BEFORE THE AUDIT
- Ensure that there is a robust CDA in place. This may be covered by the CDA between the client and the auditee (since we are acting as representatives of the client) or the auditee may require a specific CDA with Tower Mains. The CDA must allow us to keep confidential notes and report confidential information to the client, but only to the extent necessary to fulfil the audit.
- Request information about the auditee’s Quality Management System.
a) Ideally, this would be read-only access to their entire quality management system, which is increasingly provided by some organisations.
b) If full access is not allowed, ask for an index of policies, procedures, instructions, standard forms, organisation structures etc and request copies of the most important documents in advance of the audit. It is useful to create a secure folder for sharing such documents (we can do this on request).
- Request information (from the client) about work performed currently or previously, if applicable, and any audits or other feedback on its conduct.
- Prepare and agenda for submission to the auditee including any presentation you would like them to give (such as an introduction to their organisation) and interviews you wish to conduct.
a) The timing of these can be more flexible than an on-site audit since there is no travel involved. The audit might cover, for example, four half-days rather than two full days. This can be useful when there is a considerable time difference, e.g., Australia or California.
b) Consider sending a questionnaire or list of important topics so that they can prepare responses.
- Test video conferencing in advance. A useful approach can be to set up a call with the auditee to discuss the audit.
a) If possible, also test screen sharing in case you require the auditee to demonstrate a system or provide sight of a document that cannot be provided directly to you. It is better to have unsupervised access to documents but some auditees will not allow this.
DURING THE AUDIT
- Hold an opening meeting with the same aims and content as a face-to-face audit.
- Generally, there is little difficulty conducting interviews and you should request confidential copies of any presentations they provide.
- Observing facilities is difficult. You may request a ‘video tour’ but this has limitations and many auditees will decline.
- Auditing reports and output is straightforward if the source records are electronic. Auditing when there is paper source becomes more difficult and may be impracticable. Approaches that can be considered include:
a) Ask for access to scanned copies
b) Ask the auditee to read back information from the source(e.g., “Can you tell me who made the observation and at what time”?)
c) Get the auditee to hold the source in front of a camera.
- Closing meeting is held as normal. You should note any limitations of performing the audit remotely that might impact on the reliability of your observations.
- Remote audits can only be successful if the auditee is co-operative. Success requires obtaining commitment before the audit and this should be confirmed at the opening meeting.
- Factors that may prevent a remote audit or cause it to be abandoned include:
a) Difficulty obtaining access to documentation;
b) Delays caused by unavailability of people and materials;
c) Inadequate communication systems (e.g., poor internet connection at the auditor’s or auditee’s end;
d) Generally, remote audits are not suitable for high risk and for-cause audits unless the auditor has full, unsupervised access to documents and records.
This is the “top-level” guidance on remote audits.