The potential of remote audits has been discussed for many years. However, they have not been widely accepted so far. Especially in the field of certification audits, remote audits remained insignificant for a long time, as they did not comply with accreditation rules and specifications. With COVID-19, this is likely to have changed: Exemptions were passed overnight, and the impossible suddenly became the only possible thing. Even though the pandemic is now under control in many countries, remote audits are here to stay.
Is a remote audit the same as a regular audit via webcam? Definitely not! A remote audit is fundamentally different - different requirements, different audit methods, different challenges, different risks and different opportunities. In this series of articles, we'd like to give you some pointers on how to conduct audits remotely.
- Part 1 - How to conduct remote audits
- Part 2 - Risk assessment
- Part 3 - Audit Method
- Part 4 - Technology
- Part 5 - Preparation
- Part 6 - Tipsfor conducting remote audits
- Part 7 - Follow-up
When done correctly, a remote audit can be a valuable addition to on-site audits. Internal audits, supplier audits, and certification audits can all be performed remotely - partially or completely. However, if a remote audit is not performed competently, it does more harm than good by providing a false sense of security.
In the seven parts of this series, we'll go through all the steps from preparation to follow-up. We focus primarily on audits of management systems (e.g., ISO 9001 for quality management systems, ISO 14001 for environmental management systems, ISO 45001 for occupational health and safety management systems, etc.). However, many of these points will also be applicable to other types of audits, such as process audits, product safety audits, and social audits.
Step 1: Be aware of the audit objective.
Different types of audits require different approaches to potential auditing remotely. Typically, we distinguish three types of audits, each with its own objectives:
- Internal audits: This is an audit within your own organization. This is usually conducted by someone within the organization itself.
- Supplier audits: Audits conducted by a customer, business partner, or contractor to verify compliance with specific specifications. Sometimes supplier audits are outsourced to audit and certification bodies.
- Certification audits: Audits conducted by an independent entity for the purpose of certifying compliance with a standard.
Whether a remote audit is even an option depends on the type of audit.
Internal audits: Since internal audits are for internal use, you are free to decide whether a remote audit will help you meet audit objectives. However, it is recommended that internal audits be conducted in accordance with ISO 19011 guidelines. This means that remote audits are possible, but as explained in the second article in this series, any risks must be considered.
Supplier audits: Whether a remote audit is possible depends on the instructions of the client. DQS has several solutions for remote supplier audits.
Certification audits: In management system certification, the use of remote audits has been limited to document reviews. However, during the COVID 19 pandemic, accreditation bodies and certification bodies have collaborated to enable remote auditing following a positive risk assessment (see Step 2). All certification bodies must take into account the International Accreditation Forum (IAF) MD 4:2018 guidelines.
In general, we expect many of the COVID-19 exemptions to continue post-crisis. In the area of food safety, this trend is already evident: In the GFSI specifications, which provide the framework for certification standards such as IFS, BRCGS and FSSC 22000, it has already been adapted that certification audits can be done remotely in parts.
...But is a remote audit
also desirable?
In some cases, remote audits are possible, but may not be the most effective way. There are significant risks involved. Inpart two of this series, we will take a look at the preceding risk assessment.
DQS Newsletter
Dr. Thijs Willaert
Dr. Thijs Willaert is Global Director Sustainability Services. In this role, he is responsible for the entire ESG service portfolio of DQS. His areas of interest include sustainable procurement, human rights due diligence and ESG audits.