It can be said that 2020 has been a year of paradigm shifts in both our personal and professional lives. Friends, families, and co-workers have had to make big changes to stay connected; so too has the world of Quality Management System (QMS) audits. Within a few weeks of the COVID-19 pandemic initial impacts, the international audit community acted to provide a path forward for certification bodies, auditors, and certified companies: the expanded use of remote or virtual auditing. The process of remote auditing has been an option for QMS certification audits within the ISO 19011 standard, Guidelines for Auditing Management Systems. However, prior to 2020, remote auditing was infrequently used as a means of conducting the typical ISO9001 audit (surveillance, certification renewal, etc.).
Audit companies, auditors, and companies being audited had to transition from the traditional on-site audit experience to a remote one. In this transition, audit companies had to review and revise processes and procedures for remote audits to accommodate the wider use. The review and application of a remote audit requires a risk evaluation to ensure the audit objectives can be achieved. Some audit companies start the risk evaluation with the assigned auditor. That is, the auditor reviews the organization and the QMS elements to be audited and provides an initial input to the audit company as to the risk level. Some audit companies perform the initial risk review and then seek the auditor’s inputs to confirm the likelihood of achieving the audit objectives.