Remote audit technology is rapidly evolving. From simple webcams to wearable devices like Google Glass, drones and even artificial intelligence - everything is conceivable. But beware: in practice, even the latest technologies quickly reach their limits.
This is part four of a seven-part series of articles on remote audits:
- Part 1 - How to conduct remote audits
- Part 2 - Risk assessment
- Part 3 - Audit Method
- Part 4 - Technology
- Part 5 - Preparation
- Part 6 - Tips for conducting remote audits
- Part 7 - Follow-up
As discussed in previous posts, there are few internationally recognized documents that standardize the use of ICT for audits. The exception is MD 4:2018 from the International Accreditation Forum. The document mentions various tools, such as webcams, smartphones, wearables, drones, and laptops. These can be used to,
- Hold teleconferences and videoconferences, possibly with data sharing
- Review documents and records, either in real time or with some delay (when documents are shared and then reviewed)
- Record information by filming, photographing, or recording sound
- Gain visual access to specific locations (e.g., with drones or wearable cameras).
Each of these technologies has its own benefits, limitations, and risks. A detailed discussion of each of them is beyond the scope of this article. Factors that always play a role are data protection and privacy. We list the most important principles below:
- The client and auditor define the security requirements and ensure the security and confidentiality of the information transmitted.
- ICT may only be used if the auditee and the auditor agree. This requires a solidified relationship and protocols for remote access.
- Both client and auditor must ensure that they have the necessary digital infrastructure: "Ensuring" means trying out the infrastructure and looking for alternatives if necessary!
- For hosting, it is not the auditor but the client who decides between an external provider or their own server. Auditors must familiarize themselves with the client's hardware and software.
Although the technological potential is undisputed, we advise remaining realistic. Site surveys, for example, remain a challenge. Google Glass and other wearable devices can only function properly on optimized networks with stable and fast connections - both on the sending and receiving end. Our real-world tests have shown that this can be a frustrating experience even in urban environments. In remote regions, the problem will be even more acute.
One final aspect is that technology can never be more competent than its users. This means not only that auditors must have the competence to handle the technology, but also that they must have the competence to interpret the data. It is important to emphasize that this aspect has not been part of most auditor training programs. Therefore, some form of training and/or instruction is essential.
This brings us to our next article in this series: To ensure that all stakeholders are comfortable with the technology, good audit preparation is essential.