Supplier Audit / 2nd Party Audit

Supplier Audit
Supplier Audit

“A good auditor never makes mistrakes!” – Unknown

Traditionally before marriage, there is a custom to visit ‘to be bride & groom’s place’ and verify the facts (sometimes neighbours and work of place too!). The intent is to ensure that future relationship remains fruitful.

In present times, something similar happens in the industries, wherein organization verifies the performance of the supplier during selection and for consistent performance.

As per ISO 9000: 2015, following are the 2 definitions related to supplier

Provider (Cl. 3.2.5): Supplier organization that provides a product or a service

Example: Producer, distributor, retailer or vendor of a product or a service. A provider can be internal or external to the organization. In a contractual situation, a provider is sometimes called “contractor”.

External Provider (Cl. 3.2.6): External supplier provider that is not part of the organization.

Example: Producer, distributor, retailer or vendor of a product or a service.

ISO 9001 Standard has changed the word from ‘Supplier’ to ‘Externally Provided Products & Services’ but IATF 16949 Standard is still continuing with the earlier terminology.

Some of the IATF subscribing OEM have their specific requirements related to Supplier Audit.

FCA, USA Supplier Self Certification, Annual Frequency, Supplier QMS guidelines
FCA, Italy Supplier Self Certification
GM Audit man-days as per IATF Rules 5th Edition, Auditor qualification

As per IATF 16949 Standard, clause, following are the key expectations.

Purpose of Supplier Audit: Following are some of the reasons for conducting Supplier audits

            a) Supplier risk assessment: Many of the organizations are only assembling the parts received from the supplier. It is important for them to understand the possible risks and its impact in case supplier fails to supply components on time due to quality, labour, resources or any other issue. Sometimes, supplier supplies critical components which impact the performance of the final product so risk assessment becomes important.

b) Supplier monitoring: It is important for the organization to periodically assess the manufacturing Capability & Capacity of its suppliers so that any upcoming risk can be understood and averted.

c) Supplier QMS development: To consistently provide a good quality product on time, the supplier needs to upgrade their system as per changes in the management system like a new version of FMEA manual, updated Customer Specific Requirements (CSR) etc. The objective of these audits is to assess, how suppliers are maintaining and upgrading their management systems. These audits must follow the automotive process approach.

d) Product audits: Whenever there is any new product development or changes in existing products or customer complaint or warranty or field returns, a focused audit is conducted by the organization at the supplier end. The intent is to assess the controls on their products (from incoming to Despatch process).

e) Process audits: Similar to reasons stated above for Product audit, many times, manufacturing process at supplier end needs to be audited to assess whether the supplier is adhering to the process controls as per Customer Requirement (CR).   

Criteria for Supplier Audit: On average, any organization (medium/large) has approximately 50 to 150 active suppliers. Practically it is not possible to periodically audit every supplier. The organization has to devise a methodology so that they can utilize their resources effectively. Risk analysis is one of the methodologies to prioritize the supplier audits. Some of the key factors for Risk Analysis includes

            QMS Certification level: Suppliers may be at 3 possible levels: ISO 9001 NOT certified or ISO 9001 certified or IATF 16949 certified. Depending upon the level, an organization can define the frequency for conducting audits. Like non-certified suppliers will be audited more than others.

            Performance of the supplier: There are 4 key performance indicators for supplier performance. They are Quality, Delivery, Customer Complaints (warranty, customer notification, recall) and Premium Freight. Depending upon the criticality of the performance indicator, the organization can decide which supplier needs to be audited more or less.

            Product Safety/Regulatory Requirement: End of Life vehicle (EOL) is one of the regulatory requirements which is related to the use of certain heavy metals like Cadmium, Lead, Mercury & Hexavalent Chromium. Many of the surface treatment components (like Chrome-plated), rubber & plastic components follow these requirements. Similarly, products like Seat Belt, Brake & its components, Exhaust System, Fuel injection etc. are safety-related products. All these component and product manufacturers can be prioritized for audit.  

            Financial Health: In present times, the financial health of the supplier is emerging as an important reason for retaining a supplier. The poor health of finances may result in Quality and Delivery issue in the long run. The organization has to closely monitor the balance sheet/Profit-Loss statement of their suppliers. In recent years many suppliers have lost their business owing to it.

Criteria for Supplier Audit: Once risk analysis is conducted for all the suppliers, the organization can decide the following actions.     

Need: If any type of audit needs to be conducted or not. What are the issues the organization is facing from its suppliers? If there is any pattern in these issues? If these issues are consistent or erratic?

Type: Based on risk analysis, the organization can decide the type of audit which needs to be conducted at the supplier end. If the organization is fulfilling product quality requirement but there are systemic issues like record retention, operator qualification, Engineering change implementation; QMS audit will be suitable. Similarly, if there are regular quality issues; product and process audit can be conducted.     

Frequency: Some suppliers may require monthly audit while for other even yearly audit is sufficient. As per some of the IATF subscribing OEM CSR, if the supplier performance is meeting organization requirement, self-audit is also acceptable.

Scope: Based on the risk analysis and supplier performance, scope of the audit can be defined. At times, only Welding process needs to be audited. For some suppliers, only their calibration process needs to be audited. For some suppliers, only Financial health needs to be audited. Sometimes only Heat Treatment Process has to be audited as per CQI 9.

Records: Before initiating supplier audit process, the organization has to record the risk analysis, criteria and justification for any type of audit. Once the audit is completed, for future reference, records of the audit, action plan and its effective closure also need to be documented and recorded.

When Supplier audit can be conducted

  1. Development/Approval of new supplier or component
  2. Assessment of Capability & Capacity
  3. Cost reduction drive
  4. Quality or Delivery issue with the supplier
  5. Routine performance evaluation
  6. Significant employee turnover

Benefits of Supplier audit

  1. Assurance about Quality & Delivery
  2. Effective communication of organization & customer requirements
  3. Enhanced relationship       

Some question to ponder:

  • Should we include Calibration agency / Machine Manufacturer for supplier audit as our process and product controls are dependent on the quality of calibration?
  • How often organization measure the effectiveness of supplier audit?
  • How often organization check Financial Health of their suppliers?
  • How often organization check the benefits of ISO 9001 / IATF 16949 certification at the supplier end? Do they also monitor the Quality of Certification Body certifying them?


IATF 16949: 2016

IATF Auditor Guide Rev 4

ISO 19011: 2018

ISO 9000:2015 CQI-19 Sub-Tier Supplier Management Process Guideline

This is the 41st article of this Quality Management series. Every weekend, you will find useful information that will make your Management System journey Productive. Please share it with your colleagues too.

Your genuine feedback and response are extremely valuable. Please suggest topics for the coming weeks.

0 0 votes
Article Rating
Notify of
newest most voted
Inline Feedbacks
View all comments
Ambuj Kashyap
Ambuj Kashyap
4 years ago

Good morning
It is a pleasure for us that you write on each topic in detail with good example.
Your blog brush up our knowledge. Keep continue to write.
God bless you .