Primer Module for Audit Program Management

Previous Quiz
Next Topic

Party

Primer Module for Audit Program Management Anatomy of an Audit Party
shows parties of audit

There are many types of audits. There are also many different names and ways to describe them. To prevent confusion, ISO 19011:2018 categorizes all audits into parties. If you are following along with your own copy of this standard, reference Table -1. Different Types of Audits.

Desktop audits, remote audits, virtual audits, process audits, Risk Management Plan audits, Technical File audits, internal audits, external audits, etc. Each one of those means something, and some of those audit types are used interchangeably. Remote and virtual audits, for example. ISO 19011:2018 explains what both of these mean, and they are not the same thing. However, the terms are sometimes used as if they were. This can create confusion because you can perform an onsite virtual audit.

This would be a great exercise! If you don’t already know the difference between a remote audit and a virtual audit, then stop here. Use ISO 19011:2018 to find the difference and then come back.

Welcome Back!

The standard gives us 3 types of audits. 1st, 2nd, and 3rd party.

1st Party Audits include the internal/quality audits that your company performs of itself as part of maintenance and continual improvement of your quality management system. This means that you or your organization may be both the auditee and the audit client. You may also have the internal resources to be the auditor as well. If you do not and utilize an outside auditor, even though they may be external from your organization, it is still an internal/quality or 1st party audit.

2nd Party Audits include ‘external’ providers or other interested parties. To frame this in the context of your quality management system, a good rule of thumb is that anyone on your approved suppliers’ list is probably an external provider. An interested party may be someone that your organization is a supplier for. These types of audits usually conducted as part of the Purchasing process are often just referred to as ‘supplier audits’.

3rd Party Audits include certification and accreditation audits. Those conducted by external bodies, for example, if you have Dekra or Intertek audit you for ISO 13485:2016 certification, those audits are 3rd party. Another example is audits required by law or conducted by the authorities having jurisdiction like an FDA Inspection.

Spoiler Alert!

If you took part in the optional exercise, you should have answered similar to what is outlined below. If you did not, keep reading at your own risk, but be warned that I’m going to give the secret away!

A remote audit is actually an audit method. However, saying ‘remote audit’ can be misleading because it does not provide any further information as to what type of audit is being conducted. Only that there is an audit, and it will utilize the remote method.

A virtual audit is an audit of processes that are completed in an online environment irrespective of the location of the person interacting with the process. Cloud computing is an example that the standard gives. The virtual audit is based on where the processes take place and can use any audit method. It just sounds silly to say, “I am conducting an onsite virtual audit,” even though that is a legitimate thing I have both said and done before.

Previous Quiz
Back to Lesson
Next Topic