Food safety auditing and inspection is a complex world thanks to the prevalence of food hazards and the repeated nature of outbreaks where some type of inspection or audit was a feature. As I spend about 40% of my time doing this type of work, I would like to spell out what I see as the food safety inspection system roles.

In the food supply, we have provisions for self assessment, regulatory inspection and second and third party assessment Recently, we have seen media reports on the so called failures of assessment methods used by third party auditors to determine food safety risk. But the scope of recent criticism has also involved regulatory inspections. To date, much of the arguments are simplistic.

The Washington Post article below, the basis for the above blog by Doug Powell did not take into account the limitations in these models, nor did it recognize the full breadth of what this field entails.

While flaws exist in this model, there is a basic need for an accurate determination of risk that only an an accurate assessment and inspection of controls by people both in and out of the organization will provide.

As the food safety inspection science and practice has evolved, we rely upon internal reviews of food safety systems and outside entities, private and public, to provide some type of oversight, control and guidance.

Inspection by regulatory agencies are assessments of compliance with codes. Such rules are developed to protect the public and are laws. Only the inspection agency has the authority to take legal actions to protect the public. Powers include inspection without notice, closing an operation, seeking fines, and seek other administrative penalties. The inspection agency in most instances has the duty to embargo, destroy and or withhold from sale any contaminated or adulterated commodity. They may take immediate action to protect the public when an imminent health hazard is present. Licenses are issued and the privilege to maintain the license is based on compliance with the law. These roles are very different from the roles of other assessors. Protecting public health is the first, and most important public health capability of an inspection agency.

Self audits are performed by operators themselves. Th requirement for a self audit is often missing at the retail level and at the various levels of the food supply that have little or no regulatory or third party oversight. In order to perform an adequate self audit the operator must have specific training in risk assessment. While some believe that “walking around” a kitchen a few times is sufficient to make a food safety risk assessment, the findings mean little or nothing if there is no risk based method. Typically the risk based methods used by anyone performing a food safety assessment are found in codes and in third party standards.

Second party inspection is performed by buyers of products. These may be random. The second party inspector may or may not have specific food safety skills. The buyers may visit an establishment for several reasons other than inspection. While some have argued that the direct assessment of risk by buyers is the best answer to the oversight problem this method of risk assessment is also problematic when the buyer is unfamiliar with actual risks and how they develop in an operation.

Third parties are hired by firms to prove to buyers that the buyers rules are in place through a pre arranged audit of the facility and records. The voluntary third party rules or standards are complex, have many over lapping areas with laws and rules, blending diverse codes and buyer requirements that may be outside the cope of laws to provide controls for chemical, physical and biological contamination. They go further than inspection and also provide an insight into management controls and supervision; they are at once an evaluation of an organization as well as compliance with laws and rules or codes of practice. Instead of relying solely on law the third parties use a standard devloped in cooperation with the industry.

Third party auditing is also complex because the auditor often has duties of assessing risk in a wide number of arenas. Some auditors or companies have risk assessment capacity specific to a commodity, but many auditors and firms are generalists.

These roles are continuing to evolve, as the standards and laws guidance documents and rules evolve.

Do not be surprised to see more apparent dysfunction of the audit or inspection process to prevent illness. Preventing illness and injury through food is not simply a matter of inspection and involves much more than what audit company went where and who got what score.

The complicity of the auditor with the auditee and audit bias that might result from business relationships is a human problem that will not be solved by re arranging "who pays who" for an audit. The third party audit is buyer driven, meant to be educational in nature, and voluntary (in that the firm should be able to seek whatever assessment company it desires to satisfy an audit). Of course third party auditing is a competitive business and operates like one, lets be clear about those limitations.

The inspection by regulatory agencies on the other hand has the capacity to prevent illness much more readily than a third party audit. We cannot at this point, due to the limitations in the  industry driven roles and models, expect the third party auditor to prevent outbreaks or act as a go between for the regulatory agency. We can strengthen these models in some important ways but there will be a limit to how close non-regulatory frameworks will come to a regulatory audit and true public health protection.

In reality, the self audit has the most capacity to thwart risk, but only if the operational controls are well grounded on science. This is where the important strengthening must be made and this is what ideally the third party systems should focus on.

I believe that the self inspection, and second and third party models must be based upon a solid requirement that no unsafe operations are allowed to be licensed in the first place. Once we have this fundamental, the other parts of the system can function. The other parts of the food safety inspection system cannot and do not stand in the gap for laws and rules and their enforcement.

While critics are accurate in saying the third party audits at Quality Egg and PCA failed to prevent an outbreak, and thus were ineffective risk assessments, these same firms had very poor regulatory oversight.

Neither of these firms should have been open for business, and where this is the case, you will see the other parts of the model flounder badly.