REMOTE AUDITS WITH CREST ADVISORY AFRICA (CAA)
Consequent to the COVID-19 pandemic outbreak that the world is facing, we consider that being healthy and working safely is the primary goal. Nonetheless, this doesn’t mean that compliance to standards cannot be maintained.
To adjust to this situation, CAA has developed software, ISOLTX-GRC-A™, together with one of the Leading universities in South Africa and Subject Matter Experts (SME) with more than 250 years of combined knowledge and operational experience, for the following reasons:
- To assist organisations with the implementation of any ISO standard, or combination of ISO standards.
- To provide organisations the ability to give combined assurance to Top Management with regard to their Return on Investment (RoI)
- To serve as a repository for any type of evidence such as documents, CCTV Footage, Audio, Video etc.
- To enable remote audits and thus ensure the safety of auditors and staff involved in the audit, but at the same time ensure the client is maintaining its Management System or Systems
Figure 1: ISOLTX-GRC-A™- Drive Performance & Certainty
What Is Remote Audit?
Remote audit is the audit process done by auditor/s remotely from a location other than the physical location of the client. Basically, our auditors will be connecting with clients via technology communication means such as GoToMeeting, Webex, Skype, Zoom etc. In addition, livestreaming via phone apps (Facetime or WhatsApp) paired with headsets will also be options to facilitate the audit process.
The auditor will have access to the client’s ISOLTX-GRC-A™, which is cloud based. The software is username and password protected and keeps a full audit trail of anyone logging into it.
Not only can ISOLTX-GRC-A™ be used for external or third-party audits, but it is the perfect tool for continuous internal audits and informs the users and Top Management continuously of the maturity of the ISO or combination of ISO’s through dynamic dashboards.
Figure 2: ISOLTX-GRC-A™ Dynamic Dashboard
Why Should You Consider Remote Audit?
Considering the uncertainty caused by the pandemic, remote audit, through ISOLTX-GRC-A™, will enable you to:
- Keep up the regular schedule of audit
- Do audits with reduced costs (no travel & accommodation costs)
- Use technology to involve your team in the audit process
(All interviews, meetings, conversations etc. can be saved as evidence on ISOLTX-GRC-A™)
- Leverage the same network of professionals, auditors and experts
How to Initiate the implementation of ISOLTX-GRC-A™ and a Remote Audit?
All you have to do is to send a request to email@example.com and let us know that you are interested in the ISOLTX-GRC-A™ software and that you want to be audited through this approach. CAA will then consult with you on the way forward.
REMOTE AUDIT PROCESS
Pre-Audit Activities – Planning
CAA and the client shall plan/define prior to the remote audit the following:
- The list of activities, areas, information, and personnel to be involved in the remote audit
- A plan on how to review the information that cannot be shared remotely (e.g. confidential information). CAA will define how this will be dealt with (e.g. follow up audit)
- A good internet/Wi-Fi connection will be necessary
- The interface for hosting the audit (e.g. Go-To-Meeting, Zoom, etc.)
- Granting security and/or profile access to the auditor
- Testing interface compatibility between the auditor and the client
- Considering the use of webcams, cameras, etc.
- Time zone management to coordinate reasonable and mutually agreeable convening time
Audit Activities – Audit process
Auditor(s) will be connected with the client via viable pre-agreed connection means with voice and video. Audit team will review the evidences used to support the management system being audited and will conduct required interviews with the personnel involved in the certification audit scope. When applicable, site tours may be requested.
Post Audit Activities – Review of audit findings and CAA decision
Post audit activities for remote audits are identical to those of regular on-site audits. Audit report will be drafted by auditor specifying the methods used for remote audit. Once corrective actions (if any) are taken and validated, CAA will communicate the certification decision.
Rules to Follow While Conducting the Remote Audit
- The audit should be facilitated in a quiet environment whenever possible to avoid interference and background noise (i.e., speakerphones).
- Both parties should make their best effort to confirm what was heard, stated, and read throughout the audit
- The records required for the remote audit are the same as the records required when the audit is conducted on-site and should already be loaded on the ISOLTX-GRC-A™. This then serves as a centralised repository of all evidence
- Should an item not be able to be reviewed or complete determination not be able to be made, a record should be made.
- The auditor shall not video-record any communication during the audit unless agreed to by both parties.
- All remote audits shall be concluded with a summary, review of the events, issues of concerns, clarification of issues, non-conformities and expectations. This will all also be loaded onto ISOLTX-GRC-A™.
- Both parties need to take appropriate measures to safeguard data confidentiality in any format. ISOLTX-GRC-A™ can be set-up to prevent access to certain information when creating the user rights and the type of users.
If the CAA audit team concludes that the audit objectives cannot be achieved at any time during the remote audit, the remote audit activity will be terminated, and an on-site audit will have to be planned.