Remote audits have tremendous potential, but they are also subject to a learning curve. In this series of articles, we provide a step-by-step guide to conducting a remote audit. Today, we'll look at the risk assessment that precedes the remote audit.

This is part two of a seven-part article series:

Companies rely on audits of their business partners to provide assurance of compliance with standards. When audits miss critical aspects or otherwise become ineffective, it poses a risk to all involved.

For this reason, before planning a remote audit, auditors and certification bodies must assess whether a remote audit is appropriate for the intended purpose. Some of the criteria for this risk assessment are:

  • Integrity of the audit process
  • Effectiveness of the audit in achieving the audit objectives
  • Feasibility with respect to ICT:
  • Risks to the objectivity and validity of the information collected
  • Information security for all audit participants
  • Feasibility with respect to the selected technology (auditors and customers)
  • Up-to-date and stable ICT, with competent people
  • Good bandwidth for data transmission and reliable power supply
  • Uninterrupted and high quality of sound/image

To decide whether an audit can be performed remotely (partially or fully), DQS uses the following criteria:

  • Availability of the necessary infrastructure to support the use of the proposed ICT (e.g., data security, data integrity, media equipment, bandwidth, etc.)
  • Systematic implementation of the management system where records, data, etc. can be reviewed at any location, regardless of the physical location
  • Complexity of the site (e.g., a small sales office would have lower risk than a large manufacturing site)
  • Familiarity of the auditor with the customer's management system, procedures and facilities.

A remote audit should be avoided in the following cases:

  • Initial audits: The auditor must be familiar with the customer's management team and premises.
  • Clients with a history of critical deviations at the site being assessed.
  • Significant changes in management or process responsibilities for relevant processes
  • Any violation of accreditation rules or legal and regulatory requirements
  • Where security issues exist, e.g. restricted areas or secret documents
  • Conflicts between supplier and customer: remote communication is more difficult than face-to-face communication. So if there is a conflict between supplier and customer, remote audits can be ineffective at best and contribute to further misunderstandings at worst.

Was the outcome of your risk assessment positive? Great - learn more about the different audit methods in part three.

Author
Dr. Thijs Willaert

Dr. Thijs Willaert je globalni direktor službi za održivost. U ovoj ulozi, on je odgovoran za ceo portfolio ESG usluga DQS-a.

Oblasti njegovog interesovanja uključuju održivost procesa nabavke, proveru ljudskih prava i ESG audite.

Loading...