ASQ CQE Certified Quality Engineer – Section II – The Quality System (16 Questions) Part 4
13. 2D1-2 Types of audits First Second and Third Party
Will look at the classification of audit based on what was being audited, whether the product was being audited or the process was being audited, or the whole system was being audited. Another way to classify audit is who is doing this audit. This can be first party audit, second party audit or third party audit. First party audit is internal audit.
So in this, the auditor is the part of the organization. So this is internal audit. The second party audit is when the client audits the organization. So your client is auditing you since you are the supplier, that would be the second party audit. And the third party audit is when the audit is done by a third party which is appointed by the client. So these are three types of audit based on who is doing this audit.
Whether you are doing internal audit, then it’s a first party. Whether your client is auditing you, then it’s a second party audit. And if a third party is auditing you, then it is third party audit. So third party audit is neither done by internally nor done by the client, but it’s a third party who doesn’t have any interest in the organization.
All the ISO certification audits are third party audits because that auditor is neither your client nor part of your organization. So that’s a third party audit when you go for ISO 9001 certification. So this was another way of classifying audits based on who is doing this audit. So let’s quickly look at the first party. Second party, third party audit. So, first party audit is the internal audit and this is performed within an organization.
And the auditor has no vested interest in area being audited coming to the second party audit. Second party audit, as we already talked, is performed by the customer on the supplier. So customer does an audit on the supplier. This could be done before or after award. Many a times when you want to evaluate your supplier, your client wants to evaluate you. They might do an audit before they award you the big contract. So this will be a second party audit. Second party audit could even be conducted after awarding the job to the supplier. Coming to the third party audit. Third party audit is done by organization which is independent of customer supplier relationship. So neither it’s internal audit nor it’s done by supplier. But this is a third party which is independent of this relationship between the customer and supplier. So there is no conflict of interest in this case. So these were three types of audit. First party, second party and third party audits could also be classified as internal audit versus external audit. So this is similar to first party, second party, or third party.
When it’s a first party audit, that’s an internal audit. Now, whether it’s a second party audit or the third party audit, both of these are external because these are external to the organization. So that’s another way to classify that, internal audit versus external audit. Whether the audit is done by the auditor within the organization or anyone which is outside the organization, anyone outside the organization could be yours client, which could be in that case, second party audit or an independent person. In that case, this will be considered as a third party audit. In addition to these classifications which we talked earlier, started with product, process and system audit.
Then we talked about first party, second party and third party audit. And then we talked about internal versus external audit. In addition to that, you will hear terms like registration audit. Registration audit is the audit done before an organization gives you ISO 9001 certificate. So when it comes to registration audit, registration audit will be an external audit. Registration audit will be a third party audit and registration audit will be a system audit, not the product or process audit, but that will be a system audit.
So this was one term which you could come across registration audit. Another term which you could come across is compliance audit. Compliance audit is to confirm compliance to a specific standard. Compliance audit is also a third party. Compliance audit is also an external audit. So compliance audit need not necessarily be a system audit.
So earlier when we talked about the product, process and system, this might not just be the system audit, this could be a product audit, this could be a process audit or this could be a system audit. Any of these depending on what compliance you are looking for. So this completes our discussion on types or classification of audit. Now in the next videos we will look at the participants in the audit who all are participants, what are their roles and responsibilities. Let’s see that in the next video.
14. 2D2-1 Roles and responsibilities in audits
In this topic of quality audits. Previously we talked about types of audits. We looked at the product audit, we looked at the process audit and system audit. We also talked about first party, second party, third party audit. We talked about internal and external audits. So that was type of audits. Now coming to the participants, who are the participants in the audit process? Let’s look at three key participants in the audit process and these are client, auditor and the audit. Let’s understand the role of these three participants. First, the client is the organization or the person requesting an audit. So when you look at a third party audit, this makes a good sense. The company which is employing this third party auditor is the client. So this third party auditor has to give the report back to the client. That’s client in case of third party audit. But even when you have a first party audit which is the internal audit, there also you have a client. In that case, the client is the management.
Management is the one who is requesting an audit and looking for the audit result. So this is participant number one. The second participant in the audit process is the auditor. Auditor is the one who actually does the audit and in auditor also, you can have a lead auditor and auditor when you have a team of people doing the audit. So when you have a team, one person could be the lead auditor, other could be auditors. The third participant in the audit process is the audit. Audit is the organization or individual being audited, who is being audited is the audit.
So these are three key participants in the audit process. Now let’s look at the responsibilities of each of these in the audit process and let’s start with the client. What are the responsibilities of a client? So client the first responsibility is to initiate the audit. Because client is looking for this audit to be done. Client determines the audit purpose and scope. Client provides the resources for conducting this audit. And client is interested in receiving the audit report.
And client also determines the report distribution. Who all this report need to go to that is determined by the client. And client determines the actions to be taken based on the audit report. So these are the key roles of client in the audit process coming to the next participant which is the auditor. What are the responsibilities of an auditor in the audit process? The first responsibility here is to understand the purpose, scope and the audit criteria which is defined by the client. Then auditor will plan the audit will actually do the audit.
During the audit, the auditor will collect the objective evidences, analyze the audit evidence and based on that, the auditor will prepare the audit report which will be submitted to the client and once the report has been issued, it is the responsibility of the auditor to follow up on the actions to be taken on the audit findings. Many a times this becomes most ignored action which auditor need to do. Auditor role doesn’t end at issuing the report. Auditor needs to make sure that all the actions which have been identified in the report, the action has been taken. So this was the second role which was the auditor. So we talked about the role of auditor.
So earlier also we talked that when you have a team of people doing the audit, one of the person in that team would be assigned the role of the lead auditor. So earlier what we looked was the role of auditor. But when you have a lead auditor, then lead auditor has some specific roles to perform. And here is the list of roles to be performed by the lead auditor. The first one being the name lead auditor. Lead auditor needs to lead the audit team, develop the plan, communicate it to the team, auditing and the client. This fellow takes the lead, makes the plan, tells everyone what needs to be done, who is doing what, assigns roles to the team members.
Team member number one, you need to let’s say do the design audit. Team member number two probably would be doing production, audit and so on. So roles are assigned by the lead auditor. And then lead auditor being a single point of contact with the audit. Lead auditor will confirm the logistics, that how and where to reach, what to do when we have a lunch break, when we finish the audit, is there any restriction in audit? All these things are taken care of by the lead auditor. In any audit, you will have an opening meeting and then you will actually conduct the audit and then you will have a closing meeting. So both opening meeting and closing meetings are led by the lead auditor.
And since lead auditor is leading the team, lead auditor needs to make sure that the individual who are participant in the audit, who are the auditors, that they complete their part of the report and compiles that report into a single report and formally issues that report to the client. So that specific role of the lead auditor being the lead of the team coming to the next role, which is the audit. So the first role listed here is that audit informs the staff. All the members in the auditing organization auditing make sure that they know that this audit is being conducted.
So inform the staff, provide resources such as the interview room, communication and clerical support if at all that’s needed. And then provide escorts to help them or guide the auditor. When auditor needs to visit different places in the organization. So that role is done by escorts. And audit is responsible for showing objective evidences. So when auditor asks for an objective evidence, audit needs to show those objective evidences, provide that evidence to the auditor, and of course, audit need to cooperate during the audit process. And once the report has been issued, then the audit role would be to suggest the corrective action. Suggest and do that corrective action. So if there’s a nonconformity identified, the first thing which audit will do is to correct that nonconformity to make sure that nonconformity is removed. Then in addition to that, the audit will ensure that a corrective action is established so that that particular type of nonconformity doesn’t come back or doesn’t recur. So these are the rules of audit you.
15. 2D2-2 Additional Roles and responsibilities in audits
In addition to three roles which we talked earlier, and those roles were client, auditor and audit. And we also talked about the lead auditor. So in addition to those three key roles, there are few other participants also in the audit process. These are technical experts, observers and guide. Let’s look at the role of these three participants of the audit, starting with the technical expert. Technical expert is a person who provides the specific knowledge or expertise to the audit team. So earlier we said that in audit we could have number of auditors. And then once you have number of auditors, you will have a lead auditor to lead this team. But in that group of auditors, you might want to have a technical expert. So for example, if you’re doing an audit which requires some specific technical knowledge, in that case you need to have a technical expert as a part of audit team.
So, technical expert is also one of the auditors in the team which provides the specific knowledge which is required to conduct the audit. So the second role which is listed here is an observer. Observer is a person who accompanies the audit team but does not audit. This person is just watching the audit being done. I have done a number of audits where I am doing the audit of a supplier contractor, but then I have a client representative which acts as an observer. So observer as an observer, this client representative will just look at the audit process, how audit is being conducted, what are the evidence is being seen. But then this person who is the observer doesn’t interfere in the audit process. So his or her role is only to observe and comment later on whether the objective was to his or her satisfaction or not, whatever purpose this observer might have.
But the role of observer will be just to observe and not to interfere in the audit process. And then you have a third role which is listed here, which is the guide. Guide is the person appointed by auditing to assist the audit team. So if this facility where the audit is being done is a large facility, there are a number of departments, there are a number of production sites, then you would need a guide who can help you to take you from one place to another place, one department to another department. So guide helps the audit team to conduct the audit. And guide is generally the representative of the auditing group audit organization. So these are three additional roles which I wanted to discuss here. So with this, we complete the discussion on the roles in audit. So we talked about the client, we talked about auditor, lead auditor, audit and here we talked about technical expert, observer and guide. In the next video, we will talk about audit planning and implementation. Let’s look at that in the next video.
16. 2D-3 Audit planning and implementation
Previously we talked about roles and responsibilities in an audit. We talked about various roles such as client, auditor, auditing and many other roles. Now let’s look at the process of audit. Here in this video. Here is the overview of auditing process. Audit starts with the planning and preparation. Then you have an opening meeting. Then you have interviews, closing meeting reporting and follow up and closure. So this is the cycle of an audit. Let’s go one by one, starting with the planning and preparation. So this is the first part of an audit. Here you plan and do preparation for the audit. Notifications are sent to audit. A detailed plan is made. You schedule the audit that from this time to this time you will be auditing this particular group and then the next group, and when is the lunch break and when the audit is finishing. All that part is done in planning and preparation.
Planning and preparation also takes care of logistics, how the audit team will be reaching the site, what all they will be doing. So that’s planning part. Once the planning is done, the audit team reaches the site of the audit. Then the first thing you have there is the opening meeting. So in the opening meeting, the lead auditor explains that what is the program, what’s the plan, and checks whether anyone wants to make any changes to that particular schedule or not. And also explains that what will be the audit process, what will be the result of the audit, how the result will be conveyed, what is the meaning of nonconformity observation.
So all those things are explained in the opening meeting to the audit. Once the opening meeting is done, the next step would be to conduct audit interviews. Here, audit interviews are conducted. Auditor sits with each of the auditors. Look at the objective evidence, look at the checklist which this auditor might have prepared before doing this audit. Go through the checklist, looks for all the answers which audit requires this auditor to ask, and then looks for the objective evidence is keep the record of audit results.
Make notes so that’s something which is done as a part of audit interview. In the audit interview, if there is any non conformity or if there’s any observation which comes out of that, it is the responsibility of the auditor to explain to the auditor that out of this interview which we had in let’s say last 1 hour, these are the findings. This is wrong, this is something very good, this is something which is worth considering. So all those things are conveyed to the audit before auditor leaves audit. This is a very good practice because then you will have a very nice and clean closing meeting. Because auditing has already confirmed that whatever you have found in the audit, audit has already agreed to that.
So this was audit interview. Once all the audit interviews are complete, the lead auditor will sit with all the audit team compile all the findings, and in the closing meeting, those findings are conveyed to the audit. Here, the lead auditor will share the meeting and explain the results of the audit, and also explain that when a formal report is expected and what are the next step which auditor need to take. So that’s a closing meeting. And once the closing meeting has done, lead auditor will go through all these reports which the auditors have prepared, compile them, and make a formal report. And that report is sent to the client and the auditing. So this is the reporting part of that. Once the reporting is done, the next step would be to follow up and closure.
So the role of auditor doesn’t end at issuing the report. The role of auditor also includes that auditor need to follow up and make sure that all the items which are identified in the audit are satisfactorily closed. This closing could be done either by documentary evidences or there might be a need to do a reorder that will all depend on the type of the audit. That will also depend on how far auditor and auditor are located or what was the purpose of the audit. So based on that, auditor could decide whether submitting the objective evidence is enough for closing the report, or there might be a need to do a reorder to evaluate whether all these findings have been satisfactorily closed. So this is the loop of doing an audit, starting with the planning, opening meeting, interviews, closing meeting, issuing the report, and follow up and closure.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »