USA / USD

Successful Remote Audits

17 June 2022

Nowadays an increasing number of services are offered remotely. In ISO 9001, you can now find everything from virtual gap analysis to remote certification audits. Done well, they can be just as effective as the on-site version.

Let us explain the techniques and processes we employ with our virtual audits and gap analysis, how we achieve success – and how you'll benefit.

Virtual Audit

Benefits of Remote Audits

The first questions should be: "Why do audits remotely?" and "What does 'remote' mean anyways?" There are two aspects to the concept of 'remote':

Auditors conduct their services remotely without physically visiting your facility.

Managers and staff of your company could be working from home or another remote location. They could join an interview or an audit remotely from their desk – wherever the desk may be.

Both aspects have their own benefits but combining them results in notable advantages for all involved. The benefits of remote audits (as well as remote gap analysis, remote certification and other remote services) include:

Lower cost due to the elimination of travel expenses.

Faster and more flexible timing as different schedules are more easily accommodated.

Minimum interruption to your work flow as audit participants can join an interview or audit from wherever they are.

More efficient use of your time as document reviews can take place at individual computers.

Elimination of safety and security issues related to outsiders visiting your facility.

Option of subject-matter experts join specific aspects of the audit.

Our Remote Auditing Techniques

Remote internal audits – and similarly, remote gap analysis – involve the same phases and activities as their in-person counterparts, beginning with detailed planning and preparation. However, the principles of remote assessment also show some important differences.

Preparation

We start by researching your organization to give our auditors the knowledge necessary to perform the audit. Our auditors work closely with company representatives to develop the audit plan and a detailed audit schedule that lists precise times for all activities. We identify the individuals that will be part of the audit and the kind of documentation to be reviewed. Since remote audits don't necessarily need to be conducted on consecutive days, their schedule can be adjusted to minimize the impact on day-to-day operations.

While regular on-site audits require planning for physical space and logistics, our remote audits require planning for virtual space and communication technologies. Nowadays, numerous options exist, including Microsoft Teams, Zoom, Join.me, GoToMeetings, and many more. We frequently use Microsoft Teams but are prepared to use other technologies deployed at your company.

Prior to the audit, there is ample preparation and testing. We provide written instructions, discuss communications technologies, and explain the process in detail to get everybody ready. We also conduct testing of the communications devices and software to ensure everyone is familiar with the tools. Our checklist includes

Check technologies on all devices, including video, cameras, headphones, and microphones.

Check connectivity particularly for walk-throughs.

Practice the use of the application, including screen sharing, screen mirroring, and file sharing.

Address security and confidentiality issues.

Charge mobile devices ahead of time.

Have a backup plan.

A few days before the actual audit, we'll request you record a video of a walk-through of your facility, and send it to us using a file sharing app. We will use the video to prepare for the audit and draw up questions.

Meetings and Interviews

Both physical and virtual audits start with an opening meeting and end with a closing meeting. These gatherings include executives, managers and others involved in the audit. Another part of any audit are the interviews of executives, managers and staff.

During remote audits, we leverage a video conferencing solution like Microsoft Teams, which allows participants to communicate with us from their current location. The opening and closing meetings don't have to be conducted in a traditional meeting room with video conferencing capabilities. Instead, attendees can click the meeting link on their computers at their desks for a video or audio connection, or simply call in using a regular phone.

The same approach also works well for interviewing personnel individually or in groups, reviewing processes, and generally for auditing. Participants can jointly review and discuss documents and processes.

Review of Documentation

Reviewing documents and records is a critical component of any audit. While on-site audits often involve the auditor leaning over someone's shoulder to inspect documents on a computer screen, the virtual environment is a better setting. During remote audits, the video conferencing app's screen sharing and file sharing functions allow our auditor to review documents and records on workstations. Also software in use and related data can be easily reviewed. Our remote approach is not only ideal when it comes to following audit trails and verifying document control, it's also more convenient and efficient.

Observing Work Processes

Although most of the audit time is spent looking at (computer-based) records and interviewing key personnel, we also conduct a live walk-through at your facility, observing work processes and talking with employees. We accomplish this by asking a company employee (usually the ISO 9001 representative) with a smartphone and installed video communications software to serve as our auditor's virtual eyes, ears and mouth. This allows us to observe real-life activities, talk with people performing the work and review documents and records. In addition, our auditor may request photographs, videos, and scanned documents.

Confidentiality and Information Security

When it comes to confidentiality and information security, there are two important aspects to consider: the information and knowledge gained by the auditor, and the security of data electronically transmitted and stored.

Auditor Confidentiality

Our auditors are contractually obliged through a non-disclosure agreement (NDA) to keep gained information and knowledge confidential.  In addition, professional ethics and codes of conduct also require us to maintain confidentiality. Importantly and most significantly we are only able to see anything that you show us. If you don't show us then we don't see it. Documents can be redacted and sensitive content can be edited before it's shown to us.

Information Security

Remote audits are generally performed using live communication that's not recorded. Only in some cases, we request photographs or videos during the audit. However, prior to the virtual assessment we ask for videos and, in some cases, procedures to allow us to plan the audit.

Along with our audit reports, findings, audit checklists and audit schedule, our auditors also retain these files – unless the client requests that we don't. If you ask that we refrain from retaining submitted videos, photographs and documents, our auditors will save these files to a special folder that is not synced or backed up, and the data is deleted after the project.

We use Microsoft 365 and take advantage of their systems for access control, encryption and data management. All data is securely backed up. Auditor computers are encrypted and we have two factor authentication to access. Microsoft Teams provides all the normal communication security protocols and general controls that you would expect of a leading communication tool – and again, if nothing sensitive is being presented then it can't be unexpectedly accessed. Nevertheless, our auditors have a 27001/NIST/CMMC type management system and security controls system in place. Client data is specifically identified and appropriate controls applied.

Conclusion

While there was a big boost for remote services in 2020, demand for virtual audits and other ISO 9001 services has been increasing for several years. In fact, our lead auditors and consultants have been working remotely for many years and processes have been fine-tuned and perfected while ISO has published ISO/IEC TS 17012:2024, its own guidelines for remote audits.

So, next time you outsource your internal audit to us, consider having us conduct perform it remotely. As this article shows, it's not only possible but the remote option has several advantages that go beyond cost savings.

Naomi Sato

Naomi Sato

Consultant and Product Manager

Naomi holds dual responsibility as an ISO 9001 consultant and product manager, and is an enthusiastic contributor to our online and print resources.

Think your associates and colleagues might enjoy this article too? Share it!

How can we help?

Please enter your full name

Please enter a valid email

Please enter a valid phone number

Please enter a message

Send Inquiry

Thanks. Your message has been sent. We'll get back to you as soon as possible.

Looking for information or advice?
Ask us anything

We'll reply ASAP

YES

NO