2007 ASME Boiler and Pressure Vessel Code - Operations and

The Roles of Third Parties in Regard to the Integrity of Process Management Systems

Lessons pertinent to food safety

Isadore Rosenthal Wharton Risk Management and Decision Processes Center

Wharton School University of Pennsylvania Rosenthawhartonupennedu

Howard Kunreuther Wharton Risk Management and Decision Processes Center

Wharton School University of Pennsylvania Kunreutherwhartonupennedu

December 16 2008

Working Paper 2008-12-16

_____________________________________________________________________ Risk Management and Decision Processes Center The Wharton School University of Pennsylvania

3730 Walnut Street Jon Huntsman Hall Suite 500

Philadelphia PA 19104 USA

Phone 215-898-5688 Fax 215-573-2130

httpopimwhartonupennedurisk ___________________________________________________________________________

CITATION AND REPRODUCTION

This document appears as Working Paper of the Wharton Risk Management and Decision Processes Center The Wharton School of the University of Pennsylvania Comments are welcome and may be directed to the authors This paper may be cited as Isadore Rosenthal and Howard Kunreuther ldquoThe Roles of Third Parties in Regard to the Integrity of Process Management Systems Lessons pertinent to food safetyrdquo Risk Management and Decision Processes Center The Wharton School of the University of Pennsylvania December 2008 The views expressed in this paper are those of the authors and publication does not imply their endorsement by the Wharton Risk Center and the University of Pennsylvania This paper may be reproduced for personal and classroom use Any other reproduction is not permitted without written permission of the authors

THE WHARTON RISK MANAGEMENT AND DECISION PROCESSES CENTER Since its creation 25 years ago the mission of the Wharton Risk Management and

Decision Processes Center has been to carry out a program of basic and applied research to promote effective corporate and public policies for low-probability events with potentially catastrophic consequences The Risk Center has focused on natural and technological hazards through the integration of risk assessment risk perception and risk financing with risk management strategies After 911 research activities extended also to national and international security issues (eg terrorism risk insurance markets protection of critical infrastructure global security)

Building on the disciplines of economics decision sciences finance insurance marketing and psychology the Centers research program has been oriented around descriptive and prescriptive analyses Descriptive research focuses on how individuals and organizations interact and make decisions regarding the management of risk under existing institutional arrangements Prescriptive analyses propose ways that individuals and organizations both private and governmental can make better decisions regarding risk The Center supports and undertakes field and experimental studies of risk and uncertainty to better understand the linkage between descriptive and prescriptive approaches under various regulatory and market conditions Risk Center research investigates the effectiveness of strategies such as risk communication information sharing incentive systems insurance and regulation

The Center is also concerned with training decision makers and actively engaging multiple viewpoints including the expertise of top-level representatives in the world from industry government international organizations interest groups and academics through its research and policy publications and through sponsored seminars roundtables and forums

More information is available at httpopimwhartonupennedurisk


Lessons pertinent to food safetyi

Isadore Rosenthal

ii and Howard Kunreuther iii

i This research has been supported by a grant from the USDArsquos ERS office

Table of Contents

1) Introduction 1

2) Third Party Roles in Four Current Regulatory Programs 3

A Boiler and pressure vessel integrity 3

B The integrity of financial reports on lsquopublicrsquo companies 8

C Mechanical Press Safeguarding 15

D EPArsquos RMP Process Safety Standard 19

E Third party functions and roles in non-food regulations that might be beneficially introduced into meat safety regulations 29

Appendix 1 US Federal Agenciesrsquo Food Safety Responsibilities 41 Appendix 2 Some Definitions of the Roles of lsquoFirstrsquo lsquoSecondrsquo and lsquoThirdrsquo Parties and Related terms 42

Appendix 3 Corporate Accounting Scandals 50

Appendix 4 Summary of HR 3763 [107th] Sarbanes-Oxley Act of 2002 54 Endnotes 60

httpwwwersusdagov The authors acknowledge the contribution of Peter Schmeidler who started this project

ii Isadore (Irv) Rosenthal PhD is Senior Fellow Wharton Risk Management and Decision Processes Center iii Howard Kunreuther PhD is Cecilia Yen Koo Professor of Decision Sciences and Public Policy at the

Wharton School University of Pennsylvania

1


Lessons pertinent to food safetyiv

Isadore Rosenthal

v and Howard Kunreuther vi 1) Introduction

Numerous groups in four Federal Agencies1

Despite the efforts of these Federal agencies food supply chains continue to experience a significant number of incidents resulting in deaths and serious injuries to members of the public Third parties

have major food chain safety related responsibilities the Department of Agriculture (USDA) the Food and Drug Administration (FDA) the Centers for Disease Control and Prevention (CDC) and the Environmental Protection Agency (EPA) However the USDA and the FDA are by far the major food safety players

vii

The paper examines

play a significant role in many business and regulatory programs aimed at reducing the frequency and severity of such incidents Third parties also play important roles in business and regulatory programs that address risks associated with a wide variety of non-food related products and processes

viii

iv This research has been supported by a grant from the USDArsquos ERS office

the functions and roles that third parties play in four regulatory programs aimed at objectives other than food safety that the authors believe have some potential for providing lessons important to shaping a more effective use of third parties in the area of food safety The purpose of this examination is to identify third party roles and measures used to ensure third party objectivity in these four programs that might complement or add value to the current roles that third parties play in United States Department of Agriculture (USDA) programs aimed at ensuring food safety


v Isadore (Irv) Rosenthal PhD is Senior Fellow Wharton Risk Management and Decision Processes Center vi Howard Kunreuther PhD is Cecilia Yen Koo Professor of Decision Sciences and Public Policy at the

Wharton School University of Pennsylvania vii A simple definition of the parties involved in a lsquotransactionrsquo is as follows

bull First party ndash The manufacturer andor supplier bull Second party ndash The purchaser andor user bull Third party ndash An independent party with no vested interest in the transaction between the first and

second party The character and functions of a lsquoThird partyrsquo will be discussed in some detail further in the paper viii Clearly all of the literature pertinent the role of third parties in regard to food safety issues could not be

reviewed with the resources available to complete this study The authors would appreciate information on other particularly pertinent articles which should be cited or might alter this paperrsquos thrust

2

The four areas covered in this overview of third party roles are 1 Boiler and pressure vessel integrity 2 Certification of company financial accounting statements 3 Mechanical press safeguarding 4 Prevention of chemical process accidents

The paper concludes with a discussion of two questions

1 Which of the functions and roles that third parties play in regulatory programs aimed at objectives other than food safety might be beneficially introduced into the USDA meat and poultry safety programs

2 What steps might be taken to improve the likelihood that a particular third party oversight report presents a reasonably acceptable measure of conformance with applicable safety regulations and generally accepted lsquoGood Practicesrsquo

The terminology used in regard to third party roles and functions is somewhat specialized This paperrsquos discussion of third party roles will attempt to use the following American National Standards Institute (ANSI) terminology2

NATIONAL CONFORMITY ASSESSMENT PRINCIPLES FOR THE UNITED STATES

Accreditation Third party attestation related to a conformity assessment body conveying a formal demonstration of its competence to carry out specific conformity assessment tasks (These tasks include sampling and testing inspection certification and registration) Certification Third party attestation related to products processes or persons that convey assurance that specified requirements have been demonstrated Conformity Assessment Demonstration that specified requirements relating to a product process system person or body are fulfilled (This may include any activity concerned with determining directly or indirectly that relevant requirements are fulfilled) First Second and Third Party The first party is generally the person or organization that provides the object such as the supplier The second party is usually a person or organization that has a user interest in the product such as the customer The third party is a person or body that is recognized as being independent of the person or organization that provides the object as well as the user or customer of the object

3

Inspectionix

bull First party ndash A government entity that imposes requirements on aspects of a manufacturerrsquos andor supplierrsquos activities

Examination of a product design product process or installation and determination of its conformity with specific requirements or on the basis of professional judgment with general requirements Recognition Procedure used to provide formal notice that an accreditation body is competent to carry out specific tasks These tasks include accreditation of testing laboratories and inspection certification and registration bodies A governmental recognition system is a set of one or more procedures used by a Federal agency to provide recognition Registration Third party attestation related to systems that convey assurance that specified requirements have been demonstrated Such systems include those established for the management of product process or service quality and environmental performance

The authors have also included a representative cross-section of other definitions of lsquothird partyrsquo (see Appendix 2) to give some perspective on this ANSI terminology It should be noted that ANSI terminology is focused on the roles that first second and third parties play in conventional commercial transactions The authors describe the roles which first second and third parties play in the regulatory process as follows

bull Second party ndash The manufacturer andor supplier bull Third party ndash An independent party that has no personal or direct

involvement with the first or second party 2) Third Party Roles in Four Current Regulatory Programs

A) Boiler and pressure vessel integrity

Introduction Major boiler and pressure vessel explosions in the latter half of the 19th century and early 1900s stimulated the technical and business community to explore measures to reduce these risks Two milestone events in the development of such preventive measures were

ix In the authorsrsquo opinion the term ldquoinspectionrdquo is synonymous with ldquoauditrdquo

4

bull The formation in 1886 of the Hartford Steam Boiler Inspection and Insurance company3

bull The start of the American Society of Mechanical Engineers (ASME) in 1880

which used boiler insurance to motivate firms to employ lsquosaferrsquo design and operating measures

4

Currently regulations aimed at controlling boiler and pressure vessel risks have been adopted into law by 50 states and many municipalities in the United States and by all of the Canadian provinces Insurance companies play an important role in implementing state boiler regulations and in most states the primary responsibility for conducting the statersquos required boiler inspections falls on the facilityrsquos insurance company if the regulated boiler is covered by insurance The following language taken from the Maryland

In 1884 ASME issued its first Performance Code and it dealing with Steam Boilers Boiler and Pressure Vessel The 2007 ASME Boiler and Pressure Vessel Code serves as the major technical basis for lsquogood practicersquo in all current state boiler regulations

5 regulation is typical6

of what is found in other State statutes

Division of Labor and Industry Safety Inspection Boiler and Pressure Vessel Safety

The Safety Inspection Boiler and Pressure Vessel unit is responsible for the inspection of boilers and pressure vessels used in commercial establishments places of public gathering and apartment buildings with six or more units This responsibility involves ensuring the safe operation of those boilers and pressure vessels by performing periodic inspections and by close monitoring of all repair work The law also requires that any boiler or pressure vessel that will be installed in Maryland be built to a standardized nationwide construction code the American Society of Mechanical Engineers (ASME) Boiler and Pressure Vessel Code The law requires that boilers and pressure vessels be inspected annually or biannually depending on the type of equipment Boilers may not be operated without a certificate of inspection Boiler and pressure vessel installers must notify the Chief Boiler Inspector thirty (30) days prior to installation All inspections must be performed by an inspector commissioned by the National Board of Boiler and Pressure Vessel Inspectors Approximately 270 insurance company inspectors are authorized to conduct inspections (emphasis added by authors) in addition to inspectors on staff with the Division of Labor and Industry Owners who have obtained insurance coverage on their boilers andor pressure vessels should expect their insurance company to conduct the necessary inspections (emphasis added by authors)

5

Inspection fees

If the insurance company fails to conduct the inspection on time (Emphasis added by authors) or the owner does not have insurance the inspection will be conducted by a State Deputy Boiler Inspector Owners will be billed $40 for the first unit inspected at a given location and $10 for each additional unit inspected at the same location on the same day Owners will be billed $10 for the inspection of pressure vessels attached to an air compressorrdquo (Excerpted from Source 6 noted on page 45 of this report)

It is also of interest to note that in Maryland facilities cannot operate covered equipment without an annual inspection certificate and must pay fees for this required boiler inspection This requirement is also found in the other state boiler regulations that were examined Effective implementation of any safety regulation requires a standard that Identifies the hazards and the practices processes or equipment subject to the regulation and

1 Requires conformity with an operationally defined7

2 Timely inspections executed by competent inspectors to validate initial and continued conformance with the regulations requirements

set of practices capable of controlling the risks associated the hazards to an operationally defined level

The various state boiler and pressure vessel safety regulations satisfy both of these requirements The first of the above two requirements is satisfied by the fact that US state boiler and pressure vessel safety regulations incorporate compliance with the ASME Boiler and Pressure Vessel Code8

This code reflects practitioner thinking on the equipment specifications operational rules and guidelines required for a boiler and pressure vessel installation to meet generally accepted standards of lsquoGood Practicersquo The ASME code spells out the practices and equipment requirements needed to avoid accidents in very great detail and it is frequently updated to incorporate new technology and findings The elements rules and guidelines of the 2007 ASME Boiler and pressure Vessel Standard are as follows

I Power Boilers II Materials III Rules for Construction of Nuclear Power Plant Components IV Heating Boilers V Nondestructive Examination

6

VI Recommended Rules for the Car and Operation of Heating Boilers VII Recommended Guidelines for the Care of Power Boilers VIII Pressure Vessels ndash Division 1 IX Welding and Brazing Qualifications X Fiber-Reinforced Plastic Pressure Vessels XI Rules for Inservice Inspection of Nuclear Power Plant Components XII Rules for the Construction amp Continued Service of Transport Tanks Code Cases Boilers amp Pressure Vessels Code Cases Nuclear Components

The second requirement is met by the fact that all state boiler and pressure vessel regulations generally require compliance inspections of covered boiler and pressure vessel equipment upon initial installation annually and when any changes are made to covered equipment These inspections are generally performed by individuals who are either 1 Qualifiedx

2 Qualified inspectors employed by boiler insurance companies

Inspectors who are employees of the boiler and pressure vessel regulatory Agency

However it is important to note that most of the boiler inspections required under State regulations are done by qualified state insurance companies rather than the State regulatory agency It is also important to note that inspectors who are employees of boiler insurance companies are not lsquothird partiesrsquo as the term is defined in the generic definition of lsquothird partyrsquo

ldquoThird Party An independent party that has no personal or direct involvement with the first or second partyrdquo

Insurance companies that cover regulated boiler facilities clearly have a self- interest in preventing boiler accidents since they cover at least some of the costs of such accidents Therefore one would expect that on average an employee of a boiler insurance company will lean towards over-implementation rather than under-implementation of the boiler regulations provisions

x Becoming a qualified boiler and pressure vessel inspector generally involves successful completion of the

National Board of Boiler and Pressure Vessel Inspectors competency examination as well as other requirements of the regulatory agency

7

Observations As Figure 1 shows boiler and pressure vessel explosions have significantly decreased over time Figure 1 NUMBER OF BOILER EXPLOSIONS9

1880 1890 1900 1910 1920 1930 1940 1950 1960 1970 1980 1990 However there are still a very significant number of boiler code violations each year as shown in Table 1 released by the National Board of Boiler and Pressure Vessel Inspectors10

bull The quality of the ASME boiler code

The authors believe that many factors have contributed to this decrease

bull Improvements in boiler and pressure vessel equipment bull The frequency of required inspections

However the most important factor leading to the noted improvements may be the fact that because of the benefits insurance firms receive through boiler accident prevention they have supported the ASME code improvements and have succeeded in having most boiler and pressure vessel inspections done by third party inspectors associated with insurance company whose self-interests are likely to bias them towards achieving strict conformance with this code To illustrate this point please note the number of reported violation findings for the second quarter of 2008

8

Table 1 Report of Violation Findings for Second Quarter 2008 Category Number of

Violations Percent of

Total Violations Boiler Controls 6639 34 Boiler Piping and Other Systems 4195 22 Boiler Manufacturing Data ReportNameplate 347 2 Boiler Components 2659 14 Pressure-Relieving Devices for Boilers 3054 16 Pressure Vessels 2190 11 Repairs and Alterations 169 1 Summary Number of jurisdictional reports 93 Total number of inspections 197249 Total number of violations 19253 Percent violations 10 The relatively effective successful results in using insurance companies as third party inspectors has been discussed in a series of papers at Wharton that examine the use of insurance companies as third parties in programs aimed at controlling risks in other areas11

Congress enacted the SECURITIES ACT OF 1933

B) The integrity of financial reports on lsquopublicrsquo companies

12 and SECURITIES EXCHANGE ACT OF 193413 in response to the stock market crash of 1929 and the subsequent financial depression These acts created the Security and Exchange Commissionxi (SEC) and gave the SEC primary responsibility for overseeing and regulating the US securities markets including the authority to prescribe accounting standards that must be followed by companies for purposes of complying with federal securities laws14 Shortly after its creation the SEC decided to take a self-regulatory approach similar to what was later called a management-based approach15 to the discharge of its responsibilities for setting up and enforcing accounting and financial standards for public companies and it looked to the private sector for leadership in establishing and improving accounting standards

The SEC has officially recognized the Financial Accounting Standards Board (FASB) as the private sector organization for establishing standards for public company financial accounting and reporting16 since 1973 This recognition was reaffirmed in April 200317 and in a 2005 rule-making notice18

FASB financial accounting and reporting standards are recognized as ldquogenerally accepted accounting practicesrdquo (GAAP) for purposes of the Federal securities

(See Appendix 3 for a brief description of the history structure and functions of the FASB)

xi See SEC website for more information on SEC roles and functions

httpwwwsecgovaboutwhatwedoshtml

9

laws As a result registrants19 are required to comply with those standards in preparing financial statements filed with the SEC unless the SEC provides otherwise20 In his testimony to Congress21

Publicly

Mr Herdman Chief Accountant of the SEC presented an overview of the roles of the SEC and FASB in establishing GAAP

xii traded companies (first parties) are required to send the SEC many reports on different aspects of their business including an annual 10-K report that details the financial and other aspects of the companyrsquos business An independent Certified Public Accountant22 (CPA) (third party) must certify (attest) that the reported financial information is correct ie meets specified requirements and reflects generally accepted accounting standards and practices (GAAP) Publicly traded companies are also required to send annual reports to their shareholders (second parties) on or before the company annual meetings to elect directors It should be noted that the annual report sent to shareholders23 is quite different and much simpler than the required 10-K sent to the company Readers unfamiliar with accounting practices for public firms may not appreciate the complexity of a 10-K report Appendix 4 contains a copy of the 10-K form and perusal of this form should facilitate understanding of the accounting complexities and malpractices that contributed to the Enron scandal which will be discussed next A large number of company accounting malpractices and frauds emerged in the 2000-2002 period The scandal at the Enron Corporation was the most notorious of these cases which were collectively labeled by the press as the ldquoEnron Scandalsrdquo Appendix 3 presents an overview of these various company scandals The focus of this section of our discussion will be on the nature of the Enron financial malpractices that led to its scandal and an examination of why these malpractices were not detected by Arthur Andersen the third party independent auditor of Enronrsquos 10-K report to the SEC Enron financial malpractices centered on the misuse of Special Purpose Entities24

Enron could have legitimately used SPErsquos to invest in its own growth through the issuance of debt without the disadvantage of including the additional debt on their consolidated financial statements provided the SPE was used in

(SPEs) a complex instrument which was not well understood at that time even by many accounting professionals prior to the Enron scandal

xii lsquoPublic companyrsquo a company whose shares can be bought and sold on the stock market These companies

must comply with stringent reporting requirements set out by the Securities and Exchange Commission including the public disclosure of financial statements

10

accordance with GAAP and the action was transparent to users of financial statements This was not the case at Enron which did not meet the needed SPE issuing company investment requirements Enron used SPEs to hide increases in its corporate debts and also to give lsquooff the recordrsquo compensation to officers of the company See reference 25 for a more detailed description of Enronrsquos misuse of SPErsquos taken from literature25 In retrospect it is clear that Enronrsquos Board of Directors26 could have detected Enron managementrsquos malpractices and by law should have attempted to prevent them but it did not The Report of Investigation by the Special Investigative Committee of the Board of Directors of Enron Corprdquo27 dated February 1 2002 noted that

ldquoOverall Enron failed to disclose facts that were important for an understanding of the substance of the transactions The Company did disclose that there were large transactions with entities in which the CFO had an interest Enron did not however set forth the CFOs actual or likely economic benefits from these transactions and most importantly never clearly disclosed the purposes behind these transactions or the complete financial statement effects of these complex arrangements The disclosures also asserted without adequate foundation in effect that the arrangements were comparable to arms-length transactions We believe that the responsibility for these inadequate disclosures is shared by Enron Management the Audit and Compliance Committee of the Board Enrons in-house counsel Vinson amp Elkins and Andersenrdquo (Emphasis added)

Andersen the lsquoindependent certified public accountantrsquo that certified Enronrsquos annual 10-K reports as meeting GAAP during the years that Enronrsquos financial malpractices were taking place is identified as one of the parties that failed to meet its legal and professional obligations in regard to ensuring adequate financial disclosure by Enron The question we examine next is the factors that caused Andersenrsquos not to meet its legal and professional obligations in regard to ensuring adequate financial disclosure by Enron As noted above Andersen was the lsquoindependent certified public accountantrsquo that certified that Enronrsquos annual 10-K reports were prepared in conformance with applicable law and GAAP before and during the period the Enron scandal unfolded However the literature is clear (at least in retrospect) that the Andersen certifications were lsquoclearlyrsquo not justified and that Andersenrsquos objectivity was compromised unconsciously or consciously by its desire to build and keep the very profitable consulting service business that it had with its audit clients

11

Gillan and Martin made the following observation in regard to the lsquoindependencersquo required of Andersen as a third party auditor28

ldquoThe second challenge to Andersenrsquos independence relates to the fact that for two years Andersen served as both Enronrsquos internal and external auditor Essentially when Andersen performed its external audit it was reviewing its own work For example Andersen advised Enron on the structure of many its SPEs received consulting income for doing so and audited those transactions This leads to the third challenge to auditor independence ndash auditors accepting consulting engagements with audit clients have long been recognized as a potential source of conflict of interest problems (hellip) During 2000 Enron paid Arthur Andersen total fees of $52 million including $25 million for the audit $14 million for work arguably connected to the audit (Andersenrsquos CEO testified before congress that the work can ldquoonly be done by auditorsrdquo) and $13 million for other consulting These fees made Enron one of Andersenrsquos largest clients and certainly one of the largest clients for its Houston officerdquo

A recent study29 by the Centre for Financial Market Integrity (CFA) essentially concluded that what had occurred at Andersen was generally true for the whole industry

ldquoOver a period of decades the historical trust between investor and auditor did eventually break down Because of accounting firmsrsquo reliance on their audit clients for revenues (derived from both audit and more important non-audit or consulting engagements) auditors came to identify with the managers of the companies they audited rather than with the shareowners and other investors on whose behalf the audit requirement was established This reliance on clients for revenues began to subvert the self-regulatory process as the auditing profession failed to ensure that investors had full and fair disclosure The loss of confidence by the investing public ultimately resulted in a decline of influence and self-regulatory responsibilityrdquo

Kroger30 Barrett31 Gillan32 Cunningham33 Moore34 and others arrived at essentially similar conclusions in regard to third party auditors of Public company financial reports One of the aftermaths of the Enron scandals was enactment of the Sarbanes-Oxley Act of 200235 36 (SOX) also known as the Public Company Accounting Reform and Investor Protection Act of 2002 SOX created the Public Company Accounting Oversight Board (PCAOB)37 The PCAOB acts as a private-sector regulator with responsibilities in regard to overseeing regulating inspecting and disciplining accounting firms in their third party roles as auditors of public companies The SEC was given responsibility for the PCAOB including its annual budget and approval or disapproval of any auditing rules put forward by SOX

12

SOX established new or enhanced standards of practice for all US public company boards management and public accounting firms and it contains 11 sections that address a wide range of topics from additional to criminal penalties auditor independence corporate governance internal controls financial disclosure SOX also requires the SEC to implement rulings38

(1) Periodic financial reports that do not contain untrue statements or material omissions

on requirements to comply with the new law Examination of the provisions of SOX briefly summarized in Appendix 4 show that Title I Title II and section 302 of the SOX law are of particular importance to maintaining the integrity of role of third party accountants

Title I - Public Company Accounting Oversight Board Establishes the Public Company Accounting Oversight Board (Board) to

(1) Oversee the auditing of public companies that are subject to SEC securities laws (2) Establish audit report standards and rules for Public companies and (3) Inspect investigate and enforce compliance on the part of registered public accounting firms their associated persons and certified public accountants

Title II - Auditor Independence Amends the Securities Exchange Act of 1934 to prohibit an auditor from performing specified non-audit services contemporaneously with an audit (auditor independence) Requires pre-approval by the audit committee of the issuer for those non-audit services that are not expressly forbidden by this Act Section 302 of Title III ldquoInstructs the SEC to promulgate requirements that the principal executive officer and principal financial officer certify the following in regard to the companyrsquos periodic financial reports

(1) The report does not contain untrue statements or material omissions

(2) The financial statements fairly represent the financial condition and results of operations and

(3) That officers responsible for putting internal financial controls in place receive all material information regarding the issuer and consolidated subsidiaries

Title III requires senior corporate officers to certify that auditors and the audit committee of the board of directors have received

(2) All material information regarding the issuer and consolidated subsidiaries

13

(3) All material information on significant internal control deficiencies and frauds that involve staff who have a significant role in the issuers internal controls

Observations

Numerous investigations following the Enron accounting scandals confirmed two widely held beliefs

1 Company executivesrsquo self-interests could lead them to falsify company financial information reported to shareholders and public members of the companyrsquos Board of Directors

2 The objectivity (independence) required of Certified Public Accountants accredited to verify the 10-K reports of a Public company was often not monitored effectively by either the organizations that accredited them or the Board of Directors of the company that employed them

Provisions of SOX addressed both of these issues by

1 Requiring company officers to certify that measures were in place that ensured that theyxiii

2 Creating the Public Company Accounting Oversight Board (PACOB) to verify

the Board of directors and the corporate audit committee received all material financial information pertinent to their respective responsibilities

39 thatxiv

It will be interesting see whether the benefits resulting from PACOB operations lead the SEC to recognize justify similar command and control measures whenever society relies on a third party to confirm that that a high hazard company operation does not impose a significant risk on members of the public

Postscript The current 2008 financial crisis which poses the risk of a major recession has many similarities with the 2001 Enron scandals which were triggered by the disclosure of Enronrsquos abuse of relatively obscure investment practices and instruments (Special Purpose Entities)

CPAs adhered to lsquogenerally accepted good practicersquo requirements

xiii Company officers could avoid responsibility for financial frauds by never being lsquoofficiallyrsquo informed of

practices that were or might be illegal xiv ldquoPublic Company Accounting Oversightrdquo Board inspections

httpwwwpcaobusorgInspectionsindexaspx Section 104 of the Sarbanes-Oxley Act of 2002 requires the Board (PCAOB) to conduct a continuing program of inspections of registered public accounting firms In those inspections the Board assesses compliance with the Act the rules of the Board the rules of the Securities and Exchange Commission and professional standards in connection with the firmrsquos performance of audits issuance of audit reports and related matters involving issuers The Act requires the Board to conduct those inspections annually for firms that provide audit reports for more than 100 issuers and at least triennially for firms that provide audit reports for fewer issuers

14

As the New York Times noted40 ldquothis was the year that many readers mdash not to mention financial reporters mdash learned what CDO MBS and SIV stood for 2008 could be the year of CDS and CLO (For those who came in late those abbreviations from 2007 are shorthand for collateralized debt obligations mortgage-backed securities and structured investment vehicles The new ones are credit default swaps and collateralized loan obligations mdash a special kind of CDO backed by corporate loans)

This New York Times article also makes the following observations ldquoBut if the credit insurers turn out to have had inadequate reserves what are we to make of the credit default swap market Mr Seides calls it ldquoan insurance market with no loss reservesrdquo and points out that $45 trillion in such swaps are now outstanding That is he notes almost five times the United States national debtrdquo

ldquoThe corporate credit market is vastly larger than the subprime market and there are plenty of dubious loans outstanding that probably could not be refinanced in the current market If some of those companies run into problems defaults could soar and fears about CLO valuations and CDS defaults could spread long before there are large actual losses on loansrdquo

ldquoIt was the greatest credit party in history made possible by a new financial architecture that moved much of the activities out of regulated institutions and into financial instruments that emphasized leverage over safety The next year may be the one when we learn whether the subprime crisis was a relatively isolated problem in that system or just the first indication of a systemic crisisrdquo

Another New York Times article deals with SECrsquos role in regard to the developing credit crisis and notes41

ldquoThe last six months have made it abundantly clear that voluntary regulation does not workrdquo he said

ldquoBecause it is a relatively small agency the SEC tries to extend its reach over the vast financial services industry by relying heavily on self-regulation by stock exchanges mutual funds brokerage firms and publicly traded corporationsrdquo

This article also reported that Mr Christopher Cox chairman of the SEC now recognized its reliance on self-regulation was misplaced

in a statement The program was fundamentally flawed from the beginning because investment banks could opt in or out of supervision voluntarily The fact that investment bank holding companies could withdraw from this voluntary supervision at their discretion diminished the perceived mandate of the program and weakened its effectivenessrdquo he added Mr Cox and other regulators including Ben S Bernanke the Federal Reserve chairman and Henry M Paulson Jr the Treasury secretary have acknowledged general regulatory failures over the last year Mr Coxrsquos statement on Friday however went beyond that by blaming a specific program for the financial crisis mdash and then ending it On one level the commissionrsquos decision to end the regulatory program was somewhat academic because the five biggest independent Wall Street firms have all disappearedrdquo

15

The failure of the SECrsquos self-regulatory approach to controlling credit risks raises questions regarding whether it is appropriate to use self-regulatory measures such as management-based regulations42

bull The risks are not transparent if

bull Mismanagement of the risks can lead to great societal losses bull Accepting the a particular class of credit risks (e g subprime mortgages)

leads to relatively high immediate payoffs for some of the firmrsquos agents whereas the likelihood of losses which may reflect on these agentsrsquo judgment are visualized as small or unlikely to occur during the agents employment with the firm

C) Mechanical Press Safeguarding

OSHA issued the Mechanical Power Press Standard (29 CFR 1910217) in 197143 (1971 Standard) This standard was in large part based on the ANSI voluntary consensus standard B111-1971 ldquoSafety Requirements for the Construction Care and Use of Mechanical Power Pressesrdquo The 1971 Standard incorporated the ANSI standardrsquos restrictions on the use of presence sensing devices

ldquoThe 1971 ANSI standard permitted presence sensing devices (PSD) to be used as a guard but it did not permit the PSD to initiate (actuate) the stroke of the press when the PSD senses that the employee has fed the press and removed the employeersquos hands and arms from the point of operationrdquo This restriction in effect banned primary reliance for operator safety on devices that sensed whether any part of an operatorrsquos body was in a power press danger zone (emphasis added by authors) If a Power press is equipped with a lsquoPresence-Sensing Devicersquo (PSD) the press cannot stamp if an operator is reaching through a light curtain to load a part into a machinerdquo

Despite the enactment of the 1971 Mechanical Power Press Standard injuries associated with operation of mechanical power presses continued to be unacceptably high For example NIOSH concluded in 198744 that

ldquoEven though there is an existing OSHA standard that addresses construction and operation of mechanical power presses injuries and amputations among press operators are still occurring with alarming frequency In many cases these injuries occur when the press is inadvertently activated while the operators hands are in the operating zone of the pressrdquo

In effect then the 1971 Mechanical Power Press Standard had not reduced worker injuries to the extent that OSHA had hoped for

16

After several major studies of what might be done to further reduce mechanical press injuries rounds of public comments a review of European experience and a public hearing OSHA was convinced that permitting the use of pressure sensing device initiation (PSDI) on mechanical power presses would substantially improve worker protection Acting on this conviction OSHA drafted a modification of its rule that would allow use of a PSD device as a primary safety measure on mechanical power presses The 1988 amendment45

1 Met good or even best practices

of the 1971 Mechanical Power Press Standard (1988 Regulation) permitting the use of PSDI was issued on March 14 1988 It contained an added paragraph (h) which required among other things that the safety of a PSDI mechanical power press must be validated by an OSHA-certified third party (lsquovalidatorrsquo) before it is placed into operation and it also must be recertified as safe annually However no third parties pursued becoming a validator under the provisions of the 1988 Regulation and therefore the provisions of paragraph (h) could not be implemented The principle reason for this failure to enlist third party validators is interesting Paragraph (h) of the 1988 Regulation requires the third party validator to attest to a number of findings in its review of a covered PSD mechanical power press process installation One of the required findings deals with establishing whether or not the process complied with the Regulationrsquos requirement that rdquono single failure or single operating errorrdquo will cause injury to personnel from a point-of-operation hazardrdquo Taken literally there is no press or for that matter no device that will meet that safety requirement In fact one can be sure that as long as a hazard exists there will be some probability that one or more injuries will occur over time Third party validators apparently were concerned about their liability if they validated a process as safe and subsequently a very low probability injury occurred despite the fact that the process

2 Process risks were as ldquoas low as reasonably practicablerdquo (ALARP)46

3 The risk that led to the injury was in the general range of OSHA acceptable risks

While OSHA became aware of these third party liability concerns shortly after the 1998 Regulation was issued and recognized the need to deal with them accomplishing the changes involved a complex process which started in 2002 when OSHA filed a ldquoNotice of a Regulatory Flexibility Act Review of Presence Sensing Device Initiation of Mechanical Power Pressesrdquo47 OSHA concluded its Flexibility Act Review in May of 200448 and published the findings of this review in the Federal Register on June 8 200449 The May 2004 Report discusses the costs of mechanical power presses injuries in Chapter 1 ldquoPrevious Characterization of Industry and Impactsrdquo

17

ldquoIn its 1988 rulemaking OSHA analyzed the impact of paragraph (h) on small entities as part of its economic impact analysis At that time OSHA estimated that approximately 73000 employees would be affected by the standards These employees are primarily punch and stamping press operators and job and die setters OSHA estimated that 40 percent of the former group and 20 percent of the latter were operating mechanical power presses These operators are employees in metal fabrication industries and the automotive industryrdquo

OSHA estimated that PSDI would increase productivity an average of 243 percent per press On a national level OSHA estimated that the use of PSDI would save industry about $162 million a year OSHA estimated that cost of installing PSDI systems and having them certified would be between $49 million and $77 million by 1991 OSHA also estimated that by 1996 2500 new presses would be equipped with PSDI producing additional productivity savings The total net annualized savings were estimated to be between $100 million and $129 million Because of the cost savings OSHA determined that the standard would not have a significant economic impact on small entitiesrdquo Section 41 ldquoThird Party Validationrdquo of the May 2004 report discusses OSHArsquos findings in regard to the problems encountered in implementing the paragraph (h) of the 1988 Regulation

ldquo41_Third-Party_Validation Whatever other issues there may be with paragraph (h) the main reason that the PSDI provisions have not been implemented is that no organization has come forward to serve as a third party validator OSHA originally adopted third-party validation for the following reasons

o A similar approach was used in Germany and Sweden and many experts believed it would work in the US

o OSHA-approved Nationally Recognized Testing Laboratories (NRTLs) which are third-party product certifiers perform activities similar to that contemplated for a validator and it was expected that NRTLs would apply to be validators The standard was also designed to allow industry organizations to establish semi-independent entities to serve as validators

o The annual recertification of PSDI systems was assumed to make the validation profitable for the validating organization and therefore worth any investment in equipment and training

o Liability would be limited because the employer or assembler would certify compliance the third party only validated the certification

o Many experts commented that the rule would workrdquo

18

Each of the industry sources50

o ldquoThe standard requires the third party to validate that no single failure will result in an injury Given that a mechanical power press has a single brake a single clutch and a single transmission it is impossible to state that a single failure will not result in an injury A catastrophic mechanical failure could and occasionally has resulted in injuries The only machine guard that prevents operator injuries in this case is the automatic pullback device Pullbacks like the other non-PSD guards do not protect non-operators who are sometimes the ones injured Consequently no third party (or original equipment manufacturer (OEM)) would be willing to make the validation that OSHA requires

interviewed provided the same set of reasons as follows for why no organization completed the process of gaining OSHA approval as a third partyrdquo

o Any organization that served as a third party would be taking on considerable potential liability sharing with the OEM exposure should an injury occur Because injuries continue to occur and lawsuits against OEMs are not uncommon most testing organizations do not want to take the risk

o Third-party testing organizations usually test to a specific test standard that covers a particular kind of item (eg hardhats electrical wires) Paragraph (h) requires the testing of the press the PSD and the control system plus the installation Combined with liability concerns this type of validation raises substantial concerns about the ability of organizations to do the validationrdquo

In essence these May 2004 findings are similar to what OSHA and many practitioners already believed many years earlier On June 4 200751 OSHA issued an Advance notice of proposed rulemaking which reviewed what had been essentially disclosed in its May 2004 Report and then made the following request

ldquoOSHA is seeking comments on whether and how the mechanical power presses standard should be amended including whether the requirements pertaining to the use of PSDI systems should be revised and whether the scope of the standard should be expanded to cover other types of pressesrdquo

Observations

While not stated explicitly the major underlying issue that led to OSHArsquos 2007 notice of proposed rulemaking was what to do about the role of third parties in implementing its Mechanical Power Press standard the same issue that OSHA faced almost 20 years earlier

19

If we accept OSHArsquos estimate that the use of PSDI would save one hundred million dollars per year the cost of this twenty year failure to achieve implementation of paragraph (h) of the 1988 Mechanical press regulation is about two billion dollars As Voltaire said The perfect is the enemy of the good

D) EPArsquos RMP Process Safety Standard

Public concern after a series of major accidents52 in the 1970-90 period led to provisions in United States 1990 CAA amendments that provided the statutory basis for both the OSHA 1992 Process Safety Management (PSM) rule and EPArsquos 1996 Risk management (RMP) Rule53 In 1992 OSHA fulfilled its CAAA Section 304 requirements in regard employee safety by issuing OSHA standard 29 CFR 1910119 ldquoProcess Safety Management of Highly Hazardous Chemicalsrdquo54 (PSM) in 1992 The PSM focused on preventing and mitigating process accidents that might impact people and property within the process facility EPA issued its ldquoAccidental Release Prevention Requirements Risk Management Programs Under the Clean Air Act Section 112(r)(7) Rulerdquo (RMP) in 1996 and it focused on preventing and mitigating process accidents that might impact the environment and people and property outside the process facility The EPA Rule incorporated by reference many of the provisions of the OSHA PSM rule The risk management plan of RMP covered facilities must execute the following planning elements55

bull An offsite consequence analysis that evaluates specific potential release scenarios including worst-case and alternative scenarios

bull A 5-year history of certain accidental releases of regulated substances from covered processes

bull An integrated prevention program to manage risk bull An emergency response program bull An overall management system to supervise the implementation of these

program elements bull A risk management plan (RMP) revised at least once every five years

that summarizes and documents these activities for all covered processesrdquo

The RMP Rulersquos lsquointegrated prevention programrsquo is basically the same as that in the OSHA PSM regulation and is incorporated into the RMP Rule program by reference as shown in Table 2

20

Table 2 Summary of Program 3 Prevention program (40 CFR PART 68 SUBPART D)56

SECTION TITLE OSHA PSM REFERENCE

sect 6865 Process Safety Information PSM standard sect 1910119(d)

sect 6867 Process Hazard Analysis (PHA) PSM standard sect 1910119(e)

sect 6869 Operating Procedures PSM standard sect 1910119(f)

sect 6871 Training PSM standard sect 1910119(g)

sect 6873 Mechanical Integrity PSM standard sect 1910119(j)

sect 6875 Management of Change PSM standard sect 1910119(l)

sect 6877 Pre-Startup Review PSM standard sect 1910119(I)

sect 6879 Compliance Audits PSM standard sect 1910119(o)

sect 6881 Incident Investigation PSM standard sect 1910119(m)

sect 6883 Employee Participation PSM standard sect 1910119(c)

sect 6885 Hot Work Permit PSM standard sect 1910119(k)

sect 6887 Contractors PSM standard sect 1910119(h)

Two factors posed major challenges to both Industry and EPA as they undertook to discharge their responsibilities under the RMP Rule

1 The RMP Rule is a lsquomanagement-based regulationrsquo 2 Process accidents covered under the RMP Rule are low-probability

events

Examination of these factors will illuminate why both industryrsquos implementation of the RMP Rule and EPArsquos monitoring of industryrsquos compliance with the Rulersquos provisions are difficult tasks Coglianese and Lazar57 describe Management-based regulations as follows

ldquoYet missing from the traditional emphasis on technology-based and performance-based regulation has been much systematic attention to a third type of regulatory instrument that we call management-based regulation Management-based regulation does not specify the technologies to be used to achieve socially desirable behavior nor does it require specific outputs in terms of social goals Rather a management-based approach requires firms to engage in their own planning and internal rulemaking efforts that are supposed to aim toward the achievement of specific public goalsrdquo

21

They also note that rdquoWhat we call management-based regulation resembles what others have called enforced self-regulation (Braithwaite58 1982) mandated self-regulation (Bardach amp Kagan59 1982 Rees60 1988) reflexive regulation (Orts61 1995) or process-based (Gunningham amp Grabosky62 1998) and systems-based (Gunningham63 1996 Gunningham amp Johnstone64 1999) standards We use the term management-based regulation to encompass a range of processes systems and internal management practices that government requires of private firms Although this basic approach has been noted and described by socio-legal scholars of regulation virtually no attention has been given to management- based approaches in the broader literature on regulatory instrument choicerdquo

EPA implicitly recognized that the RMP regulation was a management-based regulation when they noted65 that

ldquomany part 68 requirements do not specify exactly what you must do to meet them instead they provide you with flexibility to develop an approach that makes sense for your facility This allows you to tailor your program to fit the particular conditions at your facility The degree of complexity required in a risk management program will depend on the complexity of the facility For example the operating procedures for a chemical distributor are likely to be relatively brief while those for a chemical manufacturer will be extensive Similarly the length of training necessary to educate employees on such procedures will be proportional to the complexity of your operating procedures And while a facility with complex processes may benefit from a computerized maintenance tracking system a small facility with a simpler process may be able to track maintenance activities using a logbook There is no one right way to develop and implement a risk management program Even for the same rule elements your program will be different from everyone elses programs (even those in the same industry) because it will be designed for your specific situation and hazards mdash it will reflect whether your facility is near the public and sensitive environmental areas the specific equipment you have installed and other relevant factorsrdquo

Clearly the RMP Rule is a Management-Based Regulation and as such it does not operationally specify66

Meeting these RMP Rule mandates requires that a facilityrsquos covered processes be designed constructed and operated with staff capable of understanding whether their actions are compliant with the Rulersquos provisions including RAGAGEP This is not easy to ascertain and can only be accomplished by very competent staff The same type of challenges and requirements face auditors

exactly what must be done to achieve lsquocompliancersquo This lack of specificity has great benefits but it can also lead to legitimate disagreements on whether a facilityrsquos actions aimed at meeting a particular RMP Rule specification are appropriate In addition to being compliant with the Rulersquos specific provisions the RMP Rule also mandates that covered processes must be designed and operated in compliance with ldquoRecognized and Generally Available Good Engineering Practicesrdquo (RAGAGEP)

22

charged in regard to ascertaining that a process is being operated in compliance with the RMP Rulersquos specifications To its credit the chemical industry recognized these challenges before the RMP Rule was promulgated and in 1985 it created the non-profit Center for Chemical Process Safety67 (CCPS) under the sponsorship of the American Institute of Chemical Engineers (AIChE) CCPS published its first process safety guideline book Guidelines for Hazard Evaluation Procedures by 1990 and has continued its work It now has a catalog of over 100 books and products CCPS technical guidance products did not eliminate the compliance challenges associated with the management- based nature of the RMP Rule but they did make it possible for diligent firms to come into compliance with the Rule if they chose to make the considerable effort required to translate CCPS guidance into practice Fortunately RMP covered process accidents present relatively low-probability high-consequence (LP-HC) risks Unfortunately however as the literature6869 shows individuals tend to postpone correction (or even recognition70) of LP-HC risks even if the potential consequences of doing so are high Given these considerations one can understand why a facilityrsquos attention to the RMP Rulersquos requirements tends to decay over time particularly if there has been no recent accident that was severe enough to attract significant public regulatory agency or company shareholder attention After the adoption of EPArsquos RMP Rule in 1996 the Wharton Risk Management and Decision Processes Center71

This last consideration arose as a result of concern about the availability of the funding and qualified auditors needed by EPA or a delegated State agency to

undertook a project aimed at studying how the benefits of the RMP rule might best be realized and its foreseeable deficiencies minimized by the way the Rule was implemented by EPA and covered facilities This project (Wharton RMP Project) involved a multiyear series of lsquooff the recordrsquo presentations and discussions attended by representatives of prominent companies US and State regulatory bodies technical professional societies insurance companies and consulting firms One of the issues addressed by the Wharton RMP Project was auditing of facility compliance with the RMP Rulersquos provisions The RMP Rule called for audits by EPA and States which obtained a delegation to enforce the RMP Rule such as New Jersey California and Nevada However while the Rule required that facilities must audit their RMP compliance annually it did not specify either the protocol facilities must be used to accomplish such audits Moreover the Rule was silent on either the frequency of character of EPA audits Clearly if EPA conducted very frequent audits with unjustified inappropriately restrictive findings this would a problem for industry On the other hand the EPA failed to put an effective audit program in place this could put the Public employees andor insurance companies at unjustified risk

23

execute an effective audit program Wharton RMP project participants felt that this problem warranted special attention and they developed a plan for evaluating the feasibility costs and efficacy of using third party auditors lsquocertified by the regulatory agency having responsibility for a facilityrsquos RMP Compliance but paid for by the company being audited Why each of the participants in the study reached this decision is not clear Some of the participants may have thought the study needed to be done because it appeared unlikely that RMP regulatory agencies had or would be provided with the resources required to execute an adequate RMP audit program In fact even as EPA responsibilities were increasing the number of EPA employees fell from 18375 in 1999 to 17500 in 200272 Others (insurance companies and consultants) may have seen third party audits as a business opportunity some as a way of transferring the cost of auditing from the government to RMP facility and some as way of improving the quality of the audits The authors could not determine what motivated specific participants participation Organizations that participated in the RMP third party audit project (third party team) included CEPPO the Wharton School Delawarersquos Dept of Natural Resources and Environmental Control EPA Region III loss prevention representatives private companies subject to the RMP rule Insurance companies trade and professional associations other government agencies and consultants In August 2000 EPA described its participation in the RMP third party audit project73

Delaware was selected as one location to carry out experiments because it has had a state regulation for inspecting chemical facilities since 1990 It was

as follows ldquoEPA Region III has been collaborating on a research effort with The Wharton School and other stakeholders to explore the possibility of using third-parties such as insurance companies and safety consultants to audit small business compliance with the RMP rule A few third party audits are being conducted as a pilot in Pennsylvania EPA Region III has selected and trained third party auditors who will conduct document reviews and on-site visits and summarize their findings in audit reports As part of the pilot EPA inspectors will conduct separate audits to verify the accuracy and thoroughness of the third-party audits and to get feedback from the participating facilities about the experience The results of the pilot project will be shared with insurance companies trade associations public interest groups and regulatory agenciesrdquo

After a series of discussions the third party project team decided to explore the use of independent third party RMP auditors in two pilot tests to be carried out by EPArsquos Region III and Delawarersquos Dept of Natural Resources and Environmental Control

24

considered a good place to conduct third party audits and to compare the results obtained by the third party auditors with the results obtained by DNREC Pennsylvania was selected to conduct third party audits because state officials in Pennsylvania do not routinely inspect chemical facilities for their risk management programs The third party audit experiments conducted in Pennsylvania were done in the eastern part of the state Here EPA Region III agreed to inspect the facilities after the third party auditors had finished and compare their audits with what the third party auditors had obtained In Delaware when the third party auditors were selected for the experiment Wharton provided 50 third party candidates to DNREC as potential auditors DNREC selected three inspectors from an insurance company two from engineering firms and three from government and small business DNREC and EPA Region III trained these eight candidates for two days and then assigned them to the chlorine and ammonia facilities The operational results were the same as those obtained by DNREC when it does its inspections When the third party auditors were selected for the experiment in Pennsylvania Wharton again provided a large group of third party candidates to EPA Region III EPA selected five auditors from three different insurance companies two from the City of Philadelphia and one from a testing laboratory DNREC and EPA Region III again spent two days training the third party auditors and assigning them to the chlorine and ammonia facilities After the third party auditors completed their audits EPA Region III audited all of the facilities EPA results were identical with those found by the third party auditors In both Delaware and Pennsylvania Wharton found that the owners and operators of facilities were sympathetic to having third party inspections and would be inclined to use them if they yielded certain benefits More specifically facility owners said they would be especially interested if the EPA or a regulatory agency gave them a seal of approval based on the results of the inspection if there were economic benefit offered them by the insurance companies by undertaking the inspection and if the community viewed positive results from an inspection as a signal that the firm was operating safely74 Collins75

The idea of using third parties as independent auditors was extensively investigated through a series of roundtable meetings at the University of Pennsylvaniarsquos Wharton School These meetings explored the use of third-party auditors and led to two field pilot tests of the concept

of the Zurich Insurance company and a diverse group of other participants summarized the nature and results of field tests using third party auditors to evaluate RMP compliance at 21 chemical facilities in Delaware and Pennsylvania The findings and conclusions of Collins et al were as follows

ldquoRMP Third-Party Audit Pilot Project

25

Participants included CEPPO the Wharton School Delawarersquos Dept of Natural Resources and Environmental Control EPA Region III loss prevention representatives private companies trade and professional associations other government agencies and consultants The pilot experiment was conducted in two phases during 1999 and 2000 In these studies third-party auditors were used to evaluate RMP compliance at 21 chemical facilities in Delaware and Pennsylvania Through the experiment EPA wanted to test the concept of third-party inspectors for RMP compliance audits in two different regulatory environments Following a two-day training program Phase I of the pilot was conducted in Delaware where a state level accident prevention law similar to section 112(r) already existed Phase II was conducted in Pennsylvania which had no state level law or RMP delegation These studies participants addressed several questions bull Could third parties conduct comprehensive risk management program

audits bull Would these audits be as rigorous as audits conducted by

government inspectors bull What background and experience would best prepare a third party to

conduct RMP audits bull What additional training would be necessary to prepare prospective

third-party auditors bull How would facilities react to the presence of auditors Would facilities

see value in the audit bull How much time would an audit take bull Would facilities in states without previous accident prevention laws in

place be less compliant with the RMP rule and therefore more difficult for a third party to audit

The two pilot projects established the following important findings 1) Third parties could successfully conduct compliance audits at RMP facilities with adequate rigor 2) Previously existing state regulatory environment had little effect on the ability of third parties to conduct adequate audits 3) Facilities reacted favorably to the presence of third-party auditors and found third-party audits to have value

The pilot studies and roundtable meetings also provided valuable insight into other critical issues such as necessary training and experience for third party auditors costs incentives needed to encourage facilities to volunteer for an audit and the potential role of insurance companies in third-party audits

26

From an insurance industry perspective the pilot studies were also successful in establishing that bull Prior auditing experience in other areas translates well into the

environmental arena bull Auditor training was the key to the success of the pilot studies bull The report format used while successful during the pilot might be

too extensive for use on an ongoing basis Some reports were more than 100 pages for simple assessments

bull Client cooperation was key Without their active participation successful interviews and surveys could not be completedrdquo

Barrish76 one of the Delaware Dept of Natural Resources and Environmental Control participants in the project essentially agreed with Collinsrsquo conclusions and noted that

ldquoThe third party auditors were able to identify both areas of exceptional performance and areas that required improvement The auditors felt that the audit took longer to accomplish than they expected Some auditors felt that working together on their first audits had some advantages

The auditors occasionally accepted performance that the implementing agency would not have accepted A disagreement over the degree of a potential deficiency is common as this is a performance-based regulation that has limited specifications This type of rule is open to interpretation and acceptable compliance can vary depending on the observer We feel this level of performance is much the same as any new implementing agency might experiencerdquo

Belke77 EPArsquos Chemical Emergency Preparedness and Prevention Office participant in the Wharton program also concurred with Collins and Barrish and noted that

ldquoIn summary the experiment conclusively demonstrated that third parties could successfully conduct compliance audits at RMP facilities with adequate rigor that the previously existing state regulatory environment appeared to have little effect on the ability of third parties to conduct adequate audits and that facilities reacted favorably to the presence of third party auditors and found third party audits to have valuerdquo

Clearly a diverse group of experienced stakeholders concluded that third party auditors were capable of executing effective audits of covered company compliance with the RMP Rules requirements

During the time period that the Wharton project team was evaluating the third party audit option the resources available to EPA were decreasing and Walter Frank78 noted

27

ldquoBased on input from states and EPA regional offices administering the RMP rule EPA has effectively concluded that RMP regulators will not have sufficient resources to ensure industry compliance with the RMP rulerdquo

EPA posted an abstract of a proposed regulation aimed at promoting the use of third party RMP auditors79

It might also be noted that it was likely that the third party proposal published in early December 2001 was developed prior to the September 11 2001 terror

December 2001 The abstract reads as follows ldquoThis action establishes requirements incentives and procedures for third party audits of Risk Management Plans (RMPs) under 40 CFR part 68 that would reduce the need for and thus the incidence of government audits of RMPs submitted by facilities that volunteer for such an audit In this context a third party is someone not employed by either an RMP-regulated facility or a government agency responsible for implementing the RMP program (implementing agency) In the preamble to the final Risk Management Program rule EPA endorsed the concept of using third parties to assist in rule compliance and oversight (61 FR 31705) provided that any such proposal not weaken the compliance responsibilities of facility owneroperators offer cost savings and benefits to the industry community and implementing agencies that significantly exceed the cost of implementing the approach lead to a net increase in process safety particularly for smaller less technically sophisticated facilities and promote cost-effective agency prioritization of oversight resources However no specific criteria or requirements were specified in the RMP rule to regulate the activities of facilities implementing agencies or third parties with respect to third party assistance A facilityrsquos participation in the third party audit program proposed by this action would be totally voluntary For facilities that choose not to participate in the program this action would have no effect However if a facility participates this regulation would establish the requirements and regulatory incentives for their participation For participating sources the action would offer the potential for reduced regulatory burden (while maintaining their compliance responsibilities) flexible auditing options and other benefits provided the source meets the applicable requirements described in the rule This action also would specify the proposed qualification requirements for persons desiring to act as third party auditors EPA believes that this action would promote increased safety among facilities covered by the riskrdquo

This proposal is clearly related to the third party audit option developed by the Wharton RMP study and one might speculate that the decrease in EPA resources and the positive results of the Wharton Study grouprsquos evaluation of the effectiveness of third party audits of RMP facilities contributed to EPArsquos proposed third party audit regulatory option

28

attack New measures put in place after the 2001 terror led to increased emergency response duties for CEPPO the office that also supervised implementation of the RMP Rule and resulted in a further decrease in the resources that were available for ensuring implementation of the RMP Rule In any case the proposed third party RMP audit option was withdrawn in 2003 and never developed into a proposed Rule and therefore there has been no public debate of this approach for improving implementation of the RMP Rule Given the character of the RMP Rule (ie It is a lsquomanagement-based regulationrsquo and process accidents covered under the RMP Rule are low-probability events) it is of interest to learn how effectively the RMP Rule has achieved its major objective reducing reportable process accidentsxv in RMP covered processes The RMP Rule requires covered facilities to report80 process accidents if they resulted in damages that exceeded specified loss consequences either lsquoon-sitersquo (within the facility) or lsquooff-sitersquo In interpreting the effectiveness of the RMP Rule one must keep in mind that the OSHA PSM regulation was directed at preventing process accidents capable of causing specified injuries and damages on-site (within the plant location) The EPA RMP Rule which incorporated the OSHA PSM prevention programs provisions was put in place to control specified injuries and damages to the public its property or the environment (off-site) and had added provisions aimed at assessing and preventing such injuries and damages A study that addressed trends in the incidence of RMP reportable accidents has been done at the Wharton Risk center under a cooperative agreement with EPA The data used for these studies was obtained from the two five year accident history reports that facilities covered under the RMP Rule were required to submit to EPA in June 1999 and June 200481 This study82

xv The RMP Rule prescribes the character and magnitude of accidents that must be reported to EPA in the

facilityrsquos 5 year accident reports

was completed in 2007 and the major findings of this study briefly summarized by excerpts from Chapter 6 of the study are as follows

ldquoRMP reported accident rates significantly declined between Waves 1 and 2 of RMP filings both for all accidents and for accidents with reportable consequences However in contrast to this finding we also found that there was no decrease in the total accidents with reportable off-site consequences so that the major reason for the decline was a decrease in on-site consequence accidents (emphasis added) The principal cause for this drop in accidents with on-site consequences is a decrease in the sub-category ldquoinjuries to employees and contractorsrdquo which are in essence OSHA reportable occupational illnesses and injuries (OII)

29

ldquoWhat we can conclude from this discussion is that the Rule has not met the expectations embodied in the original benefitcost study (US EPA 1996b) concerning the magnitude of benefits and costsrdquo

Observations

Most process safety practitioners believe83 and investigations of reported process accidents84 85

1 RMP covered processes impose risks on the public

in processes covered under the RMP Rule indicate that if the provisions of the RMP regulation had been adequately implemented almost all RMP covered process accidents might have been prevented It is also clear that adequate audits of covered processes conformance with RMP requirements would have detected the deviations that subsequently led to led to major accidents This paper concludes that a strong case exists for requiring facilities to fund third party audits of their RMP covered processes because of the following considerations

2 Many of these risks would be significantly reduced by conformance with the provisions of the RMP Rule

3 RMP audits by a competent third party auditor would be likely detect to most instances of non-conformance and facilitate action by EPA that promoted correction

4 The current frequency of government audits of RMP covered processes tends to be inadequate because of resource constraints

The reader might keep these four conclusions in mind in reading section E

E) Third party functions and roles in non-food regulations that might be beneficially introduced into meat safety regulations

This section of the paper focuses on findings and lessons learned in the preceding reviews of non-food safety regulations that are pertinent to USDA meat poultry and egg product safety management programs Background More than 12 federal agencies regulate food safety in the United States However the Food Safety and Inspection Service86 (FSIS) of the US Department of Agriculture has the major responsibility for ensuring the safety of meat poultry and egg products Current law87 stipulates that only federally inspected slaughter operations can produce products that are destined to either enter interstate commerce or be exported abroad In order to receive Federal inspection an establishment must apply for and receive an official lsquoGrant of Inspectionrsquo

30

Obtaining a Grant of Inspection requires the slaughter operation to

bull Agree to abide by all FSIS regulations bull Have written Sanitation Standard Operating Procedures bull Conduct a hazard analysis and develop and validate a lsquoHazard Analysis

and Critical Control Pointrsquo (HACCP) plan to deal with identified hazards The last two of these three requirements are detailed in USDA regulations covering Sanitation88 and the HACCP plan89

Having obtained a lsquoGrant of Inspectionrsquo allows a slaughter plant to operate provided a second legal requirement is satisfied FSIS inspection personnel must be present while the plant is operating FSIS employed about 7600 full-time residential inspectors in approximately 6000 plants to discharge its meat safety program requirements in the 2004-2005 period The mission of FSIS is to ensure that the meat slaughtering and processing operation produce lsquosafersquo90

1 The life-history of the animal that was the source of the unsafe product

products In order to accomplish this FSIS requires that covered plant operations conform to the requirements of both the USDA Sanitation and HACCP standards Implementing the required Sanitation standardrsquos requirements and auditing to confirm that this has been accomplished is not an easy job for a meat plantrsquos staff and also demands constant attention from the FSIS inspectors present at the plant However developing and implementing the plantrsquos HACCP regulatory requirements and confirming this by audits is a much more difficult problem than meeting the Sanitation Standardrsquos requirements This paper maintains that successful implementation of HACCP regulatory requirements is one of the two major challenges that the meat industry faces in reducing the risks associated with meat products to as low a risk as practicably attainable (ALARPA) The other major challenge is traceability lsquoa process with the ability to determine an unsafe productrsquos route along the supply chain from the source of the animal feedstock to the ultimate consumer who may experience injury from the unsafe meat productrsquo Traceability is required in order to inform people who have purchased an unsafe product that they may be at risk of injury and also to accomplish withdrawal of any unsold inventory of the unsafe product Traceability is also required to reduce the likelihood of repeating the sequence of events that led to the production of the unsafe product To accomplish this requires a system that has following information

2 Where when and how products were produced from this animal and 3 How and to whom the identified product was distributed

31

Factor(s) that led to the productrsquos unsafe condition could have arisen during any one of these three phases of the productrsquos lifecycle and might lead to similar problems in the future Moreover traceability is a factor that affects probably also affects the initial production of safe foods because as Golan91

Traceability

notes ldquoIn fact any policy that increases the cost and probability of getting caught selling unsafe food provides producers with incentives to increase their trace-back capabilities These types of policies will encourage the development of more efficient systems for the swift removal of unsafe foods and for investment in safer food systemsmdashwhich is the ultimate objective of food safety policyrdquo

xvi was not a major consideration in regard to reducing the four nonndash

food risks discussed earlier in the paper However it is clearly a major consideration in managing food risks and the subject has been discussed in a wide variety of papers produced by ERS92 and others93949596 While improved traceability systems are important in reducing injuries from unsafe foods compliance with the requirements of the FSIS HACCP regulation97 probably has a greater potential for reducing injury from unsafe meat products than can be achieved by improvements in traceability and is therefore probably the most important safety challenge facing the meat processing industry today The FSIS HACCP regulation is organized in eight sections

4171 Definitions 4172 Hazard Analysis and HACCP Plan 4173 Corrective actions 4174 Validation Verification Reassessment 4175 Records 4176 Inadequate HACCP systems 4177 Training 4178 Agency Verification

Examination of requirements in the eight sections of the HACCP regulation shows that the regulation addresses the following seven principles98

xvi However traceability could be an issue in regard to these non-food accidents if the accidents resulted in

exposure to hazards that only manifested themselves after a incubation period eg asbestosis lung cancers etc

that practitioners in the both the private and government sectors believe any HACCP system must address

(1) hazard analysis (2) critical control point identification (3) establishment of critical limits (4) monitoring procedures (5) corrective actions

32

(6) record keeping and (7) verification procedures

This paper will not discuss the HACCP regulation requirements in any depth However it will briefly touch on how the FSIS Regulation defines terms related to critical control point identification one of its seven HACCP principles to give readers unfamiliar with the regulation some feel for the regulationrsquos character and requirements The HACCP standardrsquos requirementrsquos in ldquosect 4178 Agency verificationrdquo will be subsequently discussed in this sectionrsquos observations The HACCP regulation defines the terms lsquocritical control pointrsquo and lsquocritical limitrsquo as follows

lsquoCritical control pointrsquo ldquoA point step or procedure in a food process at which control can be applied and as a result a food safety hazard can be prevented eliminated or reduced to acceptable levelsrdquo lsquoCritical limitrsquo The maximum or minimum value to which a physical biological or chemical hazard must be controlled at a critical control point to prevent eliminate or reduce to an acceptable level the occurrence of the identified food safety hazard

The HACCP regulation requires that a facility establish lsquocritical limitsrsquo for its processes and Dr Ronald Jones of FSIS sums up the basis for these lsquocritical limitsrsquo as follows

ldquoCritical limits can come from a variety of sources They may be based on FSIS regulations or guidelines FDA tolerances and action levels scientific and technical literature surveys experimental studies or the recommendations of recognized experts (emphasis added) in the industry academia trade associations or processing authoritiesrdquo99

The absence of a set of uniform lsquoCritical Limitsrsquo applicable to all facilities covered under the FSIS HACCP regulation

Dr Jones also notes that ldquoEach establishment must be able to provide a basis for their (emphasis added) decision regarding how they selected and developed their critical limits This supporting documentation needs to be available for the inspector to review A production process that has not met the critical limits may have produced an unsafe productrdquo

Establishing critical limits that meet a literal reading of the HACCP regulatory requirements is clearly a very difficult job to accomplish even when the covered facility has above average resources and makes an honest effort to do it For example how does a facility identify all ldquorecognized expertsrdquo and ensure it has located all of such expertsrsquo recommendations

100 is not atypical in what has been variously called lsquoManagement-Basedrsquo101 or lsquoCo-regulatoryrsquo102 regulations and it illustrates that while lsquoManagement-basedrsquo regulations have substantial benefits and are

33

often preferred by industry they can also present implementation and audit challenges similar to those described in our previous discussion of EPArsquos RMP regulation In 2007 Congress requested that the USDA Office of Inspector General (OIG) conduct an audit of the proposed new risk HACCP based inspection system The OIG report103

bull FSIS staffing adjusted for the size of the meat and poultry industry has decreased

concluded that ldquoBased on our audit results we question whether FSIS has the systems in place at this time to provide reasonable assurance that risk can be timely or fully assessed especially since FSIS lacks current comprehensive assessments of establishmentsrsquo food safety systemsrdquo

This finding is not too surprising considering that

104

bull Credible audits of industry conformance with FSIS HAACP standard require large amounts of skilled auditor effort

(Figure 2) over the period of time that FSIS has been required to assure industry conformance with the requirements of the HAACP standard

Figure 2 105

34

Observations

The problem that FSIS faces in obtaining the resources needed to fully implement its regulatory function is not unusual It is one of the major reasons that many regulatory agencies established regulatory provisions that employ third parties to verify covered facilities conformance with their regulations As our previous discussions show various government agencies have put in place or proposed measures that allowed for the use of third parties to audit regulated companyrsquo conformance obligations with respect to

bull boiler and pressure vessels bull public company financial accounting statements bull mechanical press safeguarding bull the safety of chemical processes

Our discussion of these areas showed that

bull OSHArsquos third party audit provision in their mechanical press regulation failed because it attempt to over-control the conduct of third parties and the criteria that third parties had to use in verifying regulatory conformance

bull SECrsquos efforts to ensure that company 10-K financial reports conformed to GAAP by requiring that they be verified by lsquoindependentrsquo certified public accountants (CPArsquos) were not completely successful Problems with the SECrsquos approach became obvious during the Enron inquiry which revealed that the SECrsquos regulatory measures failed to prevent CPArsquos from auditing companies despite the fact that they had an obvious self-interest in accommodating the management of companies they audited

bull The various state boiler and pressure vessel regulations contained third party audit provisions that worked and made an important contribution to significant decreases in boiler and pressure vessel accidents

The success of the third party audit mechanism in the boiler area was probably enhanced because the bulk of the boiler third party auditors leaned towards over-compliance as a result of their association with boiler insurance companies who had a self-interest in preventing facility boiler accidents losses Furthermore the various state boiler regulations were successfully implemented despite the fact that they required regulated companies to pay a fee to cover the costs of regulating them This is an important consideration given the difficulties FSIS may face in funding the additional highly skilled auditors required to audit industry the meat and poultry processing facilities In the best of all worlds all third partiesrsquo independence would like Caesars wife lsquobe above reproachrsquo In the real world this is unlikely Many individuals who have the qualifications to act as a third party auditor under the provisions of a government regulation also solicit business from the industry subject to the

35

regulation though perhaps not the specific company they may be allowed to audit This situation is likely to produce a bias toward pleasing industry for a variety of reasons Given the difficulty in ensuring that all third party auditors capable of assessing industry conformance with FSIS HACCP regulatory requirements are completely unbiased leads the authors to suggest that a second best alternative choose auditors whose bias if any exists may result in some incompletely justified findings that a firm has not complied with one or more provisions of the FSIS HACCP regulationrsquos requirements The decision to choose this alternative is justified because the food risks addressed by the FSIS HACCP regulations are imposed risks that can neither be completely avoided or discerned a priori by the public Furthermore there are well established regulatory procedures that allow food companies who feel they have been wronged by unfounded FSIS non-compliance findings to have such non-compliance findings withdrawn

Though a food processing firm may unfortunately suffer losses even if a non-compliance finding is later deemed to be unfounded such losses do not compare with the losses (deaths and injuries) that members of the public may experience as a result of a food firmrsquos under-compliance with the provisions of the FSIS HACCP regulation Moreover the food processing firm can take steps to eliminate the distribution of almost all disease contaminated products while the consumer cannot discern a priori whether a food product is unsafe As Fortin106

ldquoIt is well documented that the market provides incomplete information on a productrsquos risk of inducing foodborne illness

xviii

notes

xvii consumer information on unsafe food is incomplete both before and after purchase Unlike food spoilage organisms foodborne pathogens often are invisible odorless and tasteless Consumers cannot examine their food and determine that it is free from pathogens Further the vast majority of foodborne illness is never traced back to its cause This market inefficiency creates an underproduction of food safety that a fully functional and competitive market would produce

For the market system to work consumers would need inexpensive access to complete information on the safety of their food either before or after purchase Unfortunately even the limited available information generally is very costly to

xvii See generally id at 11 Taylor supra note 18 at 13-14 (ldquoMarket mechanisms work reasonably well to

satisfy consumer demands for economy convenience and choice in the food supply but they cannot fully satisfy the very high consumer expectations for food safetyrdquo)

xviii See Buzby et al supra note 23 at 11 (ldquoHigh transaction costs and information costs dissuade food-poisoning victims from filing lawsuits hellip limit feedback to firms to produce safer food hellip the result is a level of food safety that is less than the socially optimal level provided by a perfectly competitive marketrdquo)

36

obtainxix as foodborne pathogen determination requires expensive investigation and laboratory testing Even if an ill consumer did somehow complete such investigation and laboratory testing he or she would have no way to communicate the information among the large number of people needed to conduct the epidemiology for a foodborne illness investigationxx

Rarely is the cause of a foodborne illness traced back to the causative food More than eighty percent of foodborne illness may be unreported and even when reported causation is difficult to proverdquo

Moreover information on foodborne illness generally is not available at any cost

xxi

1 Annual audits of each covered facilityrsquos compliance with existing HACCP provisions conducted by an FSIS lsquoqualifiedrsquo third party chosen by the facility that is to be audited

Given the considerations discussed above and the limited resources available to FSIS suggests that FSIS might consider and be able to justify a regulatory measure that contains the following requirements and provisions

2 A list of qualified third party HACCP auditors who meet the following requirements

a) Agree to treat the results of audits they perform for FSIS as confidential government information unless they get permission to release their audit results from FSIS

b) Have an educational background and experience that is similar to that which FSIS requires of its own employees before it allows them to audit a covered facility for conformance with FSIS HACCP regulatory requirements

c) Are able to establish their complete neutrality and independence or establish that they are employed or sponsored by either bull a firm that presently provides insurance coverage to one or more

meat and poultry processing firm for losses resulting from customer injury claims andor required product recalls

bull a company that sells processed meat poultry or egg products directly to consumers

3 Regulatory provisions allowing FSIS to decide whether it is appropriate to share the product safety findings of its third party HACCP audit findings with either the audited firmrsquos food safety insurance company its customers or the public

4 A requirement that specified portions of the cost of a third party audit be borne by the audited facility andor the company that insures the facility for food illness and food recall losses if the company has such insurance

xix See Michael R Taylor Preparing Americarsquos Safety System for the Twenty-First CenturymdashWho Is

Responsible for What When It Comes to Meeting the Food Safety Challenges of the Consumer- Driven Global Economy 52 FOOD amp DRUG LJ 13-14 (1997)

xx Dion Casey Agency Capture The USDArsquos Struggle to Pass Food Safety Regulations 7 KAN JL amp PUB POLrsquoY 142 144 (1998)

xxi CDC FOODNET SURVEILLANCE REPORT FOR 1999 supra note 36 at 6

37

5 A requirement that the third party auditor will only collect information pertinent to FSISrsquos to discharge of its responsibilities under section ldquosect 4178 Agency verificationrdquo of the HACCP Standard to wit

ldquosect 4178 Agency verification FSIS will verify the adequacy of the HACCP plan(s) by determining that each HACCP plan meets the requirements of this part and all other applicable regulations Such verification may include (a) Reviewing the HACCP plan (b) Reviewing the CCP records (c) Reviewing and determining the adequacy of corrective actions taken when a deviation occurs (d) Reviewing the critical limits (e) Reviewing other records pertaining to the HACCP plan or system (f) Direct observation or measurement at a CCP (g) Sample collection and analysis to determine the product meets all safety standards and (h) On-site observations and record review

The proposed regulation should stipulate that third party audit findings will be shared with the audited facility and that the facility shall be asked to comment on these findings The regulation should also stipulate that third party auditors will have no role in deciding whether these findings should be addressed by some combination of FSIS facility penalties andor corrective action agreements If in fact FSIS believes that a third partyrsquos findings warrant action against the facility and the facility disputes the third party auditorrsquos findings FSIS would be required to have one of its inspectors re-audit the facility to verify the third party auditors findings At the present time FSIS is responsible for both

1 Collecting the information required in sect 4178 of the HACCP regulation 2 Ensuring that findings of facility non-compliance with the HACCP

regulationrsquos requirement are addressed

Execution of a third party audit program would identify instances of significant non-compliance pertinent to existing HACCP regulatory requirements and allow FSIS to focus its limited resources on ensuring that covered facilities take appropriate corrective measures The potential benefits of using third party auditors associated with insurance companies as a means of reducing the frequency of accidents triggered by a number of different hazards is not a new concept As prior discussion in this paper shows It has been an effective tool in implementing boiler and pressure vessel accidents and been the subject of a series of studies at Wharton107 as noted previously Cunningham108 has also proposed using what is in essence insurance company sponsored third party audits of company financial statements

38

and Skees109 Havinga110 and Henson111 have discussed aspects of this proposition specifically in regard to improving to food safety Considerations similar to those that led boiler and pressure vessel regulators to favor the use of third party auditors associated with insurance companies that suffered losses when a facility experienced a boiler and pressure vessel accident also exist in regard to the use of third party auditors who are associated with food marketing companies Food marketing companies also suffer major losses when they buy a meat product that leads to customer injury or product recalls and many of them112 113 have the capabilities and programs including their own third party inspections of their meat suppliers to verify the safety of their meat products down to the retail level Similar lsquoextrarsquo safety initiatives by other food retailers might be encouraged if FSIS and USDA had the authority and resources needed to certify and publicize the safety of a food product at the time of retail purchase rather than at the time the product was passed into interstate commerce To illustrate this point one can examine the impact of an ordinance passed by the Los Angeles (LA) County government in December 1997 requiring restaurants to display a grade cards resulting from a hygiene inspection by the Department of Health Services (DHS) The grade cards ranked restaurants based on numerical scores For scores from 70 and above the restaurant was issued a qualitative rating varying from A (90-100) to C (70-79) Restaurants were given a card reporting the actual score if it is below 70 Restaurants were closed by the DHS if two consecutive inspections result in a score below 60 or if they discovered a severe hygiene problem A path breaking study by Jin and Leslie114 examined the impact of this disclosure law on hygiene quality in restaurants as well as restaurant revenues They found that voluntary disclosure of grade cards causes an increase in hygiene quality as well as an increase in revenues for those restaurants with the highest hygiene scores Mandatory disclosure has an even stronger effect on hygiene quality leading to a 20 percent decrease in foodborne illness and hospitalizations while also resulting in revenue increase for the restaurants with the highest score on their grade cards The resource and authority constraints faced by FSIS are not unique In November 2007 the FDA announced that it was seeking

ldquolegislation to authorize the FDA to accredit independent third parties or to recognize entities that accredit to evaluate compliance with FDA requirements would allow FDA to allocate inspection resources more effectivelyrdquo115

39

This FDA third party inspection proposal has many similarities to the EPA RMP third party auditing proposal examined in Section D) of this paper EPA facing resource restraints that did not allow it to audit all of the companiesrsquo covered by its RMP regulation at an adequate frequency sought to reduce the number of audits it would need to conduct by offering inducements that would lead covered companies to voluntarily conduct RMP compliance audits by EPA approved third parties The FDA proposal reads as follows

ldquoADDITIONAL LEGISLATIVE AUTHORITY NEEDED Authorize FDA to Accredit Highly Qualified Third Parties for Voluntary Food Inspections The universe of domestic and foreign food establishments subject to FDA inspection is immense and continuing to grow faster than the FDAs inspection resources (emphasis added) Even with the most sophisticated detection tools and laboratory capabilities the FDAs inspection resources are finite Therefore legislation to authorize the FDA to accredit independent third parties or to recognize entities that accredit to evaluate compliance with FDA requirements would allow FDA to allocate inspection resources more effectively (emphasis added)

To establish such an accreditation program for voluntary food inspections FDA would undertake a public process to determine best practices and solicit industry input in the design of the program An FDA accreditation program would require FDA to accredit third-party organizations or recognize an entity that accredits third parties Third-party organizations could be as appropriate Federal departments and agencies state and local government agencies foreign government agencies or private entities without financial conflicts of interest FDA would also

bull Audit the work of these organizations to ensure that FDA requirements were consistently assessed

bull Review their inspection reports and bull Provide ongoing training criteria to ensure they maintain their skills and

knowledge especially as technology and requirements change over time

FDA would use information from these accredited third-party organizations in its decision making but not be bound by such information in determining compliance with FDA requirements Use of accredited third parties would be voluntary and might offer more in-depth review and possibly faster review times and expedited entry for imported goods manufactured in facilities inspected by accredited third parties Use of accredited third parties may also be taken into consideration by the FDA when setting inspection and surveillance prioritiesrdquo

40

The FDA also sought to address its limited resource problem by seeking the authority to require a ldquoReinspection Fee From Facilities That Fail to Meet current Good Manufacturing Practices (cGMPs)rdquo Clearly the resource problem that the FSIS faces in implementing its HACCP food safety measures is endemic This resource problem has led this paper to propose that FSIS consider the use third parties to audit compliance with its HACCP regulation and the imposition of fees to cover the costs such audits on regulated facilities This paper maintains that measures such as these are required given FSISrsquos responsibilities for protecting the publicrsquos health and its limited resources

Postscript The case for requiring meat processing companies to have insurance

covering losses from unsafe products or mandated product recalls Clearly the recommended annual third party inspections of food preparation facilities would allow FSIS to focus more of its limited resources on ensuring correction of any deficiencies uncovered by the third party audits and help FSIS meet its primary objective reduction in the production and distribution of lsquounsafersquo meat and poultry products Nevertheless despite such improvements some lsquounsafersquo food products will inevitably be produced and distributed One means of ensuring that reasonable resources are available to provide care and compensation for members of the public injured by an unsafe company food product is to require firms to either

1 Purchase insurance that covers reasonably foreseeable losses from lsquounsafersquo products or

2 Provide evidence of adequate self insurance However as Kunreuther116

Information from annual third party inspections and strong enforcement of HACCP requirements based on such inspections would help both FSIS and food insurers do a better job in addressing the moral hazard adverse selection and insurance pricing problems associated with mandated liability insurance than regulators and insurance companies are currently able to do in some other areas where liability insurance is mandated such as vehicle driving

notes in order to provide insurance that is equitably priced insurance firms need information that allows them to distinguish between good and poor risk categories (Adverse Selection) the freedom to set premiums that reflect these differences and some means of preventing insured firms from behaving more carelessly after they receive coverage (Moral Hazardrsquo) If food processors are allowed to elect to lsquoself-insurersquo the regulatory agency will need to determine what constitutes lsquoadequatersquo self insurance for an individual food processor that elects this option Establishing and monitoring lsquoadequatersquo self insurance requirements would present the regulatory agency with problems similar to those faced by food insurance firms

117

41

Appendix 1

a) According to USDA AMS has no statutory authority in the area of food safety However AMS performs some functions related to food safety for several foods For example AMS graders monitor a shell egg surveillance program that identifies cracked and dirty eggs In addition AMS performs functions related to food safety for the National School Lunch Program b) In 2001 by Executive Order the President stated that the then Office of Homeland Security as part of its efforts to protect critical infrastructures should coordinate efforts to protect livestock agriculture and food systems from terrorist attack In 2002 Congress enacted the Homeland Security Act of 2002 Pub L No 107-296 116 Stat 2135 (2002) setting out the departmentrsquos responsibility to protect and secure critical infrastructures and transferring several food safety related responsibilities to the Department of Homeland Security As a result of the Executive Order the Homeland Security Act of 2002 establishing the Department of Homeland Security and subsequent Presidential Directives the Department of Homeland Security provides overall direction on how to protect the US food supply from deliberate contamination

42

Appendix 2

Some Definitions of the Roles of lsquoFirstrsquo lsquoSecondrsquo and lsquoThirdrsquo Parties and

Related terms 1 Source ANSI-ASQ National Accreditation Board (ANAB) ldquoFirst Second and Third Party Approach Organizations develop and implement management systems to combat and control variation The management system details definition implementation control and audit corrective and preventive action improvement and redesign Documenting a management systemmdashby developing written work procedures forms and recordsmdashcan help ensure that the organization operates in a structured way to maximize efficient use of time and resources Systemizing how things are done ensures that nothing important is overlooked and responsibilities are clear to everyonerdquo according to the International Organization for Standardization (ISO) As ISO notes management system standards provide a good model for organizations to follow A management system that conforms to an international standard is built on what ISO calls ldquoa firm foundation of state-of-the-art practices arrived at by the consensus of experts in the fieldrdquo To be effective a management system must be complied with consistently To ensure consistent compliance of their management systems organizations can pursue a number of alternatives A business may use its own internal auditors to ensure ongoing compliancemdashwhat can be referred to as a ldquofirst-partyrdquo method Ensuring compliance is entirely driven by the organization itself (the ldquofirst partyrdquo) and its auditors are typically trained with little or no outside help When an organization is contractually obligated to make sure it meets specific customer requirements a ldquosecond-partyrdquo method of ensuring compliance may be used While implementation and control of the management system remains the responsibility of the business which may still conduct internal audits the organizationrsquos customers (the ldquosecond partyrdquo) reserve the right to conduct their own audits and may also participate in corrective and preventive action and improvement action and redesign In the ldquothird-partyrdquo approach the business bases its management system on an international standard and has the system audited by an independent certification body (the ldquothird partyrdquo) Organizations that engage in the third-party process are required to conduct internal audits Their internal auditors are trained on (and perhaps certified to) the requirements of the international standard While some

43

customers may still conduct second-party audits certification has the potential to eliminate multiple audits of the management systemmdashand thus the time and resources required to conduct themmdashbecause all parties can rely on the verification of compliance provided by the third-party certification body Reference ANAB letter to DNV Taken from lsquoISO Facts Volume 7 Issue 3 April

2007 httpwwwdnvcertcomDNVCertification1NewsNewsLetterISOFactxVolume7Issue3

2 Source The Ethical Trading Initiative (ETI) ldquoThird party (audit assessment inspection monitoring verification etc) An audit or inspection carried out by a party other than the supplier (first party) or the sourcing company (second party)rdquo The term ldquothird party auditrdquo (or inspection assessment etc) can be misleading because it implies an independence that may not exist In actual practice third party audits are usually conducted by organizations in some form of agency relationship with one of the parties A third party audit would be independent only where the person paying for the audit is not able to influence the results by virtue of the fact that they are paying for the audit This would also imply the existence of rules governing the audit process that were widely accepted as unbiased and robust The Ethical Trading Initiative (ETI) is an alliance of companies nongovernmental organizations (NGOs) and trade union organizations Sourcing company A company that purchases product from another company for either direct or indirect onward sale to the consumer Reference httpwwwethicaltradeorgZethtrdglossindexshtml 3 Source English Dictionary- With Multi-Lingual Search Allwords com ldquoThird party Someone not directly involved in a transaction A third entity in the Seller (first party) and Customer (second party) relationship A Seller may employ a third party to perform specific services to augment the value of a product For example a manufacturer may employ a third party to pack and distribute a product A computer manufacturer may augment their product with software from a third party supplierrdquo Reference Dictionary- With Multi-Lingual Search Allwordscom httpwwwallwordscomword-third+partyhtml

44

4 Source ASTM ldquoAnother key to understanding conformity assessment system design is characterizing the involved parties by their relationship to commerce For this we use simple definitions of the involved parties bull First party ndash The manufacturer andor supplier bull Second party ndash The purchaser andor user bull Third party ndash An independent party that has no interest in the transaction between the first and second party Government has a unique role in regulation that does not fit neatly into these definitions but is the second party in procurement Third-Party Conformity Assessment Third-party conformity assessment is often utilized in situations where the need for confidence is higher than a first- or second-party conformity assessment system can provide and where other factors do not reduce the needed rigor and independence This provides a higher level of confidence in compliance to purchasers and users since the third partyrsquos decision-making process is free from any influence of the business between the first and second parties Third parties can be laboratories on whose test data determinations of compliance are based inspection bodies certification bodies andor registration bodiesrdquo Reference ASTM Standardization News ldquoMaking the Confidence Connection Conformity Assessment System Designrdquo by Gordon Gillerman httpwwwastmorgSNEWSDECEMBER_2004gillerman_dec04html 5 Source United Nations ldquoCertification is a procedure by which a third party gives written assurance that a product process or service is in conformity with certain standardsxxii

Certification is always done by a third party The verification is done and the assurance is provided by a party without direct interest in the economic relationship between the supplier and buyer An internal control is a first-party

Certification can be seen as a form of communication along the supply chain The certificate demonstrates to the buyer that the supplier complies with certain standards which might be more convincing than if the supplier itself provided the assurance The organization performing the certification is called a certification body or certifier The certification body might do the actual inspection or contract the inspection out to an inspector or inspection body The certification decision ie the granting of the written assurance or ldquocertificaterdquo is based on the inspection report possibly complemented by other information sources

xxii [International Organization for Standardization] 1996 ISO Guide 2 Geneva

45

verification When a buyer verifies if the supplier adheres to a standard it is a second-party verification It is important to note that third-party verification does not automatically guarantee impartiality or absence of conflicts of interest First the standard-setting can be done by any party The producer (first party) can set the standard in which case the producersrsquo interests are likely to be reflected in the standard Also the buyer (second party) can set the standard in which case business interests will be reflected in the standard Second if the standard-setting and certification body are one and the same body this can also cause conflicts of interest The standard-setting body would like to see high implementation rates of its standard or have a bias against certain types of producers for ideological reasons which can influence certification decisions Third a conflict of interest might arise depending on who pays for the certification costs Commercial certification Reference ldquoEnvironmental and social standards certification and labeling for cash crops by Dankersrsquo C and Liu P food and agriculture organization of the united nations Rome 2003rdquo

6 Source ISO 90002000 ldquo39 Terms relating to audit NOTE The terms and definitions given in 39 have been prepared in anticipation of the publication of ISO 19011 It is possible that they will be modified in that standard 391 Audit Systematic independent and documented process (341) for obtaining audit evidence (394) and evaluating it objectively to determine the extent to which audit criteria (393) are fulfilled NOTE Internal audits sometimes called first-party audits are conducted by or on behalf of the organization (331) itself for internal purposes and can form the basis for an organizationrsquos self-declaration of conformity (361) External audits include what are generally termed ldquosecond-ldquoor ldquothird-party auditsrdquo Second-party audits are conducted by parties having an interest in the organization such as customers or by other persons on their behalf Third-party audits are conducted by external independent organizations Such organizations provide certification or registration of conformity with requirements such as those of ISO 9001 and ISO140011996rdquo Reference ISO 90002000 Quality management systems ndash Fundamentals and vocabulary ICS 0312010 ISBN 0-86928-841-5 BSI British Standards Institution

46

7 Source ISO Committee on Conformity Assessment ldquoThe process of determining whether products processes systems or people meet specified requirements has been given the name conformity assessment ISOs Committee on Conformity Assessment (CASCO) provides several ISO guides on the subject The tools of conformity assessment are listed in the order of their emergence in Table 3 with an asterisk to indicate usage by first parties (suppliers) second parties (customers regulators or others who demand compliance with requirements) and third parties (bodyrsquos independent from both suppliers and their customers)rdquo

Table 3 The tools of conformity assessment and who uses them

First Party Second Party Third Party

Manufacturers declaration Inspection Testing Auditing Certification

Manufacturers declaration of conformity Commonly called self-certification it is according to the definition under ISOIEC Guide 2 what a supplier (first party) does in giving written assurance that its product meets specified requirements (eg a standard specification for the product) It is the earliest and most common form of conformity assessment and may be supplemented by the other forms of conformity assessment typically inspection andor testing (including calibration) of the product auditing of related product production systems and processes and more recently certification (or registration) of the suppliers quality system ISOIEC Guide 22 covers manufacturers declaration of conformity principles Reference Agilent Technologies httpmetrologyforumtmagilentcomconformshtml

8 Source Quality Engineered Systems (QES) ldquo First Party Audits Conventionally a first party audit is conducted on your organizationrsquos own management system and internal structures by your organizations own audit resource and is therefore under your direct control You are implementing or maintaining your quality management system and will therefore want to conduct self-assessments or first party audits to test compliance of your own systems To improve your confidence in your own audit team during implementation you will engage QES to assist and guide you through the pitfalls of the first steps in conducting your own audits

47

Second Party Audits Any organization concerned about quality will want to be certain of their suppliers and can gain this confidence through conducting audits of their suppliers management systems and their ability to meet contract requirements Most small businesses with staff already performing additional quality management support functions as well as their normal duties do not have the capacity to conduct these audits QES has the capacity and the expertise to conduct these audits on your behalf The use of an uninvolved party such as QES also creates a perception of fairness and objectivity in the eyes of the Supplier Third Party Audits It is generally accepted that a third party audit is conducted by a certification body to verify and validate your management system As a precaution you may seek another unbiased outside assessment prior to the certification body assessment This is done to address any oversights of your own first party audits QES has added value to many an organizations management system through this final intervention ensuring a 100 success rate at certification Reference Quality Engineered Systems (QES) 2007 httpwwwqesystemscozaauditinghtm 9 Source The ANSI-ASQ National Accreditation Board (ANAB) Certification of first second and third party(s) 1 The ANSI-ASQ National Accreditation Board (ANAB) is the US accreditation body for management systems ANAB accredits certification bodies (CBs) for

o ISO 9001 quality management systems (QMS) o ISO 14001 environmental management systems (EMS) o ISO 22000 food safety management systems (FSMS) o ISO 28000 supply chain security management systems (SCSMS) o ISOIEC 20000-1 information technology service management systems

(ISMS)

o ISOIEC 27001 information security management systems (ISMS) o ANSIAIHA Z10 occupational health and safety management systems

(OHSMS) o Numerous industry-specific requirements

ANAB is a member of the International Accreditation Forum and a signatory of the IAF multilateral cooperative arrangements (MLAs) for QMS and EMS Through the IAF MLAs and the Multilateral Cooperative Accreditation Arrangement ANAB cooperates with other accreditation bodies around the world to provide value to its accredited CBs and their clients ensuring that accredited certificates are recognized nationally and internationally The global conformity assessment system ensures confidence and reduces risk for customers engaging in trade worldwide Reference ANSI-ASQ National Accreditation Board

48

10 Source Legal Explanations Various Definitions of Third Party It is worth noting however that Third Party It is someone other than the first two principals who have entered into a contract or an agreement A third party is not a direct party in the agreement or contract but they may be present as a beneficiary to the contract or someone affected by the contract between the first two principals (first party and second party) This could be the case of third party insurance in automobile industry where if one of the principals is insurance company and another is the automobile owner The automobile owner if damages the third partys (someone elses) car by an accident and has a third party insurance cover the insurance company covers up for the damage for the third partys car Reference

Reference Legal-Explanationscom Homehttpwwwlegalexplanationscomdefinitionsthird-partyhtm

11 Source Free Dictionary 1 ldquoThe Florida statute governing the Medicaid program defined ldquothird partyrdquo as third party n a person who is not a party to a contract or a transaction but has an involvement (such as a buyer from one of the parties was present when the agreement was signed or made an offer that was rejected) The third party normally has no legal rights in the matter unless the contract was made for the third partys benefitrdquo Reference httpwwwthefreedictionarycomThird+Party 12 Source Business Dictionary Third Party Someone who may be indirectly involved but is not a principal party to an arrangement contract deal lawsuit or transaction Reference httpwwwbusinessdictionarycomdefinitionthird-partyhtml

13 Source The Complete Guide to the CQA by Stephen Baysinger ldquoFirst Party Second Party and Third Party Audits FIRST PARTY (INTERNAL) AUDITA first party audit is usually performed by the company (or a department within the company) upon itself It is an audit of those portions of an organizationrsquos quality assurance program that are retained under its direct control and within its organizational structure (ANSIASQC NQA-1 (1986)) A first party audit is usually conducted by the organizationrsquos internal audit group However employees within the department itself may also conduct an assessment similar to a first party audit In such an instance this audit is generally referred to as a self assessment The purpose of a self assessment is to monitor and analyze key intra-departmental processes which if left unattended have the potential to

49

degenerate and negatively affect product quality safety and overall system integrity These monitoring and analyzing responsibilities lie directly with those most affected by departmental processesmdashthe employees assigned to the respective departments under examination Although first party auditself assessment ratings are subjective in nature the ratings guideline shown here helps to hone overall rating precision If performed properly first party audits and self assessments bull Provide feedback to management that the quality system is both implemented and effective and bull Are excellent tools for gauging an organizationrsquos continuous improvement effort as well as measuring the return on investment for sustaining that effort

SECOND PARTY (EXTERNAL) AUDIT Unlike the first party audit a second party audit is an audit of another organizationrsquos quality program not under the direct control or within the organizational structure of the auditing organization (ANSIASQC NQA-1 (1986)) Second party audits are usually performed by the customer upon its suppliers (or potential suppliers) to ascertain whether or not the supplier can meet existing or proposed contractual requirements Obviously the supplierrsquos quality system is a very important part of contractual requirements since it is directly (manufacturing engineering purchasing quality control etc) and indirectly (marketing inside and outside sales etc) responsible for the design production control and continued supportability of the product (See Figure 13 for an example of a second party audit process flow) Although second party audits are usually conducted by customers on their suppliers it is sometimes beneficial for the customer to contract with an independent quality auditor This action helps to promote an image of fairness and objectivity on the part of the customer

THIRD PARTY AUDIT Compared to first and second party audits where auditors are not independent the third party audit is objective It is an assessment of an organizationrsquos quality system conducted by an independent outside auditor or team of auditors When referring to a third party audit as it applies to an international quality standard such as ISO 9000 the term third party is synonymous with a quality system registrar whose primary responsibility is to assess an organizationrsquos quality system for conformance to that standard and issue a certificate of conformance (upon completion of a successful assessment) Reference ldquoComplete Guide to CQArdquo (Quality America Inc Tucson Arizona)rdquo httpwwwqualityamericacomqpproductscqahtmThe20Complete20Guide20to20the20CQA

50

Appendix 3 Corporate Accounting Scandals

Forbescom httpwwwforbescom20020725accountingtrackerhtml The Corporate Scandal Sheet Penelope Patsuris 082602 530 PM ET

With the avalanche of corporate accounting scandals that have rocked the markets recently its getting hard to keep track of them all--but our Corporate Scandal Sheet does the job Here well follow accounting imbroglios only--avoiding insider-trading allegations like those plaguing ImClone since chronicling every corporate transgression would be impractical--and our timeline starts with the Enron debacle

Company

When Scandal Went Public

Allegations Investigating Agencies Latest Developments Company Comment

Adelphia Communications (otc ADELA - news - people )

April 2002

Founding Rigas family collected $31 billion in off-balance-sheet loans backed by Adelphia overstated results by inflating capital expenses and hiding debt

SEC Pennsylvania and New York federal grand juries

Three Rigas family members and two other ex-executives have been arrested for fraud The company is suing the entire Rigas family for $1 billion for breach of fiduciary duties among other things

Did not return repeated calls for comment

AOL Time Warner (NYSE AOL - news - people )

July 2002

As the ad market faltered and AOLs purchase of Time Warner loomed AOL inflated sales by booking barter deals and ads it sold on behalf of others as revenue to keep its growth rate up and seal the deal AOL also boosted sales via round-trip deals with advertisers and suppliers

SEC DOJ

Fears about the inquiry intensified when the DOJ ordered the company to preserve its documents AOL said it may have overstated revenue by $49 million New concerns are afoot that the company may take another goodwill writedown after it took a $54 billion charge in April

Arthur Andersen November 2001

Shredding documents related to audit client Enron after the SEC launched an inquiry into Enron

SEC DOJ

Andersen was convicted of obstruction of justice in June and will cease auditing public firms by Aug 31 Andersen lost hundreds of clients and has seen massive employee defections


Bristol-Myers Squibb (nyse BMY - news - people )

July 2002

Inflated its 2001 revenue by $15 billion by channel stuffing or forcing wholesalers to accept more inventory than they can sell to get it off the manufacturers books

SEC

Efforts to get inventory back to acceptable size will reduce earnings by 61 cents per share through 2003

Bristol will continue to cooperate fully with the SEC We believe that the accounting treatment of the domestic wholesaler inventory buildup has been completely appropriate

CMS Energy (nyse CMS - news - people )

May 2002

Executing round-trip trades to artificially boost energy trading volume

SEC CFTC Houston US attorneys office US Attorneys Office for the Southern District of New York

Appointed Thomas J Webb a former Kelloggs CFO as its new chief financial officer effective in August

No comment

51

Company



Duke Energy (nyse DUK - news - people )

July 2002

Engaged in 23 round-trip trades to boost trading volumes and revenue

SEC CFTC Houston US attorneys office Federal Energy Regulatory Commission

The company says an internal investigation concluded that its round-trip trades had no material impact on current or prior financial periods

Although the effect [of these trades] on the companys financial statements was immaterial we consider improper trades in conflict with the companys policies To address this we have made changes to our organization personnel and procedures

Dynegy (nyse DYN - news - people )

May 2002

Executing round-trip trades to artificially boost energy trading volume and cash flow

SEC CFTC Houston US attorneys office

Currently conducting a re-audit Standard amp Poors cut its credit rating to junk and the company said it expects to fall as much as $400 million short of the $1 billion in cash flow it originally projected for 2002

Dynegy believes that it has not executed any simultaneous buy-and-sell trades for the purpose of artificially increasing its trading volume or revenue

El Paso (nyse EP - news - people )

May 2002


SEC Houston US attorneys office

Oscar Wyatt a major shareholder and renowned wildcatter may be engineering a management shakeup

There have been no allegations or accusations only requests for information The company has confirmed in multiple affidavits that it did not engage in round-trip trades to artificially inflate volume or revenue

Enron (otc ENRNQ - news - people ) Enron ndash news ndash people

October 2001

Boosted profits and hid debts totaling over $1 billion by improperly using off-the-books partnerships manipulated the Texas power market bribed foreign governments to win contracts abroad manipulated California energy market

DOJ SEC FERC various congressional committees Public Utility Commission of Texas

Ex-Enron executive Michael Kopper pled guilty to two felony charges acting CEO Stephen Cooper said Enron may face $100 billion in claims and liabilities company filed Chapter 11 its auditor Andersen was convicted of obstruction of justice for destroying Enron documents

No comment

Global Crossing (otc GBLXQ - news - people )

February 2002

Engaged in network capacity swaps with other carriers to inflate revenue shredded documents related to accounting practices

DOJ SEC various congressional committees

Company filed Chapter 11 Hutchison Telecommunications Limited and Singapore Technologies Telemedia will pay $250 million for a 615 majority interest in the firm when it emerges from bankruptcy Congress is examining the role that companys accounting firms played in its bankruptcy

No comment

52

Company When Scandal Went Public

Allegations Investigating Agencies Latest Developments Company

Comment

Halliburton (nyse HAL - news - people )

May 2002

Improperly booked $100 million in annual construction cost overruns before customers agreed to pay for them

SEC

Legal watchdog group Judicial Watch filed an accounting fraud lawsuit against Halliburton and its former CEO Vice President Dick Cheney among others

Halliburton follows the guidelines set by experts including GAAP (generally accepted accounting principles)

Homestorecom (nasdaq HOMS - news - people )

January 2002

Inflating sales by booking barter transactions as revenue

SEC

The California State Teachers Retirement pension fund which lost $9 million on a Homestore investment has filed suit against the company

No comment

Kmart (nyse KM - news - people )

January 2002

Anonymous letters from people claiming to be Kmart employees allege that the companys accounting practices intended to mislead investors about its financial health

SEC House Energy and Commerce Committee US Attorney for the Eastern District of Michigan

The company which is in bankruptcy said the stewardship review it promised to complete by Labor Day wont be done until the end of the year


Merck (nyse MRK - news - people )

July 2002

Recorded $124 billion in consumer-to-pharmacy co-payments that Merck never collected

None

The SEC approved Medcos IPO registration including its sales accounting The company has since withdrawn the registration for the IPO which was expected to raise $1 billion

Our accounting practices accurately reflect the results of Medcos business and are in accordance with GAAP Recognizing retail co-payments has no impact on Mercks net income or earnings per share

Mirant (nyse MIR - news - people )

July 2002

The company said it may have overstated various assets and liabilities

SEC

An internal review revealed errors that may have inflated revenue by $11 billion

This is an informal inquiry and we will cooperate fully with this request for information

Nicor Energy LLC a joint venture between Nicor (nyse GAS - news - people ) and Dynegy (nyse DYN - news - people )

July 2002

Independent audit uncovered accounting problems that boosted revenue and underestimated expenses

None

Nicor restated results to reflect proper accounting in the first half of this year

Our focus now is to stabilize this venture and put some certainty to its financial results The company is evaluating its continued involvement in this venture

Peregrine Systems (nasdaq PRGNE - news - people )

May 2002

Overstated $100 million in sales by improperly recognizing revenue from third-party resellers

SEC various congressional committees

Said it will restate results dating back to 2000 slashed nearly 50 of its workforce to cut costs is on its third auditor in three months and has yet to file its 2001 10-K and so consequently is in danger of being delisted from the Nasdaq

We have been and will continue to cooperate with the SEC and the Congressional committee

53

Company



Comment

Qwest Communications International (nyse Q - news - people )

February 2002

Inflated revenue using network capacity swaps and improper accounting for long-term deals

DOJ SEC FBI Denver US attorneys office

Qwest admitted internal review found that it incorrectly accounted for $116 billion in sales It will restate results for 2000 2001 and 2002 To raise funds Qwest says it is selling its phone-directory unit for $705 billion

We are continuing to cooperate fully with the investigations

Reliant Energy (nyse REI - news - people )

May 2002

Engaging in round-trip trades to boost trading volumes and revenue

SEC CFTC

Recently replaced Chief Financial Officer Steve Naeve with Mark Jacobs a managing director of Goldman Sachs and a Reliant adviser

Were cooperating with the investigations

Tyco (nyse TYC - news - people )

May 2002

Ex-CEO L Dennis Kozlowski indicted for tax evasion SEC investigating whether the company was aware of his actions possible improper use of company funds and related-party transactions as well as improper merger accounting practices

Manhattan district attorney SEC

Said it will not certify its financial results until after an internal investigation is completed The Bermuda-based company is not required to meet the SECs Aug 14 deadline Investors looking to unseat all board members who served under Kozlowski may launch a proxy fight to do so

The company is conducting an internal investigation and we cannot comment on its specifics but we will file an 8-K on the initial results around Sept 15

WorldCom (nasdaq WCOEQ - news - people )

March 2002

Overstated cash flow by booking $38 billion in operating expenses as capital expenses gave founder Bernard Ebbers $400 million in off-the-books loans

DOJ SEC US Attorneys Office for the Southern District of New York various congressional committees

The company stunned the Street when it found another $33 billion in improperly booked funds which will bring its total restatement up to $72 billion and that it may have to take a goodwill charge of $50 billion Former CFO Scott Sullivan and ex-controller David Myers have been arrested and criminally charged while rumors of Bernie Ebbers impending indictment persist

WorldCom is continuing to cooperate with all ongoing investigations

Xerox (nyse XRX - news - people )

June 2000

Falsifying financial results for five years boosting income by $15 billion

SEC

Xerox agreed to pay a $10 million and to restate its financials dating back to 1997

We chose to settle with the SEC in April so we can put the matter behind us We have restated our financials and certified our financials for the new SEC requirements

Editors Note The Corporate Scandal Sheet ceased being updated as of September 2002

54

Appendix 4 Summary of HR 3763 [107th] Sarbanes-Oxley Act of 2002118

To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws and for other purposes

7242002--Conference report filed in House Title I - Public Company Accounting Oversight Board Establishes the Public Company Accounting Oversight Board (Board) to

(1) oversee the audit of public companies that are subject to the securities laws (2) establish audit report standards and rules and (3) inspect investigate and enforce compliance on the part of registered public accounting firms their associated persons and certified public accountants

Section 101 - Prohibits Board membership from including more than two certified public accountants Section 102 - Requires a public accounting firm that performs or participates in any audit report with respect to any issuer to register with the Board Section 103 - Directs the Board to establish (or modify) the auditing and related attestation standards quality control and the ethics standards used by registered public accounting firms to prepare and issue audit reports Requires auditing standards to include

(1) a seven-year retention period for audit work papers (2) concurring or second partner review and approval by a Board-prescribed qualified person (3) an evaluation of whether internal control structure and procedures include records that accurately reflect transactions and dispositions of assets (4) assurance that transactions are recorded to permit preparation of financial statements in accordance with generally accepted accounting principles (GAAP) and that receipts and expenditures are made only with authorization of senior management and directors and (5) a description of both material weaknesses in internal controls and of material noncompliance

Section 104 - Mandates that a program of continuing inspections to ensure compliance is conducted

(1) annually for firms that regularly provide audit reports for more than 100 issuers and (2) at least every three years for firms that regularly provides audit reports for 100 or fewer issuers

Section 105 - Empowers the Board to impose disciplinary or remedial sanctions upon registered public accounting firms associated persons and accountants Restricts sanctions and penalties to intentional conduct or to repeated instances of negligent conduct Authorizes the Board to impose sanctions upon a registered accounting firm or its supervisory personnel for failure to supervise Section 106 - Places within the purview of this Act foreign public accounting firms that prepare or furnish an audit report for an issuer including audit work-papers Section 107 - Grants the Securities and Exchange Commission (SEC) general oversight and enforcement authority over the Board including prior approval of Board rules review of disciplinary action taken by the Board and general modification and rescission of Board authority Section 108 - Directs the SEC to report to Congress on adoption of a principles-based accounting system by the US financial reporting system Section 109 - Directs the Board to establish annual accounting support fees which shall be collected from issuers

Title II - Auditor Independence Amends the Securities Exchange Act of 1934 to prohibit an auditor from performing specified non-audit services contemporaneously with an audit (auditor independence) Requires pre-approval by the audit committee of the issuer for those non-audit services that are not expressly forbidden by this Act

55

Section 202 - Mandates (1) pre-approval by the audit committee of the issuer of all auditing and non-auditing services provided by an auditor and

(2) disclosure of such pre-approval in periodic reports to investors Section 203 - Mandates (1) audit partner rotation on a five-year basis and (2) auditor reports to audit committees of the issuer Section 204 - Requires an auditor to report timely to the audit committee (1) critical accounting policies and practices used in the audit (2) alternative treatments and their ramifications within generally accepted accounting

principles that have been discussed with management officials (3) the treatment preferred by the auditor and (4) material written communications between

the auditor and senior management Section 206 - Prohibits an auditor from performing audit services if the issuers senior executives had been employed by such auditor and had participated in the audit of the issuer during the one-year period preceding the audit initiation date (conflict of interests) Section 207 - Directs the Comptroller General (GAO) to report to Congress on the potential effects of mandatory rotation of registered public accounting firms (limiting the number of years such firms may remain auditor of record for a particular issuer) Section 209 - Declares that State regulatory authorities should determine independently the standards for supervising non-registered public accounting firms and consider the size and nature of their clients businesses audit

Title III - Corporate Responsibility Confers responsibility upon audit committees of public companies for the appointment compensation and oversight of any registered public accounting firm employed to perform audit services Requires an audit committee member to be a member of the board of directors of the issuer and to be otherwise independent

Section 302 - Instructs the SEC to promulgate requirements that the principal executive officer and principal financial officer certify the following in periodic financial reports

(1) the report does not contain untrue statements or material omissions (2) the financial statements fairly present in all material respects the financial condition and results of operations and (3) such officers are responsible for internal controls designed to ensure that they receive material information regarding the issuer and consolidated subsidiaries

Requires such senior corporate officers additionally to certify that they have disclosed to the auditors and audit committee of the board of directors

(1) significant internal control deficiencies and (2) any fraud that involves staff who have a significant role in the issuers internal controls

States that the rules governing corporate responsibility apply to issuers even if they have reincorporated or transferred their corporate domicile or offices from inside the United States to outside the United States Section 303 - Deems unlawful efforts by corporate personnel to exert improper influence upon an audit for the purpose of rendering financial statements materially misleading Section 304 - Requires the chief executive officer and chief financial officer to forfeit certain bonuses and compensation received following an accounting restatement that has been triggered by a violation of securities laws Section 305 - Amends the Securities Exchange Act of 1934 and the Securities Act of 1933 to authorize a Federal court to bar a violator of certain SEC rules from serving as an officer or director of an issuer if the persons conduct demonstrates unfitness to serve (the current standard is substantial unfitness) Section 306 - Prohibits insider trades during pension fund blackout periods if the equity security was acquired in connection with services as either a director or employment as an executive officer States that profits realized from such trades shall inure to and be recoverable by the issuer irrespective of the intent of the parties to the transaction

56

Limits actions to recover profits to two years after the date on which such profits were realized Amends the Employee Retirement Income Security Act of 1974 (ERISA) to require a plan administrator to notify the following parties of an impending blackout period

(1) participants and beneficiaries in individual account plans and (2) the issuer of any employer securities subject to such blackout period Subjects a plan administrator to civil penalties for failure to notify

Section 307 - Directs the SEC to issue rules of professional responsibility for attorneys who practice before the Commission including a rule requiring an attorney to report a material violation or breach of fiduciary duty to

(1) the chief legal counsel or chief executive officer of the company and (2) the audit committee of the board of directors if such legal counsel or officer does not respond appropriately

Section 308 - Allows civil penalties to be added to a disgorgement fund for the benefit of victims of securities violations if such penalties were obtained by the SEC in addition to an order for disgorgement Instructs the SEC to report to Congress on previous procedural actions taken to obtain civil penalties or disgorgement in order to identify where such procedures may be used to provide restitution efficiently for injured investors

Title IV - Enhanced Financial Disclosures Requires financial reports filed with the SEC to reflect all material correcting adjustments that have been identified by a registered public accounting firm in accordance with SEC rules and generally accepted accounting principles (GAAP) Instructs the SEC to require by rule (1) disclosure of all material off-balance sheet transactions and relationships that may have a material effect upon the financial status of an issue and (2) the presentation of pro forma financial information in a manner that is not misleading and that is reconcilable with the financial condition of the issuer under GAAP

Section 401 - Directs the SEC to report to Congress on (1) the extent of off-balance sheet transactions and the use of special purpose entities and (2) whether GAAP clearly conveys to investors the economics of off-balance sheet transactions and (3) the extent to which special purpose entities are used to facilitate off-balance sheet transactions

Section 402 - Prohibits personal loans extended by a corporation to its executives and directors Permits certain loans if

(1) made in the ordinary course of the consumer credit business of the issuer (2) of a type generally made available by the corporation to the public and (3) made on market terms or on terms that are no more favorable than those offered to the public Permits loans for (1) home improvement and manufactured homes (2) consumer credit (3) an open end credit plan or a charge card (4) credit extended by a broker or dealer for employee securities trades and (5) made by an insured depository institution if they are subject to the insider lending restrictions of the Federal Reserve Act

Section 403 - Requires senior management directors and principal stockholders to disclose changes in securities ownership or security-based swap agreements within two business days after such transactions were executed (currently ten days after the close of the calendar month) Mandates electronic filing and availability of such disclosures one year after the date of enactment of this Act Section 404 - Directs the SEC to require by rule that annual reports include an internal control report which

57

(1) avers management responsibility for maintaining adequate internal control mechanisms for financial reporting and (2) evaluates the efficacy of such mechanisms Requires the public accounting firm responsible for the audit report to attest to and report on the assessment made by the issuer

Section 406 - Directs the SEC to issue rules requiring an issuer to disclose whether it has adopted a code of ethics for its senior financial officers including its principal financial officer or principal accounting officer Section 407 - Sets a deadline for the SEC to promulgate rules requiring an issuer to disclose whether its audit committee consists of at least one member who is a financial expert Section 408 - Mandates regular systematic SEC review of periodic disclosures by issuers including review of an issuers financial statement

Title V - Analyst Conflicts of Interest Requires the SEC to adopt rules governing securities analysts potential conflicts of interest including (1) restricting the prepublication clearance or approval of research reports by persons either engaged in investment banking activities or not directly responsible for investment research (2) limiting the supervision and compensatory evaluation of securities analysts to officials who are not engaged in investment banking activities (3) prohibiting a broker or dealer involved with investment banking activities from retaliating against a securities analyst as a result of an unfavorable research report that may adversely affect the investment banking relationship of the broker or dealer with the subject of the research report and (4) establishing safeguards to assure that securities analysts are separated within the investment firm from the review pressure or oversight of those whose involvement in investment banking activities might potentially bias their judgment or supervision Directs the SEC to adopt rules requiring securities analysts and brokerdealers to disclose specified conflicts of interest

Title VI - Commission Resources and Authority Authorizes appropriations for FY 2003 to the SEC for (1) additional staff compensation (2) enhanced oversight of auditors and audit services and (3) additional professional staff for fraud prevention risk management market regulation and investment management

Section 602 - Authorizes the SEC to censure persons who appear and practice before the Commission if it finds

(1) the person has engaged in unethical or improper professional conduct or (2) has willfully violated or willfully aided and abetted violation of securities laws

Deems a registered public accounting firm to be engaged in improper professional conduct if the SEC finds intentional or knowing conduct including reckless conduct that results in a violation of applicable professional standards Section 603 - Amends the Securities Exchange Act of 1934 and the Securities Act of 1933 to authorize a Federal court to prohibit specified brokers dealers or issuers from participating in offerings of penny stock Section 604 - Amends the Securities Exchange Act of 1934 and the Investment Advisers Act of 1940 to authorize SEC censure or restriction of associated persons of brokers and dealers who are subject to a final order of State regulatory bodies that bars them from engaging in the business of securities banking or insurance

Title VII - Studies and Reports Mandates a GAO report to Congress on (1) the factors leading to the consolidation of public accounting firms and the subsequent reduction in the number of firms providing audit services to businesses subject to the securities laws and (2) the impact of such consolidation upon the capital formation and securities markets

58

Section 702 - Directs the SEC to report to Congress on the role of credit rating agencies in the securities market including

(1) their role in securities evaluation (2) impediments to accurate appraisal by credit rating agencies of the resources and risks of issuers of securities and (3) conflicts of interest in the operation of credit rating agencies and measures to prevent or ameliorate the consequences of such conflicts

Section 703 - Sets a deadline for the SEC to report to Congress on (1) the number of securities professionals practicing before the Commission who have aided and abetted Federal securities violations but have not been penalized as a primary violator (2) the occurrence of multiple violations by the same party (3) whether disciplinary sanctions have been imposed upon each violator including censure suspension temporary or permanent bar to practice before the Commission and (4) the amount of disgorgement restitution or other fines collected from violators

Section 704 - Instructs the SEC to report to Congress on (1) enforcement actions it has taken regarding violations of reporting requirements and restatements of financial statements and (2) areas that are most susceptible to fraud manipulation or inappropriate earnings management such as revenue recognition and the accounting treatment of off-balance sheet special purpose entities

Section 705 - Directs GAO to report to Congress on whether investment banks and financial advisers assisted public companies in earnings manipulation and obfuscation of financial condition with particular attention to

(1) the collapse of the Enron Corporation (including derivatives transactions special purpose vehicles and other financial arrangements) (2) the failure of Global Crossing (including swaps of fiber-optic cable capacity and transactions designed to obscure the companys true financial status) and (3) the creation and marketing of transactions designed solely to manipulate revenue obtain loans or move liabilities off balance sheets without altering the business risks faced by the companies

Title VIII - Corporate and Criminal Fraud Accountability - Corporate and Criminal Fraud Accountability Act of 2002 - Amends Federal criminal law to impose criminal penalties for (1) knowingly destroying altering concealing or falsifying records with intent to obstruct or influence either a Federal investigation or a matter in bankruptcy and (2) auditor failure to maintain for a five-year period all audit or review work papers pertaining to an issuer of securities

Section 802 - Directs the SEC to promulgate regulations governing the retention of documents relating to an audit or review Establishes criminal penalties for knowing and willful violation of such promulgations Section 803 - Amends Federal bankruptcy law to make non-dischargeable in bankruptcy certain debts incurred in violation of securities fraud laws Section 804 - Amends the Federal judicial code to permit a private right of action for a securities-fraud violation to be brought not later than (1) two years after its discovery or (2) five years after the date of the violation whichever is earlier Section 805 - Directs the United States Sentencing Commission to review the Federal Sentencing Guidelines governing obstruction of justice and extensive criminal fraud to ensure that they are sufficient to deter and punish (1) activities proscribed by this Act (2) fraud that endangers the financial security of a substantial number of victims and (3) organizational criminal misconduct Section 806 - Amends Federal criminal law to prohibit a publicly traded company from retaliating against an employee because of any lawful act by the employee to (1) assist in an investigation

59

of fraud or other conduct by Federal regulators Congress or supervisors or (2) file or participate in a proceeding relating to fraud against shareholders Sets a 90-day statute of limitations for filing a civil action for retaliation Cites remedies for such aggrieved employee including reinstatement back pay and compensatory damages Section 807 - Subjects to a fine and imprisonment any person who knowingly defrauds shareholders of publicly traded companies

Title IX - White-Collar Crime Penalty Enhancements White-Collar Crime Penalty Enhancement Act of 2002 - Amends Federal criminal law to (1) establish criminal penalties for attempt and conspiracy to commit criminal fraud offenses and (2) increase criminal penalties for mail and wire fraud

Section 904 - Amends the ERISA to increase the criminal penalties for violations of such Act Section 905 - Directs the United States Sentencing Commission to review Federal Sentencing Guidelines to (1) ensure that they reflect the serious nature of the offenses and penalties set forth in this Act the growing incidence of serious fraud offenses and the need to deter and punish such offenses and (2) consider whether a specific offense characteristic should be added in order to provide stronger penalties for fraud committed by a corporate officer or director Section 906 - Amends Federal criminal law to require senior corporate officers to certify in writing that financial statements and attendant disclosures comply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer (corporate responsibility for financial reports) Establishes a criminal liability for failure of corporate officers to certify financial reports including maximum imprisonment of

(1) ten years for certifying while knowing that the periodic report does not comport with this Act and (2) twenty years for willfully certifying a statement knowing it does not comport with this Act

Title X - Corporate Tax Returns Expresses the sense of the Senate that the Federal income tax return of a corporation should be signed by its chief executive officer

Title XI - Corporate Fraud Accountability- Corporate Fraud Accountability Act of 2002 - Amends Federal criminal law to establish a maximum 20-year prison term for tampering with a record or otherwise impeding an official proceeding (Sec1103) Amends the Securities Exchange Act of 1934 to authorize the SEC to seek a temporary injunction to freeze extraordinary payments earmarked for designated persons or corporate staff under investigation for possible violations of Federal securities laws

Section 1104 - Requests the United States Sentencing Commission to (1) promptly review sentencing guidelines for securities and accounting fraud and (2) expeditiously consider promulgation of new sentencing guidelines to provide an enhancement for senior corporate officers who commit fraud and related offenses Prescribes guidelines for Commission consideration including a request that it ensure that the sentencing guidelines and policy statements reflect the serious nature of securities pension and accounting fraud and the need for aggressive law enforcement action to prevent such offenses Sets a deadline for promulgation of such guidelines

Section 1105 - Amends the Securities Exchange Act of 1934 and the Securities Act of 1933 to authorize the SEC to prohibit a violator of rules governing manipulative deceptive devices and fraudulent interstate transactions respectively from serving as officer or director of a publicly traded corporation if the persons conduct demonstrates unfitness to serve Section 1106 - Amends the Securities Exchange Act of 1934 to increase criminal penalties for violations of the Act Section 1107 - Amends the Federal criminal law to establish criminal penalties for intentional retaliation against individuals who provide information to law enforcement officers relating to a Federal offense

60

Endnotes

1 ldquoFOOD SAFETY Experiences of Seven Countries in Consolidating Their Food Safety Systemsrdquo GAO-05-212 February 2005 httpwwwgaogovnewitemsd05212pdf

2 ldquoNATIONAL CONFORMITY ASSESSMENT PRINCIPLES FOR THE UNITED STATESrdquo httppublicaaansiorgsitesapdlDocumentsNews20and20PublicationsBrochuresNCAP20second20editionpdf

3 ldquoThe Hartford Steam Boiler inspection and Insurance companyrdquo History httpwwwhsbcomaboutaspid=50FINANCIAL_GUARANTEE

4 American society of Mechanical engineers history httpanniversaryasmeorghistoryshtml

5 httpwwwdllrstatemduslaborboilhtml

6 For additional examples see the following

a) Florida ldquoAdministrative Weekly amp Florida Administrative Code Rule Chapter 69A-51 Chapter Title BOILER SAFETYrdquohttpswwwflrulesorggatewayChapterHomeaspChapter=69A-51

b) New York ldquoPART 4 - CONSTRUCTION INSTALLATION INSPECTION AND MAINTENANCE OF LOW PRESSURE BOILERS CONSTRUCTION OF UNFIRED PRESSURE VESSELSrdquo httpwwwlaborstatenyusworkerprotectionsafetyhealthsh4shtm11

c) California Occupational Safety and Health Standards Board Subchapter 2 Boiler and Fired Pressure Vessel Safety Orders Article 5 Inspection httpwwwdircagovTitle8779html

7 Operational ie meets the Deming definition An operational definition is one that people can do business with It must be communicable with the same meaning to vendor as to purchaser same meaning yesterday and today Deming WE (1982) Out of the Crisis pp 287-289 Cambridge MA Massachusetts Institute of Technology Center for Advanced Engineering Study

8 2007 ASME Boiler and Pressure Vessel Code American Society of Mechanical Engineers httpwwwasmeorgCodes 9 Introduction to Codes and Standards page 3 ASME httpfilesasmeorgASMEORGCodesAboutLinks1028pdf

10 Boiler and pressure vessel inspection violations Tracking Statistics Released for Second Quarter 2008 httpwwwnationalboardorgNationalboardNewsHeadlineNewsQ2_Violationsaspx

11 A series of Wharton papers discussed aspects of the role of insurance company inspections in regard to boiler regulations and examined whether insurance companies should be considered for a similar third party auditor role in a number of other areas These papers can be accessed at httpopimwhartonupenneduriskpapersphp

11(a) ldquoUtilizing Third-Party Inspections for Preventing Major Chemical Accidents Er JP Kunreuther H amp Rosenthal I Risk Analysis 18145-154 1998

11(b) ldquoEvaluating the Use of third parties to Measure Process Safety Management in Small Firmsrdquo McNulty Patrick J Robert A Barrish Richard C Antoff and Leon C Schaller 1999 Annual Symposium Mary Kay OrsquoConnor Process s Safety Center Texas AampM University October 26 1999

11(c) ldquoThird party Inspection as an Alternative to Command and Control Regulationrdquo Kunreuther Howard C McNulty Patrick J Kang Y Risk Analysis Volume 22 Number 2 April 2002 pp 309-318(10)

11(d) ldquoManaging environmental risk through insurancerdquo Paul K Freeman and Howard Kunreuther Chapter 4 pp 159-189 FolmerTietenberg (eds) Edward Elgar Publishing Ltd httpopimwhartonupenneduriskdownloads03-07-HKpdf

11(e) The Insurance Industry as a Qualified Third-Party Auditorrdquo L Collins JC Belke M Halpern RA Katz HC Kunreuther and PJ McNulty Apr 31-42 Professional Safety 53 pp 31-42 April 2002

11(f) ldquoMarket Based Environmental Audits and Environmental Risks Implementing ISO 14000rdquo Paul R Kleindorfer The Geneva Papers on Risk and Insurance 22 (No 83 April1997) 194-210

11( g) Risk-Based Pricing and Risk-Reducing Effort Does the Private Insurance Market Reduce Environmental Accidentsrdquo Haitao Yin Howard Kunreuther Matthew W White Wharton Risk Management and Decision Processes Center January 2008 httpopimwhartonupennedurisklibraryWP2008-01-31_HYHKMW_Risk-Basedpdf

11(h) ldquoA Firm Can Only Go Bankrupt Once Risk Management Strategies in an Uncertain Worldrdquo Howard Kunreuther Geoffrey Heal 2002 Wharton Risk Management and Decision Processes Center httpopimwhartonupenneduriskpapersearchphp

11(i) Insurability and Environmental Risks Kunreuther amp Freeman httpopimwhartonupenneduriskdownloadsarchivearch195pdf

61

11(j) ldquoPrivate Inspections and Mandatory Insurance for Managing Safety and Environmental Risks Howard

Kunreuther Shelley Metzenbaum Peter Schmeidler Chapter 6 Leveraging the Private Sector management-based strategies for improving environmental performance Cary Coglianese Jennifer Nash Resources for the Future copy2006 11(k) ldquoUse of a third party Option on Implementing EPArsquos Rule on Risk Management Programs for Chemical Accident Release Prevention Programs for Propane Distribution Facilities Isadore Rosenthal and Patrick McNulty 11061999 httpopimwhartonupenneduriskdownloadsarchivearch195pdf

11(l) ldquoUse of an ISO 14000 Option in Implementing EPAs Rule on Risk Management Programs for Chemical Accidental Release Prevention Isadore Rosenthal Donald F Theiler Risk Analysis Volume 18 Issue 2 Pages199 ndash 203 April1998 Society for Risk Analysis

12 SECURITIES ACT OF 1933_2004 update httpwwwsecgovaboutlawssa33pdf

13 SECURITIES EXCHANGE ACT OF 1934_2004 update httpwwwsecgovaboutlawssea34pdf

14 See sections 719(a)and Schedule A of the Securities Act of 193315 USC77 g77s(a)77aa(25)and(26)

15 See ldquoManagement-Based Regulation Prescribing Private Management to Achieve Public Goalsrdquo Cary Coglianese David Lazer Law amp Society Review Vol 37 No 4 (Dec 2003) pp 691-730 and this paperrsquos subsequent section on the RMP regulation for a discussion of the similarities between management based regulations and self-regulatory based regulations

16 Rule 4ndash01(a)(1) of Regulation SndashX 17 CFR 2104ndash01(a)(1) See Accounting Series Release (lsquolsquoASRrsquorsquo) No 150 (December 20 1973) and ASR No4 (April 25 1938)

17 SEC Policy Statement reaffirming the Status of the FASB as a Designated Private-Sector Standard Setter httpwwwsecgovrulespolicy33-8221htm

18 Federal Register Vol 70 No 236 Page 73344 Friday December 9 2005 Rules and Regulations

19 SEC registrants are entities or entities that are controlled by entities (a) that have issued or will issue debt or equity securities that are traded in a public market (a domestic or foreign stock exchange or an over-the-counter market including local or regional markets) (b) that are required to file financial statements with the SEC or (c) that provide financial statements for the purpose of issuing any class of securities in a public market

20 See FRndash70 Rule 4ndash01(a) (1) of Regulation SndashX 17 CFR 2104ndash01(a) (1)

21 May 2 2002 Testimony Concerning The Roles of the SEC and the FASB in Establishing GAAP by Robert K Herdman Chief Accountant US Securities amp Exchange Commission httpwwwsecgovnewstestimony051402tsrkhhtm

22 Certified public account (CPA) is the statutory title of qualified accountants in the who have passed the uniform Certified Public Accountant Uniform examination

23 The annual report to shareholders is the principal document used by most public companies to disclose corporate information to their shareholders It is usually a state-of-the-company report including an opening letter from the Chief Executive Officer financial data results of continuing operations market segment information new product plans subsidiary activities and research and development activities on future programs The Form 10-K which must be filed with the SEC typically contains more detailed information about the companyrsquos financial condition than the annual report

24 Special Purpose Entities FindLaw httpocwkfupmedusauser062ACCT30201Speicla20Purpose20Entitypdf

25 Financial Engineering Corporate Governance and the collapse of Enron Stuart L Gillan and John D Martin httpwwwlernerudeleduccgresearch_filesCCGWP2002-1pdf

26 ldquoNo Excuses for Enrons Boardrdquo John A Byrne Business Week July 29 2002 httpwwwbusinessweekcommagazinecontent02_30b3793720htm

27 ldquoREPORT OF INVESTIGATION BY THE SPECIAL INVESTIGATIVE COMMITTEE OF THE BOARD OF DIRECTORS OF ENRONrdquo httpfl1findlawcomnewsfindlawcomwpdocsenronspecinv020102rpt1pdf

28 ldquoFinancial Engineering Corporate Governance and the Collapse of Enronrdquo U of Delaware Coll of Bus and Econ Ctr for Corp Governance Working Paper No 2002-001 Stuart Gillan and John d Martin Texas Tech University - Area of Finance and Baylor University- Department of Finance Insurance amp Real Estate Date Posted January 16 2003 Last Revised April 3 2003

29 Self-Regulation in Todayrsquos Securities Markets Outdated System or Work in Progress CFA Institute Centre for Financial Market Integrity CFA Institute Centre Publications (Jul 2007) 1-59

30 ldquo Enron Fraud and Securities Reform An Enron Prosecutorrsquos Perspectiverdquo John R Kroger 76 UNIVERSITY OF COLORADO LAW REVIEW 57 (2005)

31 Barrett Matthew J Enron and Andersen - What Went Wrong and Why Similar Audit Failures Could Happen Again ENRON CORPORATE FIASCOS AND THEIR IMPLICATIONS pp 155-168 Nancy B Rapoport Bala G Dharan eds Foundation Press 2004

62

32 Financial Engineering Corporate Governance and the collapse of Enron Stuart L Gillan and John D Martin

httpwwwlernerudeleduccgresearch_filesCCGWP2002-1pdf

33 ENRON AND ARTHUR ANDERSEN THE CASE OF THE CROOKED E AND THE FALLEN A Gary M Cunningham Jean E Harris Global Perspectives on Accounting Education Volume 3 27-48 2006

34 Conflicts of Interest and the Case of Auditor Independence Moral Seduction and Strategic Issue Cycling Moore Don A Philip E Tetlock Lloyd Tanlu and Max H Bazerman Harvard Business School Working Paper Series No 03-115 2004

35 lsquolsquoSarbanes-Oxley Act of 2002rsquorsquo httpfl1findlawcomnewsfindlawcomhdocsdocsgwbushsarbanesoxley072302pdf

36 Summary of Sarbanes-Oxley law by the Congressional Research Service of the Library of Congress httpthecaqaicpaorgResourcesSarbanes+OxleySummary+of+the+Provisions+of+the+Sarbanes-Oxley+Act+of+2002htm

37 PCAOB Website address httpwwwpcaobusorgAbout_the_PCAOBindexaspx

38 ORDER REGARDING SECTION 103(a)(3)(B) OF THE SARBANES-OXLEY ACT OF 2002 httpwwwsecgovrulesother33-8222htm

39 ldquoPublic Company Accounting Oversightrdquo Board inspections httpwwwpcaobusorgInspectionsindexaspx Section 104 of the Sarbanes-Oxley Act of 2002 requires the Board (PCAOB) to conduct a continuing program of inspections of registered public accounting firms In those inspections the Board assesses compliance with the Act the rules of the Board the rules of the Securities and Exchange Commission and professional standards in connection with the firmrsquos performance of audits issuance of audit reports and related matters involving issuers The Act requires the Board to conduct those inspections annually for firms that provide audit reports for more than 100 issuers and at least triennially for firms that provide audit reports for fewer issuers

40 Credit Crisis mdash The Essentials New York Times Saturday October 11 2008 httptopicsnytimescomtopreferencetimestopicssubjectsccredit_crisisindexhtml

41 ldquoSEC Concedes Oversight Flaws Fueled Collapserdquo New York Times September 27 2008 httpwwwnytimescom20080927business27sechtml

42 ldquoManagement-Based Regulation Prescribing Private Management to Achieve Public Goalsrdquo Cary Coglianese David Lazer Law amp Society Review Vol 37 No 4 (Dec 2003) pp 691-730 and this paperrsquos section on the RMP regulation for a discussion of the similarities between Management-Based Regulation and self-regulatory based regulation

43 Federal Register Vol 69 No 110 page 31927 060804 ldquoOSHA regulates mechanical power pressesrdquo at 29 CFR 1910217 OSHA adopted this standard in 1971and it is based on the 1971 revision of the ANSI voluntary consensus standard (ANSI B111) lsquolsquoSafety Requirements for Construction Care and Use of Mechanical Power Pressesrsquorsquo httpedocketaccessgpogov2004pdf04-12931pdf

44 CURRENT INTELLIGENCE BULLETIN 49 ldquoINJURIES and AMPUTATIONS RESULTING FROM WORK WITH MECHANICAL POWER PRESSES May 22 1987 httpwwwcdcgovNIOSH87107_49htmlConclusions

45 ldquoPresence Sensing device Initiation of Mechanical Power Pressesrdquo Fed Reg Vol 53 No 49 03141988 httpaei-brookingsorgadminauthorpdfsredirect-safelyphpfname=pdffilesphpxTpdf

46 See the UK HSE discussion of ALARP and related terms at httpwwwhsegovukrisktheoryalarpglancehtm

47 Notice of a Regulatory Flexibility Act Review of Presence Sensing Device Initiation of Mechanical Power Presses ndash Std Number 1910217 Federal Register 6755181-55183 08282002 httpwwwoshagovplsoshawebowadispshow_documentp_id=17381ampp_table=FEDERAL_REGISTER

48 OSHA Directorate of Evaluation and Analysis Regulatory Review of OSHArsquos Presence Sensing Device Initiation (PSDI) Standard [29 CFR 1910217(h)] Washington DC May 2004 httpwwwoshagovdealookbackpsdi_final2004htmlsummary

49 ldquoNotice of Availability of the Regulatory Flexibility Act Review of Presence Sensing Device Initiation for Mechanical Power Pressesrdquo Federal Register Vol 69 No 110 Tuesday June 8 2004 Page 31927 httpedocketaccessgpogov2004pdf04-12931pdf

50 Wayne Gronstein Interlake Stamping Dennis Ebens president Rockford Systems James Barrett Link James Kirton ISBLite William Gaskin Precision Metalforming Association

51 Advance notice of proposed rulemaking Power Presses Federal Register Vol 72 No 106 page 30729 June 4 2007 httpedocketaccessgpogov2007pdfE7-10655pdf

52 ldquoAccident Epidemiology and the RMP Rule Learning from a Decade of Accident History Data for the US Chemical Industry December 20 2007rdquo APPENDIX 1 TABLE 1A1 Some Major ldquoWatershedrdquo Accidents httpopimwhartonupennedurisklibrary2007_EPA-Wharton_RMPRulepdf

63

53 Federal Register Vol 61 No 120 Thursday June 20 1996 Rules and Regulations 40 CFR Part 68 Accidental

Release Prevention Requirements Risk Management Programs Under the Clean Air Act Section 112(r)(7) httpwwwepagovfedrgstrEPA-AIR1996JuneDay-20pr-23439pdf

54 OSHA PSM Rule ldquoProcess Safety Management of Highly Hazardous Chemicals Explosives and Blasting Agentsrdquo 19100119 19200109 Final Rules Federal Register Vol 57 page 6356 02241992

55 ldquoAll You Ever Wanted to Know about 112(r) and more rdquo US EPA Region 4 httpwwwgasmallbizorgrmp-bookpdf

56 SUMMARY OF PROGRAM 3 PREVENTION PROGRAM (40 CFR PART 68 SUBPART D) httpwwwepagovosweroe1docschemChap-07-finalpdf

57 ldquoManagement-Based Regulation Prescribing Private Management to Achieve Public Goalsrdquo Cary Coglianese David Lazer Law amp Society Review Vol 37 No 4 (Dec 2003) pp 691-730

58 Braithwaite John (1982) Enforced Self Regulation A New Strategy for Corporate Crime Control 80 Michigan Laul Rpu 1466-507

59 Bardach Eugene amp Robert Kagan (1982) Going by the Book The Problem of Regulatory Unreasonableness Philadelphia Temple Univ Press

60 Rees Joseph V (1988) Reforming the Workplace A Study of Self-Regulation in Occupational Safety Philadelphia Univ of Pennsylvania Press

61 Orts Eric (1995) Reflexive Environmental Law 89 Northwestern Univ Law Rev 1227-90

62 Gunningham Neil amp Peter Grabosky (1998) Smart Regulation Designing Environmental Policy New York Oxford Univ Press

63 Gunningham Neil (1996) From Compliance to Best Practice in OHS The Role of Specification Performance and Systems-Based Standards 9 Australian J of Labor Law 221-46

64 Gunningham Neil amp Richard Johnstone (1999) Regulatizng Workplace Safety Systems and Sanctions Oxford Oxford Univ Press

65 EPA General Risk Management Program Guidance Introduction FLEXIBLE NATURE OF REQUIREMENTS page iv Introduction (PDF)

66 See the following examples taken from

ldquoThe Role of Community in the Implementation of the EPA Rule on Risk Management Programs for Chemical Accidental Release Preventionrdquo Isadore Rosenthal Patrick J McNulty and Lyse D Helsing Risk Analysis Volume 18 Issue 2 Pages 171 ndash 179 1998 httpopimwhartonupenneduriskdownloadsarchivearch200pdf

ldquoSection 332 of the paper contains the following paragraph

ldquo332 Vagaries of the Rule with regard to Programs and Plans

Getting agreement between individuals on what constitutes good faith implementation of the management system elements of the rule depends on having shared definition of terms such as expertise and timeliness These terms are not defined and in fact are difficult to define operationallyrdquo

The paper then cites specific examples of undefined terms in dome of the sections of the published RMP Rule that provide the basis for this summary statement

6867 (b) ldquoan appropriate equivalent methodologyrdquo

6867 (d) ldquospecificrdquo acceptable ldquoexpertiserdquo ldquoexperiencerdquo and ldquoknowledgerdquo

6867 (e) ldquopromptrdquo ldquotimelyrdquo ldquoas soon as possiblerdquo

67 History of CCPS httpwwwaicheorgCCPSAboutHistoryaspx

68 Howard Kunreuther Patrick McNulty and Yong Kang ldquoImproving Environmental Safety Through Third Party Inspectionrdquo Risk Analysis 22 309-18 2002

69 ldquoThe Black Swan The Impact of the Highly Improbablerdquo First Chapter Nassim Nicholas Taleb New York Times April 22 2007 httpwwwnytimescom20070422bookschapters0422-1st-talehtml_r=1amporef=sloginamppagewanted=print

ldquoBefore the discovery of Australia people in the old world were convinced that all swans were white an unassailable belief as it seemed completely confirmed by empirical evidence The sighting of the first black swan might have been an interesting surprise for a few ornithologists (and others extremely concerned with the coloring of birds) but that is not where the significance of the story lies It illustrates a severe limitation to our learning from observations or experience and the fragility of our knowledge One single observation can invalidate a general statement derived from millennia of confirmatory sightings of millions of white swans All you need is one single (and I am told quite ugly) black birdldquo

64

70 Decision Processes for Low Probability Events Policy Implications Camerer C and H Kunreuther Journal of Policy

Analysis and Management Vol 8 No 4 565-598 1990 John Wiley and Sons Inc

71 ldquoThe Wharton Risk Management and Decision Processes Center is a nexus of people and projects devoted to furthering the practical understanding of how to manage situations of risk involving health safety and the environment in both the private and public sectors of our society For over twenty years the Center has been at the forefront of research into the management of low-probabilityhigh-consequence events In addition to working on programs of basic and applied research Risk Center faculty serve on national and international advisory committees with partnerships in government academia industry and NGOsrdquo httpopimwhartonupennedurisk

72 httpwwwepagovhistoryorgresourcesbudgethtm ldquoEPAs budget and workforce 1970-2003rdquo

73 RISK MANAGEMENT PLAN (RMP) AUDIT PROGRAM What Is EPArsquos Third-Party Audit Program httpwwwepagovOEMdocschemauditfactsheetpdf

74 For more details on the Delaware pilot study see McNulty PJ Barrish RA Antoff RC amp Schaller LC (1999) Evaluating the use of third parties to measure process safety management in small firms 1999 Annual Symposium Mary Kay OrsquoConnor Process s Safety Center Texas AampM University October 26 Details on the Pennsylvania pilot study can be found in US Environmental Protection Agency (2001) ldquoThird Party Audit Pilot Project in the Commonwealth of Pennsylvania Final Reportrdquo US EPA Region III Philadelphia PA February

75 The insurance industry as a qualified third-party auditor Larry Collins James C Belke Marc Halpern Ruth A Katz Howard C Kunreuther and Patrick J McNulty Professional Safety pages 31-38 April 2002

76 ldquoThird Party Audit Pilot Project in the State of Delaware Final Reportrdquo New Castle DE Dept of Environmental Resources and Environmental Control Div Div of Air and Waste Management June 6 2000 httpopimwhartonupennedurisklibrary2000_RABRAJB_3rdPartyAudit_Delawarepd

77 ldquoThe Case for Voluntary Third Party Risk Management Program Auditsrdquo James Belke United States Environmental Protection Agency Emergency Preparedness and Prevention Office 5th Bi-Annual Process Plant Safety Symposium April22-26 2001 httpopimwhartonupennedurisklibrary2001_JCB_3rdPartyAuditspdf

78 ldquoReshaping process safety regulationsrdquo Chemical Engineering Progress httpfindarticlescomparticlesmi_qa5350is_200203ai_n21313452printtag=artBodycol1

79 Federal Register Vol 66 No 232 Monday December 3 2001 Unified Agenda Page 62281 3412 ACCIDENTAL RELEASE PREVENTION REQUIREMENTS RISK MANAGEMENT PROGRAMS UNDER THE CLEAN AIR ACT SECTION 112(R)(7) THIRD PARTY AUDITPROVISIONS Priority Other httpwwwepagovEPA-GENERAL2001DecemberDay-03g26705pdf

80 Accidental Release Prevention Requirements Risk Management Program Requirements Under Clean Air Act Section 112(r)(7) Amendments to the Submission Schedule and Data Requirements [Federal Register April 9 2004 (Volume 69 Number 69)][Rules and Regulations][8819-18832]

ldquoThe Agency is therefore clarifying that the (initial ) Rules 5 year update provision requires that RMP Plans initially due on June 21 1999 be updated by June 21 2004 not before Early filers that received an EPA letter acknowledging receipt and indicating an update deadline prior to June 21 2004 should disregard that date which was calculated without consideration of potential early filings and instead submit their 5 year update by June 21 2004rdquo

81 Accidental Release Prevention Requirements Risk Management Program Requirements Under Clean Air Act Section 112(r)(7) Amendments to the Submission Schedule and Data Requirements [Federal Register April 9 2004 (Volume 69 Number 69)][Rules and Regulations][Page 18819-18832]

ldquoThe Agency is therefore clarifying that the (initial) Rules 5 year update provision requires that RMP Plans initially due on June 21 1999 be updated by June 21 2004 not before Early filers that received an EPA letter acknowledging receipt and indicating an update deadline prior to June 21 2004 should disregard that date which was calculated without consideration of potential early filings and instead submit their 5 year update by June 21 2004rdquo

82 Accident Epidemiology and the RMP Rule Learning from a Decade of Accident History Data for the US Chemical Industry December 18 2007 httpopimwhartonupennedurisklibrary2007_EPA-Wharton_RMPRulepdf

83 Lessons Learned from Chemical Accidents and Incidents 21 - 23 September 2004 Karlskoga Sweden httpopimwhartonupenneduriskdownloadsFinal2020Fnl20DD20Sweden20WS20August206202004pdf

84 ldquoDont Let History Repeat Itselfrdquo Murphy J F CHEMICAL ENGINEERING PROGRESS VOL 103 NUMB 8 pages 33-40 2007

85 ldquoChemical Safety Board Completed Investigationsrdquo httpwwwcsbgovindexcfmfolder=completed_investigationsamppage=index

86 Food Safety and Inspection Service httpwwwfsisusdagov

65

87 USDA Food Safety amp Inspection service (FSIS) Slaughter Inspection

httpwwwfsisusdagovFact_SheetsSlaughter_Inspection_101indexasp

88 Title 9 CHAPTER III--FOOD SAFETY AND INSPECTION SERVICE DEPARTMENT OF AGRICULTURE in PART 416mdashSANITATION httpwwwaccessgpogovnaracfrwaisidx_019cfr416_01htm

89 Title 9 CHAPTER III--FOOD SAFETY AND INSPECTION SERVICE DEPARTMENT OF AGRICULTURE in PART 417--HAZARD ANALYSIS AND CRITICAL CONTROL POINT (HACCP) SYSTEMS httpwwwaccessgpogovnaracfrwaisidx_019cfr417_01html

90 Every activity or product is associated with some probability of undesired consequences and therefore is not absolutely lsquosafersquo Presumably when a society adopts a regulation that deals with activities that have a potential for harm (are hazardous) it implicitly evaluates the likelihood of harm and judges that it is not at an unacceptable level

91 Elise Golan Barry Krissoff Fred Kuchler Kenneth Nelson Gregory Price and Linda Calvin (2004) Traceability in the US Food Supply Economic Theory and Industry Studies Agricultural Economics Report Number 830 Economic Research Service USDA

92 A Economics of Food Labeling Elise Golan Fred Kuchler Lorraine Mitchell Cathy Greene and Amber Jessup Agricultural Economic Report No (AER793) 52 pp January 2001

B Traceability in the US Food Supply Economic Theory and Industry Elise Golan Barry Krissoff Fred Kuchler Linda Calvin and Kenneth Nelson are economists at the Economic Research Service USDA

C Food Safety Innovation in the United States Number 831 Food Safety Innovation in the United States Evidence from the Meat Industry Food Safety Innovation in the United States AER-831

D Tracing the Costs and Benefits of Improvements in Food Safety The Case of the Hazard Analysis and Critical Control Point Program for Meat and Poultry By Elise H Golan Stephen J Vogel Paul D Frenzen and Katherine L Ralston Economic Report No 791httpwwwersusdagovpublicationsaer791aer791fmpdf

E Nutrition Labeling in the Food-Away-From-Home Sector An Economic Golan E F Kuchler and L Mitchell Economics of Food Labeling Agricultural Economic Report No 793 US Department of Agriculture

F Assigning Values to LIfe Comparing Methods for Valuing Health By Fred Kuchler and Elise Golan Food and Rural Economics Division Economic Research Service USDA Ag Economics Rpt 784

G International Trade and Food Safety Economic Theory and Case Studies Golan E B Krissoff and F Kuchler ldquoTraceability for Food Marketing and Food Safety Whatrsquos the Next Steprdquo Agricultural Outlook 288 US Dept

H ldquoResolving Trade Disputes Arising from Trends in Food Safety Regulation AIB-789-3rdquo Donna Roberts and Laurian Unnevehr httpwwwersusdagovpublicationsAIB789AIB789-3aib789-3pdf

I ldquoProduct Liability and Microbial Foodborne Illnessrdquo Buzby Jean C Paul D Frenzen and Barbara Rasco 2001 USDA ERS Agricultural Economic Report No 799 httpwwwersusdagovPublicationsAER799

J ldquoManaging for Safer Food The Economics of Sanitation and Process Controls in Meat and Poultry Plantsrdquo Ollinger Michael amp Valerie Mueller AER-817 USDAERS httpwwwersusdagovpublicationsaer817aer817fmpdf

93 rdquoEnhancing Traceability of Foodsrdquo Statement by Dr David Acheson FRCP Associate Commissioner on Foods FDA before House Committee on Energy and Commerce Subcommittee on Oversight and Investigations July 31 2008 httpwwwhhsgovasltestify200807t20080731ahtml

94 Private Sector Approaches to Secure Traceability Transparency and Quality Assurance in Food Chainsrdquo Helen H Jensen and Dermot J Hayes Iowa State University May 30 2006 httpwwwilr1uni-bonndeiatrciatrc_programSession204Jensen_Hayespdf

95 ldquoThe Economics of Implementing Traceability in Beef Supply Chains Trends in Major Producing and Trading Countriesrdquo Diogo M Souza-Monteiro and Julie A Caswell Department of Resource Economics Paper No 2004-6 httppeopleumasseduresecworkingpapersdocumentsresecworkingpaper2004-6pdf

96 ldquoEconomics of Implementing Traceability in Beef Supply Chains Trends in Major Producing and Trading Countriesrdquo Diogo M Souza-Monteiro and Julie A Caswell Department of Resource Economics Working Paper No 2004-6 httppeopleumasseduresecworkingpapersdocumentsresecworkingpaper2004-6pdf

97 Title 9 CHAPTER III--FOOD SAFETY AND INSPECTION SERVICE PART 417--HAZARD ANALYSIS AND CRITICAL

CONTROL POINT (HACCP) SYSTEMS httpwwwaccessgpogovnaracfrwaisidx_019cfr417_01html

98 Food Safety and Inspection Service USDA Key Facts HACCP Final Rule Revised January 1998 httpwwwfsisusdagovOAbackgroundkeyhaccphtm

99 ldquoScript Designing a HACCP Plan ndash Part 5rdquo httpwwwfsisusdagovNews_amp_EventsScript_Designing_HACCP_Plan_Part5indexasp

66



101 ldquoReducing Risk with Management-Based Regulationrdquo Cary Coglianese httpwwwldeocolumbiaeduchrrdocumentsmeetingsroundtablepdfnotescoglianese_cary_notepdf

102 Opportunities for the Co-regulation of Food Safety Insights from the United Kingdom by Andrew Fearne and Marian Garcia httpwwwchoicesmagazineorg2005-2safety2005-2-04htm

103 Audit Report ldquoIssues Impacting the Development of Risk-Based Inspection at Meat and Poultry Processing Establishmentsrdquo No 24601-07-Hy December 2007 httpwwwusdagovoigwebdocs24601-07-HYpdf

104 ldquoFederal Meat Inspectors Spread Thin as Recalls Rise ldquoOMB Watch 03042008 httpwwwombwatchorgarticlearticleview4183185TopicID=2

105 Graph 5 is taken from ldquoFederal Meat Inspectors Spread Thin as Recalls Rise ldquoOMB Watch 03042008 httpwwwombwatchorgarticlearticleview4183185TopicID=2

106 The hang-up with HACCP the resistance to translating science into food safety law Fortin ND Food Drug Law J 200358(4)565-93 httppapersssrncomsol3paperscfmabstract_id=785916

107 A series of Wharton papers have discussed aspects of the role of insurance company inspections in regard to boiler regulations and examined whether insurance companies should be considered for a similar third party auditor role in a number of other areas

a) ldquoUtilizing Third-Party Inspections for Preventing Major Chemical Accidents Er JP Kunreuther H amp Rosenthal I Risk Analysis 18145-154 1998

b) ldquoEvaluating the Use of third parties to Measure Process Safety Management in Small Firmsrdquo McNulty Patrick J Robert A Barrish Richard C Antoff and Leon C Schaller 1999 Annual Symposium Mary Kay OrsquoConnor Process s Safety Center Texas AampM University October 26 1999

c) ldquoThird party Inspection as an Alternative to Command and Control Regulationrdquo Kunreuther HowardC McNulty Patrick J Kang Y Risk Analysis Volume 22 Number 2 April 2002 pp 309-318(10)

d) ldquoManaging environmental risk through insurancerdquo Paul K Freeman and Howard Kunreuther Chapter 4 pp 159-189 FolmerTietenberg (eds) Edward Elgar Publishing Ltd httpopimwhartonupenneduriskdownloads03-07-HKpdf

e) The Insurance Industry as a Qualified Third-Party Auditorrdquo L Collins JC Belke M Halpern RA Katz HC Kunreuther and PJ McNulty Apr 31-42 Professional Safety 53 pp 31-42 April 2002

f) ldquoMarket Based Environmental Audits and Environmental Risks Implementing ISO 14000rdquo Paul R Kleindorfer The Geneva Papers on Risk and Insurance 22 (No 83 April1997) 194-210

g) Risk-Based Pricing and Risk-Reducing Effort Does the Private Insurance Market Reduce Environmental Accidentsrdquo Haitao Yin Howard Kunreuther Matthew W White Wharton Risk Management and Decision Processes Center January 2008 httpopimwhartonupennedurisklibraryWP2008-01-31_HYHKMW_Risk-Basedpdf

h) ldquoA Firm Can Only Go Bankrupt Once Risk Management Strategies in an Uncertain Worldrdquo Howard Kunreuther Geoffrey Heal 2002 Wharton Risk Management and Decision Processes Center httpopimwhartonupenneduriskpapersearchphp

i) Insurability and Environmental Risks Kunreuther amp Freeman httpopimwhartonupenneduriskdownloadsarchivearch195pdf

j) ldquoPrivate Inspections and Mandatory Insurance for Managing Safety and Environmental Risks Howard Kunreuther Shelley Metzenbaum Peter Schmeidler Chapter 6 Leveraging the Private Sector management-based strategies for improving environmental performance Cary Coglianese Jennifer Nash Resources for the Future copy2006

These papers can also be accessed at httpopimwhartonupenneduriskpapersphp

108 ldquoA model Financial Statement Insurance Actrdquo Lawrence A Cunningham Connecticut insurance Law Journal Vol 11 2004

109 THE POTENTIAL FOR RECALL INSURANCE TO IMPROVE FOOD SAFETY Skees Jerry RBotts Aleta Zeuli Kimberly A Vol 4 2001 pp 99 ndash 111

110 Product Liability Insurance and the Private Regulation of Food Safety Tetty Havinga (Working Paper Institute for Sociology of Law Radboud University Nijmegen (An earlier version of this paper was presented at the 2007 International Conference lsquoLaw and Society in the 21st Centuryrsquo Berlin July 25-28 October 2007) Page 4

ldquoProduct liability law is thought to have potential impact on how food firms manage food safety and food hygiene This could theoretically work in three ways (see fig 3)

67

1 The influence of product liability on business risk management may be indirect through litigation Claims from

injured consumers or damaged business relations may influence preferences and costs of firms inducing businesses to assure food safety to prevent liability claims The threat of lawsuits serves as a stimulus to the industry to improve practices This is a special effect of liability law

2 A second indirect route is through insurance Firms may cover the risks of a liability claim by insuring this risk Insurance companies may induce food safety controls (through the terms of insurance policy or by calibrating premiums according to the level of precautions taken) However insurance could also limit the economic incentives for firms to produce safe food by taking over the financial risk The impact of insurance companies can be either a special or a general effect of liability law (ie related to a particular claim or not)

3 Finally liability law may influence business management strategies directly inducing businesses to assure food safety We could call this the general effect of product liability law I will shortly discuss each of these three possible influences of product liability law on food safety measures by food industryrdquo

111 ldquoPublic and Private Incentives to Adopt Enhanced Food Safety Controlsrdquo Spencer Henson July 2008 In FERG Working Paper No 31 International Food Economy Research Group httpwwwinfergcaworkingpapersWP_31pdf

112 ldquoJACK IN THE BOX Fostering Food Safety Through Great Partneringrdquo Julie Larson Bricher FOOD SAFETY MAGAZINE JUNEJULY 2007 httpwwwjackintheboxcomaboutourcopdfsFSM6707CaseStudypdf

113 McDonaldrsquos Corporation httpwwwmcdonaldscomcorpvaluespurchasingfood_safetyhtml ldquoWe have established special safeguards to ensure the continuing safety of our beef supplies An International Scientific Advisory Council of independent experts keeps us abreast of the latest research We have also established special standards and guidance to protect our poultry supply chain from avian influenza Companies that supply food products to the McDonalds System must have a number of food safety programs in place They include among others programs for sanitation pest control and microbiological control and a hazard analysis critical control point (HACCP) plan and program HACCP is widely recognized worldwide as an effective method of preventing food-borne illnesses Additional requirements must be met for each food product we want to purchase These include specific attributes related to food safetymdashfor example acceptable temperature ranges for materials received and products delivered to distribution centers The supplier must demonstrate that the product has been evaluated to ensure that potential hazards have been systematically identified and addressed through effective critical control point managementrdquo

114 ldquoThe Effect of Information on Product Quality Evidence from Restaurant Hygiene Grade Cardsrdquo Ginger Zhe Jin and Phillip Leslie Quarterly Journal of Economics 89615-641 2003

115 Food Protection Plan An integrated strategy for protecting the nations food supply November 2007 httpwwwfdagovocinitiativesadvancefoodplanhtmlchanges

116 ldquoPrivate Inspections and Mandatory Insurance for Managing Safety and Environmental Risks Howard Kunreuther Shelley Metzenbaum Peter Schmeidler Chapter 6 Leveraging the Private Sector management-based strategies for improving environmental performance Cary Coglianese Jennifer Nash Resources for the Future 2006

117 Mandatory Third Party Insurance God the Devil and the Details (April 22 2005) Hugo A Acciarri and Andrea Castellano Berkeley Program in Law amp Economics Latin American and Caribbean Law and Economics Association (ALACDE) Annual Papers Paper 9 httprepositoriescdliborgbplealacde9

118 Summary of Sarbane-Oxley Law Congressional Research Service of the Library of Congress httpopimwhartonupenneduriskdownloadsarchivearch124pdf

Division of Labor and Industry Safety Inspection

Boiler and Pressure Vessel Safety

Manufacturers declaration of conformity


13 Source The Complete Guide to the CQA by Stephen Baysinger

SECOND PARTY (EXTERNAL) AUDIT

THIRD PARTY AUDIT

CITATION AND REPRODUCTION

This document appears as Working Paper of the Wharton Risk Management and Decision Processes Center The Wharton School of the University of Pennsylvania Comments are welcome and may be directed to the authors This paper may be cited as Isadore Rosenthal and Howard Kunreuther ldquoThe Roles of Third Parties in Regard to the Integrity of Process Management Systems Lessons pertinent to food safetyrdquo Risk Management and Decision Processes Center The Wharton School of the University of Pennsylvania December 2008 The views expressed in this paper are those of the authors and publication does not imply their endorsement by the Wharton Risk Center and the University of Pennsylvania This paper may be reproduced for personal and classroom use Any other reproduction is not permitted without written permission of the authors

THE WHARTON RISK MANAGEMENT AND DECISION PROCESSES CENTER Since its creation 25 years ago the mission of the Wharton Risk Management and

Decision Processes Center has been to carry out a program of basic and applied research to promote effective corporate and public policies for low-probability events with potentially catastrophic consequences The Risk Center has focused on natural and technological hazards through the integration of risk assessment risk perception and risk financing with risk management strategies After 911 research activities extended also to national and international security issues (eg terrorism risk insurance markets protection of critical infrastructure global security)

Building on the disciplines of economics decision sciences finance insurance marketing and psychology the Centers research program has been oriented around descriptive and prescriptive analyses Descriptive research focuses on how individuals and organizations interact and make decisions regarding the management of risk under existing institutional arrangements Prescriptive analyses propose ways that individuals and organizations both private and governmental can make better decisions regarding risk The Center supports and undertakes field and experimental studies of risk and uncertainty to better understand the linkage between descriptive and prescriptive approaches under various regulatory and market conditions Risk Center research investigates the effectiveness of strategies such as risk communication information sharing incentive systems insurance and regulation

The Center is also concerned with training decision makers and actively engaging multiple viewpoints including the expertise of top-level representatives in the world from industry government international organizations interest groups and academics through its research and policy publications and through sponsored seminars roundtables and forums

More information is available at httpopimwhartonupennedurisk



Isadore Rosenthal



Table of Contents

1) Introduction 1













1



Isadore Rosenthal





vii

The paper examines


viii









2








3

Inspectionix









4




4







5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT



Isadore Rosenthal



Table of Contents

1) Introduction 1













1



Isadore Rosenthal





vii

The paper examines


viii









2








3

Inspectionix









4




4







5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62



















49 ldquoNotice of Availability of the Regulatory Flexibility Act Review of Presence Sensing Device Initiation for Mechanical Power Pressesrdquo Federal Register Vol 69 No 110 Tuesday June 8 2004 1927 httpedocketaccessgpogov2004pdf04-12931pdf




63




























64





















65

























66

























67



















THIRD PARTY AUDIT

1



Isadore Rosenthal





vii

The paper examines


viii









2








3

Inspectionix









4




4







5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66























110 Product Liability Insurance and the Private Regulation of Food Safety Tetty Havinga (Working Paper Institute for Sociology of Law Radboud University Nijmegen (An earlier version of this paper was presented at the 2007 International Conference lsquoLaw and Society in the 21st Centuryrsquo Berlin July 25-28 October 2007)


67



















THIRD PARTY AUDIT

2








3

Inspectionix









4




4







5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT

3

Inspectionix









4




4







5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64











79 Federal Register Vol 66 No 232 Monday December 3 2001 Unified Agenda 2281 3412 ACCIDENTAL RELEASE PREVENTION REQUIREMENTS RISK MANAGEMENT PROGRAMS UNDER THE CLEAN AIR ACT SECTION 112(R)(7) THIRD PARTY AUDITPROVISIONS Priority Other httpwwwepagovEPA-GENERAL2001DecemberDay-03g26705pdf










65

























66

























67



















THIRD PARTY AUDIT

4




4







5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61










18 Federal Register Vol 70 No 236 3344 Friday December 9 2005 Rules and Regulations














62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT

5

Inspection fees









6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT

6










7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT

7







8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT

8












9


Publicly







10




11






12












13


Observations








39 thatxiv







14










15











16







17









18








Observations


19










20

















events



21







22




23





24





25










26












27






28






29


Observations










30








31


Traceability










32










33





104



Figure 2 105

34

Observations








35




xviii

notes






36




xxi















37







38



39








40








117

41

Appendix 1


42

Appendix 2



43




44





45



46







47



(ISMS)




48





49




50




Company




April 2002






July 2002


SEC DOJ




SEC DOJ




July 2002


SEC




May 2002




No comment

51

Company




July 2002






May 2002






May 2002






October 2001




No comment


February 2002




No comment

52



Comment


May 2002


SEC




January 2002


SEC


No comment


January 2002






July 2002


None




July 2002


SEC




July 2002


None




May 2002





53

Company



Comment


February 2002






May 2002


SEC CFTC




May 2002






March 2002






June 2000


SEC




54











55











56











57









58









59









60

Endnotes























61
























62























63




























64





















65

























66

























67



















THIRD PARTY AUDIT

2007 ASME Boiler and Pressure Vessel Code - Operations and

Documents

Transcript of 2007 ASME Boiler and Pressure Vessel Code - Operations and