Unfortunately if there were such audits, I can practically guarantee that it would end up being bottom-dollar devs employed through unions or insider dealings. And the larger companies like equifax would likely have a deal allowing them to self audit to some extent.
See: Boeing, iso certifications, building inspectors, health inspectors, any large civil engineering or aero firm, etc.
To be clear, I do agree that it is absolutely needed in the US. I just have no idea how you could implement it. Culturally the US seems to think that asking forgiveness and looser regulation for businesses is the right direction.
Not accusing you of this, strictly speaking, but I see this as just more of the "if you regulate, they'll just do X, so don't bother" defeatism that is used all the time to argue against regulation, taxation, or any sort of policing of the rich and powerful. We have numerous examples of regulations actually working as designed. Notable failures (e.g. the IRS, the financial industry in the 2000s) are due in large part to persistent under-funding by Congress, rather than any inherent impossibility.
Yes, it always comes down to funding. But the major anti regulation party has also been staunchly anti tech regulation for a long time (link below), and even when the major tech companies tried to throw their weight around they lost (see Google et al vs fcc during the repeal of net neutrality). This can also be seen with the recent public appearances of govt harassment/scapegoating of facebook, which looks like "hey, we'd like you to change your rules" while simultaneously not regulating them. I think the first step needs to be a bit of a cultural shift towards regulation again before it will be effective (see epa push after the Ohio River caught fire). I don't mean to say "don't regulate, it's pointless", I mean to say "set it up from the top down, don't try to piggyback data regulation onto a framework that wasn't designed for it".
I was shocked (shocked!) to learn that the "municipal" inspector of works was a private individual, who was paid directly by the building company. Not by me - by the company that was supposedly being monitored. I didn't even have his name and address.
Wow, I always thought the UK was more focused on govt oversight than the US. Here in the US, building inspections have to be organized through government/municipal agencies. Whether they are subcontracted out is related to the size of the city/county but I know in at least 2 medium-large cities (250k-500k people) they have dedicated building inspectors on the payroll as govt employees.
Edit: Of course it would be irresponsible to say that they were consistent. Each inspector has their own ideas of "that should really be 2x12, not 2x10", or "that stairway is too steep", or "that should look more like the other houses", etc. But I do see value in forcing everyone facing a semi consistent set of rules.
See: Boeing, iso certifications, building inspectors, health inspectors, any large civil engineering or aero firm, etc.
To be clear, I do agree that it is absolutely needed in the US. I just have no idea how you could implement it. Culturally the US seems to think that asking forgiveness and looser regulation for businesses is the right direction.