How to Conduct a Supplier Audit: A Step-by-Step Guide for Importers

A supplier audit is one of the most powerful tools an importer has for verifying what's actually happening at a factory — and one of the most commonly misused. Done well, a supplier audit reveals quality system gaps, labor practice issues, and operational risks before they become expensive problems. Done poorly — rushed, under-scoped, or treated as a one-time compliance checkbox — it creates a false sense of security. This guide walks through how to conduct a supplier audit that actually delivers useful, defensible information.

Key Takeaways

• Supplier audits fall into four main types — quality system, social compliance, environmental, and capability audits — each serving a different purpose and requiring different preparation.
• Effective audits require pre-audit documentation review, structured on-site assessment, and a formal corrective action plan (CAP) process — not just a pass/fail score.
• Third-party audits conducted by independent inspectors provide the most defensible evidence, particularly when regulatory compliance or supply chain due diligence documentation is required.
  

What Is a Supplier Audit — and Why Does It Differ from an Inspection?

A supplier audit and a product inspection are often confused, but they serve fundamentally different purposes. A product inspection examines the goods being produced — it answers "does this shipment meet specification?" A supplier audit examines the factory and its management systems — it answers "does this facility have the processes, controls, and conditions to consistently produce compliant products?"

Think of it this way: an inspection is a quality check on output; an audit is a quality check on the system that produces that output. For importers managing ongoing supplier relationships, both are necessary — and they complement rather than substitute for each other. According to Deltek's supplier quality management guide, the core purpose of a supplier audit is to "examine the quality of a particular supplier and the risk it poses" — establishing an evidence-based assessment of supplier capability, not just a snapshot of one order.

The 4 Main Types of Supplier Audits

Before planning an audit, you need to decide what you're auditing. The audit type determines scope, duration, required expertise, and the checklist used. Industry best practice identifies four primary audit types for manufacturing suppliers.

Choosing the right audit type before you start determines what you find — and what you miss. Most importers need a combination of audit types for a complete supplier picture.

1. Quality System Audit

The most common audit type for importers. A quality system audit evaluates whether the factory has documented, implemented, and followed quality management processes that prevent defects. Key areas covered include: quality control procedures, incoming material inspection, in-process checks, final inspection protocols, non-conformance handling, corrective and preventive action (CAPA) systems, document control, and management review processes.

Quality system audits are typically benchmarked against standards such as ISO 9001 (general manufacturing), IATF 16949 (automotive), or sector-specific requirements. For importers who don't require formal certification, the audit still uses similar frameworks to assess system maturity.

2. Social Compliance Audit

A social compliance audit focuses on how a factory treats its workforce and whether it meets ethical labor standards. Coverage includes: employment contracts and documentation, working hours and overtime practices, wage and benefit compliance, freedom of association and collective bargaining rights, child labor and forced labor checks, health and safety conditions, fire safety and emergency procedures, and harassment and discrimination policies.

Social compliance audits are increasingly required by brands selling into Western retail channels, driven by both retailer codes of conduct and legislation like the UK Modern Slavery Act, the EU CSDDD, and the U.S. UFLPA. Frameworks used include SA8000, BSCI, SMETA (Sedex), and custom brand codes of conduct.

3. Environmental Audit

An environmental audit assesses whether the factory manages its environmental impact in compliance with applicable regulations and any client-specific environmental requirements. Areas covered include: waste management and disposal, wastewater treatment, chemical storage and handling, emissions controls, energy management, and environmental permits and documentation.

Environmental audits are particularly relevant for industries with significant chemical inputs — textiles, surface finishing, electronics assembly — and for suppliers serving markets with strong environmental import regulations, such as the EU's REACH and RoHS requirements.

4. Capability Audit (Factory Capability Assessment)

A capability audit answers a different question from the other three: not "does this factory comply with standards?" but "can this factory actually produce what I need?" It covers: production equipment and capacity, workforce skills and training levels, quality testing equipment, facility layout and workflow efficiency, supply chain depth (Tier 2 supplier relationships), and financial stability indicators.

Capability audits are most valuable when onboarding a new supplier for a technically demanding product, or when considering a supplier for a significant volume increase. They're typically conducted before placing the first order, whereas quality and compliance audits are repeated on an ongoing basis.

How to Conduct a Supplier Audit: Step by Step

Step 1: Define Scope and Objectives

A supplier audit without a defined scope is an unstructured factory visit. Before scheduling anything, establish: which audit type(s) you're conducting, what specific risks you're trying to assess, which standards or frameworks you're benchmarking against, what a passing score looks like, and what the consequences of different findings will be (re-audit, corrective action plan, sourcing decision).

The scope definition should also specify which areas of the factory are in-scope. A garment factory audit focused on social compliance, for example, should cover all production floors, cutting rooms, and finishing areas — not just the main assembly hall.

Step 2: Gather Pre-Audit Documentation

An effective audit begins before anyone sets foot in the factory. Request the following documents from your supplier ahead of the visit, and review them before the audit date:

• Business licenses and permits (manufacturing permit, environmental permit, fire safety permit)
• Quality management documentation (quality manual, procedure documents, recent internal audit reports)
• Labor records (sample employment contracts, payroll records for the most recent pay period, working hours records)
• Existing certifications (ISO, SA8000, BSCI, fire safety certificates)
• Production capacity data (equipment list, current order book)
• Recent inspection or audit reports (including any corrective action plans from previous audits)

Document review before the on-site visit serves two purposes: it identifies specific areas to probe during the audit, and it creates a baseline against which on-site observations can be compared. Discrepancies between documented procedures and observed practice are among the most significant audit findings. As outlined in DXPE's supply chain audit framework, gathering and analyzing pre-audit data is a distinct and non-skippable step.

Step 3: Build Your Audit Checklist

A structured checklist is essential for consistent, comparable audits — especially if you're auditing multiple suppliers over time. According to QC Advisor's factory audit framework, a comprehensive checklist typically covers 8 main areas:

Each area should have specific, observable questions — not just open-ended topics. "Does the factory have a corrective action process?" is weak. "Can you show me the last three corrective action records, including the root cause analysis and verification of effectiveness?" is auditable.

Step 4: Conduct the On-Site Audit

A well-run on-site audit follows a consistent structure. The standard sequence is:

1. Opening meeting — Introduce the audit team, confirm scope and agenda, and establish ground rules with factory management. This sets the professional tone and reduces defensiveness.
2. Document review — Verify that the documents provided pre-audit match what's actually on file. Request additional records as needed. Look for gaps, inconsistencies, and documents that appear created for the audit rather than maintained as operational records.
3. Factory floor walkthrough — Physically observe production areas, storage, safety equipment, worker conditions, and housekeeping. Compare observed practice against documented procedures. Note what workers are actually doing versus what the SOPs say they should do.
4. Worker interviews — For social compliance audits, independent private interviews with workers (without management present) are essential. Workers should be selected by the auditor, not pre-selected by the factory. Interview topics cover working hours, wages received, freedom to leave, awareness of grievance mechanisms, and workplace safety.
5. Management interviews — Discuss findings, probe gaps, and understand management's awareness of and commitment to quality and compliance systems.
6. Closing meeting — Present preliminary findings to factory management, confirm non-conformances identified, and outline the corrective action process.

For importers sourcing from China, real-time communication with the on-site auditor during the walk is increasingly possible through platform-based inspection tools. TradeAider's factory audit service allows buyers to join the audit session remotely — observing live video feeds, receiving real-time photos, and directing the auditor's focus to specific areas of concern without being physically present in the factory. This interactive model is particularly valuable for new supplier onboarding where the buyer has specific risk questions they want explored.

Step 5: Score and Report Findings

After the on-site visit, findings need to be translated into a structured report and a numerical score. Most audit frameworks use a scoring system that categorizes findings as:

• Critical non-conformance — Immediate risk to product safety, worker safety, or legal compliance. Examples: fire exits blocked, use of undeclared sub-contractors, workers under legal minimum age. A critical finding typically triggers immediate corrective action with a short deadline, or disqualification.
• Major non-conformance — Systemic failure in a required process or significant gap in documentation. Examples: no incoming material inspection records, CAPA process not functioning, working hours consistently exceeding legal limits.
• Minor non-conformance — Isolated gap or documentation issue that doesn't represent a systemic failure. Examples: a single calibration record missing, a safety sign faded but present.
• Observation / opportunity for improvement — Good practice that could be strengthened but doesn't represent a failure.

The audit report should document each finding with: the specific clause or requirement it relates to, the objective evidence observed (what was seen, what document was reviewed), the finding classification, and the required corrective action.

Step 6: Manage Corrective Actions

An audit report without a corrective action process is just a document. The value of an audit is realized through what happens after — specifically, whether identified non-conformances are actually remediated.

A corrective action plan (CAP) should require the supplier to provide: the root cause of each non-conformance (not just a description of what was found), the specific action taken to correct it, the evidence of correction (photos, updated records, revised procedures), and the date by which the correction was completed.

As the Sage supplier audit guide emphasizes, the CAP process is where audits succeed or fail as a supplier improvement tool. Accepting weak corrective actions — "we have reminded workers of the policy" without any systemic change — allows the same non-conformances to recur at the next audit. For critical and major findings, a follow-up verification visit or documented evidence review (with photo proof) should be required before the corrective action is closed.

Step 7: Set Re-Audit Frequency

The final step in conducting a supplier audit is deciding when to come back. Re-audit frequency should be calibrated to the supplier's risk profile and audit outcome:

• New suppliers: audit before first order; re-audit after 6–12 months
• High-risk suppliers (critical findings, high-risk region, regulated product): re-audit every 6–12 months, with interim inspections every production cycle
• Established suppliers with clean records: annual re-audit, supplemented by regular product inspections
• After corrective actions: verification re-audit within 30–90 days of CAP deadline for critical/major findings
  

Third-Party vs. In-House Supplier Audits: Which Is Better?

Many importers ask whether they should conduct supplier audits themselves or engage a third-party service. The answer depends on the purpose of the audit and the resources available.

In-house audits (conducted by your own staff) are suitable for capability assessments with new potential suppliers — where the purpose is less about formal compliance documentation and more about building a relationship and understanding the factory's operational capability. They're cost-effective for buyers with experienced sourcing staff who visit factories regularly.

Third-party audits (conducted by an independent inspection service) are the appropriate choice when: the audit findings will be used as compliance documentation, when regulatory requirements (CSDDD, UFLPA) require independent verification, when language or cultural barriers make impartial assessment difficult, or when the buyer doesn't have staff with audit expertise. The independence of a third-party auditor also reduces the risk of the factory tailoring its presentation to what it believes the buyer wants to see.

For importers sourcing from China who need audits that stand up to regulatory scrutiny, professional third-party factory audits provide documented, independent evidence that satisfies both retailer codes of conduct and supply chain due diligence requirements. Learn more about what makes a defensible audit.

Frequently Asked Questions

What is a supplier audit checklist?

A supplier audit checklist is a structured list of questions, requirements, and observable criteria used to evaluate a supplier's management systems, labor practices, facility conditions, or production capabilities during an audit visit. A good checklist is specific enough to be objectively scorable — each item should have a clear "what to look for" and a defined scoring outcome (pass/fail/partial). Checklists should be tailored to the audit type: a social compliance checklist looks very different from a quality system checklist.

How long does a supplier audit take?

A standard factory audit for a mid-sized manufacturing facility typically takes one full man-day on-site (6–8 hours), plus preparation time and report writing. More complex audits — covering large facilities, multiple production lines, or combined quality and social compliance scope — may require 1.5 to 2 man-days. Capability assessments for new suppliers can sometimes be completed in a half-day if the facility is small and the scope is limited to production capability rather than management systems.

What's the difference between an announced and unannounced audit?

An announced audit is scheduled in advance with the supplier's knowledge, allowing them to prepare documentation and ensure key personnel are available. Most initial audits and recertification audits are announced. An unannounced audit arrives without prior notice, preventing the factory from making temporary improvements for the visit. Unannounced or short-notice audits are more likely to capture actual working conditions — particularly for social compliance audits where factories might coach workers or adjust records if given advance warning. Best practice for high-risk suppliers is to mix announced and short-notice visits.

What should I do if my supplier fails an audit?

Audit failure is not automatically a reason to terminate a supplier relationship — it depends on the nature and severity of the findings. Critical non-conformances (blocked fire exits, child labor, undeclared sub-contracting) typically require immediate corrective action and a re-audit before resuming orders. Major non-conformances require a corrective action plan with a defined timeline and verification. For minor findings, a documented CAP with a longer timeline may be sufficient. The key is that findings are tracked, actions are verified, and re-audit confirms improvement — not that the supplier simply provides a written acknowledgment.

How is a supplier audit different from a product inspection?

A supplier audit evaluates the factory's management systems, processes, and conditions — it's an assessment of the supplier's capability and compliance. A product inspection evaluates actual goods produced against your specifications — it's a quality check on output. Both are necessary components of a complete supplier management program. A supplier with a strong audit score can still produce a non-conforming batch if there's a specific production error; a product inspection catches this. Conversely, consistently clean inspections don't guarantee that the underlying labor conditions or quality systems are sustainable — that's what audits reveal.