Since companies have to maintain their certification and the provision for ICT auditing or remote auditing is already there is the auditing standards, but was never practiced extensively by certification bodies. Now due to COVID19; the accreditation and certification bodies are moving towards the remote audits in order to help clients to maintain their management system certifications. I attended a live session organized by SGS International on remote auditing. The session was presented by Jonathan Hall (Global Head, Certification, SGS), Marray Milton (Audit Manager, SGS), and Chris Trott (Global Governance Manager, SGS).
Therefore some important points from the session, and some points from my own understanding of the issue by reading different sources, are presented below:
– A remote audit is same as the actual on-site audit, but since the process is new and involve the use of technology; training sessions and comprehensive planning on the part of certification bodies is required to conduct remote audits.
– A remote audit can be conducted with use of multiple communication channels, for example:
* Phone for discussing the plan and any other disruptions during audit
* Email for documentation review
* Web conferencing for opening meeting, closing meeting, interviews and other discussions with top and middle management
* Video call through ICT applications for site inspection
– The audit plan plays a vital role for successful remote audits, everything needs to be well planned out there, during disruptions in an audit, for instance connectivity issue, the audit plan can be modified.
– Information security is an important issue here, using applications where information security is not that stringent, raises concerns and therefore it should be assessed by the certification bodies for the clients.
– In order to ensure information security, some certification bodies have their own ICT audit applications. Also, since information security is important, client can invite the auditors on their own communication platform, if they have any.
– The steps for auditing is same, the process should start from remote audit planning and assessment of available ICT options, scheduling remote audits with the client, communicating with client on logistics and technology to be used in the audit, asking the client to prepare and submit documents for review, after the client submits documentation, audit has to be conducted, and finally the client is provided with an audit report, and the client needs to correct any non-conformity, and receive the certificate (if applicable).
– Where needed and unavoidable, partial remote audits can be done, whereas some physical onsite audit can also be allocated in the plan.
– Some certification schemes have not agreed with the remote auditing protocols yet, these are IATF 16949, food safety management system, SA 8000 etc.
– Client has to ensure there are personals available for communication and facilitation of audits throughout the execution of entire audit plan.
– As some certifications will require a site inspection, for that case, clients have to arrange a portable mobile camera or web camera, and facilitate the auditor to inspect the site by walking through it.
– Internet connection will be a mandatory requirement for remote audits, a test should be conducted on available ICT applications before the commencement of audit. In-case of internet connection failure, other communication channels for example telephones should be available to communicate and reschedule that part of the audit where needed.
Remote Auditing is the way forward!
As the area of remote auditing is new, since it was not practiced by certification bodies, but the need and importance of remote of auditing should never be undermined. As many accreditation bodies are moving towards remote auditing and also many schemes already opting towards remote auditing, other schemes have to look for a hybrid model of remote and onsite audits.
With the changing dynamics, and with the use technology, it is also true many experienced auditors as well as clients are facing the challenge and not well prepared for it. But it is high time to realize the importance of remote auditing as it is the way forward, and companies can request quality audits remotely. In the future, many other secured web applications will also be there to facilitate this area. Therefore it is highly recommended for companies and certification bodies to move smoothly towards remote audits to save time, cost and to improve efficiency while also keeping information security intact.
Exoexcellence consultants can offer 1st party and 2nd party remote audits for any management system standard or any other criterion provided by client. Please contact us info@exoexcellence.com
