Supplier Audits

What is the purpose of a supplier audit?  To some businesses, it’s a regular part of their supply chain operation; for others, it’s a special activity triggered by some particular event or circumstance.  Some use ISO9001 as a basis; others will use OHSAS18001 or ISO14001; others all three; some none of these, using their own standard checklist; some turn up without a checklist and see where the visit takes them.  Some audits are by large purchasing organisations on small (SME) suppliers; less often, though not unknown, it’s the SME auditing the multi-national.

But these are differences in detail, differences of scale.  The most important issue when setting out to audit a supplier is to know what you are actually setting out to achieve.

For the rest of this short post I’m going to assume the audit has a quality management focus and that ISO9001 is the appropriate standard (when the need to refer to one arises); most points can read across to audit with a focus on say, occupational health and safety, for which you might want to reference OHSAS18001.

Is it to verify compliance?  If so, compliance to what standard?  Is the standard relevant?  Has the standard been agreed?  And do all relevant parties understand what compliance, or non-compliance will mean?

In fact, it’s more likely (and, I contend, more useful and relevant) that the  audit is to assess suitability to engage in a contract (or put on the “Approved Vendor List).  Knowing and agreeing the requirement here is often much harder.  ISO9001 may be a good start but, if you are  the customer (or representing the customer), you will also have some specific needs to bring in – technical requirements, delivery, use of sub-contractors, invoicing, etc.  Some of these aspects may not yet be known to the auditee and you will need to introduce them during the audit.  It becomes even more important for all parties to have agreed what the outcome of the audit will be.  If you are representing a major customer, or there is a valuable contract on offer, you have to be extremely careful in presenting findings.  Who will get the report – will the auditee get or even see it, or will he just get a verbal list of findings?  Will you be making recommendations on how to address findings?  What authority will you, the auditor, have in determining the outcome?  Is your report just one part of a qualification process – will other aspects make your recommendations irrelevant?  Or do you have the final say in the matter – will accepting your recommendations make a significant difference to the supplier’s business (especially if it’s an SME)?

I’m asking questions here, rather than giving answers; any alternatives I’m suggesting are not mutually exclusive and are far from being exhaustive.  My problem is that I don’t know the purpose of your specific audit.  However, I’m assuming that, if you’re reading this, you are a trained, qualified and experienced auditor and able to answer them yourself – all I can do raise awareness of some of the issues to consider, issues outwith the core audit process itself.

  • If the supplier is ISO9001 certified by an appropriately accredited body, accept that their system meets it and focus on contract or customer specific issues; don’t waste time debating points of ISO9001 compliance but determine if their system will deliver what your client needs.
  • Decide early on in the audit process whether the outcome is likely to be positive (that the supplier is acceptable, albeit with a few matters to address) or negative (that the supplier is not going to be acceptable).  If the former, your focus will be trying to identify the issues that need to be addressed to ensure a successful relationship in future.  If the latter, you might either cut the audit short and avoid wasting everyone’s time, or use your expertise to advise the supplier on what needs to be done for them to be considered in future.
  • Don’t leave a long list of recommendations or action points.  Try to limit any list to single figures and don’t dwell on unnecessary detail – it’s not wrong to look for root causes but focus on desirable outcomes.  An audit may look backwards when seeking evidence but its purpose is to move forward.
  • It’s likely you’ve only had a fleeting look at the company – so don’t be unnecessarily prescriptive; having identified an issue, the supplier may find better ways to address it later, having had time to think without the pressure of being audited.

And most importantly, remember that an audit should be part of the supplier:customer relationship building process – so try to make it a good one.

(First posted as a blog on 11th September 2011)

Advertisements