Training Module
Training Module
Supplier Audit Execution
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
Understand
Implement
Manage
Audit
Training module overview
Supplier audits sit at the intersection of contractual obligations, operational reality, and limited auditor control over access and information. Without a disciplined approach to scope, criteria, and evidence, audits drift into checklist reviews or relationship management discussions.
This module focuses on executing supplier audits in a professional, evidence-focused way: defining audit scope and criteria from contractual and mandatory requirements, preparing supplier-specific evidence targets, conducting on-site/remote/hybrid audits within access boundaries, and producing clear audit documentation for internal use and downstream reporting. Programme-level audit governance and supplier lifecycle management are outside scope.
Supplier audits sit at the intersection of contractual obligations, operational reality, and limited auditor control over access and information. Without a disciplined approach to scope, criteria, and evidence, audits drift into checklist reviews or relationship management discussions.
This module focuses on executing supplier audits in a professional, evidence-focused way: defining audit scope and criteria from contractual and mandatory requirements, preparing supplier-specific evidence targets, conducting on-site/remote/hybrid audits within access boundaries, and producing clear audit documentation for internal use and downstream reporting. Programme-level audit governance and supplier lifecycle management are outside scope.
Target audience
Internal auditors performing second-party (supplier) audits
Quality, information security, privacy, and continuity auditors who audit external providers
Audit team members supporting supplier oversight activities under contracts and SLAs
Internal auditors performing second-party (supplier) audits
Quality, information security, privacy, and continuity auditors who audit external providers
Audit team members supporting supplier oversight activities under contracts and SLAs
Agenda
Supplier audits as assurance engagements
Audit purpose and boundaries in a supplier context (assurance vs. performance discussion)
Typical constraints: access, confidentiality, proprietary methods, subcontractors
Engagement-level planning: scope, criteria, and audit brief
Turning contracts, SLAs, and mandatory obligations into audit criteria
Defining audit scope that matches what is auditable (sites, services, interfaces)
Preparing supplier-specific evidence targets
Pre-reading pack: contracts, change/incident history, prior audit outputs (as provided)
Building an evidence target matrix aligned to criteria and interfaces
Executing supplier audits on-site, remote, or hybrid
Structuring the audit day and maintaining control of time and access
Following key service interfaces end-to-end (handoffs, controls, records)
Evaluating what you see under supplier constraints
Triangulating evidence when direct access is limited
Recognising audit-relevant red flags (e.g., restricted sampling, inconsistent records)
Managing challenging situations professionally
Handling defensiveness, “commercial” pushback, and boundary disputes
Pause, rescope, or escalate: practical decision points and internal alignment
Audit documentation and handover
Workpapers that link evidence to criteria and enable later reporting
Handover package: what downstream reporting / follow-up needs, and in what form
Workshop (case-based)
Plan and run a short supplier-audit segment from brief → evidence targets → documentation (Halderstone case)
Supplier audits as assurance engagements
Audit purpose and boundaries in a supplier context (assurance vs. performance discussion)
Typical constraints: access, confidentiality, proprietary methods, subcontractors
Engagement-level planning: scope, criteria, and audit brief
Turning contracts, SLAs, and mandatory obligations into audit criteria
Defining audit scope that matches what is auditable (sites, services, interfaces)
Preparing supplier-specific evidence targets
Pre-reading pack: contracts, change/incident history, prior audit outputs (as provided)
Building an evidence target matrix aligned to criteria and interfaces
Executing supplier audits on-site, remote, or hybrid
Structuring the audit day and maintaining control of time and access
Following key service interfaces end-to-end (handoffs, controls, records)
Evaluating what you see under supplier constraints
Triangulating evidence when direct access is limited
Recognising audit-relevant red flags (e.g., restricted sampling, inconsistent records)
Managing challenging situations professionally
Handling defensiveness, “commercial” pushback, and boundary disputes
Pause, rescope, or escalate: practical decision points and internal alignment
Audit documentation and handover
Workpapers that link evidence to criteria and enable later reporting
Handover package: what downstream reporting / follow-up needs, and in what form
Workshop (case-based)
Plan and run a short supplier-audit segment from brief → evidence targets → documentation (Halderstone case)
Course ID:
HAM-SAE-1
Audience:
Auditor
Domain:
Agnostic
Available in:
English
Duration:
7 h
List price:
CHF 550
Excl. VAT. VAT may apply depending on customer location and status.
What you get
Learning outcomes
Define a supplier audit scope and audit brief using contractual and mandatory requirements as criteria
Translate audit criteria into supplier-specific evidence targets and an evidence request plan
Choose and structure an on-site, remote, or hybrid supplier audit approach appropriate to access constraints
Run supplier audit activities in a controlled way (timing, access management, and interface tracing)
Evaluate supplier evidence under real-world limitations using triangulation and consistency checks
Document audit workpapers that clearly link evidence to criteria and support downstream reporting and decisions
Define a supplier audit scope and audit brief using contractual and mandatory requirements as criteria
Translate audit criteria into supplier-specific evidence targets and an evidence request plan
Choose and structure an on-site, remote, or hybrid supplier audit approach appropriate to access constraints
Run supplier audit activities in a controlled way (timing, access management, and interface tracing)
Evaluate supplier evidence under real-world limitations using triangulation and consistency checks
Document audit workpapers that clearly link evidence to criteria and support downstream reporting and decisions
Learning materials
Slide deck
Participant workbook
Certificate of completion
Slide deck
Participant workbook
Certificate of completion
Templates & tools
Supplier audit brief template (scope, criteria sources, interfaces, constraints)
Supplier evidence target matrix (criteria → evidence targets → sources)
Evidence request and access boundary checklist (confidentiality, sampling limits, site rules)
Supplier audit workpaper pack (evidence capture and traceability)
Supplier audit red-flag prompt list (audit execution signals, not risk assessment)
Supplier audit brief template (scope, criteria sources, interfaces, constraints)
Supplier evidence target matrix (criteria → evidence targets → sources)
Evidence request and access boundary checklist (confidentiality, sampling limits, site rules)
Supplier audit workpaper pack (evidence capture and traceability)
Supplier audit red-flag prompt list (audit execution signals, not risk assessment)
Prerequisites
This module assumes participants can already apply core audit craft in a general context, including:
Evidence-based auditing and professional judgement
Basic audit planning at engagement level (scope, criteria, audit plan)
Familiarity with using documented information and records as audit evidence
This module assumes participants can already apply core audit craft in a general context, including:
Evidence-based auditing and professional judgement
Basic audit planning at engagement level (scope, criteria, audit plan)
Familiarity with using documented information and records as audit evidence
Strongly recommended preparatory modules
Audit Foundations: Principles, Evidence & Judgement
Core audit mindset, evidence logic, materiality-based focus, and audit test plan design.
7 h
Audit Foundations: Principles, Evidence & Judgement
Core audit mindset, evidence logic, materiality-based focus, and audit test plan design.
7 h
Audit Foundations: Principles, Evidence & Judgement
Core audit mindset, evidence logic, materiality-based focus, and audit test plan design.
7 h
Supplier Audit Execution: Planning, Conducting, and Documenting Second-Party Audits
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
7 h
Supplier Audit Execution: Planning, Conducting, and Documenting Second-Party Audits
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
7 h
Supplier Audit Execution: Planning, Conducting, and Documenting Second-Party Audits
Plan and conduct supplier audits using contract-based criteria, evidence targets, and disciplined audit documentation.
7 h
Helpful preparatory modules
The modules below prepare for an optimal learning experience – but are not strictly necessary for participants to follow.
Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Supplier Management Foundations: Selecting, Evaluating, and Controlling External Providers
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Supplier Management Foundations: Selecting, Evaluating, and Controlling External Providers
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Supplier Management Foundations: Selecting, Evaluating, and Controlling External Providers
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Continuous learning
Follow-up modules
Follow-up modules
After completion of this module, the following modules are ideal to further deepen the participant's competence.
After completion of this module, the following modules are ideal to further deepen the participant's competence.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.