Effective use of remote audits

Tavaudit tools

Audit remotely? Is there an effective solution

Whether we have a management system certified by an independent certification body or a management system that operates only according to our own requirements (quality management, environmental management, information security system), the question is increasingly being asked: how can we keep our current audits while our staff work from home and reduce personal contact? Audits cannot usually be delayed, kept beyond one year, or areas of activity or standard requirements ignored. The solution remains to use telemedicine techniques effectively and efficiently!

When can telemedicine be used? 

It is very important to note that a remote audit can be conducted if and when the conditions are such that the results of the audit of the site or activity are the same as the results of the "on-site" audit. These aspects are supported by the ISO 19011 standard setting out guidelines for auditing management systems, which is applicable to quality management (ISO 9001), environmental management (ISO 14001), information security (ISO 27001) and other management systems. It is also increasingly used for audits initiated by customers, suppliers or other relevant external organisations.

Audit at a distance

What techniques can support remote audits from preparation through implementation to evaluation?

Preparation, planning

The first step may be to identify which activities, sites, organisational and operational characteristics are suitable for remote auditing and which can only be carried out by face-to-face examination. Our experience shows that with the right preparation, a significant part of the activities can be carried out efficiently and effectively with remote audit. The table (Hungarian version) below gives criteria for defining audit methods according to ISO 19011.

Another key part of the preparation is the review of documented information (policies, procedures, instructions, etc.). In this task, a special attention should be paid to the review of the home office (or remote working from home) rules, so that the telemonitoring can be conducted in the light of these requirements. On this basis, we can propose any necessary corrections, amendments or additions to the current regulatory documents.

When planning any audit, it is important to check whether there is a multi-shift working schedule, or an activity that requires availability beyond normal working hours (e.g. 7/24). In these cases, plan for such times in the remote audit!

In the case of multi-site audits, remote auditing techniques (interactive web-based collaboration; online meetings and/or electronic approval of client processes) can be used. Determine during the preparation phase which of these techniques will be used where!

For organisations with complex activities (manufacturing, trade, services combined), we recommend the certification exercise: we recommend that the duration of the remote audit should not exceed 50% (guideline) of the duration of the full on-site audit! When selecting the auditors and the audit team, it is appropriate to apply the usual criteria, but it may be advisable to consult with the parties concerned on the existence of the infrastructure conditions for the telemonitoring (necessary hardware, licences, access rights).

Performing an audit remotely

Implementation and evaluation of audit activities

During implementation and evaluation, audit administration tasks can be simplified. In the opening meeting, when finalising the form of communication, criteria can be provided to facilitate the identification and retrieval of the subject matter and the actors involved in remote audits (e.g. online invitations, shared document library, etc.). The results of the comparative evaluation of the audit evidence collected and the audit criteria should be included here:

  • compliance with audit criteria (conformity, compliance)
  • deviations (nonconformity, non-compliance)
  • identification of significant vs. minor differences
  • the development potential

The findings of the telemedicine audit should include whether and to what extent the telemedicine technique posed a risk. For example, it is recommended that if both electronic and paper document management are used in a service process, it should be indicated that only electronic documents were sampled. This does not reduce the effectiveness of the audit, but may be considered a tolerable risk and may be taken into account when planning subsequent annual audits (e.g. if paper documents are preferred for review).

Also an important element of implementation is the examination of the environment, with reference to the use of a camera instead of visiting the site, or supporting compliance or non-compliance by attaching photographs. For example, justifying the condition of warehouses, measuring and monitoring equipment with a photograph is fully compliant.

The documentation of the results does not change compared to the usual audits (the use of audit plan, audit note, audit report and discrepancy sheets is required), but in all cases electronic document references and applications can simplify the previous practice.

Do you need help with your telehealth?

In the past years, we have provided quality management, information security, environmental management and integrated management system development and implementation services to dozens of major multinational and domestic medium-sized and large enterprises on behalf of the business sector. These systems have been certified by certification bodies without deviation. Our senior consultants have decades of experience as auditors and management system certifiers in various certification bodies, so they are well versed in the requirements of certification, surveillance and renewal audits, and can effectively prepare the staff of the organisations for these.

Have a question? Contact us!