Audit (formal) – the annual (at a minimum), ritual of providing objective evidence that a Quality System is established, being followed, and is effective. A good Quality System will support the regulation(s) and ensure that a company has consistent accuracy and precision in all they do.
Audit (informal) – the annual (at a minimum), ritual of hosting complete strangers or those who have been on-site so many times they are now acquaintances and providing them with procedures, documents, reports and records going back several years even though you are not operating under the same versions of the procedures now. This is a time when you spend your entire day(s) sitting in a meeting room answering questions and fetching more documents while your work piles up.
The fact is audits are necessary. However, just as we learned during the COVID-19 pandemic, that many people could perform their jobs perfectly well without getting in their car or on a train to come to the office, we have also seen that many audits can be done well…virtually. There is a place for both virtual and on-site audits.
So, what types of audits are being performed?
Setting Up a Virtual Audit
Performing a Virtual Audit
An Opening Meeting should be conducted each morning at an agreed upon time via Teams, Zoom or some other platform. Attendees should be documented.
After each morning’s Opening Meeting, the auditor should spend time reading procedures applicable to the area being audited and taking notes. A list of questions and request for documentation / records to support compliance can be requested via e-mail. Audit trails should be followed just as if you were performing an on-site audit and the auditor should always be specific as to what records they wish to see. It is not acceptable to allow the company being audited to choose. If there was a previous audit report provided, the auditor should verify any previous nonconformances have been addressed.
A Closing Meeting should be conducted each afternoon/evening at an agreed upon time via Teams, Zoom or some other platform. Attendees should be documented.
On the last day of the audit, a Close-out Meeting is conducted to go over all nonconformances and ensure everyone is in agreement. There should be no surprises in the Audit Report.
Audit Report
The auditor will either use the company’s Audit Report Template or one of their own templates. The report should clearly identify the audit as having been “virtual”. All documents reviewed, their titles and rev #s should be recorded. In addition to nonconformances, positives should be documented and recommendations. There should be a clear conclusion. When writing, keep in mind, Regulatory Agencies will be reviewing this report. The report is essentially the same as if an onsite audit was performed.
On-site or Virtual?
Virtual audits obviously save money on auditor travel. They can also allow company staff to work while being audited as long as the company has a good electronic document system and can easily find and upload, not only procedures, but requested reports and records. A virtual audit will not run smoothly if it takes hours for a protocol and report to be found and scanned or uploaded.
During a virtual audit, an auditor must ensure they are requesting objective evidence just as they would during an on-site audit and following audit trails. If necessary, they may need to get on a Zoom call more than just during the Opening and Closing Meeting.
For deep dive audits, companies should probably stick with on-site audits, however, if the audit has the proper amount of days and the company can quickly and easily provide requested documents, a virtual audit should go smoothly.