IATF 16949:2016 Clause   Second-party audits

In the context of IATF 16949:2016, a second-party audit also know as second-party audit refers to an evaluation conducted by one organization (the auditing organization) on another organization (the audited organization), typically its supplier. The purpose of this audit is to assess the audited organization’s compliance with the requirements of the IATF 16949 standard. The second-party audit is an essential part of supplier management in the automotive industry, where ensuring the quality and conformity of products and services is of utmost importance. During a second-party audit, representatives from the auditing organization visit the audited organization’s facilities to evaluate their quality management system (QMS) processes, manufacturing practices, product conformity, and adherence to IATF 16949 requirements. The auditors review documented procedures, records, and evidence of compliance, as well as conduct interviews with personnel to gain insight into the effectiveness and implementation of the QMS. The second-party audit aims to verify that the supplier’s QMS is effectively addressing automotive-specific requirements, including those defined in IATF 16949, as well as customer-specific requirements. It also seeks to identify areas for improvement and any non-conformance that require corrective actions. By conducting second-party audits, automotive organizations can ensure that their suppliers maintain a high level of quality and conformity to meet the stringent demands of the automotive industry. The audit results are used to make informed decisions about supplier selection, ongoing performance evaluation, and collaboration for continuous improvement, ultimately contributing to a robust and reliable supply chain within the automotive sector. The Supplier Audit Supplier audits provide an opportunity to acquire valuable in-depth knowledge about organizations that substantially influence your ability to serve your customers. You get the chance to thoroughly and. objectively assess how they conduct their business and determine if the quality management system (QMS) they have in place is adequate to ensure their ability to meet your needs.

Clause   Second-party audits

As part of the supplier management approach, the organization shall conduct second-party audit for the supplier risk assessment, supplier monitoring, supplier QMS development, product audits, process audits. Based on a risk analysis, including product safety/regulatory requirements, performance of the supplier, and QMS certification level, at a minimum, the organization must document the criteria for determining the need, type, frequency, and scope of second-party audits. The organization should retain records of the second-party audit reports. If the scope of the second-party audit is to assess the supplier’s quality management system, then the approach shall be consistent with the automotive process approach. Guidance may be found in the IATF Auditor Guide and ISO 19011.

Conducting second-party audits for supplier risk assessment, supplier monitoring, supplier Quality Management System (QMS) development, product audits, and process audits is a proactive approach to ensure the quality and reliability of the products or services received from suppliers. Here’s an outline of how the organization can conduct these audits effectively:

  1. Supplier Risk Assessment:
    • Identify critical suppliers based on their impact on the organization’s products or services.
    • Define risk assessment criteria, considering factors such as financial stability, past performance, geographical location, and potential supply chain disruptions.
    • Conduct on-site or remote audits to assess the identified risks and evaluate the supplier’s risk management practices.
    • Review their contingency plans and risk mitigation strategies.
  2. Supplier Monitoring:
    • Define key performance indicators (KPIs) and metrics for supplier performance evaluation.
    • Establish a monitoring schedule based on the supplier’s criticality and previous performance.
    • Regularly review the supplier’s performance against the defined KPIs.
    • Conduct on-site or remote audits to ensure compliance with agreed-upon requirements and contract terms.
  3. Supplier QMS Development:
    • Collaborate with suppliers to help them establish effective Quality Management Systems (QMS) if they don’t have one already.
    • Provide guidelines, templates, and best practices to assist suppliers in developing their QMS.
    • Conduct regular audits to verify the implementation and effectiveness of the supplier’s QMS.
  4. Product Audits:
    • Define product audit criteria and requirements based on the organization’s quality standards.
    • Select product samples from the supplier’s production and assess them against the defined criteria.
    • Evaluate the products’ conformity and quality based on the audit results.
    • Work with the supplier to address any non-conformities found during the audit.
  5. Process Audits:
    • Define process audit criteria and requirements, focusing on critical processes that impact product quality.
    • Review the supplier’s process documentation and procedures.
    • Observe the supplier’s processes in action to verify their compliance with the defined criteria.
    • Identify opportunities for process improvement and collaborate with the supplier to implement corrective actions.
  6. Reporting and Follow-up:
    • Document all audit findings, including both positive aspects and areas for improvement.
    • Provide the audit reports to the suppliers and work with them to develop corrective action plans for any identified issues.
    • Establish follow-up mechanisms to track the implementation of corrective actions and improvements over time.
    • Regularly review the effectiveness of the second-party audits and make adjustments to the audit process as needed.

By conducting second-party audits for these aspects, the organization can strengthen its supplier relationships, ensure quality and compliance, and mitigate potential risks effectively.


Organizations must establish criteria for deciding which suppliers (and potential suppliers) will be selected for on-site assessments. It’s neither warranted nor appropriate to conduct audits for all of your suppliers. The time and resources expended should depend on the criticality of the product or service each supplier provides. Otherwise, resource constraints will inevitably cause the supplier audit program to degrade into an uncontrolled haphazard activity typified by rushed audits, rescheduling, and ineffective visits conducted by unqualified staff. Eventually the process is simply abandoned. It’s better to do fewer audits, targeting the suppliers most important to your organization. In this way you can use the good auditing practices that will ensure that you get the most benefit from the visit. This can’t happen if the process is unplanned, overburdened, or poorly implemented. Supplier audits should be conducted by trained, qualified auditors using indus- try-recognized auditing practices, established guidelines, and in accordance with the auditor code of ethics. This isn’t a casual visit. It’s an audit. It has structure, rules, and protocol. An audit is a controlled process. As with any other process, Managing Supplier-Related Processes it should be characterized by the same features: definition, planning, inputs and outputs, resources, qualified personnel, records, and measurement. Audits rely on objectivity, documented criteria, and verifiable evidence. The output of this process is the audit report, accompanied by requests for corrective action when appropriate.


Audits aren’t surprise events. They should be properly scheduled at a time that’s convenient to both parties. You want the auditee’s attention during the audit and the opportunity to speak with key personnel. That’s difficult to accomplish if you’re vying for time and access with visiting customers, end-of-month production push, vacation schedules, or the annual picnic. Your organization’s time is too precious to be squandered on an unproductive audit that won’t provide the requisite information. To minimize the risk of an ineffective audit, schedule the audit and confirm the date several days before your visit. Supplier audits should be conducted in the spirit of the ISO 9001 quality management principle of “mutually beneficial supplier relations.” You need the product the supplier sells; it (like you) needs customers. One of the results of the audit will be either a decision to approve a supplier or to maintain its qualification on the approved vendor list. The audit should, therefore, provide objective evidence to support the decision. It also provides the opportunity to communicate to an organization what it must do to become a qualified supplier. For periodic reassessments, information that may be collected will relate to such things as increased capacity, change in product offerings, decrease in staffing, mergers, increased out- sourcing, acquisitions, or new technology. Suppliers should know ahead of time what the scope of the audit will be. If they have multiple product lines and facilities, you may limit the scope to the area that’s most relevant to your organization. You may also decide to do a process audit and focus on only one process or on a clustered group. For example, if you’re outsouring your heat-treat to a company that also does plating and machining, you may choose to look only at the heat-treat and the ancillary processes.


It’s also important to tell the supplier which standard or requirements you will use for the assessment. Audits must be conducted against a documented set of requirements. These can be:

  • Its own internal procedures, a copy of which you must receive ahead of time
  • The international standard it is certified to-in other words, IATF 16949, ISO 9001, and so forth
  • Any applicable regulatory requirements
  • Your procedures

If you’re going to be using either your own procedures or an industry standard, you must ensure that the supplier has the relevant information. Otherwise, you must furnish it in advance so the supplier can determine if it’s able to meet your requirements. This could save you a trip if it reviews the requirements and has to concede that it would probably fail your audit.


To make the most of your limited time, it’s essential to have prepared a checklist. You don’t need to show it to the supplier in advance. These are your guidelines. In addition to providing a framework for questions, checklists furnish an organized format for taking notes that will make report writing more productive. Checklists are also useful if you have an auditor-in-training or if you’ve included a technical specialist on your audit team. Use of technical experts who aren’t trained auditors is warranted if the auditee has complex or specialized processes that require assessment by a person with comparable expertise. For the sake of efficiency, some organizations use one generic checklist from which they add and subtract items as appropriate. This isn’t a bad idea, provided that you review the checklist before arriving at the supplier’s location. If you are using a scoring checklist, it’s a courtesy to share it ahead of time. This kind of checklist assigns numerical values to the auditee’s level of conformance to requirements and is intended to remove bias. Because it’s primarily used for awarding major contracts, sharing the checklist with the potential supplier before the audit lets it know what the rules are for winning the bid. Your audit checklist should be planned to elicit the information that you need. Not all categories are relevant to all suppliers. A visit to the organization that is bidding for the contract to do aftermarket field service will differ from the visit to the company that’s furnishing resin for your molding process. In each instance there are processes that are of greater importance to your organization. In the first case, communication with customers and technicians’ qualifications may be critical, whereas in the latter, information about raw-material traceability, equipment preventive maintenance, and statistical process control may be of greater concern. Always make sure to include questions about document-control and record- retention practices. These are the two common denominators in all organizations.


Plan your supplier audits with thoughtful deliberation so that the results benefit your supply chain management processes. Don’t forget supporting activities that may be directly relevant to the organization’s ability to meet your requirements. As appropriate, include questions relating to such things as identification, labeling, packaging, inspection, calibration, aftermarket support, response time, and inventory levels. The questions you ask have the added benefit of communicating to the supplier the features of its QMS that are most critical to your organization. If you’re not asking questions about how the supplier handles these features, the tacit message you’re sending is that these are things you don’t particularly care about. Ensure that there’s enough flexibility built into your audit plan so that you may skip some processes if you have time constraints or so you can add things if you become aware of additional activities or areas of concern.


After the audit, write a report. It should state what your assessment of the organization is based upon the standard you used. It should mention strengths, examples of good practices, descriptions of features or special processes that are of particular importance to your organization, areas of concern, and actual nonconformities. You may specifically state what improvements you must see to award a contract or to continue doing business with the supplier. You must provide a conclusion as to your assessment of the vendor’s ability to meet your organization’s requirements. Make sure that you provide the supplier a copy of your audit report. All audits, regardless of their purpose, scope, or source, should provide you with information that leads to greater knowledge about your organization and opportunities to improve. Your suppliers should reap the same benefit from your audit. You may send them either the audit report that you retain for your own records or a separate report edited for their use. Supplier audits are one of the best tools an organization has to establish a foundation for mutually beneficial supplier relations. Definition, planning, and control ensure that the process has value. Consistent implementation relates directly to the integrity of your supply chain-and your sustainability.  

Leave a Reply