Training Module
Auditing Supplier & Outsourced Process Management
Audit risk-based supplier coverage, contract controls versus operational reality, and interface failures across organisational boundaries
Training Module
Auditing Supplier & Outsourced Process Management
Audit risk-based supplier coverage, contract controls versus operational reality, and interface failures across organisational boundaries
Training Module
Auditing Supplier & Outsourced Process Management
Audit risk-based supplier coverage, contract controls versus operational reality, and interface failures across organisational boundaries
Move from “supplier paperwork” to evidence of controlled outcomes across boundaries
Supplier controls often look complete on paper while delivery, handovers, and dependencies fail in practice. This module sharpens how auditors test outsourced and supplier-managed activities where assurance
Move from “supplier paperwork” to evidence of controlled outcomes across boundaries
Supplier controls often look complete on paper while delivery, handovers, and dependencies fail in practice. This module sharpens how auditors test outsourced and supplier-managed activities where assurance
Move from “supplier paperwork” to evidence of controlled outcomes across boundaries
Supplier controls often look complete on paper while delivery, handovers, and dependencies fail in practice. This module sharpens how auditors test outsourced and supplier-managed activities where assurance
Training module overview
Training module overview
Training module overview
Outsourced processes and suppliers sit at the edge of most management systems: contracts define expectations, but operational control depends on real interfaces, responsibilities, and feedback loops. Audits frequently over-weight approval lists, certificates, and standard clauses, while missing where assurance actually breaks—handover failures, unclear control ownership, poor change communication, and unmanaged sub-suppliers.
This cross-standard audit add-on module focuses on audit judgement for supplier and outsourced process management across ISO management system standards. It provides evidence trails, sampling heuristics, and failure-pattern recognition to assess whether risk-based supplier coverage is credible, whether contractual controls reflect operational reality, and whether interfaces across organisational boundaries are effectively controlled. It applies to internal auditors and third-party auditors (including certification bodies and independent assurance providers).
Outsourced processes and suppliers sit at the edge of most management systems: contracts define expectations, but operational control depends on real interfaces, responsibilities, and feedback loops. Audits frequently over-weight approval lists, certificates, and standard clauses, while missing where assurance actually breaks—handover failures, unclear control ownership, poor change communication, and unmanaged sub-suppliers.
This cross-standard audit add-on module focuses on audit judgement for supplier and outsourced process management across ISO management system standards. It provides evidence trails, sampling heuristics, and failure-pattern recognition to assess whether risk-based supplier coverage is credible, whether contractual controls reflect operational reality, and whether interfaces across organisational boundaries are effectively controlled. It applies to internal auditors and third-party auditors (including certification bodies and independent assurance providers).
Applicable environments
This module is intended for auditors working with organisations operating a management system based on an ISO standard following the high-level structure such as ISO 9001, ISO 14001, ISO 22301, ISO/IEC 27001, ISO/IEC 27701 or ISO/IEC 42001. It focuses on requirements shared by these ISO standards.
Target audience
Target audience
Target audience
Aspiring auditors who want to audit management systems following best practices
Practising management system auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Aspiring auditors who want to audit management systems following best practices
Practising management system auditors who want to strengthen their audit knowledge, judgement, and effectiveness
Decision support
Is this module for you?
It is a good fit if you…
seek to audit how the organisation manages suppliers and outsourced processes.
are aiming to judge whether supplier management controls work in practice.
focus on evidence from interfaces, handovers, and internal ownership.
are prepared to assess assurance beyond contracts and supplier claims.
expect to strengthen audit conclusions on outsourced process control.
seek to audit how the organisation manages suppliers and outsourced processes.
are aiming to judge whether supplier management controls work in practice.
focus on evidence from interfaces, handovers, and internal ownership.
are prepared to assess assurance beyond contracts and supplier claims.
expect to strengthen audit conclusions on outsourced process control.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
only intend to audit suppliers directly through second-party audits.
prefer to design supplier management frameworks or contracts.
are looking for guidance on sourcing, procurement, or vendor governance.
do not intend to audit supplier management within a management system.
only intend to audit suppliers directly through second-party audits.
prefer to design supplier management frameworks or contracts.
are looking for guidance on sourcing, procurement, or vendor governance.
do not intend to audit supplier management within a management system.
Agenda
Agenda
Agenda
What changes in the audit when work crosses organisational boundaries
Risk-based supplier coverage: testing whether it is credible
Contractual controls versus operational reality
Interface failures and end-to-end evidence trails
Third-party auditing constraints and practical approaches
Case-based audit simulation
Show detailed agenda...
What changes in the audit when work crosses organisational boundaries
Risk-based supplier coverage: testing whether it is credible
Contractual controls versus operational reality
Interface failures and end-to-end evidence trails
Third-party auditing constraints and practical approaches
Case-based audit simulation
Show detailed agenda...
What changes in the audit when work crosses organisational boundaries
Risk-based supplier coverage: testing whether it is credible
Contractual controls versus operational reality
Interface failures and end-to-end evidence trails
Third-party auditing constraints and practical approaches
Case-based audit simulation
Show detailed agenda...
Learning outcomes
Learning outcomes
Learning outcomes
Key outcomes
Identify when supplier and outsourcing controls create “false assurance” despite complete documentation
Build a risk-based sampling approach for suppliers and outsourced processes without re-designing the supplier method
Test contractual controls against operational reality using traceable evidence trails
Identify when supplier and outsourcing controls create “false assurance” despite complete documentation
Build a risk-based sampling approach for suppliers and outsourced processes without re-designing the supplier method
Test contractual controls against operational reality using traceable evidence trails
Additional capabilities
Assess interface control effectiveness at key handover points
Judge the reliability of supplier-provided evidence and define corroboration needs in third-party audits
Recognise common systemic failure patterns
Assess interface control effectiveness at key handover points
Judge the reliability of supplier-provided evidence and define corroboration needs in third-party audits
Recognise common systemic failure patterns
Additional benefits
Additional benefits
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Supplier and outsourced process audit trail map (evidence sources and trace points)
Contract-to-reality test checklist (claims, controls, records, outcomes)
Interface failure red-flag catalogue (handover and dependency patterns)
Supplier evidence reliability guide (corroboration prompts for third-party audits)
Optional AI prompt set for summarising contract obligations and extracting audit-relevant control claims (supporting, not replacing, auditor judgement)
Supplier and outsourced process audit trail map (evidence sources and trace points)
Contract-to-reality test checklist (claims, controls, records, outcomes)
Interface failure red-flag catalogue (handover and dependency patterns)
Supplier evidence reliability guide (corroboration prompts for third-party audits)
Optional AI prompt set for summarising contract obligations and extracting audit-relevant control claims (supporting, not replacing, auditor judgement)
Confirmation
Certificate of completion
Module ID
HAM-AG-A-08
Domain
Audience
Auditor
Language
English
Delivery
Live virtual
Duration
2.5 h
List price
CHF 200
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Delivery & learning format
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
Not sure if this module is right for you?
Not sure if this module is right for you?
Not sure if this module is right for you?
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes auditors can already apply core audit craft (evidence logic, interviewing, and reporting) and understand basic management system concepts. It does not teach supplier-management design, risk methodology, or generic audit techniques.
Helpful background includes:
Practical understanding of process-based auditing and evidence evaluation
Familiarity with how organisations use external providers for critical processes (for example IT services, logistics, calibration, manufacturing, data processing)
This module assumes auditors can already apply core audit craft (evidence logic, interviewing, and reporting) and understand basic management system concepts. It does not teach supplier-management design, risk methodology, or generic audit techniques.
Helpful background includes:
Practical understanding of process-based auditing and evidence evaluation
Familiarity with how organisations use external providers for critical processes (for example IT services, logistics, calibration, manufacturing, data processing)
Preparatory modules
Foundational modules (depending on background)
Useful if you are new to the underlying concepts or want a shared baseline before attending this module.
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Audit Foundations
Understand core audit mindset, evidence logic, materiality-based focus, and audit test plan design
7 h
Supporting modules (optional)
Helpful if you want to deepen related skills, but not required to participate effectively.
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Execution: Communication & Interviewing
Learn the skills for effective interview planning, questioning, and conversation control for reliable audit evidence
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Audit Reporting & Follow-up
Understand how to write evidence-based findings, structure audit reports, and follow up agreed actions to verified closure
7 h
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
After completion of this module, the following modules are ideal to further deepen your competence. If you are looking for a structured learning path, modules can also be taken as part of a professional track.
Supplier Audit Foundations
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation
Duration
7 h
List price
CHF 550
View module
Supplier Audit Foundations
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation
Duration
7 h
List price
CHF 550
View module
Supplier Audit Foundations
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation
Duration
7 h
List price
CHF 550
View module
Auditing Context, Scope & Boundaries
Audit the credibility of organisational context, interested parties, scope, and system boundaries, including interfaces, exclusions, multi-site structures, shared services, and outsourcing
Duration
2.5 h
List price
CHF 200
View module
Auditing Context, Scope & Boundaries
Audit the credibility of organisational context, interested parties, scope, and system boundaries, including interfaces, exclusions, multi-site structures, shared services, and outsourcing
Duration
2.5 h
List price
CHF 200
View module
Auditing Context, Scope & Boundaries
Audit the credibility of organisational context, interested parties, scope, and system boundaries, including interfaces, exclusions, multi-site structures, shared services, and outsourcing
Duration
2.5 h
List price
CHF 200
View module
Auditing Risk & Opportunity Management
Assess traceability and consistency between context, risks, controls, objectives, and risk-based decisions
Duration
3 h
List price
CHF 250
View module
Auditing Risk & Opportunity Management
Assess traceability and consistency between context, risks, controls, objectives, and risk-based decisions
Duration
3 h
List price
CHF 250
View module
Auditing Risk & Opportunity Management
Assess traceability and consistency between context, risks, controls, objectives, and risk-based decisions
Duration
3 h
List price
CHF 250
View module
Auditing Operational Control
Audit evidence and judgement for whether operational controls work as intended in day-to-day practice
Duration
3 h
List price
CHF 250
View module
Auditing Operational Control
Audit evidence and judgement for whether operational controls work as intended in day-to-day practice
Duration
3 h
List price
CHF 250
View module
Auditing Operational Control
Audit evidence and judgement for whether operational controls work as intended in day-to-day practice
Duration
3 h
List price
CHF 250
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.