Tell that to the families of more that 25 who have died and the over 100 who have been sickened! 

And, memories of Kartrina – “Brownie, you’re doing a heckuva job” – President George W. Bush.

I was reading the New York Times tonight on my way home from work and was struck by these lines in the story of the findings of the FDA of the likely cause of the U.S.’s second deadliest foodborne illness outbreak:

The farm had passed a food safety audit by an outside contractor just days before the outbreak began. Eric Jensen, a member of the family that runs the farm, said in an e-mail that the auditor had given the packing plant a score of 96 points out of 100.

F.D.A. officials did not criticize the auditor directly. But Michael R. Taylor, deputy commissioner for foods, said the agency intended to establish standards for how auditors should be trained and how audits should be conducted.

The food industry increasingly has come to rely on what it calls third-party audits of farms or processing plants to ensure the safety of food. But the auditors are hired by the companies being inspected, and their procedures are largely unregulated. In several recent food safety lapses, the facilities involved had passed third-party audits.

Jensen Farms hired an auditor called PrimusLabs, based in California, to inspect its facility. Primus gave the job to a subcontractor, Bio Food Safety, which is based in Texas. Jensen and Primus declined to provide a copy of the audit report.

Robert Stovicek, the president of PrimusLabs, said his company had reviewed the audit and found no problems in how it was conducted or in the auditor’s conclusions.

“We thought he did a pretty good job,” Mr. Stovicek said. He said the auditor, James M. DiIorio, has been doing audits for the company since March.

So, yet again in news is the apparent failure of private outside food safety auditors to find problems that seem more than apparent after the foodborne illness outbreak happens – the Peanut Corporation of American in 2009 and the Wright County Egg in 2010 Outbreaks are just two of the more recent examples.

So, what is the responsibility and liability of PrimusLabs for this recent disaster?

Auditor liability tends to vary greatly depending on the context. Within the financial services context, it is generally fairly restricted, as courts tend to limit it using principles of contractual privity and party intent. In the safety context, on the other hand, it tends to be expanded under the Good Samaritan rule to hold liable companies and firms that undertake to ensure safety and can prevent harm, but still tends to exclude parties that do not have authority to directly change the situation causing the harm.

Financial Audit Context

With regard to general negligence, liability of financial auditors has been subject to three approaches. Bily v. Arthur Young & Co., 3 Cal. 4th 370, 384–94, 834 P.2d 745 (detailing contrasting approaches to auditor liability). Under the first, auditors are held liable only to those with whom they are in contractual privity. See Ultramares Corp. v. Touche, 255 N.Y. 170, 174 N.E. 441 (1931) (Cardozo opinion suggesting that expanding scope of duty beyond bounds of privity could lead to limitless auditor liability). This approach would almost certainly foreclose a suit against AIB and other food party auditors. On the other end of the spectrum are a “handful of courts” that extend the duty to any party whose reliance on an audit is “foreseeable.” See H. Rosenblum, Inc. v. Adler, 93 N.J. 324, 461 A.2d 138 (1983) (this decision, since superseded by NJ statute, held that auditors should be liable to all those to whom it was foreseeable their statements would be disseminated and who reasonably relied on the statements to their detriment). This approach still appears to be viable in Wisconsin and Mississippi, see Citizens State Bank v. Timm, Schmidt, & Co., 113 Wis.2d 376, 335 N.W.2d 361 (1983); Touche Ross & Co. v. Commercial Union Ins. Co., 514 So.2d 315 (Miss. 1987). Even under this approach, it might be factually difficult to establish that plaintiffs actually relied directly upon the audits of companies like AIB.

Finally, under the third “middle road” approach, many courts look to the intent of the contracting parties in deciding whether a party contracted to perform an audit owes a duty of care to third parties.

Where the ‘end and aim’ of the contractual transaction between a defendant and the contracting party is the achievement or delivery of a benefit to a known third party or the protection of that party’s interests, then liability will be imposed on the defendant for his or her negligent failure to carry out the obligations undertaken in the contract even though the third party is not a party thereto.

Glenn K. Jackson, Inc. v. Roe, 273 F.3d 1192, 1197–98 (9th Cir. 2001) (quoting Adelman v. Associated Int’l Ins. Co., 90 Cal. App. 4th 352, 363 (2001)) (finding accountants auditing law firm’s billing records for firm’s client did not owe duty of care to firm and firm was not entitled to rely on accountants’ representations). Although this approach is viewed as more restrictive than the foreseeability approach in the financial audits context, it might conceivably lead to a wider scope of liability in the food safety audit context, as it focuses on the purpose of the audits, rather than actual foreseeability and reliance. Under this inquiry, it would be particularly relevant whether a food safety auditor was being contracted to monitor for food safety and protection of consumers particularly, or whether it was simply auditing to ensure compliance with particular manufacturing standards with no contemplation of the ultimate consumer. In this regard, it is noteworthy that although many cases allow suits by injured shareholders against auditors that fail to detect corporate fraud, most still hold that an auditor’s duty is limited by the scope of the agreement it enters into with the principal. NCP Litigation Trust v. KPMG LLP, 187 N.J. 353, 382, 901 A.2d 871, 888 2006). Thus, an auditor cannot be held responsible for failing to identify conditions that it was not engaged to investigate.

Safety Audit Context

Of course, most claims in the financial auditor context arise from financial injuries; whether a court would be willing to expand the scope when confronted with a physical injury of the sort suffered in food safety cases is another question. In contexts where corporate parents and other outside parties have assumed a duty to ensure an operation is safe, courts have sometimes held them liable under the “Good Samaritan” rule as laid out in Restatement (Second) of Torts § 324A. That section provides:

One who undertakes, gratuitously or for consideration, to render services to another which he should recognize as necessary for the protection of a third person or his things, is subject to liability to the third person for physical harm resulting from his failure to exercise reasonable care to protect his undertaking, if

(a) his failure to exercise reasonable care increases the risk of such harm, or

(b) he has undertaken to perform a duty owed by the other to the third person, or

(c) the harm is suffered because of reliance of the other or the third person upon the undertaking.

This doctrine is frequently applied to reach corporate parents who monitor in some fashion the safety protocols used by their subsidiaries. See Merrill v. Arch Coal, Inc., 118 Fed. Appx. 37 (6th Cir. 2004) (“The threshold issue is typically whether the [defendant] undertook to render services to the …plaintiffs or for the benefit of plaintiffs.”); Miller v. Bristol-Meyers Co., 168 Wis.2d 863, 485 N.W.2d 31 (1992) (detailing requirements under prongs (a)–(c) of § 324A); but see Hinkle v. Delavan Industries, Inc., 24 F. Supp.2d 819 (W.D. Tenn. 1998) (No undertaking where parent merely undertook profit-motivated survey of safety procedures to see if it could reduce Worker’s Compensation costs); Loredo v. Solvay America, Inc., 212 P.3d 614 (Wyo. 2009)(regular safety audits by parent insufficient without showing that it retained control of safety procedures).

The doctrine has also been used to hold outside safety consultants liable for injuries that resulted from conditions they were responsible for monitoring. See Boyanoski v. Gould, Inc., No. 93-CV-2077, 1999 WL 33226460 (Pa.Com.Pl.), 46 Pa. D. & C.4th 164 (Sept. 27, 1999) (Consultant responsible for safety plan at Superfund site, which took “an active role in assuring work site safety,” had a duty that arose both from the nature of its contract and from its undertaking); Clark v. W & M Kraft, Inc., No. 1:05-CV-00725, 2007 WL 120136 (S.D. Ohio Jan. 10, 2007) (Safety consultant could be reasonably found liable when its services failed to trigger remedial action that could have protected plaintiff). It should be noted, though, that both cited decisions were on motions for summary judgment brought by the defendant consultants; it is not clear that plaintiffs have been able to prevail on these theories, as the duty remains narrowly construed.

So, is there a theory for a victim (my clients and all consumers) to hold an auditor liability? The answer is a legal, but qualified, perhaps. And, if I were PrimusLabs and other auditors, I would pay a bit more attention.