What is Remote Audit and how is it different from Onsite Audit

 

It formally introduced the Remote audit methods into ISO 19011 in the 2011 edition itself. Remote audits offer a great deal of flexibility as limitations imposed by travel. But why do we talk about it now? Or why do we need it now? 

In a simple term its “uncertainty” and it's because of the abnormal conditions under which operations currently take place. 

In this article, I will discuss the Virtual Audit or remote audit method and its protocol. This article will also provide guidance to airlines on how to effectively manage quality, compliance and safety monitoring during the COVID-19 crisis through virtual or remote audit methods. Later in this article, I have also included some recommendations for the monitoring of the operations conducted under COVID-19 measures, if the operations become limited or inactive or suspended. 

We can put the uncertainty because of the abnormal conditions into three issues as “temporary suspension”, “Partial operation with limited resource” and “Cancelling flights”. Aviation authorities, and industry organizations such as IATA, are issuing new regulations and guidance concerning the management of the operations effected by the COVID-19 crisis. The cumulative outcome is that airlines are facing challenges in monitoring their operations due to these frequent changes, and airlines need to closely monitor this crisis.

The operator needs to have a process to identify changes within or external (stressing the term within or external) to the organization that has the potential to affect the level of safety risks associated with aircraft operations, and to manage risks that may arise. And hence it is important, airlines should ensure it applies risk management to any changes introduced. So, in this context, we can very well assume that these continuous changes have the potential to affect the established operational processes, procedures, products, equipment and/or services. 

To understand, let's look into the concept of remote audit from a theoretical perspective. By putting the dimension of human interaction and distance in two axis, let us say Distance as (onsite and remote) along the axis and Human involvement (such as human interaction and no human interaction along Y-axis), we will get the four basic methodologies of audit (say as conventional, surveillance, Desktop audit and Remote (which is Virtual Audit) the topic discussion.

So, by definition, on-site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other than the location of the auditee, regardless of the distance. So, on the level of the audit program itself, ensure that the selection of the audit method (remote or on-site) is suitable and balanced, in order to ensure satisfactory achievement of audit program objectives.

Performance of an audit involves an interaction among individuals with the management system being audited and the technology used to conduct the audit. If the current condition does not allow to perform of internal onsite audits, airlines may decide to perform remote audits as an alternative method. We need to approach this using a risk-based approach so that the Remote audit is as equivalent to the conventional onsite audit. It should document key processes and procedures relevant to such methods.

So, here is the approach that we can take when planning to do a remote or virtual audit. To prepare for a remote audit, there are some important things to be considered. To perform an efficient audit, we need to take a phase-wise approach when dealing with virtual audit methods. Phase 1 will be Audit planning, phase 2 will be documentation audit and the 3rd phase will be Implementation Audit. We can apply remote audit for internal and external audits including service providers. The feasibility of remote audit activities can depend on the level of confidence between auditor and auditee’s personnel. 

Now, we will have a detailed view of what needs to be considered in each phase of the audit.

To start with Phase 1, Audit Planning, we must consider; 

• A Detailed audit plan that includes audit scope, date of audit, scheduled calls.
• Identifying the personnel to be interviewed.
• Plan for the opening meeting and inviting the major stakeholders to be attending. 
• IT solutions for video conferencing and document sharing. 
• We need to confirm the video conferencing and document sharing platform with the auditee, especially with foreign organizations. 
• Different countries will have different software in practice. 

Sometimes, we need to adapt their software for the virtual session because of country or company restrictions on certain software. Consider sharing of Relevant checklist in advance (to do a desktop verification) and requesting a cross-reference list which will support during the documentation verification phase and enable an efficient remote assessment.

Moving to Phase 2, Documentation Audit we must consider;

• Reviewing the cross-reference list.
• Assessing the documentation prior to the start of the remote audit.
• Analyzing the previous audit results and other information.

Then the third phase is Implementation Audit, consider; 

• Assessing records and evidence provided through cloud storage or shared server, live sharing of screens or any other acceptable methods.
• Observing records and evidence through shared images or screens.
• Uploading records and pieces of evidence into an auditing software.
• Interviewing management and operational personnel through video conference tools.
• Observing the operation through live video broadcasting.

Increasing sampling size whenever possible, to compensate for the lack of direct observation of operations. If any part of the operations became inactive because of the crisis, for example, if the airline temporarily suspended its passenger transport operations, it will adjust the audit plan under the regulatory provision and may postpone the relevant audits. 

However, before the inactive operations we need to consider;

• Collecting and analyzing the self-assessments performed by the relevant departments.
• Conducting remote assessment(s) before the inactive operation restarts.
• Conducting a risk assessment to ensure compliance with the requirements. if required.

If an airline cannot perform onsite or remote audits because of a lack of resources or unavailability of operational and/or management personnel. It should make an assessment to identify the risk levels.

• Provisions with immediate concerns requiring mitigation may be determined as high risk.
• Provisions with significant concerns requiring monitoring may be determined as medium risk.
• Provisions with minimal or no concerns may be determined as low risk.

It should identify risk of not complying for short term (0-30 days), medium-term (30-90 days) and long term (90-120 days). If an activity related to a mandatory requirement is subject to a regulatory exemption, this also, to be considered when risk assessment is performed. 

So, in conclusion, the effective and flexible monitoring of quality, compliance, and safety management systems carry special importance during this circumstance. The virtual audit is one method to monitor it effectively. To know more about remote audit protocol, Please watch the video link.

Hope you have enjoyed reading this article. Thank you.