Part 4: Remote Audits – Determine the Technology
Technology for remote audits continue to evolve at a lightning pace. As long as they are secure, there is no limitation as far as available technologies are concerned. From simple webcams to wearable devices like Google Glass and even artificial intelligence, the sky is the limit – sometimes quite literally, in the case of drones.
This is Part 4 of a seven-part series of articles on remote auditing:
- Part 1 – Remote Audit Objectives
- Part 2 – Is a Remote Audit the Right Choice? The Risk Assessment
- Part 3 – Determine the Method
- Part 4 – Determine the Technology
- Part 5 – How to Prepare a Remote Audit
- Part 6 – Tips for Remote Audit Execution
- Part 7- Remote Audit Reporting & Follow-Up
As discussed in previous articles, one of the few internationally recognized documents that discuss the use of ICT for auditing purposes is MD 4:2018 of the International Accreditation Forum. The document mentions various tools, such as webcams, smartphones, wearables, drones and laptops. These can be used to
- Have tele- and videoconferences, potentially with data sharing
- Assess documents and records, either in real time (live monitoring) or with a certain delay (when documents are shared and reviewed afterwards)
- Record information, by filming, photographing or recording audio
- Provide visual access to certain locations (e.g. with drones or portable cameras)
All of these technologies will have their own benefits, limitations and risks. While exploring each of them in detail is beyond the scope of this article, one of the factors that will always be relevant is data protection and data privacy. Here are some of the main principles to consider:
- Client and auditor determine the level of security requirements and ensure the security and confidentiality of electronic or electronically transmitted information.
- ICT may only be used if auditee and auditor agree. This requires a well-established relationship and remote access protocols.
- Both client and auditor need to ensure they have the necessary electronic infrastructure to use ICT: “ensuring” includes trying out the infrastructure and planning alternatives if necessary!
- For hosting, the customer shall choose between an external provider or their own server. Auditors need to familiarize themselves with the customer’s hard- and software.
While the potential of technology is undisputed, we urge people to be realistic in their expectations. Site tours, for example, remain a challenge. Google Glass and other wearable devices can only work properly on optimized networks with stable and high speed connections – both on the sending and the receiving end. Our tests in practice have shown that even in urban environments, this can be a frustrating experience. In less developed areas, the problem will only be more acute.
A final aspect to consider that technology can never be more competent than the persons who use it. This not only means that auditors must have the competence to handle the technology, but also that they must have the competence to interpret the data. It is important to understand that this aspect has not been a part of most auditor training programs, so some form of training and/or instruction is essential.
This brings us to our next article – you will want to ensure that all participants know how to handle the technology, which is part of the remote audit preparation.