Organizations have been forced to redefine their quality audit strategies to ensure compliance and render support to their supply base. Previously the primary method was on-site compliance audits, but with the pandemic a new perspective was needed.
Certainly, some organizations had already been transitioning from traditional audit processes, but primarily out of economic necessity. The biggest enhancement over the last few months is that many organizations transferred to virtual audits. Fortunately, a few organizational forerunners and authors who had already been on this journey documented their successes, and failures, leaving a host of virtual auditing best practices.
Until recently, however, organizations have been performing virtual audits only as an exception. Speaking personally, years ago it was not uncommon to bring process owners together via video conferencing. The goal was to walk through their processes and solicit responses to audit-related questions. Realizing the shortcomings and challenges, no one seemed comfortable with a complete virtual audit, so the results were verified with on-site compliance audits.
Over the years, I have been involved with championing three categories of audits. The first two were more for industrial environments.
- On-site audits. Some processes are better audited in person, such as operating environment, health and safety, and environmental compliance. Leadership interviews can be conducted virtually; however, it was thought to be more effective if done in person.
- Hybrid audits. Like on-site audits, documentation of processes, corrective action, calibration, etc., can be done virtually with verification done via on-site audits at an appropriate schedule agreeable to client, auditor, and auditee.
- Remote audits. Most business processes are readily applicable to remote (virtual) audits. Considering the various conferencing technologies and ability to share information, almost simultaneously, this has proven to be an economic way to conduct audits with reasonable downside.
With the pandemic, organizations have been forced to move to remote audits conducted entirely virtually, with exceptions restricted to the most critical products/situations. What is needed most to make complete remote audits work effectively is trust and technology.
Auditing is an effective tool to verify compliance and identify opportunities for improvement. With that said, though, no one eagerly looks forward to an audit—not even most auditors. Since we are all human, everyone gets nervous about being judged. We worry about the effect of an unfavorable audit outcome. This worry typically causes organizational leaders, process owners, and support personnel to spend a lot of time preparing for an audit rather than letting the audit process discover the true ‘as-is’ condition.
What is needed is greater trust between all parties—organizational leaders, process owners, support staff and the auditing organization. While this can almost always be said of first party audits, the same issue applies with second and third-party auditing organizations. Suppliers worry about losing business, and organizations worry about losing their management system registrations.
Remote audits require enhanced trust between the auditee and the auditor organizations. There are many trust issues, which time and space will not allow for in-depth discussion here, but there are a couple basic considerations. The auditee should follow documented processes to prevent a last minute scurry to ensure compliance. The auditor should trust the auditee to present the actual status of the processes. Additionally, the auditee should trust the auditor to accurately collect the response verbally or to document it in accordance with confidentiality agreements.
In addition to trust, technology is significant. Because remote (virtual) auditing may be the new normal for the foreseeable future, some organizations will need to upgrade their internet communications structure, enhance security features, respect privacy of employees, etc.
If faced with limited internet bandwidth, auditors can reduce the video resolution or eliminate reliance on video to focus on audio features. To protect from hacking, documents and other confidential information can be shared through a secure cloud storage drive with shared access.
For remote audits to succeed, there must be trust between the auditor and client, and auditor ethics and data security are essential.
For those who think that quality audits will return to pre-pandemic normalcy, we should revisit history. Once the ‘genie is out of the bottle, it will not easily go back in.’ That is to say, there is no going back to earlier audit processes, at least for the majority of audits. For audited organizations, virtual audits are less stressful. For auditing organizations, remote audits can be less expensive with a high degree of confidence! Seems like the perfect storm.
At least for the foreseeable future, reliance on remote auditing will be the new normal. So, organizations must redefine their audit strategy to embrace, practice, and strive to perfect this approach. It is unreasonable to wait any longer for on-site (in-person) audits to resume. Everyone loses with this approach because that is not going to be happen for a while, if ever.
Jim L. Smith has more than 45 years of industry experience in operations, engineering, research & development and quality management.