I had attended the webinar and I had to miss the last 5 mins of the Q&A session. I had asked if the ISO internal audits need to be done on-site. Can you please confirm they need to be done on-site and if you have any proof in the ISO standard that is the case and where it states in the standard.
Please provide that information as well.
If you have the recording from the webinar, that would be great as well!
ISO 19011:2018 mentions the possibility of using remote audits and virtual audits. There is an important remark: Performing remote audits can depend on the kind of risk to achieving the audit objectives, the level of confidence between auditor and auditee’s personnel and any regulatory requirements. Please check ISO 19011:2018 Annex A.1 Applying audit methods. See also Annex A.15 Visiting the auditee’s location and Annex A.16 Auditing virtual activities and locations.
Deciding when and how to use remote auditing techniques depends on the audit objectives, scope and criteria, the available technology, the competency of the auditee and auditor to use the technology, and the type of audit evidence that needs to be gathered. The key question is whether the remote auditing techniques allow you to meet your audit objectives, while benefitting the audit process, or whether the use of remote auditing techniques could be a disadvantage to your audit.
There may be pressure to use remote auditing techniques as a cost-saving measure, and to reduce the impact on the organization from audits. However, this should not be a factor when you are considering the use of remote auditing techniques. You should use them only when you are assured you can meet your audit objectives and when you think there is an advantage to doing so. I as an auditor would keep remote audit to a minimum, because direct observations are one of the main resources for compliance verification.
The following material will provide you more information about internal audits:
Thank you for your answer Carlos. One last question, if within a department, we have 3 separate processes and we have created a turtle diagram for each process, when doing internal audits, should we audit all processes in every department during the 3 yr audit period or as long as one of the processes have been audited in the department, it is sufficient? Please let me know
If those processes are part of the organization, within the quality management scope, the certification body expects that they are all audited within a yearly cycle. ISO 9001:2015 does not mention yearly audit cycles, but the contract between organization and certification body normally specifies that. Please check in this article - What is the ISO 9001 audit program, and how does it work? - https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/ the topic “process importance”.