What is remote auditing?
In the first of two articles gives an overview of remote auditing and what it can offer you
In a world of wireless internet access, satellite phones and video conferencing, it is now possible to audit an organization, department or a supplier halfway across the world without leaving your office. Remote audits offer the possibility of significant time and cost savings, yet many auditors seem to remain wary of an approach that means they are not physically present at a location.
However, many of the concerns voiced about remote auditing are similar to those of traditional onsite audits and, when offsite audting is considered as an addition to the auditors’ toolbox, it can offer a variety of benefits.
Part of the toolbox
An audit is essentially the gathering of information relevant to specified objectives, scope and criteria. This information is most frequently gathered in the form of interviews, document reviews and through observation of processes or people. Traditional audit methods have involved visiting the auditee in order to carry these out but now through e-technology, some can be done remotely.
A single audit can involve four distinct methods including remote non-interactive methods, such as accessing data for a document review, and local interactive methods, such as visiting the site to perform interviews as shown in table 1.
Table 1: Four main auditing methods
| Local | Remote | |
| Interactive | Present at the audit location and getting information from an auditee | Off-site and getting information from an auditee |
| Non-interactive | Present at the location and getting information from document review or observation | Off-site and getting information from document review or observation |
This does not mean that all audits should be completed wholly remotely. Although it is possible, there may be overwhelming issues that preclude all remote activity. More importantly it offers auditors a way of maximizing their resources, particularly in the planning stages of an audit.
For example, if you were auditing a financial services company against ISO 9001 you might decide, as the bulk of the audit will focus on electronic data, to spend 60 per cent of your time performing a remote non-interactive audit accessing electronic documentation of plans, procedures and processes via the internet. Next you could dedicate 20 per cent of your time to a remote interactive audit, performing telephone or video interviews with staff to gain information. After doing the bulk of the audit remotely you could then visit the site and split the remaining 20 per cent of time performing non-interactive observations and face-to-face interviews. So, for 80 per cent of such an audit you do not need to physically be at the auditee’s location to gain the same amount of information.
In contrast, for a chemical manufacturing plant being assessed against ISO 14001, you could start off by dedicating five per cent of your time to remotely interviewing staff, then spend 15 per cent performing a remote document review and 80 per cent on site. First you ask staff what the organization’s environmental policy is, then assess this against the company’s actual documents before you visit and observe how the plant actually works on a day-to-day basis.
Greater access 
One of the most obvious benefits of remote auditing is the ability to access locations that would otherwise be expensive or difficult to get to. For example, a third-party or supplier auditor assessing a shipping company for certification can visit a ship in dock but not while it is in transit, neither can one easily gain access to an oil rig in the middle of the Atlantic. Using technology such as webcams or video phones can allow an auditor to see what is happening thousands of miles away in a situation that may be too risky or difficult to visit in person. That said, other issues such as the security of the internet connection and feed must also be taken into consideration. All such issues should be addressed in the planning phase.
For internal auditors, especially those in large global organizations, remote auditing offers the chance to avoid costly and lengthy trips away from their office. Internal auditors can use another member of staff in the audit location as a surrogate auditor, to help them perform audits. The auditor can request the staff member to visit the locations that he or she would visit with a webcam and perform the necessary tests. For example, if the auditor worked for a cider company and needed to know the quality of fruit trees at an orchard he could have his surrogate go out into the orchard and show him the trees via a live and continuous transmission.
In such cases it is crucial for the organization to first put in place a code of practice. In this code the company must define the roles of the different parties involved in the audit, including the local staff member who will be helping the auditor and the auditees themselves. You must also include contingency plans in case anything goes wrong with the audit or technology. If a phone line goes down, an internet connection is broken or something at the site interrupts the audit, it must detail the next step.
About the author
Colin MacNee is a quality management consultant and internal assessment focal point at IBM. He is also a member of ISO/TC 176 WG 16 and has been involved in the latest revision of ISO 19011
- ISO 17021-2: what will it mean?
- Auditing for the 21st century
- What is remote auditing?
- Good for your health
- How to tackle HR
- A matter of scope
In issue 27 of INform, Colin will examine the variety of technologies available to help perform remote audits, their benefits and drawbacks