1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Gauging Readiness for Virtual Audit

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Niko90, May 28, 2020.

  1. Niko90

    Niko90 Member

    Joined:
    Oct 12, 2016
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    2
    Location:
    Tagaytay, Philippines
    Good day! I hope everyone is safe and healthy. Because of the Pandemic, our organization is exploring remote audits for our Internal Quality Audit (and later on, with our CB). Since this is the first time that we will be doing this, we wanted to gauge our readiness for it. To do this, one of my colleagues developed a poll (with pre-determined answers) to be answered by the different process owners. My problem with the said poll is that it is gauging a department's readiness for remote audit but is only asking if they have certain documents (1. documented procedure, 2. Our matrix of actions on risks/opportunities, and 3. objectives). You are 100% ready if you have all of those prepared, 75% if you lack one, 50% if you have at least one prepared and 25% if you have none at all. I told him that it is dangerous to assume that DOCUMENTATION = READINESS. I'm bothered that his poll did not factor in the IT infrastructure, minimum health standards/policies, suitable environment, etc. Later on, he replied and told me that the things that were not factored in can be incorporated in the documents mentioned in the poll. I clarified to him that these should be separate items to be assessed as they are not elements that can be shoe-horned in at the last minute!

    Alas, before I ramble on even further, I am stitching up my own tool to gauge readiness for remote audits. So far I'm considering four points to look into.
    1. IT infrastructure (internet connectivity as some sites have poor connection, availability of appropriate hardware)
    2. Internal policies. (up to what extent? consensus on what platform will be used? How will it mesh with our current work-from-home set up?)
    3. Contingencies (what to do in case connection is disrupted)
    4. Data privacy

    This has been very long but I would like to hear if anyone who would like to add anything that I should consider? Thank you very much.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,064
    Likes Received:
    2,545
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    tony s and yodon like this.
  3. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    197
    Likes Received:
    114
    Trophy Points:
    42
    I completely agree that documentation doesn't describe readiness... but there is an aspect that should be considered: availability to the auditee / the ability to present evidence. If, for example, all records are hardcopies in a vault somewhere (and yes, I was being somewhat facetious), will auditees have access to them AND be able to efficiently present them to the auditor (for example, if hardcopy records need to be scanned to make an electronic copy, that will burn audit time).

    Your point about data privacy is spot on. Reference the issues with Zoom - if that's the technology used, ensure you use password access (may not be the right term) meetings only.

    By the way, I just heard a report that one ISO auditor questioned the effectiveness of the remote internal audit. He "raised concerns" but didn't elevate to a finding. Silly, right?!? But it makes sense to think things through a bit. If, for example, your business is manufacturing, a remote audit may not be effective in assessing some of those aspects. You may want to update to your audit planning in consideration of some of these things.
     
    Andy Nichols likes this.
  4. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,348
    Likes Received:
    1,050
    Trophy Points:
    112
    Location:
    Laguna Philippines
    As Andy suggested: "practice, practice, practice". After considering a lot about remote audits, perform a pilot run on one of your close colleagues' process in your organization (I'm assuming that not all of your co-employees are working from home). Perform what you have planned for, go through with the practice remote audit, and take a note on the things that you find advantageous and those that are not so good for a remote audit.
     
    yodon and Andy Nichols like this.
  5. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    812
    Likes Received:
    399
    Trophy Points:
    62
    my experience: remote audits work best with very detailed planning. Who will be involved with what areas? What docs will be needed for evidence? Have the docs ready to be shared as applicable. A platform which allows screen sharing is helpful and much of what we do these days isn't paper "docs."
     
    tony s likes this.
  6. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    509
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good day @Niko90 ;
    In my opinion, the best option for you and your organization (including process owners/leadership?) is to all review the presentation via the link provided by @Andy Nichols above. I have viewed this presentation and highly recommend it. It is free, and should answer all of your questions.

    Hope this helps.

    Be well.
     
    Andy Nichols likes this.