Where Does ISO Stand on Remote, or E-Audits?
Enabled by rapid advancements of the technological sector, the nature of audits and assessments is changing- let’s have a look at what that means for your organisation.
Technology, as Moore’s law stipulates, moves at an exponentially increasing rate- driven by the merit of its previous advancements that increase both the speed and efficiency of the progress. The same can be applied to the context of auditing in the 21st century, with the advent of remote, or e-audits, which are becoming more commonplace, regardless of the context in which the organisation is operating. Operations are inexplicably linked to technology, and nowadays, the same technology can be utilised and leveraged by that organisation to take part in comprehensive audits of their systems, enabled by the wonders of the internet.
Regardless of the new playing field, the principles of quality assessments remains the same: an organisation should be as transparent as possible about its operations, so an auditor - whether remote or in your bricks-and-mortar building can identify areas of improvement, and give you a nice little pat on the back for the changes you’ve made to improve the quality, safety, and efficacy of your operations. I’d argue there’s a raft of positives with this latest advent of quality assurance, but it’s a multi-dimensional thing, so that’s why I’m kicking off a new series of articles on the topic here on our blog.
“The growing dependency of organisations on electronic media for the operation and control of their management systems requires certification/registration bodies and their auditors to look at new approaches to ensuring that audits will be effective and efficient.” - ISO
ISO is well-aware of the trend, stating in a release from as far back as 2016 that “the growing dependency of organisations on electronic media for the operation and control of their management systems requires certification/registration bodies and their auditors to look at new approach to ensuring that audits will be effective and efficient. They will need to redefine the way processes and documented information is evaluated to verify conformance with the audit criteria.” This statement came soon after ISO concluded the development of its guidelines for conducting electronic-based audits, or e-audits. This provided both the auditors and auditees a mandate to keep their operations modern, and sophisticated, which is particularly true when we’re talking about organisations with an obligation to keep the private details of their customers exactly that- private.
It’s worth mentioning that the traditional steps of an internal auditor still apply, just in a digital context in the lead up to an e-audit. What I mean by that is, the organisation should remain committed to ensuring your processes say what you are really doing, and which don’t, as well as determining if the process is efficient or whether it could be done in a better way. Efficiency is about achieving maximum productivity for the least possible cost. Finally, you need to remain unbiased in your observations of the processes and how they are being conducted. Your recommendations should be delivered with a positive spin - imagine a team session where the team works together to look for improvements, then develops a plan to work on the most important ideas identified.
Interestingly enough, ISO recognises the speed in which technology has developed, stating that “as the innovations in the IT sector are relatively rapid as compared to changes in audit criteria, auditors and auditing organisations are challenged with the need to have a practical understanding of the associated trends… in light of innovations that influence the functioning of an electronic documented information system, auditing organisations should determine if the experience needed in order to be effective or a given audit is possesed by the audit team itself, or whether the assistance of a technical expert would be required.” In less convoluted terms, for organisations making the audit, they need to be well-aware of any shortcomings in their operations when it comes to tech advancements.
In closing, remember that while the playing field might have changed, the game is much the same; I’d argue the game has even switched-up a notch now that technology can provide accurate and timely audits regardless of your location restrictions or context. This particular article was to get an idea of where the governing body, ISO stands on the topic; the first piece in a range of articles coming to you on the topic of remote, or e-audits, so stay tuned to our blog for more. For now, however, thanks for your time, and I’ll see you in the next piece.