Skip to content

For international buyers · Second-party audits

Your suppliers are in Germany. Your auditor should be too.

I audit your German and European suppliers on your behalf, on-site, conducted in German, with first-hand manufacturing insight. Against ISO/IEC 42001, ISO/IEC 27001 or your own supplier requirements. You get a clear English audit report with findings and recommended actions, without flying a team across the world. This is an independent second-party audit on your behalf, not accredited certification (that is issued by a certification body), and I am not bound to any certification body, so the assessment stays neutral.

On the ground across borders: I have audited in the Netherlands, the UK (Scotland), Croatia, Serbia and Türkiye, plus Germany, where I'm based.

International companies already approach me to onboard and audit their German suppliers on the ground. Your suppliers are in Germany. Your auditor should be too.

Discuss your supply chain

Useful before you start: free Supplier Evidence Request Builder.

From practice: reports from real supplier audits.

When it makes sense

Customer audits, supply-chain duties and the EU AI Act increasingly demand evidence, including about your suppliers. A second-party audit makes sense when:

  • You buy from German or European suppliers but cannot fly an audit team across the world for every visit
  • You need an independent, neutral auditor on the ground in Europe, not bound to any certification body
  • You want proof, in English, of a supplier's quality, information-security and AI-governance maturity before you commit
  • Your customers, supply-chain duties or the EU AI Act require evidence about the partners in your chain

What you get

  • On-site second-party audits of your German and European suppliers and partners
  • Against ISO/IEC 42001, ISO/IEC 27001 or your own supplier requirements
  • Audits conducted in German, your report in English, no translation gap
  • Clear English audit report: findings, risk rating, recommended actions
  • Risk-based assessment, not a courtesy report
  • On request: follow-up on the corrective actions

For clarity: an accredited certificate is issued only by an accredited certification body. A second-party audit is an audit on your behalf that lets you check suppliers or your own processes independently. I am not bound to any certification body, so the assessment stays neutral.

Why me?

As an ISO/IEC 42001 Senior Lead Auditor and ISO/IEC 27001 Lead Auditor (PECB) who runs a manufacturing company himself, I know both sides of the audit table. I have not only audited abroad in theory, I have audited on-site in several countries. That is the difference between a report and a result.

On the ground in Germany

Your auditor is already where your suppliers are. No flights, no travel cost across the Atlantic for every audit, local presence on your behalf.

Audits in German, report in English

Audits conducted in German, your report in English. The audited team answers in their own language, so nothing is lost in translation.

Real manufacturing insight

I ran and restructured a precision-engineering company. I know what a real shop floor should look like, and where suppliers cut corners.

On the ground in

the Netherlandsthe UK (Scotland)CroatiaSerbiaTürkiye

…plus Germany, where I'm based.

How it works

Three steps to the audit report

01

Align

We agree the objective, scope and criteria, which standard or which of your own supplier requirements, which sites, which processes. I draw up the audit plan.

02

Audit

I audit on-site at your supplier in Germany or Europe, document review, interviews, on-the-floor observation, collecting and verifying evidence in German.

03

Report

You receive a clear English audit report with findings, risk rating and concrete recommended actions. On request, I follow up on the corrective actions.

How I classify findings (major, minor, opportunity for improvement) and the principles I follow are published openly: my audit methodology (ISO 19011).

Second-party vs. certification

A second-party audit checks a supplier or site on your behalf, fast, flexible, and the audited party does not need to be certified. A certification audit (third party) is carried out by an accredited certification body and results in an official certificate. Both have their place, and they do not exclude each other. I conduct second-party audits and prepare organisations for certification, I never certify, because that is the certification body's role and keeping the two apart is what keeps the assessment neutral.

Want the longer read on AI in your European supply chain? Read the insight on AI supplier audits in the EU →

Request a quote, scope it in two minutes

Tell me what to audit and I send a written offer within 48 hours (business days). No call required, though you're welcome to book one.

Frequently asked questions

I'm based outside the EU, can you audit my European suppliers?+

Yes, that is the core of what I do. I run on-site second-party audits of your German and European suppliers and partners on your behalf, audits conducted in German, your report in English. You get local presence and hands-on manufacturing insight without flying a team across the world. The criteria can be ISO/IEC 42001, ISO/IEC 27001 or your own supplier requirements.

Can you audit and train my team at the same time?+

Yes, and few providers combine the two. As a certified PECB trainer, I can pair a supplier or internal audit with building your own in-house audit capability: your staff shadow the audit, learn methodology and evidence handling on a real case, and can qualify all the way to Lead Auditor. With every audit your independence grows, you buy not just a report but lasting capability. We agree the scope and any surcharge in the intro call.

What is a second-party audit?+

A second-party audit is an audit by an interested party, typically you, as the buyer, having a supplier audited on your behalf. Unlike a certification audit (third party, by an accredited body), the supplier does not need to be certified for it. You get fast, independent assurance about a supplier or site.

Against which criteria do you audit?+

Against ISO/IEC 42001 (AI management systems), ISO/IEC 27001 (information security) or your own supplier requirements and specifications. What gets assessed is agreed with you before the audit.

Is this a certification?+

No. An accredited certificate is issued only by an accredited certification body, independent of any consultant. A second-party audit is an audit on your behalf that lets you check suppliers or your own processes independently, faster and more flexible than a certification process. I am not bound to any certification body, so the assessment stays neutral.

Which countries have you audited in?+

I have audited on-site in the Netherlands, the UK (Scotland), Croatia, Serbia and Türkiye, plus Germany, where I'm based, and I helped build up a manufacturing operation in Serbia from the ground up. ISO standards are international and my PECB qualifications are globally recognised.

How do you handle travel costs and the report language?+

Travel costs are billed transparently by actual expense and estimated generously up front, flight and hotel prices fluctuate, so I plan a buffer rather than invoicing extra later. For more distant sites we agree what can reliably be done remotely and what genuinely needs an on-site visit. You receive the audit report in English (or German); the audit itself I conduct in German or English.

Are remote audits possible too?+

Yes. Document review and interview-based audits run reliably remote. On-site visits are useful when production processes, physical environments or supplier facilities matter. We agree the mix per engagement.

What does a supplier audit cost?+

It depends on scope, number of sites and travel. In a free 15-minute intro call we agree the frame, and you then get a clear price, no inflated figures.

Where are you based?+

Darmstadt, Germany. "The AI Auditor" is a brand of FERNAU Präzisionstechnik GmbH.

Discuss your supply chain

Imprint and privacy policy are available in German (the German version is legally binding): Imprint, Privacy (English summary).