The fundamental elements of an audit include the determination (3.11.1) of the conformity (3.6.11) of an object (3.6.1) according to a procedure (3.4.5) carried out by personnel not being responsible for the object audited.
An audit can be an internal audit (first party), or an external audit (second party or third party), and it can be a combined audit (3.13.2) or a joint audit (3.13.3).
Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization (3.2.1) itself for management (3.3.3)review (3.11.2) and other internal purposes, and can form the basis for an organization’s declaration of conformity. Independence can be demonstrated by the freedom from responsibility for the activity being audited.
External audits include those generally called second and third-party audits. Second party audits are conducted by parties having an interest in the organization, such as customers (3.2.4), or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations such as those providing certification/registration of conformity or governmental agencies.
This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original definition and Notes to entry have been modified to remove effect of circularity between audit criteria and audit evidence term entries, and Notes 3 and 4 to entry have been added.