I'm not sure I'd agree with these assertions. Apart from anything else, it's not REQUIRED to audit suppliers, otherwise, why have IATF certification. That's one of the problems supplier keep raising with the OEs - why do you keep auditing us?
Many smaller businesses have no infrastructure to audit suppliers. Saying it's an internal audit on supplier risk steroids is an over simplification, IMHO.
That was not the intent of my statement. My response is to the process of 2nd party audits. I don't think it is an "oversimplification" - actually I feel a simplified approach is best in many cases.
The clause does state: "The organization
shall include a second-party audit process in their supplier management approach."
"Based on a risk analysis, including product safety/regulatory requirements, performance of the supplier, and QMS certification level, at a minimum, the organization shall document the criteria for determining the need, type, frequency, and scope of second-party audits."
So if you
shall have a process and you
shall document when you need a 2nd party audit, I would think that means you may actually need to audit suppliers once and a while.
But, I guess if you can justify that you never need to audit suppliers, then so be it....but you still have to document the process!
But this is only from my experience at a multi-billion dollar company w/ the infrastructure as you say.....so I could be off as it pertains to smaller companies.