When is it possible to use Remote Audit?
Remote audit is one of the audit methods described in ISO 19011:2018. The value of this audit method lies in its potential to provide flexibility in achieving audit goals.
To realize the benefits of this audit method, all stakeholders shall be aware of their role in the process, determination of expected inputs and outputs, and assessment of risks and opportunities, which will provide the basis for achieving the audit and audit program goals.
There are various reasons why an auditor may not be present due to security restrictions, pandemics, or travel restrictions. Voluntary or mandatory containment, commissioning of assembly in hazardous locations, explosives testing, and other scenarios are all examples where remote auditing is beneficial.
New information and communication technologies (ICT) have made remote auditing more feasible. As the access to ICT has increased, remote auditing has become more commonly used. This allows the auditor to communicate with people globally, accessing a wide range of information and data. These techniques transform the way we work. ICTs open up the opportunity to audit sites and people remotely, shortening distances, travel time, and costs, reducing the environmental impact, and impact associated with audit trips, and adapting audits to different organizational models. ICT can help increase sample size or quality in the audit process when prepared, validated, and used correctly. This is the case, for example, when using video cameras, smartphones, tablets, drones, or satellite imagery to verify physical settings such as pipeline identification in the oil industry, machine settings, storage areas, production processes, and forest or agricultural sites.
ICT also allows for the inclusion of specialist knowledge in an audit that would otherwise not be possible due to financial or logistical constraints. For example, expert participation is only needed to review a specific project for two hours. With ICT available, the specialist can analyze the process remotely, thus reducing the time and costs associated with the trip.
On the other hand, however, we shall consider ICT’s limitations and risks in meeting the audit goals. These include information security, data protection, confidentiality issues, and the veracity and quality of objective evidence collected.
The following are questions that may arise.
When viewing images, are you viewing real-time images or recorded video?
Is it possible to capture everything about the remote site, or is it image-driven?
When planning a remote interview, will there be a stable Internet connection, and does the person being interviewed know how to use it?
Can the processes and locations to be audited realistically be audited off-site?
Is there a good overview of facilities, equipment, operations, and controls?
Is it possible to access all relevant information?
Many of these questions can only be answered after visiting the site, but they shall be answered to enable the use of ICT in the audit process. The person responsible for the audit program and the audit team needs to identify the risks and opportunities and define decision criteria for accepting or not its use, where and under what conditions.
A remote audit should be considered from establishing the audit program through planning the audit and finally performing the audit.
Source: ISO/IEC ISO 9001 Auditing Practices Group Guidance on: REMOTE AUDITS; Ed. 1.