Hi, did you solve this already?
.
I think all things you mentioned are best way to do it if, you previously define and agree scope and communication ways to perform audit.
For me is a "force majeure Scenario" because of the uncertainty of planning in advance, so, Focusing on identifying some risks for the audit process, (with priority on "special risks" as per elements 4 and 6) , related to
not having accurate information, or not being properly verified, and "not sensing" properly ("in situ") some elements, like core tools deployment, people´s "skills on the job", process performance; processes and products CC, CS, safety characteristics, and so on, the KPI´s related to each one should "speak for themselves" and supplier should show a proper risk detection/prevention methodology for evaluation under current scenario.
As Far as I know, NC´s or "findings", after latest VDA revision (2016) are focused on this TOP 5 deviations:
Concerns related to loos of experience and/or turnover, product development, QMS, CSR and Problem solving.
So depending on previous results each supplier should act in consequence.
How was your experience one moth later?
.
Best wishes!