Assessment of compliance of management systems with the requirements of the relevant standard (standards) is carried out by various types of audits. The choice of audit type depends on the objectives. A combination of several types of audits is possible during one audit.
Three main types of audits are used, depending on whose interests the auditors act. One of them is considered internal, and the other two are external audits.
A first-party audit is an internal audit in which the organization examines itself. If the organization engages third-party experts to audit its management systems, such an audit is still considered a first-party audit.
A second-party audit is an audit in which the client reviews the product (service) provider (potential provider). In this case, the audit client is not the audited organization itself, but its client (potential client). The main purpose of such an audit is to confirm the guarantees given to the client. The customer orders an audit of the supplier (potential supplier) to ensure that the supplier can fulfill its obligations to supply products or provide services. In the case of a second-party audit, the concept of an audit client may have a different meaning than that used in a contractual relationship. The customer may engage its own auditors or third-party auditors to conduct an audit of the supplier (potential supplier). The supplier (potential supplier) officially becomes an audit client based on the contractual relationship if the client imposes binding conditions on the supplier (potential supplier) to conduct an audit by a third-party organization.
A third-party audit is an audit performed by an independent organization (Management Systems Certification body). Third-party audit is conducted for the purpose of certification of management systems of the organization. When the organization prepares its management systems for the certification process, it organizes a first-party audit (internal audit) to verify compliance with the requirements of the relevant standard(s). If the result of the internal audit is positive, the organization applies to the certification body to conduct a third-party audit.