Have a Question?
< All Topics
Print

Remote Auditing

Posted
Updated
Byadmin

Assurco has an established Remote Auditing Procedure to ensure an established structured and consistent approach for conducting remote audits within Assurco’s Certification Management System.  

Remote auditing enables flexibility and efficiency while maintaining the integrity and reliability of audit outcomes, however we must ensure that all remote audits comply with international standards, safeguard impartiality, and uphold confidentiality. There are also associated risks with remote methods that need to be mitigated an kept under review.

Can I Have a Remote Audit?

Remote auditing may be used when circumstances such as geographical constraints, health and safety considerations, or client preference make on-site audits impractical, provided that the audit objectives can still be achieved effectively

Our office team will consider this at the application stage and before all other audits are conducted to ensure that remote auditing is appropriate. We may change on onsite audits are any time, if we believe the audit objectives can not be met remotely.

Types of Remote Audit

Remote Audit: An audit conducted without full on-site presence, using ICT tools to gather evidence and interact with auditees. 

Hybrid Audit: A combination of on-site and remote activities, where certain elements (e.g., document review) are performed remotely and others (e.g., physical inspections) on-site. 

ICT (Information and Communication Technology): Tools such as video conferencing platforms, secure file-sharing systems, and remote access applications used to facilitate remote audits. 

Responsibilities During Remote Audits

Role Responsibilities 
Audit Team Leader  Plans and executes remote audits, ensures ICT suitability, verifies auditor competence.              
Auditors             Apply remote auditing techniques effectively, maintain confidentiality, ensure evidence integrity. 
Technical Support Provides ICT setup, troubleshooting, and secure connectivity. 
Client Organisation Grants access to systems, documents, and personnel; agrees to remote methods and security measures. 

Pre-Audit Planning 

1. Feasibility Assessment 

During the application process, and at each audit stage, Assurco will Assess whether remote auditing is appropriate by considering: 

  • Audit scope and complexity. 
  • Risks such as connectivity issues and data security. 
  • Competence of audit team and auditee in ICT use. 
  • Legal or contractual restrictions. 

2. Agreement with Client 

Clients must agree: 

  • ICT platforms and backup communication methods. 
  • Confidentiality and data protection measures. 
  • Permissions for recordings/screenshots, if required. 

3 Audit Plan 

The following information can be found in the audit plan and/or the calendar appointment with the client: 

  • Objectives, scope, and criteria. 
  • Dates, times, and time zones. 
  • ICT tools and contingency plans. 
  • Roles and responsibilities. 
  • Identification of remote and on-site activities. 

Conducting the Audit 

1 Opening Meeting 

An opening meeting will be conducted via video conference and will include all relevant aspects of the Opening and Closing Meeting Procedure. 

2 Audit Activities 

Remote audit activities may include: 

  • Document review via secure file-sharing or screen-sharing. 
  • Interviews via video conferencing. 
  • Observation using live streaming or drones. 
  • Verification of digital twins or virtual models. 

Auditors are reminded of the importance of making decisions based on objective evidence from a representative sample of records. 

Confidentiality 

It is essential to maintain confidentiality by only using encrypted platforms, restrict access to authorised participants, and securely store shared data.   

Audit Reporting 

Where an audit is conducted remotely, the audit report will include the following: 

  • Remote methods used and their effectiveness. 
  • Limitations encountered and mitigation measures, if any. 
  • ICT tools and security measures. 
  • Declaration of confidentiality and impartiality. 

Competence Requirements 

In accordance with the Assurco Competence System, our auditors must demonstrate: 

  • Knowledge of remote auditing techniques. 
  • Ability to manage ICT tools securely. 

Risk Management 

Remote auditing risks are addressed within the Assurco Risk Register and reviewed regularly. 

In addition, any audit specific risks should be reported to the office and addressed. 

References 

  • ISO/IEC TS 17012:2024 
  • ISO 19011:2018 
  • ISO/IEC 17021-1 
  • IAF MD 4:2025 
  • Assurco Certification Management System 
Table of Contents