An audit is an excellent tool in the quality toolbox and can offer great insight into an organization’s Quality Management System (QMS). Audits serve to certify or oversee a QMS as a means to verify effectiveness and drive improvement to products/services provided by the organization. When preparing for a quality audit, there are three types of audits and understanding the scope of each audit type can greatly impact the interaction between the auditee and the auditor.
1st Party Audits
1st party audits are conducted internally. These audits are used as management tools to monitor the status of the QMS. The audits behave in a similar fashion to 3rd party audits, but serve as a systematic method of obtaining, evaluating, and reporting information about the QMS with an aim to add value and improve an organization’s operations rather than simply verifying conformance. A good internal audit program can greatly improve 3rd party audit experiences.
2nd Party Audits
3rd party and 1st party audits (if not outsourced) are requirements of the ISO 9001 standard; however, 2nd party audits fall into an area of uncertainty within a company. 2nd party audits are audits performed by those who have an apparent interest in the results of the audit – this could be you auditing your suppliers, or your customers auditing you. Either way the common theme in a 2nd party quality audit is supplier selection/performance. This becomes a challenging topic when the auditee is already certified to an international quality standard, e.g., ISO 9001. Since an audit requires resources to complete, questions typically arise from auditee/auditor management in the form of “hasn’t the auditee already proven their ability by achieving a quality standard certification”. In almost every case the answer to management’s question is yes, the auditee has proven their ability. However, the auditee has only proven their ability to meet minimum requirements and the certification does not give an indication of what the auditee does well, what their non-conformities have been, what are their opportunities for improvements are, etc.. 2nd party audits reveal a lot about the culture within an organization and provide an indication on what roles top management and employees take within the QMS. Depending on your requirements for your supplier, these audits can provide valuable insight to beginning or continuing a business relationship with a supplier.
Given the relationship aspect of a 2nd party audit, there is a tendency to generate negative feelings regarding the way an audit was handled, both within the auditee’s organizations as well as the auditor’s organization. For this reason it is important to remain objective and open minded to the QMS the auditee has developed versus a fault finding exercise with the “gotcha” attitude. A 2nd party audit should be a team building exercise as most auditors are trying to develop or maintain a business relationship with the auditee. When the auditee is certified to an international standard, it is often beneficial to focus on the methods which they control processes, manage changes, and drive improvements as these areas are where “the rubber meets the road” and tend to highlight other fundamental requirements that may be deficient. If corrective actions are to be issued, they should be value added and drive improvements to areas where non-conformities pose the greatest risk to requirements.
3rd Party Audits
During a 3rd party audit, an outside, independent audit organization conducts an audit to determine conformance to the minimum requirements outlined in the standard being audited to. For an ISO 9001 audit, the independent organization is the registrar. The registrar does not have an interest in the final outcome of the audit and is merely looking for objective evidence that requirements are being met. A 3rd party audit can also be an outsourced internal audit service, but the interaction and outcome follow those of a 1st party audit.
In conclusion, an audit can offer great insight into an organization’s QMS. The information presented in this article provides a basic understanding of how different audits function to verify effectiveness and drive improvements to a QMS. It is important to not only use audits as a means to drive improvements where improvements can be made, but also as a means to highlight areas of good practice within a QMS.