Second-party audits: security in purchases and contracting (3)

In previous posts we saw a practical approach to the concept of auditing in general (currently only in Spanish) and then we discussed internal audits or first-party audits (currently only in Spanish). Let’s take now a leap, leaving the second-party audits for the next post and go directly to the third-party, external or certification audits.

Third party audits are carried out by certification authorities at the request of an organization. Its main purpose is to certify compliance with the requirements of a specific standard with the purpose to include the audited organization in a register or list of certified organizations. They are performed on a annual basis and, with some exceptions established by law, every organization, public or private, is free to choose to go through a certification process or not.

External audits are more centered in checking the efficacy in the way stated by the standard without getting into, usually, in issues related to efficiency and resource management. As we saw in the first-party or internal audits, the objectives are very different; in theory in an external audit it could be approved the use of cannons to kill flies.

As seen in the first post (currently only in Spanish) of the serie, for an audit to be carried out there are three essential ingredients:

  • High degree of preparation and training in auditing techniques along with good technical knowledge of the activities to be audited (aptitude).
  • Enough time, both a) prior to field work to prepare the site audit as well to b) carry it out in its entirety and then to document the results in a complete audit report appropriate to the objectives of the audit.
  • Professional pride (attitude).

These three ingredients are necessary but not sufficient by themselves and this applies to internal audits, second and third party audits. With missing only one of them the result of the audit may have limited value or even be useless.

From the point of view of the degree of training and experience of auditors, the processes and criteria used by certification bodies for qualifying auditors are often too lax in my opinion, since no previous great experience is required usually to audit a specific activity. Unfortunately, you may find auditors that are not experts in the activity they must assess, or that they have excessive bias towards those standards they know further. At the other extreme, it is noteworthy that there are auditors with extensive experience and knowledge that make audits a process that can be very profitable for the audited organization.

On the other hand, as we have already said in this blog, certification bodies face the target in a way contradictory to get new customers and keep the ones they have, while having to maintain a certain rigor in audits, what can make them to lose customers. Moreover, the current crisis has in many cases led to price discounts (and consequently to the number of days necessary established by the national accreditation bodies) that give auditors less time than the necessary to carry out their work.

On bad sized audits (I dare to say that almost always auditors would like to have more time than they usually have) and auditors that do not audit we discussed in this blog a few months ago so we will not extend.

To finish this post, indicate that one of the benefits that are attributed at the time to certification audits is precisely to provide confidence to lay the foundation of a solid business relationship and mutually beneficial relationship with certified suppliers. This would save both customers and suppliers dedications and costs associated with the second party audits, since it was assumed that a certified company had gone necessarily through an external audit. Objective not accomplished. I know of no single organization that was previously doing audits of its suppliers and that stopped to do so simply because the provider had achieved some sort of certification. That is: in practice, third party audits have failed to reduce the number of second party audits, just as expected.

Long life for the second party audits. Moreover, while this powerful technique of selection and performance monitoring of strategic suppliers is not well known nor is so widespread (excepting large corporations), the second party audit is of great interest, as it is shown it can provide high benefits in terms of improvement of the standards of quality and safety (and therefore costs).

The next post will be dedicated to that interesting and powerful management tool that are second party audits.