SBS - The Best Value in QMS software

ISO 19011 - Remote Auditing

S

supermac

#1
I would like to make folks aware of the possibility of remote auditing. Using Information Communication Technology (ICT) to facilitate particularly internal audits. In the 2011 edition of ISO 19011 you will find that the slavish 'on-site' paradigm has been diluted to almost homeopathic proportions. Today we use ICT in all aspects of personal and business life - why not in auditing?

If anyone is intersted I'll post some more.
 
Elsmar Forum Sponsor
S

supermac

#3
I was in the ICT industry for over 30 years. In that time it went from punch card technology to 3G telephone handsets with more processing power than the mainframe I first worked with; from memos that were sent to the typing pool and returned the next day for posting (in the physical mailbox) to tweets, viral videos, blogs, live videoconferencing - all global, cheep and easy to use. Every organisation audited every supplier and themselves at least yearly. The 1st and 2nd party audits were long, slow, costly and not very effective. Masses of paper documentation was read by eye. All audit evidence was written down as notes, collated and synthesized into audit reports that were posted in physical mailboxes. Today, someone in Mozambique will write an app on their iPhone that will deliver instantaneous business value to someone in Peru. Car manufacturing is robotic - all the designs, BOMs (Bills of Material for us older folks) measurements, test records, management reports are all on computer. And more and more the data, applications and systems are outsourced and in the cloud. The examples are out there for everyone to find.

So why, if business world has adopted ICT, has the audit world stayed strictly earthbound?

Replies please.
 
S

supermac

#4
Thank you for the post Marc.

I would like to bring the (quality) audit world into the late 20th century.

What folks in the quality world (and they tend to be in the hardware world) don't seem to grasp is that the world has become globally electronic. Some businesses have no sites; not that they have teleworkers, they have no sites. Yes, people work somewhere - at home, in the car, at the airport - and yes there is a comp-any address- usually a lawyer or accountant office - but there is not a site. Even the earthbound hardware folks have a lot of electronic stuff. So there are huge opportunities for remote auditing.

Before anyone lets rip - I am not suggesting that all audits can or should be remote. I don't think that will happen in my lifetime. However remote auditing is a method that auditors ignore at their peril. It offers so much - greater width of sampling, faster sampling, sampling where the auditor cannot (or would not) go; think tsunami, earthquake, SARS. It minimises transportation costs and associated auditor dead-time. Yes, it needs careful planning and yes - it can go wrong, but why not consider it?

So, what about remote auditing? Well, the first thing is what is remote? I would contend that it is 'not in the physical presence of the auditee(s)'; that is the auditee can't be seen/heard sufficiently to obtain objective audit evidence. That can even mean calling the person in the next office on the phone to answer a question. Or it could be having a teleconference with the cosmonauts on the space station. I would like to done the latter :).

The second thing is what technology can you use for remote auditing? Well just about anything. How about - whatever you use in business. When the topic of ICT arises, usually it is about the reasons why it can't be done. What about security, records, access, privacy, technology failure? These are all problems that auditors had in 1960 - only the technology has changed. What technology did we use in 1960 - trains, planes and automobiles. Today if an Icelandic volcano erupts, Europe stops - period.

The next thing is what can't be audited remotely? Well I can't touch, smell or taste remotely - everything else is up for grabs. I can remotely audit food preparation - using a webcam to ask an auditee to use a food temperature probe to ensure correct cooking/storage. What I can't tell is if the meat is rancid - that requires taste/smell.

What about the social side of things? Isn't it impersonal or even unprofessional (I've had that one a lot) to not be in the same room as the auditee(s)? No, that's how we do business every day. However, as in business, it is always best (if practical/economic) to meet face-to-face. I would recommend that a remote audit is never the first audit - always visit first.

If this has stirred some thoughts then please share them.

If anyone is interested I can share experiences and techniques.

P.S. Been doing this for years internally and yes, accredited acceptance of registrar usage too.
 

somashekar

Staff member
Super Moderator
#5
I am always for use of technology.
But why push a modern technology when there are ways that are simply more effective to the organization.
We are talking about internal audit.
The word is internal and not remote.
If a CB can do audit from remote location, I see it perfect to such a situation.
However building internal audit competency in the site of activity not only gets trained internal auditors, it also builds fine process analyzers, who become more valuable to the organization.
Lets not use technology to greet neighbours ...
 
S

supermac

#6
Somashekar,
thank you for your comment.

I am not suggesting that the organization does NOT build up competence in local auditors, far from it. I am suggesting that using remote audit is a additional tool that should not be ignored.

My experience is with large multi-national corporations where using ICT was daily business; therefore remote auditing was completely natural.

Let me provide some other scenarios. When a small satellite location, say a branch office, is not large enough and is long distance away, then the internal audit programme would probably ignore it entirely - it is not cost effective to visit; utilising ICT gives the opportunity to audit. When a location has need of a subject matter expert that is only available in the headquarters location and that individual cannot afford the time to visit, they may have a spare hour that can be used. Finally how about the opposite, when a local auditor in a satellite location needs to refer to a headquarters function, they just use ICT.

I am lucky that in business I have travelled all over the world. Also, because I can use ICT, I can communicate with colleagues from San Francisco to Sydney instantaneously.

Of course there is nothing comparable to face-to-face communication, but if the alternative is no communication at all - what do you do?
 
Thread starter Similar threads Forum Replies Date
D "certified" in ISO 19011, as well as IATF required? IATF 16949 - Automotive Quality Systems Standard 4
J Recommendations for online ISO 19011 training? Training - Internal, External, Online and Distance Learning 8
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
Sidney Vianna ISO 19011:2018 Released - July 2018 Other ISO and International Standards and European Regulations 1
Sidney Vianna ISO 19011:2018 Released July 2018 General Auditing Discussions 8
Sidney Vianna ISO 19011:2018 is released July 2018 Other ISO and International Standards and European Regulations 0
Q ISO 19011 - Looking for a Presentation Material Other ISO and International Standards and European Regulations 6
S How to transition from ISO 19011:2002 to ISO 19011:2011 General Auditing Discussions 2
F Is this situation against ISO 19011? Internal Auditing 2
A ISO 19011 Can't see the wood from the trees! Customer and Company Specific Requirements 2
A ISO 19011:2012 - Emphasis on Risk Analysis, Competence of Auditors and Vocabulary Internal Auditing 2
C Practical Examples of completed ISO 19011:2011 Audit Reports General Auditing Discussions 5
U Need speaker for ISO 19011:2011 at Quality Conference Texas General Auditing Discussions 3
AnaMariaVR2 GMP News: New Version of ISO 19011 on Auditing published Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
S Certification Bodies - ISO 19011 and ISO 17011 Requirements Registrars and Notified Bodies 2
D Does anyone know about an ISO 19011 Amendment? General Auditing Discussions 2
S Quality Auditing System - Audit Plan per guidance from ISO 19011 Internal Auditing 8
M Internal Auditor Competency based upon Skill Sets based on ISO 19011 Internal Auditing 20
Paul Simpson ISO 19011 revision - Your thoughts General Auditing Discussions 53
Paul Simpson New ISO 19011 - What do Covers think should be in the next edition? General Auditing Discussions 12
L Where to buy the ISO 19011 guidance document General Auditing Discussions 18
Stijloor What do you think about QE19011S-2004? (ISO 19011) General Auditing Discussions 9
P Has anyone compared ISO 19011:2002 to ISO 20000-2 (Service Management)? Internal Auditing 4
M ISO 9001:2000 Audit Nonconformance - "Failure to have the document ISO 19011" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
R What are the Shortcomings of ISO 19011? General Auditing Discussions 33
Geoff Cotton What is ISO 19011? Has it superceded ISO 14010, 14011, 14012 & 10011? General Auditing Discussions 6
S I have a copy of ISO 19011. Do you have one? General Auditing Discussions 15
S What will ISO 19011 replace? General Auditing Discussions 22
S ISO 19011 (Quality and/or environmental management systems) has been published by ISO General Auditing Discussions 5
S ISO 19011 - Where can I find a copy? General Auditing Discussions 17
R ISO/FDIS 19011 (Espa?ol) General Auditing Discussions 0
Marc ISO 19011 - Report on US TAG Standards Group Meetings General Auditing Discussions 17
T ISO 10011 Dead - 19011 Is Released - A summary of differences General Auditing Discussions 18
D Question on Documented Calibration versus ISO 17025 Accredited Calibration ISO 13485:2016 - Medical Device Quality Management Systems 0
M Customer Property - ISO 13485:2016 Clause 7.5.10 ISO 13485:2016 - Medical Device Quality Management Systems 6
pbojsen ISO 13485 Requirements versus FDA product classification and GMP exemptions - Audits ISO 13485:2016 - Medical Device Quality Management Systems 3
S ISO/IEC 15408 - Is this is Certifiable Standard? Other ISO and International Standards and European Regulations 2
D Lead time to schedule an ISO 13485 audit Auditing Quality and Environmental Management Systems 2
T Do we need an SOP for ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
K ISO 9001 Auditing in a Healthcare setting Auditing Quality and Environmental Management Systems 15
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
H QMS ISO 13485:2016 - ISO14971 IEC60304 etc ISO 13485:2016 - Medical Device Quality Management Systems 2
Y How can i integrate ISO 13845 into ISO 27001? ISO 13485:2016 - Medical Device Quality Management Systems 4
vickyva ISO 14155:2020 CIP CIR templates Other Medical Device Related Standards 0
C ISO 9001:2015 8.3.2. h) Design and Development Planning - What is required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
B Employee Handbook in ISO 9001:2015 Section 7 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
B Operational Procedures for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 7
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 10
D ISO 14971 applicability in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 7

Similar threads

Top Bottom