1st, 2nd & 3rd Party Audit
Introduction to Auditing
Around the middle of April each year there is one word that no one wants to hear. The word is Audit. When you mention auditing many people’s minds automatically go to the infamous IRS audit. In the business and financial sectors, the word audit refers to a systematic review of financial records or practices. However, the term auditing can include any examination or systematic review conducted to ensure a product or process is compliant with a particular standard. In reality, audits can fall into several different categories each with a specific purpose. The various audit categories may include:
- Product Audits are concentrated on inspection of the finished product to ensure it meets all internal and customer requirements
- Process Audits are generally a review of one or more processes to assess compliance to procedures, standard work, and any process specifications or controls
- Compliance Audits usually involve extensive reviews of a company’s systems or products to any applicable regulatory requirements
- Conformance Audits are comprehensive audits to define system requirements
- These are often performed by a 3rd party auditor employed by a certification body or registrar
Regardless of which category or type of audit is being performed, they all follow a similar process. Most audit methods are comprised of four main phases:
- The Preparation Phase – includes all activities completed in advance of the audit including the initial decision to perform an audit
- Execution or Performance Phase – consisting of the performance of the actual audit
- This can include data gathering, gaining an understanding of the process, reviewing the process controls, and verifying that the controls are effective
- Reporting Phase – the audit report is the tool by which the auditor’s findings are shared and discussed
- The report should be impartial, informative, and useful to management
- The report often includes a list of requests to correct nonconformities discovered during the audit
- Corrective action is usually required to resolve any issues discovered during the audit
- Follow-up or Closure Phase – If any non-conformities are discovered there is usually a set time for applying any corrective actions
- The follow-up audit is performed to confirm correction of any non-conformity
- The audit is completed when all the audit activities have been completed to the satisfaction of all parties concerned
There are also three main types of audits: 1st Party (internal), 2nd Party (consultant), and 3rd Party. Audits can be performed on manufacturing processes, quality systems, business systems, office practices, or products. The primary goal of any audit is to assure that the process or product being audited meets a set of requirements or standards. Auditing can be an effective tool to monitor products or processes for quality or compliance. In addition, a well-structured and executed 1st party audit process can drive continuous improvement or internal processes and products. In the same manner, an effective 2nd party audit system can help drive improved supplier performance or contribute to the initial selection of high-quality suppliers and avert possible future quality or delivery problems.
1st Party Audits (Internal)
First Party Audits are commonly referred to as “Internal Audits”. The 1st Party Audit is typically conducted on a process or set of processes to ensure they meet the organization’s internal requirements or standards. Internal audits are also useful in evaluating the effectiveness of an organization’s Quality Management System (QMS) and to measure adherence to that system. They are most often performed by auditors employed within the organization that does not have direct responsibility for the process being audited. If the audit is being performed by the person or persons directly responsible for the process, it is referred to as a “self-assessment”.
It is not uncommon for a self-assessment to occur in preparation for an audit. The internal audit may also be performed in conjunction with a consultant or other party hired by the company. It is important to note that this person must be acting on behalf of the company and not any external certification agency or registrar. Internal audits should be more in-depth than other types of audits. This is especially important if they are in preparation for an external or compliance audit. An in-depth internal audit is an effective tool for discovering any problem areas or identifying continuous improvement opportunities.
Please visit our 1st Party Auditing (Internal) page for additional information!
2nd Party Audits (Consultant)
Second Party Audits are often referred to as external audits, supplier audits or assessments. A 2nd Party Audit is performed at the supplier’s facility by a consultant, customer or potential customer. The audit can also be performed by a representative of the customer. The results of a second party audit often affect purchasing decisions. They are usually more formal, structured and often are more thorough than first party, or internal, audits. If the audit involves an already established supplier there may be a contract in place. The audit may then be subject to contract law.
During the audit process, an organization or business may audit their suppliers on various aspects ranging from an inspection of the process, review of the quality systems, the product, or their ability to meet expected capacities. A more thorough type of second-party audit is sometimes called a technical review. Second-party audits are effective tools for improving or developing a more robust supply chain. A thorough, effective second-party audit can potentially detect and correct problems before they can affect product quality. A well-planned and executed second-party audit process can have a positive impact on the business or organization’s bottom line.
Please visit our 2nd Party Auditing (Consultant) page for additional information!
3rd Party Audits (Registrar)
A “Third Party” is defined as a person or organization apart from the two parties involved in an agreement or situation. In Third-Party Auditing, the auditor or auditing organization is not one of the primary parties involved in a situation such as a customer–supplier relationship. A 3rd Party Auditor or auditing organization must be independent of the supplier or the customer. Impartiality of the audit organization is a vital element of a third-party audit to assure that there is no conflict of interest. A third-party auditor can be hired by an organization to audit their suppliers for compliance with a particular standard.
Also, manufacturing companies that produce products for sale overseas commonly utilize third-party organizations to certify their product meets UL, CE, or CSA standards. Third-party auditing may also be performed when a company must verify that their QMS conforms to a set standard such as ISO 9001 or IATF 16949. In this situation, the third-party auditing is performed by a certification body or registrar. When the third-party auditing is complete the registrar grants certification to the companies that they approve. Certification to an industry-standard instills confidence in their customers that their quality systems meet the requirements of the chosen standard.