedures in place for the execution of the audit.

Ultimately, audits provide the buyer with assurance that suppliers meet the standards they adopt. The expectation is that of limiting liability by demonstrating due diligence in sourcing raw materials. However, such findings do not necessarily protect the exposure of a seller or buyer if there is an outbreak or if a consumer is made ill or injured. Even when firms have satisfactory audit findings, they may be sued under the doctrine of “strict liability”. In such legal cases, the plaintiff does not have to prove negligence, only that “they were injured by a product”, and the product was in some way “defective”, i.e., was adulterated.

The goal of any food safety program then should be to prevent food borne illness or injury. The independent third party food safety audit can be a tool to further this goal, but such audits are not currently particularly capable of protecting public health, as they are more focused on limiting the buyer’s legal liability. However, when third party standards are followed, they undoubtedly reduce the potential for illnesses to occur. Adherence to them is likely leading to better food safety, but recent events have revealed significant flaws in the third party audit model.

Much has been written about the 2011 Listeria monocytogenes outbreak in cantaloupe that claimed the lives of 33 victims in one of the most devastating foodborne illness outbreaks of recent years. In the trial of the grower/packer, Eric Jensen, FDA opined that the auditor employed by Mr. Jensen was seriously deficient in his findings. The basis for FDA’s criticism is that the audit firm found the operation to be at a 96% conformance rate with the standard (Superior) just days before the outbreak was identified, and allegedly did not find many of the violations later reported by FDA. While FDA takes the position the audit was flawed, the audit firm publicly supports the findings of the auditor. The auditing company in spite of this criticism stands behind the auditor and states, “he did his job with great care”.

This was not the first serious outbreak of foodborne illness where an auditor was criticized for giving a superior rating to a facility that was later shown to be unsanitary. In 2007, the Peanut Corporation of America knowingly distributed salmonella contaminated peanut products and caused a recall of over 4000 different foods, as well as taking the lives of 7 persons and injuring many more. Although the facility was very poorly maintained and had a serious rodent problem, the auditor had several months before given the firm a superior rating.

Third party audits clearly suffer from some serious drawbacks as regards public health protection. Private auditors have no authority to stop production or to embargo or condemn food products; this can only be done by regulatory agencies that have legal authority. In fact, auditors have no legal authority, at all. Under the contract, the “auditee” can restrict the scope of the audit, stop an audit, or simply cancel it. The true power in the third party model is the buyer. If the buyer is unhappy with the audit results, the buyer can cancel orders or put the supplier on some provisional status. The buyer can also chose not to do business with a supplier that opts out of being audited. Buyers however, rarely exercise these powers, as typically, buyers need to have products and need to have as many sources of products as possible. Limiting competition over time puts the buyer in a poor position; therefore price, availability, and quality issues may outrank safety scores. It is well known in the industry that produce buyers especially can and do go outside the approved supply chain whenever they feel they need to.

If an auditor finds the potential for product adulteration, the best he/she can do to protect public health is down-score the item in the audit question, reducing the audit score (for example, failure to properly validate the sanitary quality of re-circulated water in a produce washing operation would result in a 10 point loss out of more than 1000 available points). Less frequently, an auditor may actually see an actual contamination issue, such as broken glass in contact with food or fecal contamination. In these cases, the auditor can strike against the relevant question and if that question results in the failure of the audit (and very few questions do), the audit can stop, but only at the auditee’s request; the auditor has no ability to stop the audit.

Although an auditor may advise the auditing firm immediately of such hazardous findings, the findings may take several days to get to the buyer requesting the report. In the meantime, although it would be illegal to do so, the auditee might ignore the findings and continue selling and distributing contaminated products.

To summarize, auditors have no authority to stop production and very limited power to protect public health when they find adulterated products or the conditions that lead to that.

As an alternative, auditors cannot report such findings to authorities. Whistleblower rules under FDA do not afford protection to auditors who are under contract to keep audit findings confidential. Such contractual agreements preclude an auditor from reporting adulterated food or grossly insanitary conditions to local public health officials, FDA or USDA, although this may change under proposed FDA rules (FSMA).

Currently, auditors announce their visits, sometimes months in advance. The conditions an auditor might find on the day of the audit may be very different from the conditions otherwise maintained, making the audit findings highly biased. Experienced auditors will find telltale signs of neglect in a facility, but other gross problems may be temporarily covered up. The provision for unannounced audits is in the protocols of some certification bodies, but unannounced audits rarely occur.

Especially in the auditing of fresh produce operations, much more scientific information is needed to strengthen the audit criteria. In the Jensen Farms case for example, the court found that chlorine should have been used to sanitize the cantaloupe. However, the scientific literature does not support a significant reduction in Listeria with a chlorine wash, once the organism has attached to a fruit. The FDA guidance at the time of this outbreak did not specifically require the use of chlorine in single-use potable water used to wash and cool the cantaloupe. The audit template used by the audit firm also did not specifically require the use of a sanitizer like chlorine to sanitize single use water. Uncertainty in the scientific basis for critical sanitation rules and changing perspectives in this very volatile industry is counter-productive to an effective audit.

Equipment used in most food processing environments (operations that cut produce, or otherwise alter the form of raw products) must meet well-understood design standards for cleanliness and sanitation. Independent standard setting bodies such as UL and NSF typically set design criteria for food processing equipment in regulated industries, but such certifications are lacking in operations packing whole fresh fruits and vegetables. At Jensen Farms; the packing equipment used did not have to meet pre-approval by any recognized body, yet FDA found that the condition of the packing line conveyor was a substantial contributing factor to the outbreak. An auditor is in a difficult position to make a determination about the acceptability of a variety of equipment under a wide variety of usage conditions without the aid of such certifications or agency pre-approvals.

Produce facilities currently do not need to meet a pre-approval process for their physical construction, either. In the Jensen Farms outbreak, the failure to properly discharge and control wastewater was found to be significant by FDA, as were the condition of the floors, yet we have no published guidelines for construction of the facility itself. Given the wide variation in locations and variety of produce operations in general, the lack of a formal building code is a major hindrance to an effective audit.

The review of laboratory findings greatly strengthens the validity of audits, but only when the findings are verifiable and accurate and the sampling methods and results are free of bias. Unfortunately, the way the standard that was used by the Jensen Farms auditor was written, microbial tests of environment and equipment were optional. One of the hallmarks of outbreaks is that identification of that outbreak usually involved the detection of the causative agent in products. If investigators can find the agent after the fact in food, it only makes sense that product and environmental testing results are critical to an evaluation of a firm’s true level of safety. This is another area that needs significant strengthening.

While audit companies are rightly focused on the process their auditors follow in executing an audit, it is clear that audit results, however true to the standard and inspection protocol they might be, often lack substance. It is also clear that auditors are not entirely capable of detecting unsafe operations, and totally ineffective at stopping such operations, even when they observe gross contamination of products.

Because the court in the Jensen Farms case has found that auditors have a legal and moral responsibility to protect public health, auditing companies and the food industry as a whole must address these basic weaknesses and solve the problem of auditors being responsible to protect public health without the authority to do so.