Audits can be classified as first-party, second-party, and third-party audits based on the auditor-auditee relationship. Another way to classify audits will be internal and external audits.
A first-party audit is performed by a person or group that is either a member of the organization or hired by the organization being audited. This can be either an outside consultant hired by the organization or someone from within it. The goal of a first-party audit is to ensure that the organization is following all applicable regulations and laws.
- It is an internal audit and is performed within an organization
- The focus is on improvement
- Auditors have no vested interest in the area being audited.
It is an audit performed on behalf of another party with whom the auditor does business. This may be either a client or a customer of the firm.
- A second-party audit is performed by customers on suppliers.
- A second-party audit on the supplier could be conducted before or after awarding a contract.
This type of audit is performed for the benefit of an unrelated third party. An independent auditor conducts an audit of an organization for the purpose of providing assurance to the customers of the organization.
- A third-party audit is performed by an audit organization independent of the customer-supplier relationship.
- It is free from any conflict of interest.
An Internal Audit is conducted internally by the organization being audited. An internal audit is an audit that is designed to identify potential problems in the operations of the organization.
The purpose of an Internal Audit is to provide assurance regarding the effectiveness and efficiency of the management system used by the organization.
- The first-party audit discussed above is an internal audit.
An external audit is not done by the company being audited but rather by an independent auditor who is not affiliated with the company.
- If an external audit is conducted by the organization's client, it will be a second-party audit.
- If an external audit is conducted by an organization independent of the customer-supplier relationship, it will be a third-party audit.