Third-party audits of food plants were a rarity before 1993’s outbreak of pathogenic E. coli O157:H7 was traced to Jack in the Box hamburgers. Four children died and 178 people, most under the age of 10, suffered permanent brain and kidney injuries.
Before that, two-party inspections of key suppliers by retailers and restaurant chains sometimes occurred, but blind trust was the default setting, recalls David Theno, who was hired by Jack in the Box as the chain’s first food-safety director in the wake of the E. coli tragedy.
“The 1993 event opened people’s eyes and made restaurants and retailers realize that they were responsible for the safety of the food their suppliers gave them,” says Theno, now retired from Jack in the Box and a principal of Gray Dog Partners Inc., a food-safety consultancy based in the San Diego area. With thousands of food processors and other suppliers stocking the JIB units, he turned to third-party auditors, triggering a growth curve in those services that continues today.
While at Jack in the Box, Theno directed an in-house team of 30-40 auditors who visited the chain’s 2,400 restaurants monthly. “It was really hard to keep them aligned and calling out the defects the same way,” he ruefully notes. Twenty years later, the challenge has grown exponentially and industry wide.
Given the size and complexity of America’s food industry, it’s a wonder it took so long to adopt the guiding principle of Chicago’s long-gone City News Bureau: “If your mother tells you she loves you, check it out.” The food industry has embraced that philosophy in the 21st Century, making independent audit services one of the industry’s fastest-growing areas, both in terms of the number of audits performed and the hiring and training of qualified auditors.
Audit fatigue is an issue, aggravated by a host of new verifications. Some, such as livestock handling audits, are executed for customers on behalf of their constituents. Others are assurances for those consumers, such as certified organic and the fast-growing gluten-free seal of approval. Still others are undertaken as a general assurance to industry, such as pest management reviews, food-defense audits and HACCP evaluations. The result is a seemingly endless stream of clipboard-armed auditors and inspectors moving through the plant.
Stress is compounded when multiple customers insist on conducting their own second-party audits. The duplication of time and effort caused UK retailers to create the British Retail Consortium Food Technical Standard in 1998, the first formalized third-party food safety audit. That led to formation of the Global Food Safety Initiative (GFSI), which sanctions standards like BRC as a framework for continuous improvement in food safety.
For food processors, GFSI holds the promise of fewer audits. According to Robert Prevendar, global managing director of Ann Arbor, Mich.-based NSF International’s Supply Chain Food Safety division, some food companies have seen a significant reduction in the frequency of audits thanks to GFSI.
“Unfortunately, we have not reached a point where (GFSI audits) are universally accepted,” he allows. Certification bodies like NSF are trying to address the fatigue issue with bundled services and cross-border acceptance, but the effort is in its infancy.
The elephant in today’s audit room, however, is the Jensen Farms case. Cantaloupes processed at the Holly, Colo., packinghouse in 2011 were tied to the U.S.’s deadliest outbreak of pathogenic food contamination in the 21st Century. William Marler, the Seattle attorney who has built a career on suing food companies on behalf of victims of foodborne illnesses (beginning with the Jack in the Box case) represents most of victims and their survivors in the Jensen incident, just as he had in the Peanut Corp. of America case in 2008 and the Wright Egg salmonella outbreak in 2010.
The lack of statutory law extending liability to audit companies in the event of food poisonings deterred him from pursuing auditors in earlier outbreaks, but in the case of Jensen, Marler smells blood.
Frontera Produce Ltd. distributed Jensen’s melons to Walmart and other retailers. As a condition of distribution, Jensen was required to pass a food-safety audit conducted by Primus Group Inc., a Santa Maria, Calif.-based audit service specializing in agricultural operations in the U.S. and Mexico. Weeks before the first Listeriosis cases tied to its melons were reported, Jensen received a 96 percent score and a superior rating in a Primus audit.
Pretrial wrangling in a dozen cases in nine states concluded in recent months, and in nine of them, the courts have denied Primus’ motions to dismiss. Marler calls a $50 million estimate of actual and punitive judgments against Primus in those civil suits conservative.
“We’ve now established a body of case law that is basically a roadmap for suing an auditor” in future incidents of foodborne illnesses, he says. “For auditors and audit services, it’s a new day. I know they’re freaking out.”
Recruitment challenge
The case law established in the Jensen Farms litigation will make successful suits against audit companies more likely in the future, Marler believes. More critical and detailed audits seem likely, but audit services first must come to grips with the daunting challenge of recruiting and training qualified professionals to execute procedural reviews.
In the Jensen case, the customer-defined audit was conducted by a subcontractor with only a few months experience, two courses in HACCP principles and auditor training, and one PrimusGFS training seminar. After graduating from Texas A&M with a BS degree in industrial engineering, he was employed as food-safety coordinator at his family’s farm.
Thorough and consistent audits are the goal, preferably conducted by industry veterans with an intimate understanding of the process. Unfortunately, the specifics of a process vary from plant to plant, even when they produce the same products.
One goal of the Food Safety Modernization Act (FSMA) is to create regulatory oversight of FDA facilities that is similar to the structure in place at USDA, which relies on FSIS inspectors who are on the premises daily. An auditor can only provide a snapshot in time, food safety experts point out. A bigger problem is the lack of technical expertise at many of the nation’s 170,000 FDA-registered production sites and the absence of information sharing.
Meat and poultry processors decided decades ago that food safety was not a competitive issue. Sharing of best practices has helped raise standards across the board. If a design flaw that raises the risk of cross-contamination is uncovered in a machine, the discovery is shared with other plants operating the same machine, suggests Jody Swaim, principal attorney with Olsson Frank Weeda Terman Matz PC (www.ofwlaw.com), a Washington, D.C., law firm with a large food practice.
While domestic lapses in food safety are the greatest concern, the globalization of the food supply chain is focusing attention on the policies and practices of suppliers overseas and the need for harmonization of food safety standards. Food and food container inspections and audits in Asia increased 55 percent in the second quarter, reports AsiaInspection. The Hong Kong-based quality-assurance firm forged a partnership a few years ago with Silliker Labs to audit and inspect Asian suppliers and test their raw materials and finished goods on behalf of western brand owners.
According to vice president Mathieu Labasse, AsiaInspection has certified 1,000 China food plants to the BRC standard, one of the food-safety audit systems sanctioned by GFSI, but they represent only 0.002 percent of the country’s food production facilities. “China is still quite immature in terms of food safety and education,” bemoans Labasse.
“In the last 20 years, the China food industry grew up and is now expected to achieve standards that western countries have taken decades to achieve,” he adds. Events like July’s revelation that a Shanghai hamburger supplier to McDonald’s and other fast-food chains was distributing rotten meat notwithstanding, Labasse says cultural and educational challenges throughout Asia will take years to overcome.
McDonald’s and Walmart are two of the biggest boosters of GFSI, the customer-driven self-policing of food safety standards. BRC and SQF levels 2 and 3 are the most prominent examples of the GFSI food-plant audits, and the stature of those audits likely will receive a boost when FSMA rules for imported foods are finalized next year. Certification of auditor competence and the acceptance of imported goods as meeting the requirements of the Food Drug and Cosmetic Act are among the proposals on the table. More intriguing is the possibility of expanding recognition to include third-party audits of domestic food facilities.
In a statement included in the Federal Register July 29, 2013, FDA wrote, “The same principles and standards that are features of a rigorous and credible program for audits of foreign firms would likewise have great merit for audits of domestic food facilities.” The agency is considering what incentives it might offer to food companies that participate in third-party certifications like GFSI under a program administered by FDA.
A template for this approach already exists with USDA’s National Organic Program, under which the department sets the standards for organic certification and more than 50 organizations, including Oregon Tilth and Quality Assurance International, execute the audits.
Big-picture focus
To some degree, internationalization of food standards already is occurring, driven by the same efficiency concerns that resulted in GFSI. The Netherlands accepts USDA’s organic certification for U.S. products entering the country, and the recently announced U.S.-Korea Organic Equivalency Agreement allows certified organic products to be sold as such in either country.
Standards convergence is a positive development, suggests Gray Dog’s Theno, though he frets about an over-reliance on audits themselves and too much attention to reviews of non-core activities. “I don’t care if the bait boxes are 12 or 15 feet apart,” he says. Instead, the focus should be on HACCP execution, Listeria control, foreign-material contamination and other oversight “that really determines food safety.”
Theno recalls a recent encounter with a dairy plant auditor who “had no clue what was going on and didn’t know where to look.” As for GFSI audits, “it’s almost like they're on a scavenger hunt. They have to get all the boxes checked” instead of concentrating on whether “the food safety system is operating correctly.”
Swaim concurs. As half of OFW Law’s food safety risk-assessment team of Dr. Doom and Ms. Gloom (she’s gloom), Swaim conducts inspections of food operations faced with regulatory compliance issues. (The nom de consultation also refers to Barbara Masters, a former FSIS administrator.) The most troubled clients protest “we’re certified to the highest level of SQF,” she says, but they don’t appreciate the complementary nature of audits and inspections. “Audits are a necessary evil that we live with, but sometimes people put too much weight on them.”
An audit report can hint at operational flaws and serve as useful starting points for Doom and Gloom, but observing how processes are executed is more informative, she says. “Take the time to stand on the floor for 15 minutes and watch what is going on,” she advises. How people and equipment move through the plant reveals more about the potential for cross-contamination than an audit does.
Labasse agrees. Most of AsiaInspection’s work involves proprietary audit standards set by brand owners. Those reviews are much more effective when combined with on-site inspections combined with lab tests of finished goods. Unauthorized subcontracting is common in China, he maintains, and absent sending an inspector on site, there is no assurance that a product was produced in the plant that was audited.
Upper management buy-in to the notion that audits are tools for continuous improvement also is needed, suggests NSF’s Prevendar. “An audit is not a hurdle to get over, it has to be part of your culture,” he advises. “The CEO, not the food-safety team, has to take ownership of food safety and make it a part of everything the company does."
“We have to change our thinking of audits as a record of what you’ve done in the last year and the records supporting it and move to process audits,” adds John Surak, a food scientist and consultant with Surak and Associates, Greenville, S.C. Verifying that GMPs are working by taking environmental swabs and other validations are indicative of an organization “moving from an inspection perspective to a process-control perspective,” he says.
FSMA’s codification of prerequisite programs is a positive development, as are more stringent GFSI audits and efforts to create a new global standard for food safety. But unless organizations are committed to the continuous improvement of their processing systems, audit results will be little more than certificates hung on the wall.