What is an Audit for Quality?
Prior to exploring the process of preparing, carrying out and reporting upon an audit let’s first examine what an audit is.
The definition as extracted from 3.1 of AS/NZS ISO 19011:2003 Guidelines for quality and/or environmental management systems auditing is as follows:
Audit is a systematic, independent and documented process for obtaining audit evidence(3.3) and evaluating it objectively to determine the extent to which the audit criteria (3.2) are fulfilled.
Audits are tools to help an organisation review its processes, outcomes and activities.
The outcome of an audit may result in any one or more of the following:
- A verification of compliance or non-compliance with a pre-determined criteria (e.g. standard, procedure, regulation, etc)
- Evaluation of effectiveness of process/activity being audited
- Areas identified requiring improvement
- Non-compliances highlighted for corrective action.
In plain language, ‘An audit is a tool used to check, assess, analyse or verify to determine compliance and or an opportunity for improvement.’
So let’s explore the different levels and types of audits typically utilised within a quality or management system.
First party audit
First party audit is an audit conducted entirely in-house of an organisation to assess or evaluate the effectiveness of activities and processes and/or compliance with documented procedures. Whilst the auditor in this case is usually an employee of the organisation being audited, often-times the auditor may be sub-contracted externally (i.e. a quality consultant) to conduct the 1st party audit on behalf of the organisation.
Second party audit
Second party audit is typically an audit of a supplier (or potential supplier) against a pre determined criteria that is usually commissioned by a customer.
For example, many large mining companies commission an audit to be conducted upon a tendering supplier prior to the tender being accepted. This is ordinarily to provide the mining company confidence that the potential suppliers’ maintain systems to minimise, reduce or eliminate any risks that may adversely affect the mining company.
The auditor in this instance may be an employee of the customer or a person who is sub-contracted by the customer to conduct the audit on their behalf.
Third party audit
This audit is conducted by an independent registration or certification body to assess organisations’ compliance with a standard, legislation, regulation or other prescriptive criteria. A third party audit is required to be conducted by an independent body as it requires assessment for the potential granting of a registration or certification.
For example a Quality Certification Body will audit to assess a company’s compliance with ISO 9001:2008 for Certification against the Quality Management System standard.
These three audit levels are also segmented into two categories, known as Internal and External audits.
First Party (In house audit conducted within an organisation)
Second Party (Customer audit of a supplier’s ability to meet customer’s requirements).
Third Party (Independent body audit of an organisation to assess compliance against criteria for potential registration or certification).
Published by: LMIT