Finance glossary

What is a supplier audit?

Bristol James
8 Min

A supplier audit is a systematic assessment of a company’s suppliers to ensure they operate efficiently, adhere to the necessary standards and comply with regulatory requirements.

Supplier audits also optimise supply chain performance, mitigate financial and operational risk and foster mutually beneficial relationships between the company and its suppliers.

Why are supplier audits important?

In an era of globalisation where businesses source materials and components from suppliers around the globe, maintaining a robust supplier management system is more critical than ever.

The importance of supplier audits can be understood via several key factors:

  • Cross-border compliance – audits help ensure that suppliers comply with environmental laws, labour practices and other industry-specific standards.
  • Risk mitigation – global supply chains are inherently complex and increase the risk of disruptions, fraud and substandard processes. Audits are a proactive way to identify such risks and take steps to mitigate them.
  • Quality and performance – maintaining consistent product quality can also be difficult. Audits clarify supplier performance (such as whether the supplier is outsourcing work) and help the company understand if their products and processes adhere to quality standards.
  • Supplier relationships – universal quality standards also improve supplier relationships. Audits increase relationship transparency by establishing audit activities that pre-empt misunderstandings. They also help both parties work on an action plan to reduce risk and maintain desirable output.
  • Competitive advantage – supplier audits also contribute to a company’s quality and reliability. Both increase the company’s reputation and can be pillars of a competitive advantage.

Supplier audit types

There are various types of supplier audits with each focusing on a specific aspect of supplier performance or compliance.

Below are some of the more common types.

Compliance audits

Compliance audits verify that suppliers meet various legal, regulatory and contractual requirements.

Think of this type of audit as a process where a company’s processes or documents are examined for compliance in areas such as financial regulation, environmental regulation and employment law.

SaaS companies, for example, will need to prove that they do not violate copyright laws and follow standards that relate to interoperability.

Quality audits

As the name suggests, quality audits examine a supplier’s quality management systems and processes.

The objective here is to ensure that the supplier’s quality management system (QMS) consistently meets the buyer’s standards and specifications.

Part of a robust QMS is the ISO 9001 global quality management standard, which helps suppliers of all sizes (and in all industries) meet customer quality expectations.

 

Supplier Audits: Types of Quality Audits
Within the quality audit type, there are also numerous sub-types (Source: QualityMaster)

Financial audits

Financial audits review the financial health and stability of the supplier. These audits assess the risk of financial instability or insolvency that could impact the supplier’s ability to fulfil contracts.

To conduct an audit, the buyer may analyse:

  • Liquidity ratios – with a focus on the short term.
  • Profit margins – including gross and operating profit margin.
  • Total liabilities and net worth, and
  • Accounts receivable turnover ratio.

Process audits

Process audits focus on specific processes across the supplier’s operations, with each examined for efficiency and efficacy. Areas for improvement may be identified to increase consistency and optimise supply chain performance.

Key focus areas for process audits include:

  • Waste minimisation.
  • Optimal resource utilisation.
  • A reduction in variability and defects, and
  • A culture of continuous improvement.

Social and ethical audits

With companies increasingly responsible for the conduct of every link in their supply chain, suppliers are routinely audited for their social and ethical footprint.

In most cases, suppliers are checked for their compliance with labour laws – especially in countries where laws related to fair wages, working hours and safe work conditions are questionable.

Some audits focus on the ethical behaviour of a supplier. In other words, has it instituted anti-corruption measures or fair trade practices? Others, on the other hand, assess a supplier’s commitment to the environment and sustainability.

The supplier audit process

The supplier audit process consists of three broad stages: planning and preparation, execution and report submission/debrief.

Prior to this, there is also a reason that prompts an audit in the first instance. Many audits are precipitated because of quality issues, delivery delays or financial instability.

Other reasons include:

  • Regulatory compliance – particularly in highly regulated industries such as finance, pharmaceuticals, aerospace and food and beverage.
  • New supplier evaluation – as part of the supplier onboarding process.
  • Contractual obligations – some contracts may stipulate periodic audits.
  • Risk management – to protect a business from various supply chain risks such as capacity issues or geopolitical factors, and
  • Certification requirements – in some cases, a business will need to be audited to achieve or maintain specific certifications.
Reasons for supplier audits
Three of the more common reasons for a supplier audit (Source: PROQC)

Let’s now explain each of the three stages.

Stage 1 – Planning and preparation

In the planning stage, it is important to draft a plan that details the scope, objectives and criteria of the audit.

Scope

The scope defines the boundaries or extent of the audit. It may be limited to certain products, services, processes, locations or departments.

Objectives

The audit’s objectives correlate with its goals and intended outcomes.

Example objectives, as we touched on earlier, include compliance verification, quality assessment, risk identification, performance evaluation or process improvement.

Criteria

The criteria of a supplier audit are the standards, benchmarks and requirements against which the supplier’s performance will be evaluated.

To establish these criteria, the buyer can return to the audit objectives for inspiration. They can also identify risk factors, review supplier documentation and analyse the supplier’s performance history.

For a supplier that offers financial services and consulting to a major bank, key criteria may relate to:

The audit checklist

The audit checklist should define the objectives of the audit in addition to criteria that are objective and measurable. It should also include:

  • Documentation of the relevant requirements and standards.
  • Supplier documentation – including quality manuals, work notes, procedures, certifications and records.
  • Tactical and strategic objectives and action plans.

Supplier audit checklists tend to utilise a question-based rating system where buyers can assess the performance of their vendors. For example, one question to be scored may be “Does the supplier have a document management system?”

The structure of the checklist will depend on the business and its industry. Nevertheless, a common method of scoring supplier performance is as follows:

  • N/A – not available (or not evaluated).
  • 0 – Major non-conformity – major discrepancies and/or the total absence of proper procedure that poses a substantial risk to quality, compliance or the business relationship. A rating of 0 requires a corrective action plan.
  • 1 – Minor non-conformity – some errors in an established procedure that need to be addressed to avoid escalation. Minor non-conformities also need to be corrected with an action plan.
  • 2 – Acceptable – the supplier has basic processes in place to pass the audit but may only be meeting minimum standards. As a result, there are still areas for improvement.
  • 3 – Good – suppliers meet and occasionally exceed minimum requirements with consistent performance and adherence to standards. Minor non-conformities are rare.
  • 4 – Best practices – adoption of practices that consistently exceed requirements. Suppliers demonstrate proactive improvements and high performance. No room for improvement.
  • 5 – Outstanding – exceptional performance characterised by innovation and leadership in both industry benchmarks and best practices.

Once the checklist has been completed, it can be pilot-tested to identify any knowledge gaps and then distributed to the audit team.

The audit team

An audit team with the necessary expertise must be assembled to communicate the plan to the supplier in advance.

This team is comprised of staff from the buyer organisation who also decide whether the audit will be conducted internally or externally.

In most cases, an external third party performs the audit on behalf of the buyer.

Notification

The supplier is then notified that an audit will take place, with the notice period dependent upon contractual agreements, regulatory requirements, best practices or industry standards.

Stage 2 – Execution

In the execution stage, the audit team or third party performs the audit.

This encompasses:

  • Data collection – all necessary information is collected to evaluate supplier performance based on the predetermined criteria.
  • Site visits – where auditors observe operations first-hand to verify that procedures and operations are compliant.
  • Interviews – here, the audit team interviews key personnel to gather insights and verify information. This could be anyone from senior management to frontline staff.
  • Process verification – this may involve detailed walkthroughs of critical processes and quality assurance (QA) systems, sampling and/or testing and cross-checking of information from different sources.
  • Compliance and gap analysis – using the audit checklist and associated criteria, the audit team can systematically evaluate compliance and identify areas where the supplier’s existing practices fall short.

Stage 3 – Report submission and debrief

Once the audit has been completed, the auditors prepare a meticulous report that details areas of compliance, areas of non-compliance and recommended improvements.

Documentary evidence such as quantitative data, interviews and other observations are also attached to support the team’s assertions.

Some preliminary observations may be shared with the supplier before the report is finalised. Alternatively, the audit report is finalised and presented to the supplier and if applicable, management staff of the third-party auditor.

Debrief

The supplier and all relevant stakeholders are then debriefed on the report. Key findings are presented in a constructive manner and any concerns or queries are addressed.

For areas of non-compliance, the auditors and supplier must agree on the required corrective actions. Clear deadlines must be set for their implementation with mechanisms also put in place to monitor the supplier’s progress.

This phase is essential for maintaining transparency, addressing any issues identified during the audit and fostering a collaborative relationship that is conducive to positive change.

The aftermath of a supplier audit

In the aftermath of a supplier audit and upon receipt of the report, the supplier will usually conduct an internal review with the relevant department(s).

From there, an action plan will be developed that incorporates a root cause analysis to understand the drivers of non-conformities. The plan also details corrective actions, preventative actions and who is responsible for their implementation.

Some general corrective actions include:

  • Process improvements.
  • Staff training and development.
  • Updating procedures and documentation, and
  • Investing in new equipment or technology.

Monitoring and follow-up

The supplier will then monitor and evaluate the actions to ensure their effectiveness. This may involve further internal audits or self-assessments, periodic progress meetings or data analysis and performance tracking.

Based on specific requirements, the supplier must also provide updates to the auditor on the implementation of corrective actions.

In some cases, there may also be follow-up audits to verify that the supplier has adequately addressed the issues raised.

In summary:

  • A supplier audit is a systematic and independent evaluation of a supplier’s operations, processes and practices. Such audits determine whether the supplier meets the buyer’s requirements as well as any regulatory or industry standards.
  • Supplier audits are particularly important in a globalised world where businesses source goods and services from suppliers in different countries. Audits are important for cross-border compliance, risk mitigation, quality assurance, robust supplier relationships and competitive advantage.
  • Supplier audits can take many forms, with each focusing on different aspects of a supplier’s operations. These include finance, compliance, social and ethical, quality and process audits.
  • Generally speaking, the supplier audit process has three stages: planning and preparation, execution and report submission/debrief. The process itself is multi-faceted and requires meticulous planning and follow-up procedures to foster compliance.

 

Related articles

Finance glossary

What is MFA?

Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …

Read more
Finance glossary

What are imposter scams?

Imposter scams are a type of fraud where scammers pretend to be trusted individuals, companies, or government agencies to deceive victims into …

Read more
Finance glossary

What is accounts payable fraud?

Accounts payable fraud is a deceptive practice that exploits vulnerabilities in a company’s payment processes. It occurs when individuals—whether employees, vendors or …

Read more

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.