The COVID-19 pandemic has challenged a great many tried-and-(no longer)-true systems of work. One of these is conducting external or third party audits, which have typically involved physical site inspections and face-to-face interviews.
The ISO 9001 Auditing Practices Group provide direction in relation to remote auditing, and the most recently issued guidance (ISO 9001 Auditing Practices Group on Remote Audits, Edition 1 2020-04-16) on the subject actually cites the COVID-19 pandemic as one of the variety of reasons why an auditor may not be present on the site to complete an audit. This guidance recognises that current ICT tools (such as Zoom, MS Teams etc.) have made remote auditing a feasible option.
Given current circumstances in which social distancing and other restrictions are compulsory, auditing remotely presents a viable and more cost-effective option.
Naturally, there are pros and cons attached to this approach. Below we explore these for each of the fundamental components of the audit process.
Audit Entry / Exit Meetings – This is probably the least impacted component of an audit. Using commonly available on-line meeting tools, audit entry and exit meetings can work well, even including the sharing of documents or presentations.
Document Review – Again this component of an audit works well remotely, presenting a cost-effective alternative to getting everyone together in the same place to review documents that can easily be shared electronically.
Conducting interviews / discussions – This component works reasonably well in a remote format, although there is a loss of direct interaction with the workplace and getting a feel for the environment in which the auditee operates. Also, the ability to observe the reactions from several auditees in a room at the same time is weaker.
Site Inspections – this is probably the area most impacted by the use of virtual audits:
- From an auditee’s perspective there is more control – it presents an opportunity to better control the auditor from exploring or spotting red flags, as without being physically present the auditor can’t go off track in a messy corner of the workshop, or flick through the SDS folder past the one good example that was formally presented.
- From an auditor’s perspective the lack of an on-site presence has the potential to impact on their understanding of the organisation’s operations as a whole, and there is limited opportunity for free-reign exploration as detailed in the above point.
It should also be noted that virtual auditing is not without its inherent risks, most predominantly the risk of technology failure especially in more remote areas. Further, the virtual nature can stymy personal interactions and hinder the building of relationships (and potentially trust) between auditor and auditees.
Remote audits are more straight forward in organisations that use the technology on a day-to-day basis not only for meetings but also for internal remote site inspections as part of their assurance functions. If auditees are used to conducting Zoom or MS Teams as part of their normal business interactions, then conducting a remote audit is an easier transition.
Whether virtual or remote auditing becomes the new norm remains to be seen, however given current constraints from the COVID-19 pandemic are with us for the foreseeable future it is important not to put off audits indefinitely. As detailed above, there are pros and cons and some issues to manage, however with some planning and testing remote auditing is viable for many operations.
Having completed a number of this style of audit, QRMC is happy to share our thoughts as to how best plan for an effective audit process. Please contact us for more information.