In times of a pandemic, auditing of management systems on site is often not possible or only to a very limited extent. So-called remote audits, which are carried out remotely with the aid of suitable information and communication technology, can usually provide a remedy in this situation - also for the automotive standard IATF 16949. Read the following article to find out what requirements the IATF created in October 2020 for carrying out remote audits.
Remote audits, i.e. audits conducted remotely for the assessment and certification of management systems, have gained strong acceptance since the start of the Covid 19 pandemic in early 2020. This was once again confirmed by a DQS customer survey . After all, even in times that make a normal on-site audit at a company almost impossible, certificates must be maintained and scheduled audits must be carried out. Even before the pandemic, this audit method was successfully applied without the physical presence of the auditor. This is because the internationally valid guideline for auditing management systems, ISO 19011:2018, has also explicitly provided for remote auditing as an alternative to on-site auditing in many areas for quite some time.
IATF and remote audits
Users of the international automotive standard IATF 16949 were denied this alternative audit method until about six months ago. In October 2020, however, the International Automotive Task Force (IATF) adapted to the current circumstances, at least temporarily, and created suitable conditions for carrying out remote audits for IATF 16949 as well with the "Measures Coronavirus Pandemic (COVID-19) - Revision 5". However, the possibilities of remote auditing are limited compared to ISO management system standards such as ISO 9001 (quality management) or ISO 27001 (information security).
This is because an essential condition for conducting an IATF remote audit is that it is not possible to conduct an on-site audit for reasons that can be shown to be directly related to the COVID-19 pandemic. Only in this case certification bodies like DQS are authorized to perform remote audits according to the IATF specifications. The background to this is that the possibility of remote audits prevents the planned or permissible time frame from being exceeded.
Special regulations also exist in the automotive sector for production facilities that are shut down due to a pandemic at the time of a planned IATF audit or that are not producing any parts. In this case, however, the certification body must obtain suitable information from the customer in order to assess the circumstances and, if necessary, agree a new, later date for the IATF audit. The IATF must be notified of the waiver of the originally planned audit.
Carrying out remote audits
The application of remote audits is possible for the automotive standard IATF 16949 as follows, for
- Production sites
- To include extended production sites
- Remote support sites
IATF Remote Audits are allowed for the following audit types:
- Initial certification audits (stage 1 and stage 2). If the stage 2 audit is performed remotely, the validity of the certificate may not exceed twelve months, and the certificate expires one day earlier. The subsequent audit is then considered a recertification audit.
- Surveillance audits
- Recertification audits
- Transfer audits
- Audits for special reasons, so-called special audits
The certification body must apply the following principles for the IATF Remote Audit:
- IAF ID 12 - Principles for Remote Assessments
- IAF MD 4 - Mandatory document on the use of information and communication technologies (ICT) for audit and assessment purposes.
- Annex A of "Measures Coronavirus Pandemic (COVID-19) - Revision 5" - Requirements for IATF Remote Audits
The IATF audit - Options for implementation
- 100% on-site
- Partly remote (audit from a distance) and partly on site
- 100% remote
When determining the number of audit days, the additional time and effort required for remote auditing must be taken into account. In the "Measures Coronavirus Pandemic", the IATF points out that even IATF 16949 remote audits and their planning can be observed ("witnessed") if necessary, for example to determine whether the technology used complies with the regulations or whether the approach of the respective auditor is compliant. However, this observation in the sense of a witness audit cannot be rejected.
Auditor competence for IATF remote audits
Other important elements of a remote audit are sufficient competence and skills of all parties involved in a remote audit. Auditors and customers alike must be able to operate the electronic infrastructure in such a way that the desired results can be achieved. And it must be ensured that the audit results are also meaningful and objective.
Auditors who conduct an IATF audit remotely should therefore already be familiar with the company in question and the prevailing atmosphere there, for example from an on-site automotive audit. In addition, the auditors must have extensive experience and a remote audit routine, since auditing remotely requires different questioning techniques in some cases than is normal for an on-site audit.
Our latest customer survey on this topic shows the following result with regard to DQS auditors:
"97% of our customers perceived the approach of our auditors as 'competent', only 3% as 'less competent'."
Further essential aspects and special requirements can be summarized as follows:
- There is neither a conflict case nor a critically assessed event (nonconformity).
- The number of participants in an IATF remote audit should be limited.
- Individual "sessions" should be scheduled for a maximum of two hours, followed by a break. This procedure is necessary, as otherwise concentration suffers in the sometimes unfamiliar situation. Therefore, somewhat more time should be planned for the planning of a remote audit compared to a conventional on-site IATF audit.
Advantages of remote audits
- Significant reduction of travel time
- Sites that cannot be visited can be audited with justifiable effort
- (almost any number of) Specialists and experts from all over the world can also be involved at the same time
- Personal risks for the auditors and their employees are minimized, for example health and safety risks
- Elimination of travel restrictions
- Time delay between data collection and data analysis can be minimized
- Much flexibility in case of disruptions, for example availability of auditees
- Reduced CO2 emissions contribute to sustainability
Requirements for the communication technology used
The information and communication technology (ICT) used plays a special role in all audits conducted remotely. The document IAF MD 4:2018 provides binding specifications for this. The document is published by the IAF (International Accreditation Forum) and regulates globally central aspects in the use of ICT.
Key requirements, which in addition to IATF audits also affect all other audits for the certification of ISO management system standards, are:
- Ensuring the security and confidentiality of electronically transmitted information.
- Agreement on the use of ICT between auditor and customer. This requires an established business relationship.
- Identification of risks and opportunities by the auditor in relation to ICT. This involves, among other things, the validity and objectivity of findings in advance.
- Ensuring that the necessary electronic infrastructure is in place.
- Competence and ability of all those involved to operate the ICT in such a way that the desired results can be achieved.
This includes ensuring that customers and auditors are familiar with the appropriate hardware and software (tablets, WebCams, WiFi hubs or IT tools such as WebEx, GoToMeeting, image editing programs, etc.) and that sufficient bandwidth is available for a secure, stable connection.
Other specifications in the automotive sector
- DIN EN ISO/IEC 17021 - Requirements for certification bodies that audit and certify management systems for the purpose of conformity assessment
- DIN EN ISO 19011 - Guideline for the auditing of management systems
- 71 SD 6 021 (IAF MD 5) - binding document for the determination of audit times for auditing quality and environmental management systems
- 71 SD 6 016 (IAF MD 4) - binding document on the use of computer assisted audit techniques (CAAT) in the auditing of management systems by accredited certification bodies
- IATF - Global waivers and measures in response to the Coronavirus Pandemic COVID 19, Annex A contains the requirements for the performance of remote audits for the IATF 16949 set of regulations
Conclusion - Performing IATF audits remotely
Remote audits became part of a "new reality" in just one year. Today, they are a recognized audit method that can replace a classic on-site audit, at least in part, and thus contribute to the maintenance of the certificate. Remote audits can therefore be a useful supplement to conventional on-site audits. Whether during an assessment to leverage additional expertise, in combination to cost-effectively cover multiple sites, or auditing entirely remotely when appropriate to meet certification requirements or as current conditions dictate.
The possibilities that remote audits have long offered for ISO standards can also be exploited (at least temporarily) for the automotive standard IATF 16949 since fall 2020. However, only in relation to demonstrably pandemic-related failures of planned on-site audits, and if this puts the maintenance of certificates at risk. In addition, their application must always be carefully weighed. Not every situation can be adequately assessed at a distance. DQS therefore examines in advance the respective circumstances in your company, the requirements on the part of accreditation and authorities, as well as the risks associated with the implementation.
When carrying out remote audits, special requirements must be observed which are set out in the above-mentioned standards and guidelines. These specifications focus on the information and communication technology (ICT) used and the experience and routine of the respective auditors - two aspects that have the greatest influence on the success of a remote audit.
Furthermore, additional rules for planning and conducting audits apply to remote IATF audits. Depending on the audit type, this may also apply to the duration of certificates issued on the basis of remote audits. Details on the requirements can be found in Appendix A of the so-called "Measures Coronavirus Pandemic (COVID-19) - Revision 5".
Experience and trust
IATF 16949 is regarded as the international quality standard in the automotive industry. As the successor to ISO/TS 16949:2009, it has been virtually the ticket for this global industry since its publication in October 2016. The ISO/TS 16949 Technical Specification was first issued in March 1999. With our recognition by IATF and approval by VDA-QMC in February 2000, DQS was among the first certification bodies worldwide for this automotive standard.
Our texts and white papers are written exclusively by our standards experts or auditors with many years of experience. If you have any questions about the text contents, our audits and certifications to the author, please feel free to contact us.