Supplier audits are a cornerstone of maintaining a reliable and efficient supply chain.

Whether you’re evaluating a potential partner or assessing an existing supplier, an audit helps ensure quality and compliance and mitigates risks.

By examining a supplier’s processes, procedures, and products, audits provide critical visibility into their operations.

This allows you to pinpoint non-compliances and areas for improvement.

In this article, we’ll guide you through a 6-step checklist to help you conduct effective supplier audits with confidence.

Step 1: Identify Audit Goals

Identifying clear and measurable audit goals is the first crucial step in any supplier audit process.

Without them, your audit could become too broad and miss critical areas that need attention.

Clearly defined goals guide the entire process, ensuring auditors focus on the most important aspects of the supplier’s operations.

The scope of an audit—defined by its goals—can be very specific or more general.

To help define your audit goals, ask yourself two key questions:

• Are we auditing a prospective or existing supplier?
• What performance aspects are we assessing: all, just critical areas, or specific issues?

With these considerations in mind, here are some key goals commonly set when auditing current and potential suppliers.

Source: Veridion

To illustrate these generalized goals, let’s take “Quality Assurance” as an example.

For potential suppliers, this goal often involves verifying whether their production processes and quality control systems can reliably meet your requirements.

In this context, audits might focus on

• reviewing certifications,
• inspecting sample products, or
• assessing their capacity to scale production for future demand.

With existing suppliers, quality assurance goals shift toward evaluating ongoing compliance with agreed quality standards.

This could involve

• reviewing inspection reports,
• analyzing defect rates, or
• examining how they’ve addressed past quality issues.

This distinction applies to other audit goals as well.

The table below illustrates how the remaining goals shift focus, depending on whether you’re auditing potential or existing suppliers:

Audit Goal	Potential Suppliers	Existing Suppliers
Regulatory Compliance	Verify certifications and adherence to regulations and standards	Evaluate ongoing compliance with regulatory updates
Financial Stability	Assess financials to gauge risk and long-term viability	Monitor financial health to ensure continued stability
Supply Chain Reliability	Evaluate the ability to meet delivery schedules and adapt to demand fluctuations	Review delivery performance and responsiveness to past disruptions
Risk Management	Identify potential risks related to production, quality, ethics, geography, etc.	Assess how identified risks are being mitigated
Sustainability & Ethical Standards	Confirm compliance with ESG and ethical requirements	Monitor progress on initiatives and adherence to commitments
Health & Safety Compliance	Ensure workplace safety systems are in place and compliant	Review incident records and ensure ongoing adherence to safety protocols
Operational Efficiency & Innovation	Assess production efficiency and innovation to meet current and future needs	Evaluate the cost-effectiveness and adaptability of processes over time

This table highlights why defining clear goals tailored to your specific needs is crucial for a focused and productive audit.

To achieve this, you should:

• determine and prioritize the most critical aspects of your supply chain,
• ensure that audit goals align with your overall business priorities,
• formulate goals that are specific, actionable, and measurable.

Once these goals are clearly defined, the next step is to develop detailed criteria that will guide your audit.

Step 2: Develop Criteria (Pre-Audit)

Based on the audit goals, your team should develop audit criteria: a set of standards and benchmarks against which suppliers will be evaluated.

This ensures consistent and objective assessments across different suppliers or audit cycles.

Developing these criteria is not a task to be taken lightly or handled by a single person.

Why?

Because the most effective criteria are created collaboratively, involving a cross-functional team of stakeholders from various company departments.

In some cases, external stakeholders—such as third-party auditors, consultants, or even key investors or customers—may also contribute to the process.

Aside from procurement leading the effort, below are the primary internal stakeholders typically involved:

Source: Veridion

Each stakeholder provides valuable input for criteria-setting.

For instance, legal specifies regulatory and contractual requirements that must be included in the audit criteria.

Similarly, quality assurance defines measurable benchmarks for product quality, such as defect rates or inspection standards.

These inputs not only highlight the value of cross-departmental collaboration but also signal the next step in criteria development.

Specifically, this involves identifying the standards and requirements that the suppliers to be audited must meet, such as:

• industry-specific standards (e.g., GMP, ISO),
• regulatory requirements (e.g., health & safety),
• contractual obligations (e.g., product quality, on-time delivery).

This last point—contractual compliance—exemplifies how the audit criteria are shaped differently for potential and existing suppliers.

Below, you can see the key differences and how they affect the set audit criteria in this aspect alone:

Audit	Potential Suppliers	Existing Suppliers
Timing	After prequalification and shortlisting, before final selection	Post-contract, during periodic or event-based performance reviews or compliance checks
Goal	Assess predicted capability to meet contractual obligations	Validate actual compliance and performance against contractual terms
Available Data	Certifications, process documentation, initial desktop audit findings, reference checks	Historical performance metrics, delivery records, and quality reports
Criteria Focus	Predicted compliance, inferred capability	Measured compliance, tracked parameters
Criteria Example	Ability to meet delivery timelines based on process efficiency and references	Delivery punctuality (e.g., 95% on-time delivery rate over 6 months)

Note that—unlike contract-related criteria—the benchmarks set for industry standards and regulatory compliance typically stay the same for both supplier categories.

You’ll find similar overlaps and differences across other audit aspects.

Generally, criteria for existing suppliers are grounded in measurable, tracked past performance and the established relationship with your company.

So, with the right data and tools, setting the audit criteria for them is relatively straightforward.

In contrast, potential suppliers have no track record with your company.

This means criteria must account for uncertainties and rely on third-party information.

Without historical data, the focus shifts to evaluating the supplier’s systems, processes, and past performance with other customers.

For instance, one of the audit criteria may involve a supplier’s average score across several reference checks.

Source: spb.gov

Taking these factors into account, here are the next steps in audit criteria development:

• tailor criteria to industry- and supplier-specific benchmarks,
• turn criteria into clear, quantifiable, and objective questions,
• break down criteria into relevant categories, and
• create an audit checklist.

The final checklist will include the audit criteria, specific questions, and the required evidence to assess compliance.

However, before contacting the supplier to arrange an audit and potential site visit, there’s one more thing to do: a desktop audit.

Step 3: Conduct a Desktop Audit

Desktop supplier audits are done online, without contacting the supplier or arranging to visit their facilities.

This saves time by allowing your audit team to review vital information beforehand.

It also helps them identify issues or gaps that can be addressed directly during the site visit or remote audit.

During a desktop audit, your team focuses on reviewing documentation provided by the supplier, as well as publicly available data.

However, this can often be a resource-intensive and time-consuming task, particularly when verifying the freshness and accuracy of supplier information.

To ensure that outdated or missing data does not lead to overlooking critical audit issues, consider using a third-party supplier data platform like Veridion.

Source: Veridion

As shown above, almost 30% of supplier data changes every year.

This means your desktop audit results may be compromised by old and unreported information.

And that is exactly where Veridion’s AI-powered algorithms step in.

By continuously scanning the Internet, Veridion collects up-to-date information on all suppliers worldwide with an active web presence.

Source: Veridion

This means Veridion can do much more than accelerate your desktop audit.

Namely, our platform allows you to:

• find new, suitable suppliers in just seconds instead of days or weeks,
• enrich your current supplier profiles with the latest data, and
• conduct extensive risk assessments.

For prospective suppliers, desktop audits often rely on supplier-provided or third-party data to uncover red flags, such as discrepancies between reported information and online records.

Expectedly, desktop audits of existing suppliers also leverage your company’s past performance data to pinpoint recurring issues or areas for improvement.

In both cases, desktop audits are indispensable for identifying critical areas that require attention during the on-site visit or remote audit.

Step 4: Do an In-Person Audit (Optional)

While not always required, in-person or on-site audits are indispensable in situations where desktop and remote audits cannot provide a complete picture.

This step is especially important when a supplier is critical to your operations or operates in a highly regulated industry.

Additionally, in-person audits are often necessary to verify compliance with legal, regulatory, or safety requirements that require physical inspection.

Steven Kirz, a former manager at Pace Harmon, highlights how technical advancements and remote options have led many companies to deprioritize in-person audits.

However, he cautions:

Illustration: Veridion / Quote: ISM

Kirz further emphasizes that the insights gained from on-site visits can prove invaluable during final contract negotiations.

So, if you decide to organize an in-person audit, should you announce it to the supplier or not?

For potential suppliers, unannounced visits are not commonly organized because:

• they have no formal engagement with your company, so such a visit could be perceived as intrusive or inappropriate, and
• they may not be prepared or willing to grant access to their facilities without prior notice.

Therefore, unless there are serious concerns or suspicions that can’t be addressed through other means, it’s not advisable to just show up on a prospective supplier’s site for an audit.

Unannounced audits, however, are more commonly conducted for existing suppliers, especially when there are concerns about ongoing compliance or potential misconduct.

For announced in-person visits, it’s essential to inform the supplier about your audit process and objectives beforehand and address any questions they might have.

This approach fosters transparency and lays the groundwork for a collaborative and effective on-site audit.

Step 5: Analyze Findings (Post-Audit)

After completing the remote or on-site audit, the next step is to analyze the findings and categorize them appropriately.

Typically, audit findings are grouped into three categories:

• major non-conformances,
• minor non-conformances, and
• areas for improvement.

Major non-conformances are serious issues that could disrupt operations, compromise quality, or violate legal or regulatory requirements.

On the other hand, minor non-conformances are issues that do not pose immediate risks, but may require corrective actions to avoid escalation.

Finally, areas for improvement are the identified opportunities for a supplier to optimize processes and enhance performance.

Below, you can see an example of a major non-conformance.

The finding suggests a significant environmental impact and very likely—depending on the supplier’s country—violates environmental regulations or standards.

Source: Safety Culture

This brings us to the question of how to present your audit findings to the supplier.

For potential suppliers, serious non-conformances like the one above could lead to disqualification.

If that’s the case, suppliers should still be informed of your findings and guided on what they need to fix in order to be considered in the future.

For existing suppliers, the situation may—or may not—be different.

In the case of major non-conformances, an immediate corrective action plan would be required, and timelines for addressing the issue would be clearly agreed upon with your current supplier.

But what about minor non-conformances, like the ones shown here?

Source: Safety Culture

Such findings, whether for prospective or existing suppliers, should again be discussed directly with the audited supplier.

In both cases, an appropriate correction plan should be defined, along with clear timelines and verification methods.

Ultimately, analyzing and categorizing your audit findings helps you assess whether a new supplier is a good fit, or if an existing supplier’s performance requires improvement.

By presenting the findings transparently, you ensure suppliers are aware of the necessary actions, enabling them to address gaps and strengthen the (potential) partnership.

Step 6: Monitor The Supplier’s Progress

If the supplier remains in your pipeline, monitoring their progress after an audit is essential for verifying the effectiveness of the corrective actions.

Auditors should establish a regular communication channel with the supplier (e.g., phone calls, emails, meetings) to:

• track the status of corrective actions,
• resolve any issues or challenges, and
• provide additional support when needed.

However, a few important caveats must be addressed to ensure that progress monitoring is effective.

First, the corrective action plan—developed collaboratively with the supplier—should detail specific tasks, responsibilities, timelines, and key performance indicators (KPIs).

This approach ensures that progress remains measurable and transparent.

The second consideration is articulated by Regina Ssebaggala-Kisitu, a former quality controller at Harrods:

Illustration: Veridion / Quote: LinkedIn

Prioritizing corrective actions ensures that the supplier addresses the most critical issues first.

At the same time, considering the cost of these actions for the supplier helps make your requirements and timelines realistic, ensuring that progress is achievable.

But what if progress appears insufficient or unresolved issues persist?

In such cases, a follow-up audit may be required to reassess the situation and ensure compliance.

Remember, taking action based on audit insights isn’t just about addressing non-compliance—it’s also an opportunity to drive overall improvements.

For example, you might work together with the supplier to optimize their quality control processes, enhance efficiency, or strengthen compliance systems.

Lastly, keep in mind that progress monitoring must be properly documented to ensure transparency and accountability, and support future decision-making.

Conclusion

We hope this article has shed light on supplier audits and what they involve.

It’s clear that conducting thorough audits is essential for ensuring quality, mitigating risks, and maintaining a resilient supply chain.

By following this 6-step checklist—from setting goals to monitoring progress—you can uncover critical insights and drive meaningful improvements.

With the right methods and tools in place, audits can deliver actionable results that strengthen supplier relationships and enhance overall performance.