Tell that to the families of more that 25 who have died and the over 100 who have been sickened! 

And, memories of Kartrina – “Brownie, you’re doing a heckuva job” – President George W. Bush.

I was reading the New York Times tonight on my way home from work and was struck by these lines in the story of the findings of the FDA of the likely cause of the U.S.’s second deadliest foodborne illness outbreak:

The farm had passed a food safety audit by an outside contractor just days before the outbreak began. Eric Jensen, a member of the family that runs the farm, said in an e-mail that the auditor had given the packing plant a score of 96 points out of 100.

F.D.A. officials did not criticize the auditor directly. But Michael R. Taylor, deputy commissioner for foods, said the agency intended to establish standards for how auditors should be trained and how audits should be conducted.

The food industry increasingly has come to rely on what it calls third-party audits of farms or processing plants to ensure the safety of food. But the auditors are hired by the companies being inspected, and their procedures are largely unregulated. In several recent food safety lapses, the facilities involved had passed third-party audits.

Jensen Farms hired an auditor called PrimusLabs, based in California, to inspect its facility. Primus gave the job to a subcontractor, Bio Food Safety, which is based in Texas. Jensen and Primus declined to provide a copy of the audit report.

Robert Stovicek, the president of PrimusLabs, said his company had reviewed the audit and found no problems in how it was conducted or in the auditor’s conclusions.

“We thought he did a pretty good job,” Mr. Stovicek said. He said the auditor, James M. DiIorio, has been doing audits for the company since March.

So, yet again in news is the apparent failure of private outside food safety auditors to find problems that seem more than apparent after the foodborne illness outbreak happens – the Peanut Corporation of American in 2009 and the Wright County Egg in 2010 Outbreaks are just two of the more recent examples.

So, what is the responsibility and liability of PrimusLabs for this recent disaster?

Auditor liability tends to vary greatly depending on the context. Within the financial services context, it is generally fairly restricted, as courts tend to limit it using principles of contractual privity and party intent. In the safety context, on the other hand, it tends to be expanded under the Good Samaritan rule to hold liable companies and firms that undertake to ensure safety and can prevent harm, but still tends to exclude parties that do not have authority to directly change the situation causing the harm.

Financial Audit Context

With regard to general negligence, liability of financial auditors has been subject to three approaches. Bily v. Arthur Young & Co., 3 Cal. 4th 370, 384–94, 834 P.2d 745 (detailing contrasting approaches to auditor liability). Under the first, auditors are held liable only to those with whom they are in contractual privity. See Ultramares Corp. v. Touche, 255 N.Y. 170, 174 N.E. 441 (1931) (Cardozo opinion suggesting that expanding scope of duty beyond bounds of privity could lead to limitless auditor liability). This approach would almost certainly foreclose a suit against AIB and other food party auditors. On the other end of the spectrum are a “handful of courts” that extend the duty to any party whose reliance on an audit is “foreseeable.” See H. Rosenblum, Inc. v. Adler, 93 N.J. 324, 461 A.2d 138 (1983) (this decision, since superseded by NJ statute, held that auditors should be liable to all those to whom it was foreseeable their statements would be disseminated and who reasonably relied on the statements to their detriment). This approach still appears to be viable in Wisconsin and Mississippi, see Citizens State Bank v. Timm, Schmidt, & Co., 113 Wis.2d 376, 335 N.W.2d 361 (1983); Touche Ross & Co. v. Commercial Union Ins. Co., 514 So.2d 315 (Miss. 1987). Even under this approach, it might be factually difficult to establish that plaintiffs actually relied directly upon the audits of companies like AIB.

Finally, under the third “middle road” approach, many courts look to the intent of the contracting parties in deciding whether a party contracted to perform an audit owes a duty of care to third parties.

Where the ‘end and aim’ of the contractual transaction between a defendant and the contracting party is the achievement or delivery of a benefit to a known third party or the protection of that party’s interests, then liability will be imposed on the defendant for his or her negligent failure to carry out the obligations undertaken in the contract even though the third party is not a party thereto.

Glenn K. Jackson, Inc. v. Roe, 273 F.3d 1192, 1197–98 (9th Cir. 2001) (quoting Adelman v. Associated Int’l Ins. Co., 90 Cal. App. 4th 352, 363 (2001)) (finding accountants auditing law firm’s billing records for firm’s client did not owe duty of care to firm and firm was not entitled to rely on accountants’ representations). Although this approach is viewed as more restrictive than the foreseeability approach in the financial audits context, it might conceivably lead to a wider scope of liability in the food safety audit context, as it focuses on the purpose of the audits, rather than actual foreseeability and reliance. Under this inquiry, it would be particularly relevant whether a food safety auditor was being contracted to monitor for food safety and protection of consumers particularly, or whether it was simply auditing to ensure compliance with particular manufacturing standards with no contemplation of the ultimate consumer. In this regard, it is noteworthy that although many cases allow suits by injured shareholders against auditors that fail to detect corporate fraud, most still hold that an auditor’s duty is limited by the scope of the agreement it enters into with the principal. NCP Litigation Trust v. KPMG LLP, 187 N.J. 353, 382, 901 A.2d 871, 888 2006). Thus, an auditor cannot be held responsible for failing to identify conditions that it was not engaged to investigate.

Safety Audit Context

Of course, most claims in the financial auditor context arise from financial injuries; whether a court would be willing to expand the scope when confronted with a physical injury of the sort suffered in food safety cases is another question. In contexts where corporate parents and other outside parties have assumed a duty to ensure an operation is safe, courts have sometimes held them liable under the “Good Samaritan” rule as laid out in Restatement (Second) of Torts § 324A. That section provides:

One who undertakes, gratuitously or for consideration, to render services to another which he should recognize as necessary for the protection of a third person or his things, is subject to liability to the third person for physical harm resulting from his failure to exercise reasonable care to protect his undertaking, if

(a) his failure to exercise reasonable care increases the risk of such harm, or

(b) he has undertaken to perform a duty owed by the other to the third person, or

(c) the harm is suffered because of reliance of the other or the third person upon the undertaking.

This doctrine is frequently applied to reach corporate parents who monitor in some fashion the safety protocols used by their subsidiaries. See Merrill v. Arch Coal, Inc., 118 Fed. Appx. 37 (6th Cir. 2004) (“The threshold issue is typically whether the [defendant] undertook to render services to the …plaintiffs or for the benefit of plaintiffs.”); Miller v. Bristol-Meyers Co., 168 Wis.2d 863, 485 N.W.2d 31 (1992) (detailing requirements under prongs (a)–(c) of § 324A); but see Hinkle v. Delavan Industries, Inc., 24 F. Supp.2d 819 (W.D. Tenn. 1998) (No undertaking where parent merely undertook profit-motivated survey of safety procedures to see if it could reduce Worker’s Compensation costs); Loredo v. Solvay America, Inc., 212 P.3d 614 (Wyo. 2009)(regular safety audits by parent insufficient without showing that it retained control of safety procedures).

The doctrine has also been used to hold outside safety consultants liable for injuries that resulted from conditions they were responsible for monitoring. See Boyanoski v. Gould, Inc., No. 93-CV-2077, 1999 WL 33226460 (Pa.Com.Pl.), 46 Pa. D. & C.4th 164 (Sept. 27, 1999) (Consultant responsible for safety plan at Superfund site, which took “an active role in assuring work site safety,” had a duty that arose both from the nature of its contract and from its undertaking); Clark v. W & M Kraft, Inc., No. 1:05-CV-00725, 2007 WL 120136 (S.D. Ohio Jan. 10, 2007) (Safety consultant could be reasonably found liable when its services failed to trigger remedial action that could have protected plaintiff). It should be noted, though, that both cited decisions were on motions for summary judgment brought by the defendant consultants; it is not clear that plaintiffs have been able to prevail on these theories, as the duty remains narrowly construed.

So, is there a theory for a victim (my clients and all consumers) to hold an auditor liability? The answer is a legal, but qualified, perhaps. And, if I were PrimusLabs and other auditors, I would pay a bit more attention.

  • Joe Marchant

    This makes me sick as I continue to read articles about the negligence and the complete lack of due diligence to ensure safe products were reaching the consumer. My wife has been through a lot of things in her life time and this pregnancy was suppose to be a time of joy and happiness although it has been anything but that. Instead it has been sleepless nights, dr visit after dr visit and lots of tears shed. I pray that when all is said and done that laws are put into place that will help prevent future outbreaks of this magnitude so that no one has to go through the experience we are going through.

  • Are you trying to save our country into bankruptcy? Or are you just intent on suing people into bankruptcy?

  • Dan Cohen, Maccabee Seed Co. Davis CA

    Buyers and consumers have a commercial and reasonable expectation that marks, labels and marketing material that note third party food safety auditing have meaning.

    Some food companies and major chains have their own standards that exceed those of third party auditors, entirely under their own control. Fresh Express, at least when it was independent, Costco, and Subway could be examples, in my view. But even in these types of cases a third party audit and inspection is often routine.

    Why would one need such third party certification, even when the standards may actually be lower than one’s own? For the same reasons as the majority of companies, without such internal standards. Partially, to have a genuine check on food safety practices, implementation and success. But also to provide a marketing tool that assures buyers and consumers of food safety.

    Otherwise what you really need is a good lab, internal or external, to run the samples you take during in-house quality control monitoring and documentation.

    A third party food safety mark is used to brand consumer confidence. It is not clear to me that all the weasel words of third party auditing — about meeting often undefined routines of inspection without actually guaranteeing food safety — have meaning in this context. If you allow a customer to use your food safety implication in any commercial, marketing, or advertising materials at all, you have allowed an implicit promise (that looks explicit) of food safety to be made to buyers and consumers based on your work.

    To avoid this, an auditing company would need to either ban the use of their results for any outside commercial purpose, or require an explicit statement of non-guarantee off food safety from the audits and certification on all label use, marketing and advertising.

    But then, why would your customers pay you?

    Third party food safety inspection seems vulnerable to the same economic distortions, and degradation of quality as the financial ratings agencies that gave the highest possible safety ratings to mortgage derivatives. They are paid by the people they audit, not by third parties, with rare exceptions. If they don’t give the highest possible rating to their client, the client goes elsewhere. Then this degraded rating is put out to the market, whether food buyers or financial instrument buyers.

    The financial ratings agencies have not been held accountable for their actions, implicit and explicit guarantees of what was essentially fraud. But there does not appear to be a financial equivalent of strict liability for adulteration in a food safety context. Maybe there should be.

    I think the net result is that some aspects of third party food safety auditing have not been litigated completely or perhaps adequately. Further, the impact on food safety auditing practices and standards may go beyond the final judicial results, because disclosure of practices and use of food safety branding — if without adequate support– may have an economic impact on consumer confidence in auditing far beyond any final judicial determination. So some accountability may result regardless of the legal outcome.

    Under this theory, anyone who purchased contaminated produce in the knowledge of a food safety audit and mark may have a better claim to damages from the third party auditor than those actual consumers who got ill and died and did not rely on such knowledge.

    Primus Labs has one of the best reputations in farm and processor food safety auditing. They also provide a lot of free material on their website to help farmers and others with production safety issues, whether one uses their services or not.

    They should have a strong interest in finding out what happened with their audit, and why, and correcting any found deficiencies.

  • John Munsell

    Sounds eerily reminiscent of meat plants hiring outside, independent 3rd party auditors, which realize that if their reports necessitate the meat plant to undertake expensive improvements or costly procedural changes, the auditor would quickly be black balled from the industry. Why have the largest players in the meat industry developed a sudden reliance upon 3rd party audits in the last decade? Because (a) USDA/FSIS has deregulated the industry’s biggest players, allowing the large plants to police themselves in the absence of meaningful gov oversight. To provide an independent stamp of approval on plants’ compliance with sanitation measures, the plants hire “unbiased” (yet for hire) outside entities to endorse the plants’ operations. (b) If outbreaks occur, plants can then hide behind the whitewashed reports issued by the 3rd party entity, claiming that the report PROVES that not only did the plant have exceptional sanitation protocol, but proves that plant management assign primary importance to food safety (over corporate profit).
    So, who’s on first? The food facility? The 3rd party auditor? FDA or FSIS? Ha ha, the gov cannot now be held even partially liable when it has intentionally deregulated the industry. Self policing authority allows the food industry to hire 3rd party auditors to document only what the food facility wants documented. You document any more, and you’re out of work. Shades of Archibald Cox, who found and revealed too much, and was sent down the road.
    FDA’s current goal of establishing minimum protocol which must be used by outside auditors is a step in the right direction. However, I recommend that a copy of the auditors’ report must be immediately provided to FDA or FSIS, which should have the authority to accept or reject the adequacy of the report. Included in the report’s findings must be copies of all microbial test results, which conveniently are not being released by the firm which recently audited Jensen Farms.
    In this age of deregulation, consumers should be coming to critical mass recognition that 3rd party oversight of the food industry is much inferior to government inspection. Secondly, we must eventually admit that if existing government entities are loathe to physically inspect facilities, inspection authority must be given to a separate agency which is willing to promote public health considerations. Lee Iacoca stated “Where are our leaders?” We should also be asking “Where are our gov inspectors?” Answer: on recliners.
    You will never find a more staunch opponent of big gov than me. However, I admit that we do need a certain amount of gov. oversight. Imagine what would happen to IRS revenues if we were left to police ourselves? Well, we would even be the police, because tax revenues would be inadequate to hire police or teachers.
    Regardless of how the judicial system assigns liability to 3rd party auditors, I respectfully suggest that this nation needs to decide if we want auditors to assume inspection responsibility, or require gov inspectors to get off their recliners.
    John Munsell

  • Sam

    Third party audits in food facilities do NOT include investigation of sales and marketing activities. From my experience in this industry, most food safety issues turn ugly when sales gets involved (“my customer NEEDS this product damn it! It’s part of a multi-MILLION dollar contract!!!! JUST SHIP IT!!!!!”). Any company can pass an audit with some preparation; then they are free to resume business as usual for the other 364 days of the year.
    One thing I will say in support of third party audits, it’s job security for people like me!

  • Martin has been negligent in many instances in their own facilities. They cover up, or give passing results and the lab manager (not the president) has suck a slick tongue that twists the truth to make believe others that Primuslabs are doing a great job. Someone very close and dear to me works there and that person has told me about all the things that happen there. Primus should be audited and not only by the FDA or OSHA, they have “certified” them, thanks to the foxy manager.

  • Stan

    I have just recently completed my 2012 primus audit for my facility, this beeing our fourth audit. We have been working on improving our score and have done so untill now. Our current score was far lower than previous scores, and have been working on issues pointed out from other audits. Primuslabs have stepped up their program to cover their own butt’s, and did not care to make us aware of it. I have succesfully passed multiple FDA inspections with no problem, and for those that have experieced FDA inspections you know that they just show up and say let’s do this. Once our product leaves our facility, we have no control over what can be introduced to it, Pathogens can be introduced at any point, and the most likely point is at store level. It is our moral obligation as food producers to take every measure possible to ensure that our product is safe, and as a producer we have to rely on all those that handle our product to do the same. We have been forced into this third party audit program by big corps. trying to isolate themselves from liability, when in fact we are all liable. We have a very safe food supply chain in this country, and a regulatory body to insure it. These third party audits should go away. Consumers should all be aware that these pathogens are everywhere and should take measures to protect themselves. We are all in this together.