1st, 2nd and 3rd Party Audits - Definition

[Randy]

Quote:

In Reply to Parent Post by AndyN

What Brad posted are the classical definitions.

However the water's muddied a little, when people like me, do audits of clients' quality systems instead of them using their own employees (because, really we're '3 party' auditors - we are paid just like them, we aren't on the organization's 'payroll' and we aren't their customer, either).

Maybe it's time to change the definitions?

In reality to any org being audited by an independant outside entity it is a 3rd party relationship regardless of reason

[CarolX]

Quote:

In Reply to Parent Post by AndyN

What Brad posted are the classical definitions.

However the water's muddied a little, when people like me, do audits of clients' quality systems instead of them using their own employees (because, really we're '3 party' auditors - we are paid just like them, we aren't on the organization's 'payroll' and we aren't their customer, either).

Maybe it's time to change the definitions?

Andy - this is what I thought a 2nd party audit was - but now reading the replies - I understand why this is considered a 1st party audit.

Maybe we can get Scott to add this to the Wiki.

[Sidney Vianna]

Quote:

In Reply to Parent Post by CarolX

I looked in the Wiki for this definition and couldn't find anything. Maybe after discussion we can add.

From the ISO website:

Quote:

First-party assessment. This is the technical term used when conformity assessment to a standard, specification or regulation is carried out by the supplier organization itself. In other words, it is a self-assessment. This is known as a supplier's declaration of conformity.

Second-party assessment. This indicates that the conformity assessment is carried out by a customer of the supplier organization. For example, the supplier invites a potential customer to verify that the products which it is offering conform to relevant ISO product standards.

Third-party assessment. In this case, the conformity assessment is performed by a body that is independent of both supplier and customer organizations. An example is ISO 9000 certification where an organization's quality management system is assessed by an independent "certification" or "registration" body against the requirements of an ISO 9000 standard. If the system conforms to the requirements, the certification/registration body issues the organization with an ISO 9000 certificate.
Such third-party assessment may be required in certain business sectors by government regulations. It may be specified by the customer, or the supplier organization may choose it as a way of differentiating its product or service from others on the market.

[Manix]

I would agree with most others on this especially with the 2nd party audit being a customer auditing it's supplier. A classic example of this is in the IAOB's sanctioned interpretations, regarding supplier development:

Quote:

The organization shall perform supplier quality management system development with the goal of supplier conformity with this Technical Specification. Conformity with ISO 9001:2000 demonstrated by a certification by an accredited third party certification/registration body or through a second party audit process is the first step in achieving this goal.

Guess who has just been on a TS auditing course !

[Scott Catron]

Here's a first try at a wiki entry: Audit

[Icy Mountain]

Quote:

In Reply to Parent Post by Randy

Here's what I teach:
1st Party - An internal audit that an organization performs on itself
2nd Party - An external audit that an organization performs on a supplier of goods or services
3rd Party - An external audit that is conducted by an independent organization upon another organization.

I vote with Randy. I have contracted with someone that is not on my daily payroll to staff the internal audit function. That doesn't change the fact that it is an audit that my organization is performing on itself. I look at it this way:
1st Party - An audit that is driven by an organization with the primary goal of satisfying itself that it is in compliance with a given standard.
2nd Party - An audit driven by a customer with the primary goal of satisfying itself that a supplier is in compliance with a given standard.
3rd Party - An audit driven by an external organization, subject to oversight, with the primary goal of certifying the "supplier" that they are in compliance to a given standard and a secondary goal of providing assurance of that compliance to any "customer".

[Scott Catron]

Good discussion. I'll incorporate more of these ideas into the wiki entry on Audit (see previous link) and the satellite pages for the different kinds of audits:
First-Party Audit
Second-Party Audit
Third-Party Audit

And, remember, anyone else can expand these articles also - just go to any of these pages, find the 'edit' tab, click it and have a go at it. You can't ruin anything because it can all be un-done.

[PhilThomas]

I learned a long way back: "inhouse, outhouse, powerhouse"

1st - In house - internal audits
2nd - out house - customers
3rd - powerhouse - registrars