Hi All -

I thought I would start this thread to clear my mind on what a 1st, 2nd and 3rd party audit is. My confusion stems from some confusing posts and threads about contracting internal auditors, and then refering to them as 3rd party.

Here is my definition

1st party - A regular, full or part time employee of the company.

2nd party - An independent contractor hired by the company to perform internal audits.

3rd party - An auditor employed by the Registrar to perform registration and surveliance audits.


I looked in the Wiki for this definition and couldn't find anything. Maybe after discussion we can add.

Thanks all!!

Hiring an auditor to perform your internal audits would still be considered an internal 1st party audit.

a 2nd party audit would be an audit by a commercial consumer.

Hi All -

I thought I would start this thread to clear my mind on what a 1st, 2nd and 3rd party audit is. My confusion stems from some confusing posts and threads about contracting internal auditors, and then refering to them as 3rd party.

Here is my definition

1st party - A regular, full or part time employee of the company.

2nd party - An independent contractor hired by the company to perform internal audits.

3rd party - An auditor employed by the Registrar to perform registration and surveliance audits.


I looked in the Wiki for this definition and couldn't find anything. Maybe after discussion we can add.

Thanks all!!

Hi CarolX, :bigwave:

An addition: 2nd party can also include supplier audits, as I understand it.

:cool:

Good idea, Carol.

Paraphrased from the ASQ CQA primer:

INTERNAL:
First party audit are typically internal audits.

EXTERNAL:
Second party audits typically involve the customer auditing the supplier.

Third party audits are done by "outsiders", and have no affiliation with the auditee.

What Brad posted are the classical definitions.

However the water's muddied a little, when people like me, do audits of clients' quality systems instead of them using their own employees (because, really we're '3 party' auditors - we are paid just like them, we aren't on the organization's 'payroll' and we aren't their customer, either).

Maybe it's time to change the definitions?

Here's what I teach:

1st Party - An internal audit that an organization performs on itself

2nd Party - An external audit that an organization performs on a supplier of goods or services

3rd Party - An external audit that is conducted by an independant organization upon another organization.

Check this out Carol

http://elsmar.com/pdf_files/Audit_E.pdf

Marc has it all defined for us on slide 12

when people like me, do audits of clients' quality systems instead of them using their own employees (because, really we're '3 party' auditors - we are paid just like them, we aren't on the organization's 'payroll' and we aren't their customer, either).

Maybe it's time to change the definitions?

No, but you are "rented" to take the place of an employee for the duration of the audit. Not to say that the definitions couldn't be tweaked, but is there really a value in it?

What Brad posted are the classical definitions.

However the water's muddied a little, when people like me, do audits of clients' quality systems instead of them using their own employees (because, really we're '3 party' auditors - we are paid just like them, we aren't on the organization's 'payroll' and we aren't their customer, either).

Maybe it's time to change the definitions?


In reality to any org being audited by an independant outside entity it is a 3rd party relationship regardless of reason

What Brad posted are the classical definitions.

However the water's muddied a little, when people like me, do audits of clients' quality systems instead of them using their own employees (because, really we're '3 party' auditors - we are paid just like them, we aren't on the organization's 'payroll' and we aren't their customer, either).

Maybe it's time to change the definitions?

Andy - this is what I thought a 2nd party audit was - but now reading the replies - I understand why this is considered a 1st party audit.

Maybe we can get Scott to add this to the Wiki.

I looked in the Wiki for this definition and couldn't find anything. Maybe after discussion we can add.From the ISO website: (http://www.iso.ch/iso/en/comms-markets/conformity/iso+conformity-02.html#TopOfPage)


First-party assessment. This is the technical term used when conformity assessment to a standard, specification or regulation is carried out by the supplier organization itself. In other words, it is a self-assessment. This is known as a supplier's declaration of conformity (http://www.iso.ch/iso/en/comms-markets/conformity/iso+conformity-02.html#P57_14163).

Second-party assessment. This indicates that the conformity assessment is carried out by a customer of the supplier organization. For example, the supplier invites a potential customer to verify that the products which it is offering conform to relevant ISO product standards.

Third-party assessment. In this case, the conformity assessment is performed by a body that is independent of both supplier and customer organizations. An example is ISO 9000 certification where an organization's quality management system is assessed by an independent "certification" or "registration" (http://www.iso.ch/iso/en/comms-markets/conformity/iso+conformity-02.html#P40_8393) body against the requirements of an ISO 9000 standard. If the system conforms to the requirements, the certification/registration body issues the organization with an ISO 9000 certificate.
Such third-party assessment may be required in certain business sectors by government regulations. It may be specified by the customer, or the supplier organization may choose it as a way of differentiating its product or service from others on the market.

I would agree with most others on this especially with the 2nd party audit being a customer auditing it's supplier. A classic example of this is in the IAOB's sanctioned interpretations, regarding supplier development:

The organization shall perform supplier quality management system development with the goal of supplier conformity with this Technical Specification. Conformity with ISO 9001:2000 demonstrated by a certification by an accredited third party certification/registration body or through a second party audit process is the first step in achieving this goal.

Guess who has just been on a TS auditing course :notme: !

Here's a first try at a wiki entry: Audit (http://elsmar.com/wiki/index.php/Audit)

Here's what I teach:
1st Party - An internal audit that an organization performs on itself
2nd Party - An external audit that an organization performs on a supplier of goods or services
3rd Party - An external audit that is conducted by an independent organization upon another organization.I vote with Randy. I have contracted with someone that is not on my daily payroll to staff the internal audit function. That doesn't change the fact that it is an audit that my organization is performing on itself. I look at it this way:
1st Party - An audit that is driven by an organization with the primary goal of satisfying itself that it is in compliance with a given standard.
2nd Party - An audit driven by a customer with the primary goal of satisfying itself that a supplier is in compliance with a given standard.
3rd Party - An audit driven by an external organization, subject to oversight, with the primary goal of certifying the "supplier" that they are in compliance to a given standard and a secondary goal of providing assurance of that compliance to any "customer".

Good discussion. I'll incorporate more of these ideas into the wiki entry on Audit (see previous link) and the satellite pages for the different kinds of audits:
First-Party Audit (http://elsmar.com/wiki/index.php/First-Party Audit)
Second-Party Audit (http://elsmar.com/wiki/index.php/Second-Party Audit)
Third-Party Audit (http://elsmar.com/wiki/index.php/Third-Party Audit)

And, remember, anyone else can expand these articles also - just go to any of these pages, find the 'edit' tab, click it and have a go at it. You can't ruin anything because it can all be un-done.

I learned a long way back: "inhouse, outhouse, powerhouse"

1st - In house - internal audits
2nd - out house - customers
3rd - powerhouse - registrars

I learned a long way back: "inhouse, outhouse, powerhouse"

1st - In house - internal audits
2nd - out house - customers
3rd - powerhouse - registrarsInteresting way of putting it!

I learned a long way back: "inhouse, outhouse, powerhouse"

1st - In house - internal audits
2nd - out house - customers
3rd - powerhouse - registrars

Mmmmmm - in England, 'outhouse' means the 'loo', bathroom, toilet etc.:lmao:

In some respects, 'powerhouse' isn't being delivered.............:notme:

What's wrong with the ISO 19011 definitions?

3.1
audit
NOTE Internal audits, sometimes called first party audits, are conducted by, or on hehalf of, the organization itself for management review and other internal purposes and can form the basis for an organization's self-declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.

NOTE 2 External audits include those generally termed second and third party audits. Second party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third party audits are conducted by external, independent auditing organizations, such as those providing registration or certification of conformity to requirements of ISO 9001 and ISO 14001.

(emphasis added)

Thanks, realy nice guide


Check this out Carol

http://elsmar.com/pdf_files/Audit_E.pdf

Marc has it all defined for us on slide 12