Fundamentals, potentials and risks
Remote Audits
You probably know from your own professional experience – the Corona crisis has set new waves of digitalization leading to a constant increase in virtual exchange. Topics such as working from home, e-learning and remote audits have become indispensable.
More and more companies and their employees are intensively dealing with different online tools that have already become daily companions. What does this digital exchange look like in audit practice?
We have summarized the advantages and disadvantages, the legal framework and technical requirements for conducting remote audits. Martin Fridl, qualityaustria Network Partner and Product Expert for Compliance Management Systems, ONR 192050, ISO 37001 and ISO 19600 presents the answers to your most important questions.
Frequently Asked Questions – Our Answers
What is a remote audit?
In a remote audit, the auditor is not present on-site at the audited company, but is in contact with you via audio, video and data exchange from a different location. This allows, despite physical distance, to carry out the audit process as planned, e. g. by reviewing the documents online or by checking the premises in a virtual inspection tour.
When is it permissible to perform audit activities remotely?
Here, it is important to make a distinction between service companies and production companies. In the first, audits can be carried out 100% remotely, whereas in the latter, only 30% of audit activities can be conducted remotely if the company’s focus is on production. A rule of thumb: everything that can be shown in presentations on-site can also be shown remotely! An initial certification, however, is the most challenging situation and may only be performed remotely in exceptional cases.
How are remote audits conducted?
Basically, remote audits are conducted just like regular audits – but supported by information and communication technology (ICT). The audit program is largely planned as usual: the auditor and client “meet online” to discuss the objectives, opportunities and risks as well as the sequence of the audit. In addition, some checks have to be carried out before the remote audit: first, to make sure that the technical equipment is functioning and second, to ensure that the audit team is qualified for conducting remote audits. In contrast to an on-site audit, the parties involved in remote audits are not physically present in one room but communicate Online, in real time or with time delay. For subsequent improvement of the audit program, so-called “Lessons Learned” are also identified for remote audits.
What are the benefits of remote audits for auditors and companies?
Especially during the COVID-19 pandemic, remote audits are advantageous as they provide a significant plus in flexibility despite all travel restrictions. This is particularly important for organizations with numerous national and international sites. The remote option allows conducting safe audits in accordance with the schedule while simultaneously saving on travel time and costs.
What are the risks when conducting remote audits?
As with on-site audits, success stands and falls with the auditors’ willingness to engage with the respective (virtual) environment. It is equally important to actively involve the audit partners. Furthermore, it is essential to create a dialogue and not to deliver monotonous presentations. In addition, it is necessary to have sufficient know-how about the technical equipment and technologies used and to meet the requirements for information security and confidentiality. These include, for example, security aspects related to privacy (data protection) and copyright issues (images, prohibition of recordings or screenshots of any type etc.)
What regulatory framework must be observed?
Even though the current pandemic situation requires the execution of remote assessments, there are legal aspects that need to be taken into account before performing an audit remotely. For example, not all communication and information tools are suitable for use in remote audits. General Regulations, such as the European General Data Protection Regulation (EU-GDPR) on the processing of personal data, also play a significant role with regard to data security.
Which technical requirements must be met?
For a remote audit, you need the appropriate hardware and software as well as sufficient know-how to use it. In addition to laptops, webcams or headsets, there are now numerous tools designed for online dialog, screen sharing or team work. It is also advisable to use reliable cloud services for transferring data and media.
Which principles apply to remote audits?
For remote audits, the principles of auditing– as defined in ISO 19011 – Guideline for auditing management systems, and which also provide the basis for risk assessment, apply:
- Integrity
- Fair presentation
- Due professional care
- Confidentiality
- Independence
- Evidence-based approach
- Risk-based approach
Are remote audits the future?
Certainly the number of remote audits will increase in future – especially for internal audits. Nevertheless, remote audits can only be a good alternative to on-site audits but can or should never replace them entirely.
In conclusion, this means that a remote audit offers new opportunities but also has its limitations; depending on the individual situation and the respective needs, it is important to weigh whether a remote audit is a suitable method for conducting the audit. However, the digital transformation and shift to virtual methods due to the current crisis indicate that remote audits will continue to accompany our daily business in the future.
International training program