Second Party Audits
Did you know that not all audits are focused on determining the degree of conformance with a standard and the company?
Well, if you didn’t know, we need to get you informed in this matter, especially since you are considering the option of being part of this world—if you aren’t already. Audits are usually known for companies as an activity or process to identify non-conformities and start implementing corrective actions to deal with them.
Most of these non-conformities are completely related to the implementation of an ISO standard and the conformance of the company with it. After all, you need to meet several requirements that will determine if you carry out a process properly or not. Now, what do these audits review in specific? Your management systems.
This is why you will have to go through several ISO standards. This concept of audit—or type to be more specific—is what most people know in the companies. However, if you have paid attention to the word before, you might have noticed that this isn’t the case all the time.
Instead, there are 2 other types of audits: product and process audit.
The previous one we mentioned is considered to be a system audit since it verifies management systems and determines if they are operating according to certain limits and requirements—from ISO standards.
But, what about the other two? The name so far tells you what they are focused on.
– Product audit: examines or reviews a specific product or service to determine if it meets all the requirements.
These requirements are usually established by the customer or client and its needs, but the standards followed and implemented for the company are also involved in this part.
– Process audit: it checks conformance in order to determine or define requirements such as time, pressure, condition, and more.
In general, it reviews the processes of a company and determines if they meet certain requirements. Some people consider it quite similar to system audit due to the similitude in the objective, but the system is only for management systems in your company and the ISO standards implemented in them.
Why is it important to know about the types of audits to understand the Second Party Audit?
Because this one in specific that you want to conduct has nothing to do with management systems and ISO standards. Instead, it is focused on product audits since most of the people that manage and conduct them are interested in reviewing products or services—any type of hardware is included here. Of course, if you are looking to conduct audits for companies that implement ISO standards, you can do it as well, but those aren’t considered to be the second party but rather third.
You can have more information about outsourced internal audits—which is the specific service referred to the previous audit—while carrying out research. But for now, continuing with Second Party Audits, what identifies them is that they are conducted not for customers. In simpler words, customers can conduct audits on a supplier to review the product and service it is offering or providing.
In this way, the customer can have more information about what he or she is trying to buy and if it meets all the requirements and needs. Most of the time, customers that want to conduct this type of audit is because they need to determine if their suppliers are following and prioritizing their needs. It is not easy to meet a client’s requirements, but it is necessary and this is why some customers decide to invest in an audit by themselves or contract an organization to do it on behalf of them.
This audit isn’t conducted all the time since it is a decision the customer needs to make. If he or she doesn’t want it, there is no need to conduct it at all. However, if the decision is already made and it will be carried out, it is usually conducted after the elaboration or production of the product or when the supplier has already given every aspect of the service.
What is the main goal of this audit?
Determine if all requirements are met—from the customer—mostly from the contract that has been signed. Yes, when you reach this point it is because you have already agreed with the supplier to deliver a product or service. But you can decide to access or buy it or not after conducting the audit.
What you need to worry about the most isn’t for what second party audits are but rather how you can conduct them. If you are here, it could be for two reasons:
- Because you need to employ a company to conduct it.
- Or because you are the company that wants to conduct them on behalf of the clients.
We are betting for the last option since our company is specialized in ISO standards, which is the main and probably the only reason you are right here reading this information. After all, if you want to conduct Second Party Audits on behalf of someone else, you need to be certified in all the ISOs related to this area. Starting with ISO 9001, which is focused on audits only.
That being said, you have a long way to go if you are trying to start in this business and not because we think it is impossible but rather hard. You have to implement standards, get certified, review the contracts of your clients with the supplier they have hired, and many other things. Believe us when we say that you have a lot to do when it comes to conducting this audit, especially when it is about a question in specific, how do you conduct them?
Is it any different from conducting a first-party audit?
It is completely different. You might be familiar with first-party audits since they are known as internal audits most of the time. And they are only conducted when it is about your company and of course, focused on it only.
An internal-audit is aiming at another type of review and refreshment as well since it is all about having one of your experts or an auditor of your company auditing a process, or management system of your business. Most of the time, internal audits are conducted for two reasons: to determine the degree of conformance with standards, or to make sure that your processes are following the specific requirements.
As you can see, this has nothing to do with a second-party audit since you only need this one to conduct it on a supplier either yourself or for someone else. As a company, you might also need to plan and carry out an audit on one of the people or companies you have decided to buy a product or buy a service. After all, you also have your needs and requirements in this aspect.
This is already considered a Second Party Audit and for something, you need to get certified on.
What do you discover during one of these audits?
If the company you have hired has the capability of meeting your requirements and needs. If it doesn’t, you can just walk away and decide if you want to work with it or not. We know that we mentioned previously that most of the second-party audits are carried out after establishing a contract with the supplier.
However, nowadays people are trying to come to an agreement with them before compromising themselves through a contract. For this, you need to discuss it with the supplier and know if it is willing to allow you to conduct an audit in its company, service, or product. If it is not, you need to consider your options and the risks you want to take with this.
Now, this is in case you need to conduct one, but since you are interested in something different, let’s focus on that. Your goal when conducting an audit on behalf of the client of the supplier is to determine what we mentioned before: if it can fulfill all the client’s needs. You are in the obligation to identify all the non-conformities and issues with the company and what the customer expects from it.
When you are done with the auditing process, you will provide the customer with documentation about the results and level of capabilities of the supplier. From this, he or she can determine and decide if it is a good idea to buy the product and hire the service. You need to understand the difference between all audits to come to this conclusion and actually understand it.
Otherwise, you won’t be able to conduct the audit you and your client are expecting. This is why the Second Party ISO Audits are important to implement and follow. After all, the main standard, ISO 9001, has all the guidelines to fulfill your role. You only need to take your time to study it, analyze it, and finally, implement it in your company and goals.
For this, our company ISO Pros is here. We provide support, consulting, auditing, training, and certification services for companies trying to keep their ISO standards for Second Party Audits in check. And if you are just starting, we can assist you from the very beginning.
We are aware there are many elements and aspects involved in all this journey and process, and feeling overwhelmed with them is more than common. So, we encourage you to ask for help and support, especially when you don’t have a clear idea of what to do. We are here available all year round and you are more than welcome to ask for a quote instead of requesting our services right away.
Is there something else you must know?
There are dozens of things that, to this point, you need to be familiar with. However, take your time and don’t hurry the process. Being a company that wants to provide Second Party Audits will take a lot of work, and focusing on being able to plan, conduct and manage an audit program properly is the first thing you must worry about.
Therefore, leave the rest for later or when it is really important and focus on the standards for now. At ISO Pros, we will help you to start with ISO 9001:2015, which is the latest version for this standard. Whenever it gets updated or reviewed, we will make sure to handle a few tips and recommendations for you to meet the new requirements that apply according to what you offer.
What about needing this type of audit yourself? We are here for you as well. As we mentioned before, we also have auditing services available, and you would be surprised by how much we can do for you, your company, and your goals.