In Re: Air Crash at Lexington, 2008 U.S. Dist. LEXIS 3864 – Courts and litigants continue to grapple with the discoverability of materials and communications prepared in the course of internal audits. Three principal devices may provide a basis for withholding internal audit materials from disclosure to third parties: the self-critical analysis privilege; the attorney-client privilege; and the work product doctrine. Each has real limitations in the internal audit context. Successful claims of confidentiality using these three devices often depend largely on the nature of the relationship and cooperation between internal audit and law departments.

The court in In Re: Air Crash at Lexington evaluated a claim by the defendant carrier, Comair, that its Aviation Safety Action Program (“ASAP”) reports were privileged from disclosure in discovery. ASAP reports result from a carrier’s voluntary participation in an FAA program that permits self-reporting of safetyrelated incidents. Plaintiffs sought disclosure of certain ASAP reports and served a corporate representative deposition notice for testimony from Comair on the content of the reports. The court rejected Comair’s claim that Congressional intent was that ASAP reports were not discoverable. It also refused to apply the self-critical analysis privilege to the reports, noting that applicable law (Kentucky) had not adopted the self-critical, or self-evaluative, privilege. Nor was such a privilege available under federal common law, which restricted the self-critical analysis privilege to reports prepared solely for internal review purposes. ASAP reports, by contrast, were intended to be disclosed externally.

In Re: Air Crash at Lexington highlights the exceptionally narrow circumstances in which internal audit materials, prepared independently of the corporate law department, can be protected from disclosure in litigation. Only with early and consistent cooperation between internal audit and legal departments is there any genuine opportunity to maintain the confidentiality of internal audit materials, and even then the bases for privilege protection are elusive. Companies should establish policies that encourage communication between internal audit and legal departments with the objective of positioning sensitive communications for legitimate privilege protection.