
Supplier Audit Checklist Australia: 10 Key Checks
- Thu Tran
- 9 hours ago
- 6 min read
A supplier can look capable on paper and still introduce serious risk into your operation. A lapsed licence, poor subcontractor controls, untested product specifications or an unmanaged environmental obligation can affect safety, delivery, customer confidence and tender eligibility. A supplier audit checklist Australia businesses can apply consistently gives procurement and operational teams evidence that suppliers can meet the commitments they are making.
For organisations working towards ISO 9001, ISO 45001 or ISO 14001 certification, supplier controls are not a paperwork exercise. Auditors will want to see how you evaluate external providers, set requirements, monitor performance and act when standards slip. More importantly, directors and managers need to know that critical suppliers are not creating a risk they cannot see until an incident, recall or contract dispute occurs.
Start with supplier risk, not a one-size-fits-all form
Not every supplier needs a site audit. A local stationery supplier should not receive the same scrutiny as a labour-hire provider, structural steel fabricator, chemical supplier or business performing work at your site. The right level of assessment depends on the consequences of failure.
Classify suppliers before applying the checklist. Consider whether they provide safety-critical products or services, access your workplace, use subcontractors, handle hazardous substances, affect product conformity, collect sensitive data, or are essential to a major customer contract. Also consider the practical impact of a late delivery or failed service. A supplier that can stop a port operation, manufacturing line or construction program deserves a deeper review than one that is readily replaced.
Desktop reviews are often appropriate for low-risk suppliers. For higher-risk providers, request evidence, conduct interviews and inspect their workplace or relevant controls. A site audit is particularly valuable where the supplier's own work practices directly affect your workers, customers or legal obligations.
Supplier audit checklist Australia: 10 checks that matter
1. Business identity, capability and legal standing
Confirm the supplier's ABN, legal entity, trading name, relevant licences and insurances. Check that the entity signing your agreement is the entity performing the work or supplying the goods. This sounds basic, but entity mismatches regularly complicate insurance claims, contractual enforcement and prequalification reviews.
Assess whether the supplier has the skills, equipment, capacity and financial stability to deliver. For a critical supplier, ask how it manages peak demand, equipment breakdowns, key-person dependency and supply disruption. The cheapest quote can be commercially expensive if the supplier cannot maintain delivery when conditions change.
2. Quality controls and product conformity
Establish exactly what the supplier is required to provide. Specifications, drawings, approved samples, inspection requirements, traceability needs, packaging standards and delivery tolerances should be clear before work begins. Vague purchase orders invite disputes because both parties can claim a different understanding of acceptable quality.
Ask how the supplier verifies conformity before dispatch or handover. Evidence may include inspection and test plans, calibration records, batch records, certificates of conformity, non-conformance reports and customer complaint trends. Under ISO 9001, this supports control of externally provided processes, products and services, particularly where a failure can affect your final product or contractual obligations.
3. WHS management and worker competency
Where a supplier performs work at your workplace or provides a safety-critical service, verify that it has practical WHS arrangements. Review its WHS policy, risk assessment process, consultation arrangements, incident reporting process, training records and emergency procedures. Do not treat a policy document as proof of safe work.
Look for evidence that workers are competent for the task. Depending on the work, this may include trade qualifications, high-risk work licences, inductions, plant verification, white cards, VOCs and task-specific training. If the supplier uses labour-hire workers, establish who supervises them and how the host and supplier share WHS information.
Australian WHS duties cannot simply be transferred down the supply chain through a contract. A principal contractor, host employer or purchasing business may still have duties to consult, coordinate and cooperate. In Victoria, equivalent obligations sit under the Occupational Health and Safety framework rather than harmonised WHS legislation, but the operational expectation remains similar: identify the risk and actively manage it.
4. Subcontractor and contractor controls
Many suppliers subcontract part of their work. That may be reasonable, but it changes your risk profile. Ask whether subcontracting is permitted, whether you must approve it, and how the supplier prequalifies, inducts and supervises its subcontractors.
Your checklist should confirm that lower-tier providers meet the same minimum requirements for insurance, competency, safe work practices and quality controls. This is especially relevant in trades, security, transport, manufacturing and import supply chains, where the company you engaged may not be the company carrying out the highest-risk activity.
5. Plant, equipment and hazardous substances
Where relevant, check plant maintenance, inspection records, guarding, operator competency and equipment certification. For suppliers bringing mobile plant onto site, clarify traffic management, exclusion zones, spotter requirements and maintenance responsibilities before work starts.
For chemicals or hazardous substances, obtain current safety data sheets, confirm labelling and storage requirements, and determine whether the substance introduces health monitoring, dangerous goods or waste obligations. A supplier may provide a compliant product but still leave your business exposed if the site has no practical plan for receiving, storing, using and disposing of it.
6. Environmental controls and waste responsibilities
Environmental performance is often missed in supplier onboarding until a customer, regulator or certification auditor asks about it. Assess material sourcing, spills, emissions, waste handling, disposal records and relevant environmental licences where the supplier's activities can affect your environmental aspects.
For ISO 14001-aligned systems, procurement should consider a lifecycle perspective. That does not mean auditing every supplier to the same depth. It means setting controls where purchasing decisions can influence environmental outcomes, such as packaging, recycled content, chemical selection, transport, energy use or disposal pathways.
7. Ethical sourcing and modern slavery exposure
Ethical sourcing should be proportionate to the supply chain and sector. Higher-risk categories can include imported goods, labour-intensive manufacturing, cleaning, security, agriculture, logistics and temporary labour. Ask suppliers about workforce recruitment, right-to-work checks, labour-hire practices, grievance mechanisms and their own supplier oversight.
The Commonwealth Modern Slavery Act reporting threshold applies to entities with consolidated revenue of at least $100 million, but smaller businesses can still face customer requirements, tender questions and reputational consequences. If you supply larger organisations, your ability to provide credible supplier due diligence may become a commercial requirement well before it becomes a direct reporting obligation.
8. Information security and confidentiality
Suppliers with access to customer information, designs, pricing, site plans, CCTV, access credentials or employee records need separate scrutiny. Confirm what information they receive, where it is stored, who can access it and what happens when the service ends.
For many small and mid-sized businesses, the practical controls are straightforward: confidentiality provisions, restricted access, secure file transfer, password management, incident notification and return or destruction of information. The level of assurance should rise where the supplier manages sensitive personal information or operational technology.
9. Insurance, contract terms and records
Verify currency and adequacy of public liability, workers compensation, professional indemnity, product liability, motor vehicle or cyber insurance where relevant. The required limits should reflect the work and contractual exposure, rather than being copied blindly from an old template.
Your agreement should define scope, specifications, responsibilities, change control, reporting, incident notification, audit rights, subcontracting approval and termination rights. Keep the assessment evidence in a controlled supplier file. If a client audit, regulator enquiry or dispute occurs, you need more than a verbal assurance that the supplier was checked.
10. Performance monitoring and corrective action
Approval is the beginning of supplier management, not the end. Monitor the measures that matter to the category: on-time delivery, defects, rework, incidents, complaints, environmental breaches, responsiveness and documentation quality.
When a supplier fails to meet requirements, record the issue, identify the cause, agree on corrective action and verify closure. A single minor late delivery may call for a conversation. Repeated safety breaches, falsified records or failure to act on a serious non-conformance may require suspension or removal from the approved supplier list. Consistency matters because selective enforcement can weaken both your controls and your commercial position.
Make the checklist usable on site and in procurement
A checklist only works when the people using it can make a clear decision. Include a risk rating, evidence reviewed, expiry dates, assessor name, approval status and required follow-up actions. Set review frequencies based on risk, contract value and performance. Annual review may suit a critical contractor, while a lower-risk supplier can be reassessed every two or three years unless circumstances change.
Avoid creating a long questionnaire that no one has time to verify. A shorter, risk-based form with defined evidence requirements is more defensible than a detailed document completed without scrutiny. For high-risk suppliers, a targeted site audit and a documented corrective action plan will provide far more value than another declaration.
The strongest supplier management systems make expectations clear before work starts, then test whether those expectations hold under operational pressure. That is how supplier assurance becomes a practical safeguard for compliance, delivery and the contracts your business is working to win.




Comments