An audit is a systematic, independent, and documented process for obtaining objective evidence and evaluating it to determine the extent to which program criteria (policies, procedures or requirements) have been fulfilled.
There are three types of audits.
First-party audit, performed within an organization to measure its strengths, weaknesses and conformity with established standards. This also is called an internal audit. Internal audits satisfy internal requirements and audit results remain in-house.
Second-party audit, an external audit performed on a supplier by a customer or by a contracted organization on behalf of a customer. In second-party audits (for our purposes) Department of Defense (DoD) program managers (PMs) measure and evaluate the DoD contractor’s ability to conform to contract requirements and specifications.
Third-party audit is performed by an audit organization independent of both the contractor and DoD and is free of all conflicts of interest. Third-party audits (e.g., by an International Standards Organization [ISO] Registrar) may result in certification, registration or award certificate issued by the third party.
This article discusses second-party audits; specifically, wherein DoD PMs audit their contractors’ ability to execute the contract. I strongly recommend that PMs incorporate second-party audits into DoD contacts, regardless of contract size, scope or final deliverable.
Like the organizations or contracts that they address, the audits themselves must have objectives, scope and criteria. Anything less is a waste of time.

Figure 1 summarily describes a comprehensive program of second-party audits. Note especially the inclusion of “operators and warfighters.” This inclusion alone distinguishes effective second-party auditing from routine program management. Participation by experienced, credible operators/end-users helps to ensure that programs do not stray from the goals of the contract or the purpose of the end products.
Keep reading this article at: https://www.dau.mil/library/defense-atl/blog/Second-Party-Audit-