Remote Auditing: The Future Is Now


Unfortunately, this video cannot be played back due to your data protection setting. You can change your settings here at any time.
FAQ
Jump to a Topic
Audit Preparation & Audit TIme
- At what point would a business know if their auditor is familiar enough with the business practices that are being audited if they have no prior knowledge of our industry?
- Do you recommend processing confidentiality agreements with the auditee ahead of time?
- Would there be some type of rehersal to ensure the remote audit will go smoothly?
- How is the audit time calculated? Will extra time apply for remote audits?
- Is there a clause in any of the standards that forbids remote audits?
- Due to COVID-19, what exceptions will be made, if any, to maintain or renew ISO 9001 certification?
- Should internal audit frequency increase if certification audits are conducted remotely?
- When the documents are provided to the auditor in advance, does that reduce the amount of audit time?
- Is there specific auditor qualification required for remote auditing?
- For multiple sites, would each location have to undergo a separate risk assessment?
- Is there a checklist to help with preparation and planning?
If the audit is for an accredited certification audit, Certification Bodies are obligated to assign auditors that have prior knowledge of the client's industry, and in particular have experience to audit the scope of clients activities. The client can and should interview auditors prior to an audit.
Yes, all certification audits are typically done under confidentiality agreements.
Organizations may opt to conduct rehersal audits or a readiness review to ensure that future audits go smoothly.
Remote Auditing should not take extra time over an on-site audit if planned properly .This means there are no extra delays during the audit due to technical or logistical issues.
No standard forbids remote auditing, but some may require some on-site audits in addition to the remote audits.
IATF and accreditation bodies around the world have developed extensive Q&A on this topic.
ANAB has also issued a Heads Up document.
There is no need specific requirement for this, but if the organization feels this will help maintain and improve their system, there is nothing forbidding it either.
Asynchronous review of audit material before or after a Remote Audit counts towards the audit duration.
The typical minimum requirements for the standard and scope apply for Remote Audits. Additionally, for ICT competence, DEKRA has a internal training and credentialing process.
DEKRA will conduct a risk assessment for each audit event, so a plan will need to be provided and approved for each.
Yes, DEKRA will share our planning checklist with our clients prior to the remote audit.
Auditor Qualifications & Challenges
- What are some of the biggest challenges that you expect to encounter with remote auditing?
- What will happen if you run into an issue during a remote audit that would require you to review something that can only be reviewed on-site?
- At what point would a business know if their auditor is familiar enough with the business practices that are being audited if they have no prior knowledge of our industry?
- What is the expectation for how audit evidence should be provided to the auditor?
- During a remote audit, what is a typical sample size in reviewing their QMS processes?
- Are all auditors who have been doing regular on-site audits going to be trained to do remote audits?
- Is there specific auditor qualification required for remote auditing?
- Would difficulties such as a hearing impairment affect the ability to conduct virtual audits?
- Meeting and exceeding client objectives and satisfaction
- Inexperience of individuals to be audited in a remote methodology
- Auditee(s) not preparing in advance for a Remote Audit,
- IT challenges due to bandwidth, or connectivity
The audit may need to postponed, and decision recorded accordingly.
If the audit is for an accredited certification audit, Certification Bodies are obligated to assign auditors that have prior knowledge of the client's industry, and in particular have experience to audit the scope of clients activities. The client can and should interview auditors prior to an audit.
In order to have an effective Remote Audit, documented information should be in digital format that can be accessed by the auditor during the audit.
It depends on the size and scope of the audit. Justifications should be provided according to how the sampling meets the intent.
All of DEKRA’s auditors who are interested in conducting Remote Audits have been trained to conduct Remote Audits.
The typical minimum requirements for the standard and scope apply for Remote Audits. Additionally, for ICT competence, DEKRA has a internal training and credentialing process.
A risk assessment is conducted prior to the remote audit, which would determine if any situation would not allow for the audit to reach the audit objectives. Specifics should be discussed prior to the audit.
Documentation
- When uploading documentation, would the content be uploaded to the remote auditor's environment?
- What is the expectation for how audit evidence should be provided to the auditor?
- Do we need to consider some specifics regarding the documentation for this kind of audit?
- Is there a clause in any of the standards that forbids remote audits?
- How does DEKRA manage the increased security risks of remote auditing?
- When the documents are provided to the auditor in advance, does that reduce the amount of audit time?
- Can screenshots or recordings be saved as observations?
- Is there a checklist to help with preparation and planning?
The documents should be shared in the client's preferred environment with proper security measures, such as a safe and secure online FTP site. Clients should feel comfortable that their data is safe and used for the audit purpose only, and that there is no record retention by external parties.
In order to have an effective Remote Audit, documented information should be in digital format that can be accessed by the auditor during the audit.
All documented information revelant to your processes should be considered for Remote Auditing.
No standard forbids remote auditing, but some may require some on-site audits in addition to the remote audits.
For each Remote Audit , we conduct a risk assessment with the client. All security issues need to be addressed and agreed upon by both the client and DEKRA.
Asynchronous review of audit material before or after a Remote Audit counts towards the audit duration.
Screenshots/screen captures should not be taken without the client's explicit consent. Generally, remote audits should not be recorded.
Yes, DEKRA will share our planning checklist with our clients prior to the remote audit.
Technology & Tools
- What are some of the biggest challenges that you expect to encounter with remote auditing?
- When uploading documentation, would the content be uploaded to the remote auditor's environment?
- What is the expectation for how audit evidence should be provided to the auditor?
- Would there be some type of rehersal to ensure the remote audit will go smoothly?
- How does DEKRA manage the increased security risks of remote auditing?
- When the documents are provided to the auditor in advance, does that reduce the amount of audit time?
- Is there specific auditor qualification required for remote auditing?
- Can screenshots or recordings be saved as observations?
- How do you handle worker interviews remotely?
- Would difficulties such as a hearing impairment affect the ability to conduct virtual audits?
- Meeting and exceeding client objectives and satisfaction
- Inexperience of individuals to be audited in a remote methodology
- Auditee(s) not preparing in advance for a Remote Audit,
- IT challenges due to bandwidth, or connectivity
The documents should be shared in the client's preferred environment with proper security measures, such as a safe and secure online FTP site. Clients should feel comfortable that their data is safe and used for the audit purpose only, and that there is no record retention by external parties.
In order to have an effective Remote Audit, documented information should be in digital format that can be accessed by the auditor during the audit.
Organizations may opt to conduct rehersal audits or a readiness review to ensure that future audits go smoothly.
For each Remote Audit , we conduct a risk assessment with the client. All security issues need to be addressed and agreed upon by both the client and DEKRA.
Asynchronous review of audit material before or after a Remote Audit counts towards the audit duration.
The typical minimum requirements for the standard and scope apply for Remote Audits. Additionally, for ICT competence, DEKRA has a internal training and credentialing process.
Screenshots/screen captures should not be taken without the client's explicit consent. Generally, remote audits should not be recorded.
We will use technology, such as video conferencing, to handle interviews.
A risk assessment is conducted prior to the remote audit, which would determine if any situation would not allow for the audit to reach the audit objectives. Specifics should be discussed prior to the audit.