What are you looking for?
Successful Remote Audits
17 January 2021
Nowadays an increasing number of services are offered remotely. In ISO 9001, you can now find everything from virtual gap analysis to remote certification audits. Done well, they can be just as effective as the on-site version.
Let us explain the techniques and processes we employ with our virtual audits and gap analysis, how we achieve success – and how you'll benefit.
Benefits of Remote Audits
The first questions should be: "Why do audits remotely?" and "What does 'remote' mean anyways?" There are two aspects to the concept of 'remote':
Outsiders, for example auditors and consultants, conduct their services without physically visiting your facility.
Managers and staff of your company could be working from home or another remote location. They could join an interview or audit from their desk – wherever the desk may be.
Both aspects have their own benefits but combining them results in notable advantages for all involved. The benefits of remote audits (as well as remote gap analysis, remote certification and other remote services) include:
Lower cost due to the elimination of travel expenses.
Faster and more flexible timing as different schedules are more easily accommodated.
Minimum interruption to your work flow as audit participants can join an interview or audit from wherever they are.
More efficient use of your time as document reviews can take place at individual computers.
Elimination of safety and security issues related to outsiders visiting your facility.
Option of subject-matter experts join specific aspects of the audit.
Even before the 2020 pandemic-related lockdowns, our lead auditors had been performing some internal audit services remotely for the various benefits they bring to our clients.
Our Remote Auditing Techniques
Remote internal audits – and similarly, remote gap analysis – involve the same phases and activities as their in-person counterparts, beginning with detailed planning and preparation.
We start by researching your organization to give our auditors the knowledge necessary to perform the audit. Our auditors work closely with company representatives to develop the audit plan and a detailed audit schedule that lists precise times for all activities. We identify the individuals that will be part of the audit and the kind of documentation to be reviewed. Since remote audits don't necessarily need to be conducted on consecutive days, their schedule can be adjusted to minimize the impact on day-to-day operations.
While regular on-site audits require planning for physical space and logistics, our remote audits require planning for virtual space and communication technologies. Nowadays, numerous options exist, including Microsoft Teams, Zoom, Join.me, GoToMeetings, and many more. We frequently use Microsoft Teams but are prepared to use other technologies deployed at your company.
Prior to the audit, there is ample preparation and testing. We provide written instructions, discuss communications technologies, and explain the process in detail to get everybody ready. We also conduct testing of the communications devices and software to ensure everyone is familiar with the tools. Our checklist includes
Check technologies on all devices, including video, cameras, headphones, and microphones.
Check connectivity particularly for walk-throughs.
Practice the use of the application, including screen sharing, screen mirroring, and file sharing.
Address security and confidentiality issues.
Charge mobile devices ahead of time.
Have a backup plan.
A few days before the actual audit, we'll request you record a video of a walk-through of your facility, and send it to us using a file sharing app. We will use the video to prepare for the audit and draw up questions.
Meetings and Interviews
Both physical and virtual audits start with an opening meeting and end with a closing meeting. These gatherings include executives, managers and others involved in the audit. Another part of any audit are the interviews of executives, managers and staff.
During remote audits, we leverage a video conferencing solution like Microsoft Teams, which allows participants to communicate with us from their current location. The opening and closing meetings don't have to be conducted in a traditional meeting room with video conferencing capabilities. Instead, attendees can click the meeting link on their computers at their desks for a video or audio connection, or simply call in using a regular phone.
The same approach also works well for interviewing personnel individually or in groups, reviewing processes, and generally for auditing. Participants can jointly review and discuss documents and processes.
Review of Documentation
Reviewing documents and records is a critical component of any audit. While on-site audits often involve the auditor leaning over someone's shoulder to inspect documents on a computer screen, the virtual environment is a better setting. During remote audits, the video conferencing app's screen sharing and file sharing functions allow our auditor to review documents and records on workstations. Also software in use and related data can be easily reviewed. Our remote approach is not only ideal when it comes to following audit trails and verifying document control, it's also more convenient and efficient.
Observing Work Processes
Although most of the audit time is spent looking at (computer-based) records and interviewing key personnel, we also conduct a live walk-through at your facility, observing work processes and talking with employees. Since in-person visits aren't an option, we require a company employee (usually the ISO 9001 representative) with a smartphone and installed video communications software to serve as our auditor's virtual eyes, ears and mouth. This allows us to observe real-life activities, talk with people performing the work and review documents and records. In addition, our auditor may request photographs, videos, and scanned documents.
Confidentiality and Information Security
When it comes to confidentiality and information security, there are two important aspects to consider: the information and knowledge gained by the auditor, and the security of data electronically transmitted and stored.
Our auditors are contractually obliged through a non-disclosure agreement to keep gained information and knowledge confidential. In addition, professional ethics and codes of conduct also require us to maintain confidentiality. Importantly and most significantly we are only able to see anything that you show us. If you don't show us then we don't see it. Documents can be redacted and sensitive content can be edited before it's shown to us.
Audits are generally performed using live communication that's not recorded. Only in some cases, we request photographs or videos during the audit. However, prior to the audit we ask for videos and, in some cases, procedures to allow us to plan the audit.
Along with our audit reports, findings, audit checklists and audit schedule, our auditors also retain these files – unless the client requests that we don't. If you ask that we don't retain submitted videos, photographs and documents, our auditors will save these files to a special folder that is not synced or backed up, and the data is deleted after the project.
We use Microsoft 365 and take advantage of their systems for access control, encryption and data management. All data is securely backed up. Auditor computers are encrypted and we have two factor authentication to access. Microsoft Teams provides all the normal communication security protocols and general controls that you would expect of a leading communication tool – and again, if nothing sensitive is being presented then it can't be unexpectedly accessed. Nevertheless, our auditors have a 27001/NIST/CMMC type management system and security controls system in place. Client data is specifically identified and appropriate controls applied.
While there was a big boost for remote services in 2020, demand for virtual audits and other ISO 9001 services has been increasing for several years. In fact, our lead auditors and consultants have been working remotely for many years and processes have been fine-tuned and perfected.
Should you have your internal audits or gap analysis conducted remotely by us? It's usually just a matter of preference. As this article shows, it's not only possible to remotely conduct our ISO 9001 Internal Audit Service and our ISO 9001 Gap Analysis & Implementation Plan, it's also as efficient as their on-site counterparts. The remote option, though, has several advantages that go far past the cost savings.
If you enjoyed this article, subscribe for updates
Stay in touch with our free resources on ISO 9001
We won't send you spam. Unsubscribe at any time.
Thanks. Your message has been sent. We'll get back to you as soon as possible.
We'll reply ASAP