Now, looking at the situation nowadays, many certification bodies have in place procedures in order to accomplish remote audit and are sometimes strictly requiring staff to work from home and banning staff travel. Clients are telling auditors not to come on site visits too. And as you now in many places, most businesses are legally prohibited from opening their doors.
As you know with ISO 19011:2018 this stuff is much more feasibile.
–remote auditing. Audits can now be fully and easily (and with much less costs involved) performed on-site, remotely or as a combination. (“On-site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other than the location of the auditee, regardless of the distance. Interactive audit activities involve interaction between the auditee’s personnel and the audit team. Non-interactive audit activities involve no human interaction with individuals representing the auditee but do involve interaction with equipment, facilities and documentation.”)
–virtual audits. “Virtual audits are conducted when an organization performs work or provides a service using an on-line environment allowing persons irrespective of physical locations to execute processes (e.g. company intranet, a “computing cloud” ;“A virtual audit follows the standard audit process while using technology to verify objective evidence”, this represents an opportunity for aligning auditing processes, sometimes perceived as “old-fashioned” by young startuppers as an up-to-date management and control process.
This is important because, when is feasible, postponing audit is definitely not recommended… the risk is having a terrible congestion of urgent audits in Autumn!! What about their future quality?
YES BUT…how to practically engage with off site auditing?
1. Talk with customers and auditees. It’s not just a matter of kindness, is NECESSARY to reinsure and make people involved in your audit schedule confident over the effectivness of this activity and on its results. Don’t forget that now more than ever people you’ll interview is working in pretty stressy situation! Don’t foget either to ask and try to combine the most favourable moments in order to perform the interview. Concentration, when not performing an on site audit and there fore no havong eye contact and physical interaction, is much less in such a situation and is decreasing very fast!
2. Plan the audit much more in advance…your audit schedule should be communicated timely (at least 2 wks). Sometimes firms are working with reduced time schedule and reduced staff: who and when is gonna answer your questions?Do it, especially if don’t know personally anyone in the structure you’are going to audit and neither you have a clue of the physical lay out of customer’s offices and facilities. And by the way, try to understand how many key roles are using smart working procedures.
3. Perform a pre audit risk assessment: in order to be feasibile the audit should take well into account the connected risks..You need to be clear and professional with all involved parties. Look at your audit plan: how many steps are risky according to elements such as, availabilty of key resources, poor IT infrastructure, slow internet connection, ? is everythong feasible or istead unfortunately there are no alternatives, the audit to be definitely postponed?
4. IT infrastructure and business continuity: it’s not just about company’s infrastructure, is also about yours! Have you timely defined with audited organization how this audit will look like? which supports are you going to use? Skype, Hangouts, ZOOM etc etc. everything is good when previously agreed and TESTED!!! don’t rely too much on technology and perfom a test beforehand. And by the way…do you have an alternative? In these days all the free and business platform are experiencing a dramatic overload…take care of some alternative when coonnecting with the auditee!!
5 Videos: Can we use videos ? Of course the answer is “yes.” But how well trained the personnel using the video equipment and technology are and what type of video you are going to use? and not just in terms of video capabilities. A lot of warehouses have security cameras that record and can be remotely controlled to focus in on different areas of the warehouse. If its live there is no problem at all. In facts, if someone from the client, righ during a dialogue/interview, is on-site and can send a live video feed back to the auditor for them to watch, that makes it easier to determine authenticity. You can also easily recognize the client location. Not the same can be true for recorded videos. Try to avoid them.
6. Collecting evidences: how are you going to echange and jointly view documents and files? Best, especially considering privacy and confidentiality, is having a sychronous procedure, so that all information are exchange real time onnly during audit time together and under the supervision of the auditees. Ideal is not using e mail but a temporary acces to a cloud area/partition especially meant for audit execution. Make sure the procedure you imagine is compliant with company’s privacy and confidentiality policies
7 Share with auditees your opinions/conclusions as much as possible. This will help their internal coimmunication (sometimes difficult nowadays) in timely clarifying and adressing non conformities/issues/corrective actions)
8. Update regularly the audited organization about the progress of your agenda and in possible problems in respecting the schedule. It takes much more time in a offsite audit to re-schedule an activity/interview.
9. Invest time and take special care of the initial meeting, in order to reassure everybody on audit schedule and fixing issues.
10. Previous audit non conformities and following corrective actions: take special care of them, well in advance. See till wich degree they can be addressed and verified using remote audit or if an onsite verification is mandatory.