Compliance with AB and CB certification

ISO 19011:2018 mentions the possibility of using remote audits and virtual audits. There is an important remark: Performing remote audits can depend on the kind of risk to achieving the audit objectives, the level of confidence between auditor and auditee’s personnel and any regulatory requirements. 
Please check ISO 19011:2018 Annex A.1 Applying audit methods. See also Annex A.15 Visiting the auditee’s location and Annex A.16 Auditing virtual activities and locations.

Deciding when and how to use remote auditing techniques depends on the audit objectives, scope and criteria, the available technology, the competency of the auditee and auditor to use the technology, and the type of audit evidence that needs to be gathered. The key question is whether the remote auditing techniques allow you to meet your audit objectives while benefitting from the audit process, or whether the use of remote auditing techniques could be a disadvantage to your audit.

Some remote audit activities are:

• ensuring remote access protocols and devices, software, etc.;
• ask for permission in advance for any screenshots and consider confidentiality and security matters and avoid recording individuals without their permission;
• use floor plans/diagrams of the remote location for reference;
• maintain respect for privacy during audit breaks.

In my country, we are under lockdown. We are all experiencing teleworking. For example, I’m realizing that many meetings are being more efficient this way. Perhaps in the future, this will be the new normal, many meetings will continue to be done this way. So, my best advice is to start practicing remote audits, to test different approaches, to test different technologies, to learn how to answer remote audit risks like:

• Communication equipment fails or is unreliable;
• Internet access fails or is unreliable;
• Internet security—information confidentiality and integrity;
• Auditee personnel do not adhere to scheduled meeting times;
• Auditee personnel constantly leave scheduled meetings to take care of other business;
• Auditor accepts audit evidence that is not objective and impartial;
• Auditee stages certain events or activities of the audit;
• Auditor or audit program manager approves an on-site proxy auditor that is not qualified to expedite the audit.

I invite you to read this article – What are the benefits and barriers when performing remote audits? - https://advisera.com/articles/what-are-benefits-and-barriers-when-performing-remote-audits/

Concerning AB and CB requirements it is advisable to contact them. However, you can check these two documents:

• Please check this document from IAF - IAF Informative Document For Management of Extraordinary Events or Circumstances Affecting ABs, CABs and Certified Organizations - https://www.iaf.nu/upFiles/IAFID32011_Management_of_Extraordinary_Events_or_Circumstances.pdf
• Please check this document from IAF - IAF Mandatory Document for the use of Information and Communication Technology (ICT) for Auditing/Assessment Purposes - https://www.iaf.nu/upFiles/IAF%20MD4%20Issue%202%2003072018.pdf