By Jackie Stapleton
About fifteen years ago, when I was still delivering classroom-based training, there was always a slide on remote auditing that raised some interesting discussions. Not because a lot of people had done a remote audit back then, but because it felt unfamiliar and slightly uncomfortable, and the discussion that followed was always framed around what it might look like if you ever had to conduct an audit without being on site.
Back then, remote auditing was treated as a single activity rather than an audit approach. The focus was always on the moment of delivery: How would you conduct interviews? How would you review records? How would you know you were seeing enough evidence? The assumption was that everything else in the audit stayed the same, and remote simply replaced the physical presence on the day.
Fast forward to now, and that same slide barely raises an eyebrow when it appears in virtual training. Not because remote auditing has become less important, but because it has become ordinary. In many cases, it is simply how audits are done, either fully remote or as part of a hybrid approach, depending on the context of the organization and the objectives of the audit.
What’s interesting, and often overlooked, is that the biggest change hasn’t been in conducting audits, but in designing them. Fifteen years ago, remote auditing sat awkwardly in the middle of the process, disconnected from audit programs, planning decisions, and post-audit activities. Today, the ISO/FDIS 19011 Guidelines for auditing management systems reflects a very different reality, where the choice of audit methods is embedded across the entire lifecycle of an audit rather than bolted on at the point of delivery.
That’s the shift worth paying attention to. Remote auditing is no longer something you “do.” It’s something you design for, from the moment an audit program is established through to how findings are reported and communicated.
Remote auditing across the audit lifecycle
What has changed over time is not just where remote auditing sits within the audit process, but how early it is now considered in the design of an audit.
Audits are no longer planned on the assumption of physical presence, with remote methods added later if needed. Instead, audit programs, planning activities, and delivery approaches are increasingly designed with remote, hybrid, or on-site methods in mind from the outset, supported by the appropriate use of technology informed by risk-based thinking across the full lifecycle of an audit.
At the audit program stage, remote auditing is considered a part of how audits are structured over time, with decisions made about the suitability of remote, hybrid, or on-site approaches based on risk, complexity, system maturity, and the nature of activities being audited. At this level, technology capability and auditor competence are already relevant, as program decisions increasingly assume digital access to information and virtual engagement with organizations.
During audit planning, those assumptions become more concrete. Planning now routinely includes consideration of digital platforms, document access, interview methods, time zones, confidentiality, and data security. Technology is no longer just a tool used during the audit, but part of how the audit method itself is designed, requiring auditors to apply judgement not only about what to audit, but how best to gather and assess evidence.
The opening meeting provides an opportunity to confirm the audit approach in practical terms, including how technology will be used, how communication will be managed, and how evidence will be shared. At this stage, the auditor’s digital competence and ability to clearly articulate the audit method play an important role in establishing confidence and setting expectations.
During the conduct of the audit, remote delivery places greater emphasis on professional judgment. Interviews are structured differently, evidence is often reviewed digitally, and observations rely more heavily on questioning techniques, screen sharing, and triangulation of information. The effective use of technology supports this process, but it is the auditor’s competence and judgment that determine whether audit conclusions are sound.
The closing meeting brings together the outcomes of the audit, with findings presented in a way that reflects both the evidence reviewed and the audit approach used. Clear communication, supported by well-managed technology and consistent application of judgment, ensures that conclusions are understood and accepted regardless of whether the audit was conducted remotely, on-site, or through a hybrid model.
Finally, the audit report and communication stage documents the audit outcomes and the basis for the conclusions reached. Transparency around the audit method, including the use of remote techniques and digital evidence, supports confidence in the findings and reinforces the credibility of the audit process.
Seen together, the lifecycle and its enabling capabilities reflect how auditing now operates in practice. Remote auditing is embedded across the audit program, planning, delivery, and reporting, supported by technology, digital competence, and professional judgment that allow auditors to design and deliver effective audits in increasingly complex environments.
Your next steps
About the author
Jackie Stapleton is the director of Auditor Training Online and holds multiple Exemplar Global certifications.
A version of this article first appeared on the Lead the Standard newsletter and is published here with permission.

