It is well known that COVID-19 has pushed many organizations to drive their auditors and the compliance teams adopt the right technology to perform remote audits. While remote audit techniques are similar to those of traditional audits, they leverage electronic means to obtain audit evidence for evaluations. The way or the procedure for remote audits depends on the business function and the operational procedures. For example, for manufacturing processes or product storage, remote audits can be done with the help of live/surveillance video to gather the necessary audit evidence.
Conducting a Remote Audit
To adapt to the Remote Audits, organizations must have a thorough knowledge of how these audits are conducted. Below are some steps followed by an auditor/auditee for conducting an ideal Remote Audit:
- The auditee must dedicate one or two personnel to the audit over the designated period.
- The auditor must request information from the auditee prior to the start of the remote audit, which includes procedures, quality manuals, complaints log, non-conformances log, CAPA log, deviation log, master validation plan (MVP) and other information in PDF or another searchable format for off-site review. The auditor must ensure data privacy.
- If the auditee does not make the documents available for the auditors’ review, then the documents and records must be shown via video conferencing tool.
- For video conferencing, both parties must agree on the technology to be used.
- The meeting invitations must be sent giving ample time for each party to plan conferencing.
- In the case of manufacturing processes and product storage, the auditor may request a virtual tour by the auditee.
- Audit plans and agenda must be scheduled.
- Closing meeting must be held via video conferencing tool.
Tips to Implement Remote Audit
If you are trying to implement remote audits for your organization for the first time, here are a few suggestions to support the transition:
- Define the scope, purpose, requirements, timing and method before the audit.
- Security-enhanced technologies such as VPNs, password-protected documents, encrypted data and Public Key Infrastructure (PKI) must be adopted to mitigate the risk of network attacks.
- An onsite facilitator must be appointed to manage audit logistics and resolve any technology-related complexities.
- Build rules to engage between the organization and the compliance/audit team.
- Streamline the flow of communication by providing status updates between defined points of contact.
- Arrange audits in a way that the activities do not disturb the workflows.
- Regular check-in times must be scheduled with the auditors to assess the progress.
As the above-mentioned points are just a high-level focus points on remote audits, organizations must go much deeper to understand them; like the comprehensive 3-stage risk-based approach that the industry is following. For more information on remote audits and the compliant approach, consult a proven compliance partner. Be compliant all through.