Audit categories

Audit categories

This article intends to look at different ways of categorizing audits based on the International Organization for Standardization. It refers to ISO 19011:2018 – guidelines for auditing management systems. An organization can be guided by this standard to audit system in Quality Management Systems  (QMS) Environmental Management Systems (EMS), Information Security Management systems (ISMS), Risk Management systems (RMS), Road Safety Management Systems, etc. 

There are generally 2 ways of classifying audits

  1. Based on their purpose    – 1st part audits

                    – 2nd party audits 

                    – 3rd party audits

  1. Based on their focus    – Process Audit
  • Product Audit
  • System Audit


Also known as internal audits or us on us kind of audits. They are conducted by the organization itself by the use of internal auditors or on its behalf where outsourcing of the auditors is done.

The organization conducts these audits for management review and other internal purposes like self-assessments. The results from these audits may form the basis for self-declaration of conformity. 


Also known as “Supplier” audits or “us on our Suppliers” audits – they are conducted by parties having an interest in the organization. An organization or other persons on their behalf can choose to audit its suppliers to ascertain the quality of their products and services. Sometimes customers, when looking for a certain product, can opt to audit and organization.


These audits are also known as “Certification” or them on us audits –They are conducted by external, independent auditing organization. 

Characteristics of 1st Party Audit

  • Less formal (should also be proactive)
  • May be limited to specific processes. An organization may choose to audit a few of its processes at any given time may be due to complaints arising from one process or auditing the departments that had non-conformities during the previous audits.
  • Must cover all the requirements of the applicable standard to processes
  • Advice may be given and can be useful
  • Time management important but some flexibility is possible
  • Guidelines  for this audit are offered in ISO 19011:2018 Standard

 Characteristics of 2nd Party Audit

  • Usually less formal. Might be tense if it is a big deal i.e big government tenders
  • Might not need to address all the organization’s processes. When auditing a supplier, you just focus on your area of concern or interest.
  • Might not need to cover all requirements of the standard
  • Time management important but not as critical
  • Need to be aware of the implications of giving advice
    • Might be good for supplier development
    • Might have a cost implication
  • Follow-up depends on the interest in qualifying the supplier. If interested in the supplier’s goods, you need to go back unless you dismissed their work based on the first audit.
  • Guidelines offered in ISO 19011:2018 Standard

Characteristics of 3rd Party Audit

  • Very formal and might be a tense situation 
  • Must cover all processes that are applicable to the organization’s Quality Management System 
  • Time management is very critical
  • Auditors need to avoid giving advice
  • Auditor competence and audit team selection very important
  • Guidelines offered in ISO 17021:2015 Standard

Process Audit

This is the type of audit intended to evaluate the effectiveness of the QMS activities relating to a specific process. It may be informed by complaints, non-conformities from previous audits, supplier interests, etc


An audit carried out to evaluate the effectiveness of the QMS activities relating to a specific product. An organization may be dealing with many products but choose to audit just a few. May be due to upgrading of system or a change within their products. 


A complete assessment of the effectiveness and the documentation of the whole QMS. A combination of both product and process audits. 

Leave a Reply

Your email address will not be published.