CANTON BUYING DESK Factory Audit & On-Site Assessment Protocol

Factory Audit Execution Standard & On-Site Assessment Protocol

Scope of Application: Dedicated Sourcing Desks, Global Supply Chain Managers, and Licensed Third-Party Auditors.

This protocol establishes the authoritative methodology for factory compliance audits conducted under Canton Buying Desk standards. It defines the distinction between product inspection (QC) and systemic factory assessment (Audit), specifies evidence triangulation requirements, and governs the execution of a full on-site evaluation. Use in conjunction with the buyer-issued Code of Conduct (CoC), Factory Compliance & System Assessment Checklist (QMS), and applicable local labor, safety, and environmental regulations. Non-Conformance (NC) classification follows internationally recognized buyer-audit conventions (SGS / TÜV / Intertek aligned).

1. Core Assessment Framework: From Product-Centric Inspection to Systemic Compliance Evaluation

1.1 Distinction Between Factory Audit and Product QC

Product Quality Control (QC) evaluates the compliance of a single production lot — answering whether a specific shipment may be released. Factory Audit assesses the factory's overall management system and sustained delivery capability — answering whether the supplier can reliably and compliantly serve as a long-term partner, and whether latent systemic risks exist. Factory audit is a cornerstone of upstream supply-chain risk management; it is not batch-level defect screening, but an evaluation of whether the factory can consistently produce compliant goods within a controlled system.

1.2 Three Core Audit Domains

Depending on buyer requirements and destination-market regulations, a factory audit may focus on one domain or combine multiple modules within a single on-site visit:

Technical / Quality System

Assessment Focus

Equipment, process controls, capacity, IQC/IPQC/OQC workflows, and R&D capability — verifying the factory's ability to consistently manufacture conforming products.

Social & Ethical Compliance

Assessment Focus

Child labor, forced labor, excessive working hours, sub-minimum wages, discrimination, and related labor-rights violations — frequently subject to zero-tolerance policies by global brands.

Supply Chain Security

Assessment Focus

Primarily for North America-bound orders: physical security, access control, container loading integrity, and information security — preventing unauthorized items from entering the supply chain.

1.3 Core Auditing Methodology

Evidence Chain Closure (Say–Do–Prove / Triangulation of Evidence): Factory audits do not rely on verbal assurances; conclusions must be supported by documented evidence. A compliant finding requires cross-verification across three dimensions: documented records (Say it), on-site observation (Do it), and employee interviews (Prove it). Example: if a factory claims regular fire drills, auditors must review the drill plan and attendance log, observe posted evacuation routes and equipment, and confirm that randomly interviewed employees can describe the drill procedure.

Blind Sampling & Auditor Independence:

Personnel files, attendance records, payroll ledgers, and production work orders must be blind-sampled by the auditor directly from the system or archive — never accept pre-selected "perfect samples" voluntarily submitted by factory management. As with QC carton sampling, the records handed to you are often precisely those the factory most wants you to see. Sampling Bias Prevention is a mandatory control.

2. Standard Nomenclature & Regulatory Definitions

The following terms constitute the standard lexicon for on-site factory audits. Mastery of this nomenclature is essential for credible engagement with factories, buyers, and accredited audit bodies. Terms should be applied consistently with NC classification and Corrective and Preventive Action (CAPA) protocols below.

CoC — Code of Conduct

The buyer's core ethical and compliance requirements for suppliers; the primary benchmark for social-responsibility audits.

CAPA — Corrective and Preventive Action

Post-audit remediation report required from the factory: root cause analysis, short-term correction, long-term prevention, responsible owner, and completion timeline.

NC — Non-Conformance

A specific finding that violates applicable law or buyer standards; must be classified, documented, and tracked to closure.

Critical NC — Zero-Tolerance Finding

Findings that breach legal red lines or pose severe consequences (child labor, falsified records, locked evacuation routes, etc.) — typically resulting in immediate Fail.

PPE — Personal Protective Equipment

Ear plugs, respirators, safety goggles, cut-resistant gloves, etc. Failure to provide or correctly use PPE at regulated workstations is a frequent Major NC.

SDS / MSDS — Safety Data Sheet

Mandatory on-site hazard communication document for lubricants, solvents, thinners, and all regulated chemicals.

LOTO — Lockout/Tagout

De-energizing and locking machinery during maintenance to prevent accidental activation and injury; a core EHS requirement aligned with QC on-site safety protocols.

Restricted Audit Scope

When a factory refuses document access, locks workshops, or delays payroll disclosure — must be recorded factually. Buyers frequently treat this as a major integrity risk warranting authorization withdrawal.

3. On-Site Audit Standard Operating Procedures — 5 Sequential Phases

A standard factory audit is typically completed within one business day. The five phases below ensure comprehensive coverage and minimize blind spots.

Phase 1:
Opening Meeting → Phase 2:
On-Site Visual Inspection → Phase 3:
Document Verification → Phase 4:
Confidential Employee Interviews → Phase 5:
Closing & Debriefing Meeting

Phase 1: Opening Meeting

Attendees — Lead auditor, factory general manager, and department heads (QA/QC, HR, Production, Administration).

Scope Confirmation — Audit objectives, scope boundaries, applicable standards, and daily schedule; declaration of impartiality and confidentiality obligations.

Document Request List — Issue a written list of records to be reviewed; arrange a private interview room free from management presence.

Phase 2: On-Site Visual Inspection

Conduct a structured walk-through from the main gate using the factory layout plan. Priority areas: raw material warehouse, production floors (stamping / injection molding / assembly, etc.), finished-goods warehouse, chemical storage, hazardous-waste depot, cafeteria, and dormitories (where applicable).

Quality System Observations — Equipment inspection logs (not merely cosmetic), FAI markings, physical segregation of non-conforming goods, measuring instruments within calibration validity, SOPs aligned with actual processes.

EHS Observations — Fire hydrants unobstructed, exit signs energized, evacuation routes clear, machine guards in place, eyewash stations operational.

Phase 3: Document Verification

Return to the conference room for systematic review of management records, typically covering the preceding 3–12 months.

Regulatory & Licensing — Business license, special-equipment registration (elevators, boilers, forklifts), operator certifications (electricians, welders, forklift drivers), EIA approvals, and waste discharge test reports.

Quality Records — Supplier evaluation logs, IQC records, in-process inspection logs, customer complaint registers, instrument calibration certificates.

HR & Labor Records — Consolidated attendance sheets, payroll disbursement records (minimum wage and overtime at 1.5× / 2× / 3× multipliers), employment contracts, young-worker health examination reports (CoC audit priority).

Phase 4: Confidential Employee Interviews

Environment: Conduct one-on-one or small-group interviews with randomly selected workers from different workshops in a private room without factory management present.

Interview Technique: Maintain a professional, neutral tone to reduce respondent anxiety while preserving audit integrity.

Cross-Verification: Ask "What time do you normally finish work?" "Are you required to work Saturdays?" "Is wages paid in cash or bank transfer?" — cross-check against attendance and payroll for dual-ledger indicators. Ask "Were you required to pay a deposit or surrender your ID card?" — screen for forced-labor risk.

Phase 5: Closing & Debriefing Meeting

Findings Summary — Acknowledge factory strengths; enumerate each NC with reference to applicable law or buyer standard clauses.

On-Site Confirmation — Issue the provisional on-site audit report; require top management signature and stamp on the NC confirmation sheet; attach photo evidence and objective facts — no compromise on audit integrity.

CAPA Timeline — Specify CAPA submission deadline (typically 5–10 business days post-audit); for Major NC, set physical remediation and re-verification deadlines (commonly 30–60 days).

4. Key Audit Criteria & NC Classification Principles

All findings in the final assessment report must be classified. Under internationally recognized conventions, NCs are categorized into three severity levels:

Level	Code	Definition	Typical Examples	Disposition
Critical NC	Critical	Breaches legal red lines or poses severe consequences; zero tolerance.	Child labor on site; forced labor; falsified attendance/payroll; two or more exits locked; bribery of auditor.	Immediate Fail; suspend cooperation or mandate full re-audit.
Major NC	Major	Systemic failure or violation of local law; does not automatically disqualify but requires remediation.	Critical instruments without calibration; no IQC — raw materials released to production; disabled safety interlocks; unpaid social insurance; direct wastewater discharge.	Remediate within deadline (e.g. 30–60 days); submit written/photo/video evidence for re-verification.
Minor NC	Minor	Isolated procedural gaps; no systemic risk indicated.	Individual material cards not updated; single exit sign inoperative; one-month gap on fire-hydrant inspection log.	Include in CAPA; verify at next annual audit cycle.

Critical NC

Child labor, forced labor, dual payroll records, locked evacuation routes, missing fire acceptance certificate, commercial bribery.

Zero Tolerance · Fail

Major NC

Expired instruments, absent IQC, removed machine guards, PPE non-compliance, unpaid social insurance, illegal waste disposal.

Timed Remediation + Re-verification

Minor NC

Labeling omissions, isolated facility maintenance gaps, logbook signature lapses.

CAPA Tracking

4.1 Typical Critical NC Scenarios (CoC / Fire Safety / Business Ethics)

Social Compliance: Workers under 16; body searches, corporal punishment, or forced labor; refusal to provide or confirmed falsification of attendance/payroll records (dual ledgers).
Fire Safety: More than two emergency exits or evacuation routes deliberately locked or fully obstructed; building lacks fire safety acceptance certification.
Business Ethics: Cash, high-value gifts, or entertainment offered to the auditor constituting bribery.

4.2 Major / Minor NC — Supplementary Examples

Quality System · Major

Critical test instruments (e.g. hi-pot tester) without valid calibration; no Incoming QC — raw materials released directly to production.

EHS · Major

Press machine light curtain disabled or removed; PPE not worn at high-chemical or high-noise stations; social insurance not lawfully contributed.

Environmental · Major

Industrial wastewater or waste oil discharged into standard drainage without licensed third-party collection and disposal.

Site Management · Minor

Individual material cards not date-updated; isolated cartons without conforming labels; minor dust accumulation in chemical secondary containment.

Regional Context Note — Integrated Risk Assessment:

Given prevailing practices in China's industrial clusters — particularly the Pearl River Delta appliance and furniture belt, where incomplete social insurance enrollment and seasonal overtime exceeding statutory limits are common — auditors must assess such Major NCs against the buyer's actual tolerance threshold (e.g., acceptance of insurance filing in progress, phased CAPA milestones). Avoid mechanical zero-tolerance decisions without integrated risk evaluation.

5. NC Description Standard & Report Writing Requirements

Audit reports must be objective, verifiable, and free of vague or subjective language (e.g., "fire safety is poor," "wages are low"). Findings must be immediately actionable for buyers and factories alike.

NC Description Standard Formula: NC Description = Specific Location / Sample Scope + Objective Finding + Applicable Regulation / Standard Clause + On-Site Evidence Reference No.

5.1 Quality System NC — Example

At the finished-goods inspection and packing line (Location), audit sampling identified three digital calipers in active use (Instrument IDs: QC-05, QC-06, QC-09) (Finding) with calibration tags showing expiry on 12 April 2026; no valid third-party calibration certificates were available on site. This constitutes a breach of ISO 9001:2015 Clause 7.1.5 — Monitoring and Measuring Resources (Standard Clause). (Photo Evidence Ref 04)

5.2 Fire Safety NC — Example

At the northeast side of Production Workshop 2 (Location), one evacuation exit was fully obstructed by two pallets of plastic components awaiting assembly (Finding), reducing effective escape-route width to less than 1 meter in an emergency. This violates Article 28 of the PRC Fire Protection Law — provisions requiring unobstructed evacuation routes (Standard Clause). (Photo Evidence Ref 11)

Recommended Report Structure:

General Information: Factory name, audit type, audit date, auditor credentials, applicable standards (CoC / QMS / C-TPAT, etc.).
Sampling Methodology: Blind-sampled attendance months, payroll periods, employee interview headcount and workshop distribution.
Results Summary: Critical / Major / Minor counts; overall verdict — Pass / Fail / Conditional Pass.
NC Register: Each finding per the standard formula above, with photo reference numbers; scanned on-site confirmation signature page.
CAPA Requirements: Submission deadline; evidence format for Major items (photos / video / third-party reports); re-audit schedule.

6. On-Site Audit Protocol — Risk Mitigation & Auditor Safety

6.1 Identifying Delay Tactics & Obfuscation

Common Statements: "The records manager is on leave today and took the keys — we can review payroll tomorrow." Or: "That workshop is shut down for maintenance; it's too messy to enter."

Protocol Response: Treat locked areas or withheld records as potential indicators of serious compliance breaches (hidden child labor, excessive hours, etc.). Respond professionally and firmly: "Full document access and unrestricted site coverage are mandatory conditions of this audit. If unavailable, I am required to record 'Restricted Audit Scope,' which may result in immediate buyer authorization withdrawal." Anchor decisions in standards and buyer requirements — redirect focus to the evidence chain.

Closing Meeting — Conflict Exit Protocol

If the factory refuses to sign, becomes agitated, or attempts to withhold evidence during the closing meeting due to serious findings, do not engage in verbal or physical confrontation on site. Auditor safety is the first priority: politely recover original documents, photograph retained evidence where feasible, exit the premises promptly, and report the full factual situation to Canton Buying Desk or the buyer immediately upon departure.

6.2 Auditor EHS Requirements

Operational Boundaries: Never activate machinery controls without qualified factory personnel present and explicit authorization.

PPE Compliance: Wear safety helmets in areas with overhead lifting; use cut-resistant gloves and safety footwear as required.

Explosion-Prone Areas: Power off mobile devices or confirm equipment meets explosion-proof requirements before entering spray booths or high-dust grinding areas; no open flames or spark-generating activity.

Movement Safety: Use designated walkways; remain alert for forklifts; confirm LOTO is executed before approaching machinery internals under maintenance.

6.3 On-Site Audit Compliance Toolkit

Pre-departure checklist — verify each item before arriving on site:

Audit questionnaire / assessment checklist

Current local labor law & minimum wage reference card

Buyer CoC standards manual

Non-slip safety footwear (recommended personal issue)

Digital camera / high-resolution mobile device + power bank

Measuring tape (evacuation route width, handrail height, etc.)

Infrared thermometer (optional)

Sound level meter (optional)

Barcode scanner — C-TPAT traceability verification (optional)