We previously briefly explained the types of audits in supplier quality management. While first-party audits refer to internal audits, second-party audits are undertaken by customers on their suppliers to verify if the suppliers’ quality management systems meet the requirements, and third-party audits occur when an organization decides to be certified that its quality management system conforms to standards such as ISO 9001 or IATF 16949.

With the on-going coronavirus pandemic worldwide, international traveling is still severely restricted. As a result, for now and the foreseeable feature, international buyers would have to completely rely on local service providers or a combination of on-site activities and remote monitoring and participation with real-time live-streaming, to regularly assess the current suppliers’ quality compliance or new suppliers’ quality capability with supplier audits.

When international buyers are not able to be physically on the ground to inspect and audit the suppliers, audits by local service providers become even more important. Based on this writer’s years of experience in both 2nd and 3rd party audits on automotive suppliers in China, we’d like to share with you our analysis on the similarities and differences between these audits, to help decide on the appropriate audits to be undertaken.

Audit purpose

2nd party audits: It is an audit of suppliers conducted by customers or entrusted institutions. The customer chooses the appropriate factory and confirms that the factory continuously meets the specified requirements, i.e. the factory is capable of producing certain products. The audit results usually provide basis for the customer’s decision-making on purchase. During the audit, priority should be given to the impact of the purchased products on the quality or use of the final products in order to determine the audit method and scope. In addition, factors such as technology and production capacity, price, timeliness of delivery, service and other factors should be considered. The 2nd party auditors act as coaches, providing companies with suggestions on rectification measures and solutions for improving the quality management systems when conducting specific supplier audits according to customers’ requirements. The ultimate goal is for the joint development and improvement by both the suppliers and the customers.

3rd party audits: It is an audit of a company by a third-party, also referred to as external audit. The audit is conducted by a third-party certified organization and a certificate is issued after the company’s passing the audit. The 3rd party quality management system (QMS) audit is mainly divided into two stages. The first stage is the review of QMS documents, the second stage is the review of the level of compliance of the actual operations against the specific requirements (laws and regulations, manuals, QMS standards). Third-party audits are usually undertaken for the purpose of certifications. A third-party audit, where a third-party certification organization applies requirements of accreditation systems for the purpose of issuance of certification, is known as certification audit. The intention of the certification audit is to provide objective evidence and written guarantee of compliance by the audited party.

Qualification requirements for auditors

2nd party auditors: undertake training in ISO9001 and IATF16949 and obtain passing certificate for the training and examination; understand the requirements of ISO9001 and IATF16949 applicable to the audit scope; understand the audit processes and methods for the automobile industry, including risk-based thinking, customer specific requirements, requirements of core tools related to audit scope, audit plan compilation, audit implementation, audit report, and closing of audit finding.

3rd party auditors: also known as State Registered Auditors, who are engaged in the third-party audit in the name of the certification company and can directly go to each company for audit. The external auditor complies with the national registration system, participates in the national unified examination, and becomes a registered auditor only after passing the examination. In addition, there are clear requirements for the qualification of registered auditors to participate in the examination, including relevant professional and certain work experience.

Auditor’s position

The position of a second-party auditor represents the buyer (customer) to audit the supplier, whereas a third-party auditor is undertaking an audit on behalf of an independent external audit body.

Audit process

As a party to be audited, the auditee will make the following preparations before the audit:

2nd party audit: Accept / convey the audit information → agree on the audit implementation schedule → decide to implement the audit → accept the customer’s audit → distribute the audit checklist to each department → Internal audit and management review to be carried out in advance by the decision of management representative → make full preparation for the related matters of each department → start the customer audit.

3rd party audit: Organization decides to implement certification → consult relevant certification authority→ obtain advices from certification authority → apply to certification authority → application acceptance → organize and implement training on standards → organize and implement internal audit and management review → submit documents to certification organization for review → documentation audit → on-site formal audit by certification organization → recommendation for registration by certification organization → certification issued to organization → regular supervision audit → update audit.

Audit standard and requirement

With the 3rd party audit, a comprehensive audit is conducted according to international/national standards. If the company fully meets the standards, a certificate will be issued to prove that the company’s operations comply with international/national standards. The 2nd party audit is generally carried out according to the needs of customers, not necessarily in accordance with the standards of IATF16949 or ISO9000. Regardless of what the standards are used, the customer will normally send a questionnaire to the supplier before the audit, while the auditors will generally check documents related to the customer’s products when inspecting documentation, rather than other information.

Audit process

Whether it is a second-party audit or a third-party audit, due to the limited resources and time available for audit, audit findings inevitably can only be built on the basis of sampling the information obtained, which leads to the audit process covering a certain time period, instead of tracking the whole process; focusing on the main activities and processes of the system, but not the entire system; and investigating representative people and matters, rather than all aspects of the system. Therefore, regardless of whether a second-party audit or a third-party audit, the audit conclusions are always based on the findings of sampling.

The audit process however is basically consistent. Both second-party and third-party audits need to go through five processes: audit planning, preparation, notification, implementation and reporting. The three key elements of audit implementation are also completely consistent: the first meeting, on-site audit and the last meeting.

Non conformity items

The nonconformity items issued by the second-party audits may not necessarily be those required by the standards, they could include some special requirements by the customers, whereas the non-conformity items issued by the third-party audit must correspond to clauses relating to the requirements in the standards.

Follow-up & verification of non-conformity items

The second party audit does not require the auditors to track and verify the effectiveness of the corrective actions for the non-conformity items. The auditors only need to give their non-conformance feedback to the auditees and the clients, but they are required to submit proposals of corrective actions for the nonconformity to the clients. The third-party audit however requires auditors to track and verify the effectiveness of corrective actions on the nonconformity as well as their closing, but not propose any corrective actions for the non-conformity items.

This article was first published in August, September & October of2020