In this article, we’ll be explaining the concept of third party audit, it’s purpose, and where it fits into your quality management process. We’ll cover your key goals when using third party audit, what pitfalls to look out for, and, most importantly, what it can do for your business.
Introduction to third party audits
When developing and gaining approval for your quality management system, a variety of audits are usually required.
These audits are conducted by various entities from both within the organization and also external to it.
The importance of audit
While many individuals may be placed into a state of nervousness by the word “audit”, understanding the types of audit and the roles they play in the certification process can help your business in a variety of ways, such as:
- Refining your approach for your company,
- Obtaining the best value from investing in third party accreditation
- Help your organization reach it’s Management system goals
The three main types of audit
Firstly let’s take a look at what is the purpose of an audit.
An audit is an examination of a management system (like, for example, your quality management system). Audits can look at part of something or all of it. An audit usually has two objectives:
- Review compliance against a set standard
- Highlight areas requiring improvement
There are typically three types of audits.
1st party audits
- Performed inside an organization
- Focusing on improvement and development
These Audits are not usually specific to a particular functional area but focus on the business as a whole.
2nd party audits:
- Performed by an organization on its supplier(s)
- Often carried out before the award of a contract with follow up surveillance audits occurring post the award of any contract.
3rd party audits:
- Highest level of independence with the auditor being separate from the organization they are auditing.
- They are usually performed by an independent audit organization/certification body with the auditor Separate from Organization, supplier or customer.
- The role of a 3rd party auditor is to determine if standards requirements or regulatory requirements are met.
- As they are independent, there should be no conflict of interest with the body that is being audited.
In a typical business scenario with both suppliers and customers present, audits can take place at various points between them.
As you can see from the above chart:
- First-party audits are conducted within a company by itself.
- Second-party audits are where a company audits its supplier.
- Third party audits are where an independent company performs an audit to confirm that the company meets a particular standard.
Getting Value from Audit
Firstly it’s important to understand that each audit type provides value.
The most apparent value provided by third-party audit and certification is that it assures stakeholders that policy and process requirements have been met. But there is more to it than that, let’s take a look at third party audit in more detail.
What is the purpose of a Third Party Audit
In this section, we’ll look at what is an independent third party audit
Third party auditing focusses on a single thing: assurance – an assurance that a standard has been met.
A third party audit is carried out by an independent company to ensure that a companies QMS (Quality Management System) conforms to a set of standards (for example, ISO 9001).
An audit is usually conducted by certification bodies, where following a successful audit, certification can be provided to the company.
The role of the third party auditor is to verify (or not) that the standard(s) have been met by critically and impartially, reviewing the quality management system and the processes concerned with it.
Whether the auditor comes from an external auditing company or a certification body, they will typically have stringent criteria to follow.
Such a formalized checking process ensures that a given standards integrity is being maintained.
Third party audits typically repeat on an ongoing basis to ensure standards are preserved and that the QMS meets the requirements of the selected standard.
The third party auditor must have complete independence so that inspection, analysis, and decisions can be made objectively. Not only that the very nature of the audit drives reliance on the competence of the external auditor being utilized.
How an audit is structured
A range/scope will usually be agreed in advance with the external certification organization.
An auditor will then be appointed to execute their task against that scope.
This will usually center around the specific standard being reviewed.
The auditor will determine the range of audit methods they will perform, based on the requirement, these may include:
- Asking Questions
- Examining records
- Making judgments on estimates/assumptions
- Obtaining confirmation on certain matters/issues highlighted
- Testing controls like the companies corrective action process
- Watching processes being performed
- Writing reports and documenting findings
- Discussing the outcome with those being audited
Third party audit cycle
There is a specific cycle that companies follow in achieving and maintaining standards like ISO 9001. Third party audits usually follow a path similar to:
- Certification Audits
- Maintenance Audits
- Surveillance Audits
- Re-Certification Audits
Benefits of third-party audits?
As well as supporting the certification process and achieving standards (such as ISO 9001), third party audit provides a wealth of other benefits including:
- Valuable information regarding compliance
- Opportunity for the organization being audited to observe defects
- Opportunity for continuous improvement
- Third party audit offers a fresh set of eyes
- Has no interest in just *certain* areas being perfect and has a broad view to support compliance
Perhaps the key advantage that third party audit provides is that of discipline. Businesses are complex entities, and there are likely to be many activities occurring at any given time.
Given that it’s easy for standards to slip as priorities become focussed elsewhere. The cyclical certification process, featuring regular reviews, helps ensure that a focus on quality management systems are maintained.
Coupled with this is the usefulness and independence of a third party auditor. As an external entity, the focus remains purely on adherence to the standard being assessed.
Third-party audits tend to miss out on positive slants often given by internal audits which sometimes focus too heavily on satisfying internal stakeholders rather than standards compliance.
Considerations with third party audit
As with any business process, there are considerations to be made ahead of engaging with external audit Organizations. These include:
1/ Considering your goals
What are you hoping to achieve through utilizing external certification bodies or third party audits? Your goals might be:
- Achieving compliance against a particular standard
- Strengthening customer trust
- Winning business by meeting mandatory criteria for doing business (ie. supplier must have ISO xxx)
- Developing long term improvement goals
- Building and maintaining stakeholder perception
Once you’ve agreed on your goals, you can set about implementing a plan to achieve them.
2/ Partner selection
You’ll then need to select a certification body/organization.
Considerations may include:
- Industry experience of both certifying organization and likely auditor
- Range of accreditations they can certify against
- Services supplied (i.e. training, continuous improvement, analysis etc)
3/ Are you obtaining value?
- Are you achieving your goals?
- Is there a good relationship with the external body?
- Are they adding value?
The value attained from third party audit has an explicit link from the quality of both the audit and auditor. Never underestimate the need for high caliber external auditors or certification organizations.
The QMS itself also requires scrutiny in order to calculate the value to be obtained from third party auidt. There has been a massive growth in buying off the shelf management systems but the result is nearly always a box-ticking exercise adding little actual value to the company. The strength of your QMS will help drive your requirement for the sort of auditing company to engage.
Third party quality providers must have appropriate means that facilitate them to both keeps up to date with regulations AND develop staff (your auditor) to continue to add value. Auditors must continuously update their knowledge of standards and legislation and see this as the absolute basic of their position.
This is especially true where we consider one of the key benefits attained from third party audits, your own continuous improvement process.
Why would an organization utilize a third-party auditing process where there is not a result of change/improvement?
Getting value from third party audits has to involve all parties; both the organization requiring certification and the third party assessment body have to commit to understand and meet the goals laid out by the highering organization.
We hope you enjoyed this post on third party audit. If you’ve got experience in the process from your organization or have some feedback on the article, we’d love to hear from you in the comments section below.