How Auditing Supports Supply Chain Management

There are four parts of supply-chain management:

  • Define your requirements
  • Select a supplier
  • Place the order
  • Monitor the performance

Auditing supports all four of these in some way or another.

One of the fundamental rules of auditing is to measure and evaluate against requirements.

Define Your Requirements

This forms the basis of the audit. One of the fundamental rules of auditing is to measure and evaluate against requirements. While requirements come from multiple sources in an internal and registration audit, for supplier audits these requirements always come from the contract. (Contracts come in a number of different forms, such as purchase orders, letter agreements, etc.) Three things need to be considered when writing a supplier contract:

This article is related to the Toolkit:
Audit Toolkit from MasterControl.
To get the full details, please download your free Toolkit.

  1. Technical requirements. This is classic form, fit, and function. In most supplier situations, requirements are specified by a combination of drawings, specifications, and standards. When we prepare our audit checklist questions, we must read and understand these technical requirements. We must ask the process engineers about important parameters. This knowledge will ultimately wind up in our audit checklist questions for that supplier.
  2. Accept-reject criteria. Often, we need certain tolerances in machining, or certain percentages in a blend. The supplier will often provide assurance that these accept criteria have been met. While on site, auditors verify that these assurances (claims) represent the truth.

  3. Management system requirements. For those few critical and important suppliers, we need to specify the management system(s) to be used for the performance of the contract. Management systems can come from government regulations (FDA Good Manufacturing Practices), international standards (ISO 9001 and spin-offs), national standards (ASME Boiler Code), or industry standards (JCAHCO for hospitals, API for pipelines). For smaller suppliers, you can pick and choose portions of the bigger documents, as appropriate. These standard or custom system requirements become the top tier for the supplier's own site-specific manuals, procedures, and assembly sheets.

Of course, all these requirements (technical, accept, and management) must be spelled out in the contract or purchase order. To keep these contract instruments reasonably small, we often call out other documents by reference or attachment. A good auditor will use the contract and all four of these levels of documents to prepare detailed checklist questions for a particular supplier. We can always get our hands on the external codes, specifications, and standards. We also need to get a copy of the supplier's site-specific quality, safety, and environmental manuals. Virtual (PDF) files will do. While we cannot generally access the site procedures and build prints, at least we know what to ask for when we arrive. Many of the checklist questions will be reused, and some are unique to a specific supplier. All of this becomes the basis of the supplier audit.

Select a Supplier

Technically, an audit may only occur after a contract is placed. Otherwise, there are no requirements, just speculation. But, we can use audit principles for pre-award surveys. It is quite foolish to require a site survey for all suppliers before awarding a contract. Potential critical suppliers need lots of background research. This might include an on-site survey but it doesn't have to be performed by your firm's auditors. Often, this also includes production parts approval or test lots. Potential important suppliers might need an engineering review and history of good service to others. Often, if a possible supplier is registered to one of the ISO 9001-based management system standards, they get a few bonus points on selection rankings. Potential general suppliers can get by with catalog or web site descriptions. For all three of these categories of potential suppliers (critical, important, and general), auditors probably will be involved in the selection activities but they do not have to be involved.

Place the Order

Often, supplier quality engineers and others will be asked to review draft contracts to assure that quality, environmental, safety, and security considerations are included. Remember, these will become the basis for any subsequent audits. If we wish to audit our suppliers, we must have the authority to do so. Authority may be as simple as a "rights of access" clause in the general terms and conditions printed on the back of the P.O. For critical suppliers, we should place this authority in one of the numbered clauses in the front side. All of this is contracts law. In the USA, we have the Uniform Commercial Code, used by 49 of 50 states for business matters. Because most auditors are not versed in contracts law, it is important to have all audit communications - notification, results, and corrective action requests - go through the purchasing agent.

Monitor the Performance

Most codes and standards, very wisely, do not require audits of suppliers. Auditing is but one of the many methods used to monitor supplier performance. Going from the easiest (and cheapest) to the hardest (and most expensive), we have:

  • Certificates and other paperwork
  • Inspections
  • Registration
  • Technical site visits
  • Audits

Because certificates of conformance/compliance (Yes, there is a difference) are generally worthless, it is good to have the on-site audit check out one or two, to see that they are telling the truth. Auditors should also examine the supplier's inspection program (incoming, in-process and final) to make sure it is sound and dependable. It is not uncommon for an audit to be combined with a technical visit, so that overall strengths and weaknesses can be examined alongside specific problems.

In Closing

Unlike internal audits, which are often mandatory, supplier auditing is an option. While it is possible and allowable to have a supply chain management program without including supplier audits, strong and profitable firms will always implement a program of auditing for their critical and important suppliers. There is truth to the adage that says, "You are what you eat." Strong enterprises require strong suppliers. Auditing can build a stronger and more robust supply chain.

Dennis Arter is an independent consultant and trainer. He instructs large and small firms in the fields of quality auditing and quality systems. Dennis has served clients in the fields of government, manufacturing, chemicals, energy, food, research, aerospace, finance, medical devices, pharmaceuticals, and health care. He has been auditing since 1975.

Dennis Arter has presented his course on quality auditing to over 9,000 people since 1980. He is the author of the classic text Quality Audits for Improved Performance, an ASQ Quality Press best-selling publication. Dennis is an ASQ Fellow, former Board member, and active in the Customer-Supplier Division.

Arter has a degree in biochemistry from the University of Illinois and is a licensed mechanical engineer. He was on the team that developed the ASQ Certified Quality Auditor program and holds a CQA charter certificate. He has traveled extensively throughout North America, as well as the United Kingdom, Ireland, Saudi Arabia, Bahrain, People's Republic of China, South Africa, and Croatia. He resides in eastern Washington State with his wife of 40 years. He may be reached at, (509)783-0377, via homepage at, by blog at, or through Twitter at auditguy.