• Andrew Thornhill

The difference between first party audits, second party audits and third party audits explained.

In this blog, we’re going to take a look at what we mean by the terms first party audit, second party audit and third party audit. These are terms you might hear when you get involved in management system auditing or internal auditing.


Broadly, they’re looking at the relationship between the auditee and the organisation being audited.



What is a First Party Audit?

If I’m asked to plan and conduct an internal audit for company X, and I work for Company X, (essentially an internal audit) - that is what is meant by a first party audit.


So, we are auditing ourselves, there is not really any other parties involved.


Equally, if I’m at the main site of company X, and asked to go out and audit another site, this is still a first party audit. Company-X personnel auditing company-X auditees.


What is a Second Party Audit?

The term second party audit comes up when our customers want to come and audit us. Or alternatively, if we want to leave our business to go out and audit suppliers, or sub-contractors, that is also a second party audit.


There is a commercial relationship between those kinds of entities and that’s what second party audit is trying to reflect.


An auditor from company-X going out to audit one of their suppliers or sub-contractors.


If Company-X is short of internal auditors, and engage a contract auditing service to go out and audit their suppliers, that is still a first party audit, because it really comes back to the relationship with company-X and their supplier.


What is a Third Party Audit?

A third party audit really is meant to be the highest level of independence.


Certification bodies would fall into that category, as well as regulators, Worksafe or EPA if they came and did any audit inspection at your site.


These parties are totally independent of your business. They’re just there to determine whether you are meeting regulatory criteria (in the case of a regulator) or management system criteria.

The last point I would make is that sometimes a relationship between the parties, or what type of party it is, is very black and white. But sometimes it is a little bit grey.

From my perspective, it could be seen as a second party audit, someone else could perceive this as a third party audit.


It doesn’t matter too much. It is really trying to reflect the level of independence within the audit process.

In our next blog, we are going to look at how we determine the objective, scope and criteria of our audit. Keep an eye out for that one next week.

  • LinkedIn Social Icon
  • YouTube

© IRM Systems 2019