How to do Remote Audits – Part 1: Objectives
We are in the middle of digital transformation, a process of continuous change based on digital technologies that are being developed at an ever faster pace. Digital technology is having a profound impact on the auditing industry and offers new opportunities to certification bodies and their clients. In this series of articles, we would like to give you a few pointers on how to do audits remotely.
First and foremost: is a remote audit the same as a regular audit, through a webcam? Definitely not! A remote audit is fundamentally different – different prerequisites, different audit methods, different challenges, different risks and different opportunities.
Done correctly, a remote audit can be a valuable addition to on-site audits. Internal audits, supplier audits and certification audits can all be done remotely – partially or entirely. By contrast, if a remote audit is not executed correctly, it does more harm than good, because it provides a false sense of assurance. Let’s look at the steps do it right!
In this series, we will focus primarily on audits of management systems (e.g. ISO 9001 for quality management systems, ISO 14001 for environmental management systems, ISO 45001 for OHS management systems, etc.). That being said, many of these points will be applicable to other kinds of audits, such as process audits, product safety audits and social audits.
- Part 1 – Remote Audit Objectives
- Part 2 – Is a Remote Audit the Right Choice? The Risk Assessment
- Part 3 – Determine the Method
- Part 4 – Determine the Technology
- Part 5 – How to Prepare a Remote Audit
- Part 6 – Tips for Remote Audit Execution
- Part 7- Remote Audit Reporting & Follow-Up
Step 1: Being Aware of the Audit Objective
Different types of audits will require different approaches to remote auditing. Typically, we distinguish three types of audit, each with their own objectives:
- First-party audit: this is an audit within your own organization, typically done by someone from within the organization. This is what is also called an internal audit
- Second-party audit: audit performed by a customer, business partner or contractor, usually based on their requirements. Sometimes audit companies do these on behalf of this second party. These are often referred to as supplier audits
- Third-party audit: audit performed by an independent party against a recognized standard. These are usually certification audits.
Whether a remote audit is even a possibility, will depend on the nature of the audit.
- Internal audits: Because internal audits are for internal use, you are free to determine whether a remote audit will enable you to achieve the audit objectives. It is however recommended practice to conduct internal audits as per the guidelines of ISO 19011. This means that remote internal audits are possible, but as explained in the second article of this series, the risks need to be considered.
- Supplier audits: Whether a remote audit is a possibility will depend on the instructions of the buyer. DQS has various solutions for remote supplier audits.
- Certification audits: For the certification of management systems, the use of remote audits has been limited to document reviews. During the COVID-19 pandemic, however, accreditation bodies and certification bodies have worked together to allow remote audits after a positive risk assessment (see step 1). All certification bodies must comply with MD 4:2018 of the International Accreditation Forum (IAF).
In some cases, however, a remote audit may be possible, but not desirable, because it may not be effective enough. In Part 2 of this series, we will take a look at this risk assessment.