Supplier Audit

Definition

Supplier Audit is a formal review of a supplier’s processes, controls, facilities, records, or management practices to verify whether the supplier meets defined quality, compliance, operational, or contractual requirements.

What is Supplier Audit?

A Supplier Audit is used to test whether a supplier’s stated capabilities and controls exist in practice. It goes beyond questionnaires by examining evidence such as procedures, production controls, certifications, process records, traceability, training, and site conditions.

It works through a planned assessment scope, audit criteria, evidence gathering, findings documentation, and follow up actions. The audit may be conducted before award for qualification purposes, during the relationship for performance and risk management, or after a specific failure, complaint, or incident.

Supplier audits are common in manufacturing, regulated industries, food, pharmaceuticals, logistics, and high risk service environments where poor supplier control can create quality failures, legal exposure, or operational disruption.

Types of Supplier Audit

Common types include quality system audits, process audits, compliance audits, social responsibility audits, cybersecurity assessments, financial control reviews, and forensic or incident driven audits. The scope depends on the risk being tested and the nature of the supplier relationship.

A pre award qualification audit may focus on capability and control readiness, while a post incident audit may focus on root cause evidence and corrective action effectiveness.

The Supplier Audit Process

The process usually includes audit planning, scope definition, document review, on site or remote assessment, interviews, evidence testing, findings classification, report issuance, and corrective action follow up. Findings are often categorized by severity so the buyer can distinguish critical nonconformance from minor improvement points.

A strong audit does not stop at observation. It tests whether the supplier’s controls are actually operating consistently and whether management can sustain them.

Supplier Audit in Procurement

Procurement uses supplier audits to support qualification, reduce supply risk, validate claims made during sourcing, and monitor strategic suppliers over time. Audits can also inform decisions about dual sourcing, development plans, conditional approval, or contract escalation.

The audit record becomes especially important when the supplier provides a critical input, regulated service, or high volume category where failure would have broad business consequences.

Limitations of Supplier Audits

An audit provides evidence at a point in time, not a permanent guarantee of future performance. Suppliers may also prepare specifically for the audit, which is why repeated review, unannounced checks in some contexts, and performance data should complement the audit result. The quality of the audit also depends heavily on the competence of the auditor and the relevance of the criteria used.

Frequently Asked Questions about Supplier Audit

Why conduct a Supplier Audit instead of relying on certifications or questionnaires?

Certifications and self assessments can be useful signals, but they do not always show how the supplier actually operates day to day. A Supplier Audit allows the buyer to examine evidence, interview personnel, observe processes, and test whether controls are functioning in practice. This is especially important where product quality, traceability, safety, labor standards, or regulatory obligations create material business risk. An audit therefore adds verification depth that paper based assurances alone often cannot provide.

When should a company audit a supplier?

Timing depends on risk and purpose. Many organizations audit before approving a high impact supplier, after a major quality or service failure, or periodically for strategic or regulated relationships. Some also use targeted audits when there are changes in ownership, location, subcontracting, or compliance exposure. The right schedule is usually risk based rather than fixed for all suppliers. Critical suppliers with high operational or regulatory impact generally justify more rigorous and more frequent audit attention than low risk tail suppliers.

What happens after a Supplier Audit finds nonconformities?

The buyer usually documents the findings, assigns severity, requires a corrective action plan, and follows up to verify closure. Severe findings may trigger conditional approval, shipment holds, increased inspection, management escalation, or even supplier disqualification if the issue cannot be corrected acceptably. The audit is therefore not just a scorecard. It is part of a control mechanism that connects evidence to supplier governance decisions and to the commercial consequences of failing to meet defined standards.

Can a Supplier Audit be remote, or must it be on site?

Both approaches are possible. Remote audits can be effective for document review, control walkthroughs, data testing, and some service categories. On site audits are usually stronger when the buyer needs to inspect facilities, observe manufacturing practices, assess housekeeping, review traceability in operation, or understand physical process controls. The choice depends on category risk, available evidence, geography, and whether the specific audit objective requires direct observation rather than only documentation and interviews.