Remote audits have tremendous potential, but they are also subject to a learning curve. In this series of articles, we provide a step-by-step guide to conducting a remote audit. Today, we'll look at the risk assessment that precedes the remote audit.

This is part two of a seven-part article series:

Companies rely on audits of their business partners to provide assurance of compliance with standards. When audits miss critical aspects or otherwise become ineffective, it poses a risk to all involved.

For this reason, before planning a remote audit, auditors and certification bodies must assess whether a remote audit is appropriate for the intended purpose. Some of the criteria for this risk assessment are:

  • Integrity of the audit process
  • Effectiveness of the audit in achieving the audit objectives
  • Feasibility with respect to ICT:
  • Risks to the objectivity and validity of the information collected
  • Information security for all audit participants
  • Feasibility with respect to the selected technology (auditors and customers)
  • Up-to-date and stable ICT, with competent people
  • Good bandwidth for data transmission and reliable power supply
  • Uninterrupted and high quality of sound/image

To decide whether an audit can be performed remotely (partially or fully), DQS uses the following criteria:

  • Availability of the necessary infrastructure to support the use of the proposed ICT (e.g., data security, data integrity, media equipment, bandwidth, etc.)
  • Systematic implementation of the management system where records, data, etc. can be reviewed at any location, regardless of the physical location
  • Complexity of the site (e.g., a small sales office would have lower risk than a large manufacturing site)
  • Familiarity of the auditor with the customer's management system, procedures and facilities.

A remote audit should be avoided in the following cases:

  • Initial audits: The auditor must be familiar with the customer's management team and premises.
  • Clients with a history of critical deviations at the site being assessed.
  • Significant changes in management or process responsibilities for relevant processes
  • Any violation of accreditation rules or legal and regulatory requirements
  • Where security issues exist, e.g. restricted areas or secret documents
  • Conflicts between supplier and customer: remote communication is more difficult than face-to-face communication. So if there is a conflict between supplier and customer, remote audits can be ineffective at best and contribute to further misunderstandings at worst.

Was the outcome of your risk assessment positive? Great - learn more about the different audit methods in part three.

Author
Dr. Thijs Willaert

Dr. Thijs Willaert is Global Director Sustainability Services. In this role, he is responsible for the entire ESG service portfolio of DQS. His areas of interest include sustainable procurement, human rights due diligence and ESG audits. 

Loading...