Just to expand on Enghabashy's statement; the 2nd party audit does NOT need to be performed by you, depending on how you have written your supplier development/management process. For example, if the supplier is registered/certified to IATF 16949, then that would (in general) suffice, AS LONG AS you state that in your process.