Remote audits have become an integral part of digitization and agile working. What is meant is the distinct ability of virtual teams and employees working from home to be productive at a high level - also in the auditing of management systems and processes. Particularly in view of the Corona pandemic, company management and executives, "remote excellence" is increasingly being assessed by as a critical success factor that will determine the future. And in their planning and execution, certification audits must also be highly performant, regardless of whether they are conducted on-site or remotely as "audits from afar". And yet, such a remote audit demands additional skills and an additional degree of excellence on the part of everyone involved.
Remote audits: What ISO 19011 has to say
Although remote audits were already touted as an "alternative audit method" in ISO 19011:2011, this was not explained further. The 2018 revision then brought more impetus into the matter with the much more precise recognition of this audit method. By now the guideline could no longer ignore the possibilities of increasing digitalization.
"Remote audits: responding to digitalization - but also to times of crisis"
And as if the authors of ISO 19011:2018 had suspected it, the Covid 19 pandemic brought with it a wide field of applications for remote auditing. In times of crisis, when on-site audits can no longer be performed to the extent necessary, remote auditing comes in handy - albeit in a limited way.
Remote audits: Prerequisites
A whole series of prerequisites must be met before remote audits can be used as an accompanying audit method. These prerequisites include the complexity of the company's processes. The auditor must also be familiar with the management system and have already been on site before, for example.
Other essential requirements that must be met are:
- The quality of the communication technology must meet the very high requirements of a remote audit
- No initial certification may be audited remotely. Above all, this means that the management system must no longer be in an early phase.
- No significant non-conformities may have occurred at the site in question during the previous audit
- The management system must be organized in such a way that all data, evidence and specifications can be found immediately and are easy to view
- Risks that could jeopardize the audit must be excluded
"Meeting remote audit requirements: Not a matter of course, but a sign of excellence."
Meeting these requirements, especially in total, is not a matter of course. Rather, it is a sign of mature, excellent management systems and of organizations that set high standards for dealing with audits.
External auditors also have a key role to play: They must have strong, well above-average communication and organizational skills to direct and manage the audit from a distance.
Method must be accepted by all involved
And there is another important prerequisite. It applies to the attitude of all those involved towards this audit method and their willingness to engage with it. Trust and acceptance within the audited organization are therefore central points for successful audit planning, the audit program for execution, and the follow-up of the remote audit.
Since the auditor is not on site, technical and communication skills - indispensable "soft skills" - become even more important.
If you want to have an implementation of remote audits, if you want to use this technology, then you have to have the acceptance for it in the company.
Remote audits: Audit method or audit type?
Remote audits are an audit method, not a separate audit type. The authors of ISO 19011 do not elevate remote audits to the rank of an alternative to on-site audits. Rather, they offer to incorporate "remote" as one of several methods "appropriately balanced" in audit planning.
The requirements in chapter 5.5.3 of ISO 19011 are about selecting and determining audit methods: "In order to perform the audit effectively and efficiently, the person(s) controlling the audit program should select and determine the methods for the audit depending on the defined audit objectives, the defined audit scope and the defined audit criteria."
Remote audit: Formal framework according to IAF
In addition to ISO 19011, the International Accreditation Forum (IAF) document MD 4 also plays a role and is used to get a clear picture of the formal framework for remote audits. Here are three examples of prerequisites for remote audits using "Information and Communication Technology (ICT)":
- The security and confidentiality of electronic or electronically transmitted information must be ensured (4.1.1). Note: The auditee determines the level of security requirements.
- The use of ICT must be in agreement between the auditee and the auditor (4.1.2). Caution: This requires an established "relationship".
- Ensure in advance that the client and the auditor have the necessary electronic infrastructure to use ICT (4.2.2). Note: "Ensuring" includes trying out the infrastructure and planning alternatives if necessary!
Such computer-assisted auditing techniques (CAAT = Computer Assisted Auditing Techniques) may include, for example, the following:
- Conducting conference calls
- Meetings on the Internet
- Interactive web-based communications
- Remote electronic access to management system documentation and/or management system processes"
"Remote audit: DQS survey on acceptance of remote audits"
Remote audits with DQS
With the digital transformation and the Corona pandemic, remote audits have gained a firm place among audit methods. From the point of view of the accreditation bodies, the formal framework conditions are in place. The prerequisites in terms of technology and competencies are also clearly outlined. The possibilities offered by remote audits can therefore be exploited to the full. Nevertheless, their use must always be carefully considered. Not every situation can be adequately assessed remotely. Therefore, DQS will review the respective situation in your company and the risks associated with the implementation with you in advance.
Simply leveraging Quality
Since its foundation in 1985 as the first German certifier of management systems, DQS has been committed to the sustainable success of its customers. With value-adding audits and customer-oriented concepts, we accompany organizations all the way to business excellence.
In addition to the assessment according to individual management system standards, the combined, simultaneous auditing of fully integrated management systems offers you numerous opportunities. The interdisciplinary assessment allows synergies to be exploited and, at the same time, interactions and contradictions between the different topics to be identified.
In connection with ISO 19011, we also offer second-party audits as a service for selected subject areas, for example as supplier audits.
In order to increase the benefits for our customers, we focus on multiple qualifications in the selection and further training of our auditors: DQS auditors cover at least three standards on average. Take us at our word. We look forward to talking to you.