Thoughts on performing an ISO 9001:2015 Remote Internal Audit

B

bigqman

I have read Cove threads on remote audit methods related to the prior version of the standard. I also checked out 19011:2011 Clause B.1.

Has anyone had experience doing remote audits to the "new" version of the standard? Insights and tips appreciated!

I am in the energy industry and there is a main office but also at least 7 other locations where quality records are and employees work.

Thank you.
 

Govind

Super Moderator
Leader
Super Moderator
Re: Remote internal audit methods- 9001:2015

I work from a corporate office and often the business process owners are from different site location and his/her team are spread around two or more site locations. We conduct some internal audits as remote audit, (or electronic or virtual). One of the main challenges, I run into is logistics. Some auditee had to call in either too early or too late from home. In some Asia locations, the network connections are not very reliable. They may not be able to access VPN to log into a database and show evidence. Interviews get interrupted due to network issues. Sometimes, even to get the audit started it will take good 15 minutes to address all the issues. Other issues include process owners suddenly become unavailable, lack of attention during the audit (auditees possibly multi-tasking), etc. Based on these experiences, we have created an internal process “guidelines for effective virtual auditing” to educate process owners and proactively address the issues. This has helped us in improving audit execution. There are some process areas that are not suitable for virtual or remote audit. You should identify those areas and make onsite audit arrangements.
Regards,
Govind
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
I do a remote 9001:2015 preliminary for organizations having a current 9001:2008 certificate in good standing.

I do not recommend remote auditing otherwise, "demonstrating" this and that could be difficult without observing conditions in person, and speaking in person with personnel. There are certainly risks in remote audits.

That said, I have been known to remotely audit support functions like supplier control, if the evidence can be verified via documentation and verbal responses to questions.
 
M

malasuerte

Re: Remote internal audit methods- 9001:2015

I work from a corporate office and often the business process owners are from different site location and his/her team are spread around two or more site locations. We conduct some internal audits as remote audit, (or electronic or virtual). One of the main challenges, I run into is logistics. Some auditee had to call in either too early or too late from home. In some Asia locations, the network connections are not very reliable. They may not be able to access VPN to log into a database and show evidence. Interviews get interrupted due to network issues. Sometimes, even to get the audit started it will take good 15 minutes to address all the issues. Other issues include process owners suddenly become unavailable, lack of attention during the audit (auditees possibly multi-tasking), etc. Based on these experiences, we have created an internal process “guidelines for effective virtual auditing” to educate process owners and proactively address the issues. This has helped us in improving audit execution. There are some process areas that are not suitable for virtual or remote audit. You should identify those areas and make onsite audit arrangements.
Regards,
Govind


Any chance you would share this new process? We just started documenting our process.

Example, we will show these in a 'virtual audit', so we make sure we have the relevant people ready:

What I need to supply? A few examples*below:

Quality Manual
Process Clause Matrix
Interested Parties matrix
Basic Customer Satisfaction Survey
Customer Complaint Log
Internal Audit Report
Non-conformity Report
Training Record
Training Register
Audit Checklist
Management Information Report
Objectives and Targets
Internal metrics and performance
Internal nonconformances and corrective actions
 

AndyN

Moved On
Re: Remote internal audit methods- 9001:2015

Any chance you would share this new process? We just started documenting our process.

Example, we will show these in a 'virtual audit', so we make sure we have the relevant people ready:

What I need to supply? A few examples*below:

Quality Manual
Process Clause Matrix
Interested Parties matrix
Basic Customer Satisfaction Survey
Customer Complaint Log
Internal Audit Report
Non-conformity Report
Training Record
Training Register
Audit Checklist
Management Information Report
Objectives and Targets
Internal metrics and performance
Internal nonconformances and corrective actions

What are you planning on auditing, if you only started to document your processes? It's too early to do any auditing isn't it?
 
M

malasuerte

Re: Remote internal audit methods- 9001:2015

What are you planning on auditing, if you only started to document your processes? It's too early to do any auditing isn't it?

Sorry, I don't understand? If you read the thread, the discussion is about offsite/remote audits and how to manage them when they happen.

We are simply documenting the process for how we will manage any offsite/remote audit done by a registrar. In our case, the number of these is increasing rapidly due to the number of audits we do. In the past it was easy to manage a .25 or .5 day remote/offsite audit with 1-2 people. But when you start getting into 2 days or so, it become more challenging and requires more support than before. (i.e. global meeting times, different experts, etc.). Additionally, the auditors have come asking for different items (from the list above, plus other items) and there was no consistency. So our process will not have a clear agenda of what we can and will share in an offsite/remote audit. This ensure we always know who we need, what we need and when we will need it.

This has nothing to do with auditing...we have been auditing for 20+ years...we got that down. :)
 

mikegospo

Starting to get Involved
I use remote auditing techniques on a regular basis. You basically can conduct the audit in the same manner as in person by either sharing files via email, dropbox, googledrive, onedrive etc. You can also share your desktop to view documents or records on the screen or even via video. Interview via phone or webex.
I find that I am much more effective reviewing documents and records off-site than on-site.

The only areas which are difficult to audit involve manufacturing processes or possibly product storage. When you need to physically witness, the only real option is live video feed, or I suppose some type of surveillance video.

I am conducting a research study on the acceptance of remote auditing techniques and plan to follow up with research on best practices. There is a book written by JP Russell and Shauna Wilson called eAuditing Fundamentals. Ms. Wilson also conducts training.
 

Jim Wynne

Leader
Admin
Re: Remote internal audit methods- 9001:2015

Sorry, I don't understand? If you read the thread, the discussion is about offsite/remote audits and how to manage them when they happen.

We are simply documenting the process for how we will manage any offsite/remote audit done by a registrar.

Where in any of your previous posts did you specify that you're concerned about third-party remote audits?
 
M

malasuerte

Re: Remote internal audit methods- 9001:2015

Where in any of your previous posts did you specify that you're concerned about third-party remote audits?

In that exact response you just quoted. What difference does it matter that it is internal or external? I was responding generically stating that we are documenting our process for external registrars and I would like to see what other folks are doing in general.

Did I do something incorrect?
 
Top Bottom