From USA Today (http://www.usatoday.com): Federal authorities have begun a criminal investigation of PCA, and the company is bankrupt. Records produced in the FDA's investigation of PCA and in congressional hearings on the outbreak portray a company that not only failed to heed warnings about its deficiencies, but allegedly shipped products that had tested positive for salmonella after retests were negative.

More important, the case reveals a food-safety system in which every key link in the chain of protection failed, food-safety officials and lawmakers say. The outbreak "is a poster child for everything that went wrong" with the USA's food-safety system, says William Hubbard, a former FDA associate commissioner. "Down the line, you can find flaws and failures."

The U.S. food-safety net relies heavily on companies to be good operators. Yet PCA repeatedly failed to fix problems that were brought to its attention, according to regulatory records and documents made public in congressional hearings. Nestlé, for example, twice inspected PCA plants and chose not to take on PCA as a supplier because it didn't meet Nestlé's food-safety standards, according to Nestlé's audit reports in 2002 and 2006.

Regulators never found anything major wrong with PCA's Blakely plant until after the outbreak. Then, the FDA found major problems in sanitation, manufacturing and even plant design.

Unlike Nestlé, other PCA customers, including Kellogg, never audited the Blakely plant themselves. Instead, they selected PCA as a supplier based in part on an inspection by an auditing firm that was paid by PCA and that rates almost every client "excellent" or "superior," said Rep. Bart Stupak, D-Mich., citing his committee's investigation.

Just another conflict of interest scenario: Audits paid for by the company being audited.

Read more... (http://www.usatoday.com/money/industries/food/2009-04-26-peanuts-salmonella-food-safety_N.htm)

In fairness, the auditing company mentioned as giving its clients good reports does have a link on its web page to an explanation of sorts - folks should read it before rushing to condemn the auditor.
https://www.aibonline.org/

Can you give a more specific ('deep') link, Wes? Are you referring to some type of disclaimer? Were they lied to? Was something hidden from them? Do they have low acceptance thresholds / requirements?

Apparently Nestlé knew things weren't right.

Edit add: I read the "Statement from AIB on Peanut Corporation of American and Related Matters", published April 2, 2009. That is not an explanation. It's a statement, but what does it say? Nada.

They're worried that their business model is threatened by government regulation because it's pretty obvious their audits are ineffective. Reminds me of the auditing firms during the Enron debacle.

Can you give a more specific ('deep') link? "Setting the Record Straight", 2009 Peanut Products Recall and Related Food Safety Matters (https://www.aibonline.org/auditservices/SettingTheRecordStraight8x11.pdf),"

Yeah, I found it and read it. I'm still not impressed. As I said, Nestlé saw what was happening.

Yeah, I found it and read it. I'm still not impressed. As I said, Nestlé saw what was happening.I didn't mean to imply I thought the "explanation" exonerated the auditor, but the situation does reflect what I have been writing the past six years I've been in the Cove - almost by definition, 3rd party assessors and auditors are forced to look at the best snapshots offered by the organization during the visit. When the auditee intends to deceive (as this one apparenly did), nobody ffers an additiona fee to the 3rd party auditor to perform a "forensic audit," even if the aditor has an itch things may not be ideal. A customer's auditor, however, seldom has a time or cost limit if he feels an itch, but usually just the "itch" is enough for a customer to say - "Hey, I've seen better - I'll let someone else worry about ferreting out the truth. We'll just move on to the next prospective supplier until we find one that does NOT give us an itch."

In my own experience, I've walked away from BOTH prospective customers and suppliers when I felt that itch, simply because there was rarely any economic benefit to take the time to ferret out the truth.

Just another conflict of interest scenario: Audits paid for by the company being audited.That in itself does not constitute a conflict of interest, if the auditing organization realizes that their job is not to give the auditee a passing grade, irrespective of what the evidence shows.

The job of the auditor is to perform a fair and thorough assessment of the object (system, process, product, people, etc.) being audited and report the results adequately.

If an auditing organization disregards the evidence at hand to satisfy the immediate paying customers, they are obviously failing to address the needs of other stakeholders that rely on the audit report to make business decisions. However, paying attention only to the needs of the paying customer creates tremendous risks to your brand. A certificate is as good as the name/brand associated with the organization who issues it. If that name is tarnished, fewer clients will want to be associated with it.

But on a broader note, the underlying problem is that many business stakeholders promote the commoditization approach to audits and certification programs. In one hand, they want certificates, seals, approvals to bolster confidence in the "approved" organization; or pretend those certificates help them mitigate the risks of doing business with a given supplier. While, on the other hand, they apply pressure for fewer audit days, less qualified auditors, lower audit fees, etc...

As in the Dilbert strips, you can't have it both ways. Either you make sure that the audit process is robust enough to provide you with confidence, and pay accordingly, or you make a mockery of audits and certificates, trivializing it as much as possible and end up with approvals and certificates that don't mean anything.

I'd like to see all first-level audits paid for by the audited firm, with a requirement for frequent audits depending on product nature.

I'd also like to see food/drug/medical device auditing firms that can be shown to have missed a substantially safety-violative environment in two subsequent audits to be deemed co-civilly-liable in regard to those violations, including passthrough liability for their owner(s), top officers and corporate parents.

And, the consumers of those audits...customers for the company's products...need to have a clear liability path as well. The bigger they are, the more it should hurt to screw up.

If you want something to work right, assign a very painful cost to its working wrong. Does that make the stakes higher, significantly raise the costs of audits, pretty much eliminate an easygoing atmosphere from the work, and probably lead to expectations of more substantial credentials? Sure.

I think it's hilarious that AIB's Mr. Munyon presided over an audit process that, if it had been deliberate instead of merely grotesquely incompetent, might have been considered fraudulent...and now he regards his key task as "...setting the record straight about AIB", i.e. "The AIB GMP Inspection is not designed to get around deception."

That non-deception-detection feature certainly could be an important selling point, and it's all about retaining clients, right?

I wonder if their 8 to 12 week training program includes instruction on strategically closing your eyes while walking around employees shoveling peanuts (and other stuff) off the floor back onto the production belt, and how to avoid asking employees questions that might elicit answers you don't want to hear.

<snip>including pass through liability for their owner(s), top officers and corporate parents.</snip> That is a key issue. I'd have a lot less of an issue with a company paying for an audit of their facility if the auditing firm could be held liable if something came up.

<snip>I wonder if their 8 to 12 week training program includes instruction on strategically closing your eyes while walking around employees shoveling peanuts (and other stuff) off the floor back onto the production belt, and how to avoid asking employees questions that might elicit answers you don't want to hear.</snip> That was the cause of my disdain. The response was nonsensical to me. From what I've read, a walk through the place would have made it evident to any auditor that there were serious problems.

That is a key issue. I'd have a lot less of an issue with a company paying for an audit of their facility if the auditing firm could be held liable if something came up.

That was the cause of my disdain. The response was nonsensical to me. From what I've read, a walk through the place would have made it evident to any auditor that there were serious problems.Perhaps you recall a thread we had some time back that a quick tour of employee lavatories would tell an auditor to look further. I am really curious what the lavatories at the peanut plant would have looked like on the day of the auditor visit.

That is a key issue. I'd have a lot less of an issue with a company paying for an audit of their facility if the auditing firm could be held liable if something came up.Marc, nobody is immune from being considered liable in this country. It is up to the legal system to decide liability issues. Auditing firms, registrars, certifiers don't have any special liability dispensation, diplomatic immunity, etc...Anyone might end in a legal proceeding, especially in cases of injuries, fatalities, etc...

What Sidney says is true. I think, however, the concept of such forensic audits some folks here are advocating brings back the image of quality auditors as adversarial Kwality Kops who come in with the pre-conceived attitude,
"You're doing something wrong and I'm gonna getcha!:whip::whip::whip::whip:

If such comes to pass, we can probably hook up generators to the graves of Deming and Juran and alleviate all energy shortages as they merrily spin and spin.

Regulators regulate - they are, in fact, Kwality Kops, who have the power in their little fingers to speed dial the federal marshalls to come and padlock a place!

Let's rethink the whole concept of WHY managers and owners get the mistaken idea they can get away with fraud and other criminal acts forever. Punishment (shame, bankruptcy, fines, imprisonment, etc.) doesn't seem to stop ANY crime - we quality wonks knew that all along - "you can't inspect quality in, you have to design and build it in."

Bottom line:
No quality professional worth the name believes 10O% inspection guarantees quality; why would we believe more rigorous (100%?) inspection would guarantee absence of fraud?

Bottom line:
No quality professional worth the name believes 10O% inspection guarantees quality; why would we believe more rigorous (100%?) inspection would guarantee absence of fraud?

Folks may get tired of me talking about accounting, but...

Auditing 101, literally the first day of class. An audit most likely will NOT catch a complex and competently executed act of fraud. I am willing to bet that there are a LOT of us who could fabricate a "going concern", complete with certificates (fake), test results (them too), procedures, financials, etc. that would look like a real company that has been in business for a while. Ignoring a test result here and there, and not even recording it, is much easier to pull off for a going concern. I think that there is too much faith put into audits. Fraudsters, it seems, are most often revealed when they get tangled in their own webs.

What, exactly, was missed by the peanut auditors, other than the retests? Were they really shoveling peanuts off of the floor?

Folks may get tired of me talking about accounting, but...

Auditing 101, literally the first day of class. An audit most likely will NOT catch a complex and competently executed act of fraud. I am willing to bet that there are a LOT of us who could fabricate a "going concern", complete with certificates (fake), test results (them too), procedures, financials, etc. that would look like a real company that has been in business for a while. Ignoring a test result here and there, and not even recording it, is much easier to pull off for a going concern. I think that there is too much faith put into audits. Fraudsters, it seems, are most often revealed when they get tangled in their own webs.

What, exactly, was missed by the peanut auditors, other than the retests? Were they really shoveling peanuts off of the floor?

Excellent points!

Allow me to add that many organizations have two sets of standards...
1. What they tell the world.
2. What they actually do.

What I was taught as the formal and informal organizational structure.

Stijloor.

Regarding "Kwality Kops":

The FDA is a policing agency. It exists to assure safety and wholesomeness in the food chain, among other missions...not merely to help product makers by pointing out those areas where their efforts are not accomplishing those goals.

Is that inconsistent with quality theory? Fine, no problem. The FDA isn't about quality. It's perfectly OK to have auditors who are quality-theory-oriented and on the customer's side, even to the extent of considering it to be not their job to detect deception.

But, there also must be auditors who are there to serve the public good by determining compliance. And, regulated customers must rely only on the reports of the regulatory auditors.

It's scary and infuriating to read of AIB's market dominance among major food manufacturers, given their total lack of concern for the public good.

Regulators regulate - they are, in fact, Kwality Kops, who have the power in their little fingers to speed dial the federal marshalls to come and padlock a place!

Let's rethink the whole concept of WHY managers and owners get the mistaken idea they can get away with fraud and other criminal acts forever. Punishment (shame, bankruptcy, fines, imprisonment, etc.) doesn't seem to stop ANY crime - we quality wonks knew that all along - "you can't inspect quality in, you have to design and build it in."

I think it would be more accurate to say that the threat of punitive action doesn't stop all criminal acts. I think it's safe to say that there is a deterrent effect. The problem is greed, arrogance and hubris, and those "attributes" are the prime reason that regulation is necessary. The public needs to be protected against the cowboys whose avarice has overcome their ability (or desire) to think straight.

Bottom line:
No quality professional worth the name believes 10O% inspection guarantees quality; why would we believe more rigorous (100%?) inspection would guarantee absence of fraud?
Any quality professional worth the name understands that there are times when 100% inspection is necessary, appropriate and effective. Widespread application of generalities and platitudes is not a good idea. No one has yet devised a method for prevention of wrongdoing and I think it's safe to say that no one ever will. In the absence of such a panacea, we're left with regulation and enforcement and can only hope to minimize the threat. The idea is risk mitigation, not elimination.

The FDA is a policing agency. It exists to assure safety and wholesomeness in the food chain, among other missions...not merely to help product makers by pointing out those areas where their efforts are not accomplishing those goals.If you are given the mandate and responsibility, but not provided with the resources to perform the job, can you be held accountable? In the absence of such a panacea, we're left with regulation and enforcement and can only hope to minimize the threat. The idea is risk mitigation, not elimination.Exactly. Since many regulatory agencies don't have the resources to perform effective oversight of their respective areas, they should rely on all the GOOD help they could get. That is why I started this thread (http://elsmar.com/Forums/showthread.php?t=26346&).

All good points. I would however like to sum up a lot of what was said with this statement, Laws/rules/mandates only apply to those who follow them. Obscure reference, the library mandates quiet. Most of us are quiet because that is what the library asks of us. "All" of us here try our best to follow the rules as far as FDA regulations, ISO, CE, etc... are concerned. Some of the world tries to circumvent the rules because they aren't law abiding citizens. By increasing the costs of audits and mandating more audits all that is happening is we are charging the law abiding citizens for the crimes of the non law abiding citizens which in my opinion is not a valid solution. Unfortunately, I don't have a better solution to offer in it's place. I work in a small medical device design firm with a limited budget. We do our best to follow the rules, design good products, avoid patient injury, avoid customer complaints, and provide affordable products. More audits would only show we were doing things properly more times and affect the cost we would have to impart onto our customers. If I had a better solution I would be happy to share it I hate to shoot down suggested solutions and not offer up one of my own for critique unfortunately like I said I don't have one to offer. Perhaps one of you not NewAtTheJob has a better solution ;)

All good points. I would however like to sum up a lot of what was said with this statement, Laws/rules/mandates only apply to those who follow them. Obscure reference, the library mandates quiet. Most of us are quiet because that is what the library asks of us. "All" of us here try our best to follow the rules as far as FDA regulations, ISO, CE, etc... are concerned. Some of the world tries to circumvent the rules because they aren't law abiding citizens. By increasing the costs of audits and mandating more audits all that is happening is we are charging the law abiding citizens for the crimes of the non law abiding citizens which in my opinion is not a valid solution. Unfortunately, I don't have a better solution to offer in it's place. I work in a small medical device design firm with a limited budget. We do our best to follow the rules, design good products, avoid patient injury, avoid customer complaints, and provide affordable products. More audits would only show we were doing things properly more times and affect the cost we would have to impart onto our customers. If I had a better solution I would be happy to share it I hate to shoot down suggested solutions and not offer up one of my own for critique unfortunately like I said I don't have one to offer. Perhaps one of you not NewAtTheJob has a better solution ;)



As far as I am concerned you are right on target. Maybe the best way to approach it would be better education concerning just what the requirements are. But, for the peanut company, a doctorate would not have changed the mindset. As you so eloquently pointed out, in this case the rules apparently did not apply.