By Shibu Davies

Where does management system auditing stand at the moment? Has there been a paradigm shift in the auditing process since the COVID 19 pandemic?

To me, I would say that yes, there has been a definite paradigm shift in auditing during the past year, mostly due to the adoption of the remote auditing approach.

Currently, most of the new certification, recertification, or surveillance audits to ISO 9001, ISO 14001, ISO 22000, etc. are happening remotely. Site visits have been heavily restricted, which forced industry regulators like the International Accreditation Forum (IAF) and accreditation bodies (AB) to suggest remote auditing. As all management system standard certification bodies (CB) are regulated by the IAF and the ABs, they committed to remote audits.

The IAF document titled “Replacement of Assessments During the COVID 19 Pandemic” addresses this topic. In addition, IAF MD 4, “Mandatory Document for the Use of Information and Communication Technology (ICT) for Auditing/Assessment Purposes” provides more insight on the remote auditing approach. Both documents can be accessed online here. I highly recommend that all auditors go through these documents in detail. Based on these documents and the up-to-date instructions and updates issued by the IAF, all ABs have established their
regulations regarding remote auditing, which relevant CBs are supposed to follow.

Now the critical point is to see what happened to the auditing industry after one year of remote auditing. I feel that the biggest paradigm shift has occurred within ABs, CBs, auditees, and auditors. They now realize that there is another way of auditing which is just as effective and efficient as physically visiting a site. Until the first quarter of 2020, doing remote audits 50 percent (much less 100 percent) of the time was almost a taboo in management system certification auditing. Now, with this paradigm shift, key players in the industry have come to understand that remote auditing can achieve the same, or close to the same, results.

In the second quarter of 2020, as Covid 19 began to change the world, many organizations started to think about remote auditing. The challenges faced during this phase included which guidelines to follow (from local regulators, the IAF, ABs, CBs, etc.), how to do an effective and efficient remote audit, what tools were to be used, what type of infrastructure was required from both sides (auditor and auditee), determining the competence requirements for auditors, how to align the auditee towards the remote auditing approach, what types of documentation/audit evidence had to be maintained, and more.

Based on the discussions I had with various stakeholders during the last year, the biggest challenge during this transition involved auditor competence due to these five factors:

1. Regulations and requirements. In the beginning of this period, it was difficult for auditors to remain up to date with changing requirements. As time passed, the requirements matured, and most auditors became accustomed to them. But it remains important for all auditors to remain current with any forthcoming changes.
2. Shift from on-site to remote audits. Auditors have been practicing on-site audit for years. To shift from these familiar on-site audits to remote auditing was a big challenge. The routine was quite different, and they had to align themselves to the new way of working in terms of the opening meeting, note taking, interviewing, records review, and more. Most of the CBs developed internal protocols to successfully complete remote audits and supported their auditors accordingly, which helped smooth the transition.
3. Client alignment. The auditors had another big challenge, which was to align the auditees toward remote audits. Because they were used to on-site audits, when the industry shifted toward remote audits, these auditees faced many challenges, including record provision, evidence management, and communication, among others. However, as the whole world was trying to adjust to the remote working culture, these auditees became more aligned toward this approach.
4. Audit documentation requirements. When remote auditing took hold, there was much confusion as to which documentation and evidence needed to be maintained. As time passed, the mechanisms evolved and
   all CBs established guidelines on these requirements.
5. Occupational hazards. Another big challenge left unaddressed in many platforms was the hazard the auditors faced due to the repetitive nature of their work. During remote audits auditors spend a lot of time in a chair facing the laptop or desktop. This can create a high degree of occupational hazard. All auditors should be aware of this and follow good practices to overcome these risks. Supporting them in this endeavor shall also be the responsibility of the CBs.

After more than a year of living with this pandemic, our entire industry has accepted remote auditing due to benefits like general effectiveness, efficiency, and cost optimization. It is critical for the entire industry to think seriously about remote auditing as the future of the profession. I believe that this paradigm shift has certainly occurred. With the growth of technology, there seems to be no going back—instead, we will only go forward with remote auditing.

About the author

Shibu Davies is a senior assessor of ISO 9001, ISO 14001, and ISO 45001/OHSAS 18001. In addition, he is a senior trainer for these schemes under IRCA. He has represented various technical work groups and steering committees in the auditing and certification segment. He is presently the technical advisor for Emirates International Accreditation Centre. His experience includes consulting, training, and auditing in various industry segments across the GCC. He is quite well known as a speaker in the region in this segment and has a technical YouTube Channel with title “Doctor ISO.”