ISO 9001 Lead Auditor Training

MODULE 8 - Perspective On First, Second and Third Party Audits

8.1 General
No matter whether an audit is to be carried out by an organization on itself or on its suppliers, or by a third party on behalf of someone else, the principles involved in setting it up, in planning it, carrying it out, and reporting it are much the same. However, we should consider these situations and highlight the similarities to be clear about the differences. There is also an overall picture that should be appreciated in order to establish the significance of each type of audit.

8.2 First Party
The first party audit is an audit carried out by a company on itself to determine whether its systems and procedures are consistently improving products and services, and as a means to evaluate conformity with the procedures and the standard.

Each second and third party audit should consider the first party audits carried out by the company in question. Ultimately, the only systems that should need to be examined are those of internal audits and reviews. In fact, the second or third parties themselves have to carry out internal or first party audits to ensure their own systems and procedures are meeting business objectives.

ISO 9001 Auditor Training - Within any company, therefore, the real benefit to be gained from auditing will come from these “self” audits. The value of an internal auditor is as a representative of the quality assurance resource of the company. What is the point in someone “independent” doing the auditing, if all the auditing effort is put into ensuring that the business has the right people, materials, resources, systems, etc.? If the effort is put into providing the support necessary to do a good job, why do a bad one? However, it is accepted that some companies still have a long way to go before the above state is reached.

The need for an audit system, whether for external or internal audit, is paramount. Audits will be scheduled according to a plan, usually looking at various processes, their sequence and interaction with other processes within the QMS, with some flexibility built in to allow for realigning a particular effort. There is a need to prepare for each audit with an audit plan and checklist.
Formal opening meetings are not typical, except in fairly large organizations. The auditor meets briefly with the department manager and gets on with the audit.

The auditor is examining the work and outputs of colleagues. This puts an added strain on the auditor and the auditee. The auditor will sometimes be in a difficult position because of this tension. How can both the auditors and the system be protected?

There are two aspects considered here the system that is installed in partnership with everyone in the company - and the credibility of the auditor.

8.3 System
The system set up to carry out audits often has senior management's signature appended to it. That, of course, means that the manager knows precisely what has been signed and believes absolutely in its value. That was not true of some managers in the past. They willingly signed such procedures and expected the system to work properly without them. They called it “delegation”.

Many other managers realized that the audit could be a very powerful and useful tool and applied it to problem areas using people trained in investigative techniques.

ISO 9001 Internal Auditor Training - Because they wanted it to happen, they involved themselves in its operation; some of them even underwent the training with their colleagues. Such managers are running successful departments and organizations. People could see by their management’s actions, as well as, their statements that they meant what they said.

A second aspect of the system for internal audits is that of escalation. The previous point made reference to management’s full interest in the system. There should no doubt of this in the company. It is so important that the operation of the internal audit system should be close to the policy statement in the Quality Manual. The audit procedure should include a clause for escalation. Managers get the system they deserve.

Records of internal audits tend to be limited in comparison with those of external audits. There may not be reports, as such, issued only the requests for corrective action (CAR) and a way of monitoring them. The auditors should keep all their checklists so that over a period of time they can ensure that as comprehensive an audit program as possible is being carried out. They should also keep their notes in a secure place.

"Understanding ISO 9001" provides a detailed explanation of each ISO 9001 clause (requirements).

ISO 9001 FAQ provides answers to commonly asked questions about the ISO 9000 family of quality management standards.