Remote Auditing: The Future Is Now

Remote AUditing Webinar
Remote AUditing Webinar

Unfortunately, this video cannot be played back due to your data protection setting. You can change your settings here at any time.

Open video external

Downloads

FAQ

Jump to a Topic

Audit Preparation & Audit TIme

At what point would a business know if their auditor is familiar enough with the business practices that are being audited if they have no prior knowledge of our industry?

If the audit is for an accredited certification audit, Certification Bodies are obligated to assign auditors that have prior knowledge of the client's industry, and in particular have experience to audit the scope of clients activities. The client can and should interview auditors prior to an audit.

Do you recommend processing confidentiality agreements with the auditee ahead of time?

Yes, all certification audits are typically done under confidentiality agreements.

Would there be some type of rehersal to ensure the remote audit will go smoothly?

Organizations may opt to conduct rehersal audits or a readiness review to ensure that future audits go smoothly.

How is the audit time calculated? Will extra time apply for remote audits?

Remote Auditing should not take extra time over an on-site audit if planned properly .This means there are no extra delays during the audit due to technical or logistical issues.

Is there a clause in any of the standards that forbids remote audits?

No standard forbids remote auditing, but some may require some on-site audits in addition to the remote audits.

Due to COVID-19, what exceptions will be made, if any, to maintain or renew ISO 9001 certification?

IATF and accreditation bodies around the world have developed extensive Q&A on this topic.

ANAB has also issued a Heads Up document.

Should internal audit frequency increase if certification audits are conducted remotely?

There is no need specific requirement for this, but if the organization feels this will help maintain and improve their system, there is nothing forbidding it either.

When the documents are provided to the auditor in advance, does that reduce the amount of audit time?

Asynchronous review of audit material before or after a Remote Audit counts towards the audit duration.

Is there specific auditor qualification required for remote auditing?

The typical minimum requirements for the standard and scope apply for Remote Audits. Additionally, for ICT competence, DEKRA has a internal training and credentialing process.

For multiple sites, would each location have to undergo a separate risk assessment?

DEKRA will conduct a risk assessment for each audit event, so a plan will need to be provided and approved for each.

Is there a checklist to help with preparation and planning?

Yes, DEKRA will share our planning checklist with our clients prior to the remote audit.

Auditor Qualifications & Challenges

What are some of the biggest challenges that you expect to encounter with remote auditing?

  • Meeting and exceeding client objectives and satisfaction
  • Inexperience of individuals to be audited in a remote methodology
  • Auditee(s) not preparing in advance for a Remote Audit,
  • IT challenges due to bandwidth, or connectivity

What will happen if you run into an issue during a remote audit that would require you to review something that can only be reviewed on-site?

The audit may need to postponed, and decision recorded accordingly.

At what point would a business know if their auditor is familiar enough with the business practices that are being audited if they have no prior knowledge of our industry?

If the audit is for an accredited certification audit, Certification Bodies are obligated to assign auditors that have prior knowledge of the client's industry, and in particular have experience to audit the scope of clients activities. The client can and should interview auditors prior to an audit.

What is the expectation for how audit evidence should be provided to the auditor?

In order to have an effective Remote Audit, documented information should be in digital format that can be accessed by the auditor during the audit.

During a remote audit, what is a typical sample size in reviewing their QMS processes?

It depends on the size and scope of the audit. Justifications should be provided according to how the sampling meets the intent.

Are all auditors who have been doing regular on-site audits going to be trained to do remote audits?

All of DEKRA’s auditors who are interested in conducting Remote Audits have been trained to conduct Remote Audits.

Is there specific auditor qualification required for remote auditing?

The typical minimum requirements for the standard and scope apply for Remote Audits. Additionally, for ICT competence, DEKRA has a internal training and credentialing process.

Would difficulties such as a hearing impairment affect the ability to conduct virtual audits?

A risk assessment is conducted prior to the remote audit, which would determine if any situation would not allow for the audit to reach the audit objectives. Specifics should be discussed prior to the audit.

Documentation

When uploading documentation, would the content be uploaded to the remote auditor's environment?

The documents should be shared in the client's preferred environment with proper security measures, such as a safe and secure online FTP site. Clients should feel comfortable that their data is safe and used for the audit purpose only, and that there is no record retention by external parties.

What is the expectation for how audit evidence should be provided to the auditor?

In order to have an effective Remote Audit, documented information should be in digital format that can be accessed by the auditor during the audit.

Do we need to consider some specifics regarding the documentation for this kind of audit?

All documented information revelant to your processes should be considered for Remote Auditing.

Is there a clause in any of the standards that forbids remote audits?

No standard forbids remote auditing, but some may require some on-site audits in addition to the remote audits.

How does DEKRA manage the increased security risks of remote auditing?

For each Remote Audit , we conduct a risk assessment with the client. All security issues need to be addressed and agreed upon by both the client and DEKRA.

When the documents are provided to the auditor in advance, does that reduce the amount of audit time?

Asynchronous review of audit material before or after a Remote Audit counts towards the audit duration.

Can screenshots or recordings be saved as observations?

Screenshots/screen captures should not be taken without the client's explicit consent. Generally, remote audits should not be recorded.

Is there a checklist to help with preparation and planning?

Yes, DEKRA will share our planning checklist with our clients prior to the remote audit.

Technology & Tools

What are some of the biggest challenges that you expect to encounter with remote auditing?

  • Meeting and exceeding client objectives and satisfaction
  • Inexperience of individuals to be audited in a remote methodology
  • Auditee(s) not preparing in advance for a Remote Audit,
  • IT challenges due to bandwidth, or connectivity

When uploading documentation, would the content be uploaded to the remote auditor's environment?

The documents should be shared in the client's preferred environment with proper security measures, such as a safe and secure online FTP site. Clients should feel comfortable that their data is safe and used for the audit purpose only, and that there is no record retention by external parties.

What is the expectation for how audit evidence should be provided to the auditor?

In order to have an effective Remote Audit, documented information should be in digital format that can be accessed by the auditor during the audit.

Would there be some type of rehersal to ensure the remote audit will go smoothly?

Organizations may opt to conduct rehersal audits or a readiness review to ensure that future audits go smoothly.

How does DEKRA manage the increased security risks of remote auditing?

For each Remote Audit , we conduct a risk assessment with the client. All security issues need to be addressed and agreed upon by both the client and DEKRA.

When the documents are provided to the auditor in advance, does that reduce the amount of audit time?

Asynchronous review of audit material before or after a Remote Audit counts towards the audit duration.

Is there specific auditor qualification required for remote auditing?

The typical minimum requirements for the standard and scope apply for Remote Audits. Additionally, for ICT competence, DEKRA has a internal training and credentialing process.

Can screenshots or recordings be saved as observations?

Screenshots/screen captures should not be taken without the client's explicit consent. Generally, remote audits should not be recorded.

How do you handle worker interviews remotely?

We will use technology, such as video conferencing, to handle interviews.

Would difficulties such as a hearing impairment affect the ability to conduct virtual audits?

A risk assessment is conducted prior to the remote audit, which would determine if any situation would not allow for the audit to reach the audit objectives. Specifics should be discussed prior to the audit.

General contact form

Your issues and feedback are important to us. We look forward to hearing from you.

Contact form
Contact