The 5 main differences between on-site and remote audits
An audit is a systematic and independent process for gathering objective evidence and its objective assessment to determine the extent to which auditing criteria are met. People are accustomed to on-site audits. They are used to them, they know how they work, and they know they work well.
Every exit from any comfort zone includes the fear of the unknown, especially if you are facing your first virtual audit. You don’t know what awaits, how it works, how it goes, what to expect, whether everything will go smoothly, and – of course – if something will fail because of technology.
But once the first virtual audit is over, you realize how many advantages there are and that you wouldn’t mind if your subsequent audits are virtual.
Our experience with the shift from on-site to virtual audits
It wasn’t easy to switch to remote audits. But as the pandemic was in full force, we turned toward virtual audits with more intensity than ever before. As a result, there are lots of positive aspects that proved to be helpful.
How are on-site and remote audits similar?
The audit itself is identical. The previously submitted agenda needs to be followed, the areas and topics from it should be adhered to, including the time frame dedicated to each area.
The process is the same: the auditor asks questions and reviews documentation, while the audited party is expected to provide clear answers and share all the necessary documents.
The evaluated processes are equally the same, just as the people involved and the work they do. In the end, both types of audits have the same level of austerity and thoroughness.
After all, an audit is an audit, no matter the medium through which it is conducted.
MAIN DIFFERENCES BETWEEN ON-SITE AND REMOTE AUDITS
So, what are the main differences that you should be aware of while preparing for your first remote audit?
1. Remote audits can be done from the comfort of your home
The auditor doesn’t mind if the audit is conducted from home, but it is the company director who determines whether it is necessary to be in the office during the audit or not. It all depends on how the company is organized, but also on the type of audit being conducted, e.g. if it is a Quality Control (QC) audit, it cannot be conducted from home.
In the case of GDP audits, this type of audit cannot be conducted outside the manufacturing facility because the audit relies on the compliance of physical facilities, machinery, and the overall functioning of manufacture.
Some rules must still be followed if an audit is conducted from home. It is recommended to test the technology or Internet connection in advance. The premises and the manner in which we approach the virtual audit are equally important, as well as the dress code for participants. All of these segments are important in order for the audit to be effective and credible.
2. Remote audits require additional GDPR considerations
GDPR affects virtual audits in the same way as on-site audits. Paying attention to compliance with GDPR is necessary in all aspects of business. For example, if confidential personal data are present in a document, they should be obscured, after which the document containing the hidden/excluded personal data is made available, if necessary.
However, during virtual audits, everything takes place via a shared computer screen. Just as it is important to ensure that the workspace does not contain any documents that could compromise sensitive data during on-site audits, so must the virtual workspace be checked during remote audits.
Care should be taken when sharing the screen. It is recommended that you share the screen only when a specific document that you want to share is opened on your computer. You should make sure that Outlook is closed, just as any other programs and/or documents, so that the auditor does not have access to the data of other clients or employees who are protected by agreements and GDPR. You should equally make sure to hide personal data as well as any notifications or folders on your desktop.
The risk may arise from GDPR non-compliance and the sharing of personal data that may not be forwarded to a third party or the auditor. Therefore, pay special attention to avoid this risk when preparing the audit. It should be emphasized that auditors should not use sensitive data collected during the audit for purposes other than those foreseen by the audit or to verify compliance with certain regulations, procedures, and standards.
3. On-site audits allow easier hard copy documentation review
During an on-site audit, documentation review of documents which are kept in electronic and hard copy form (i.e. in paper and/or digital archives) is easily implemented and in principle does not cause problems.
Problems can occur in companies whose archives and documentation are exclusively in hard copy, so they have a slightly bigger challenge ahead of them. Prior to the audit, it would be a good idea to prepare and scan in advance the documents that the auditor is likely to request.
If the auditor requests a document for review, it can be forwarded by e-mail (or as agreed), while individual auditors may request direct access to the document via the screen-sharing option. It all depends on the auditor and mutual agreement. If the auditor wants to see a certain document immediately, it is necessary to allow them insight by sharing the screen and preparing the documentation or scanned documents in advance.
4. Virtual audits are dependent on technology
A virtual audit requires a computer that has a camera, microphone, and speaker option. The biggest problem and simultaneously concern which both sides have during the audit is the fear of electronic or Internet connection failure. This is of course frustrating, and no one wants this to happen, but things like that do happen.
In most cases everything can be sorted out, e.g. by finding a spare headset with a microphone, by continuing the audit without one participant’s camera, or by repairing the Internet connection after some time and ending the audit successfully. Companies usually have IT support teams that jump into action and solve technical problem in such situations.
The worst that can happen is taking a break until the problem is resolved or, if the problem cannot be resolved, postponing the audit.
5. Remote audits allow staying safe while staying compliant
The lack of human contact can be a pro and a con. The pandemic is still in full force, despite the rising vaccination rate. In these unpredictable times, digitalization proved to be invaluable for maintaining the quality and compliance of our work.
Audits are mandatory, and all necessary procedures have to be covered on the highest level. Remote audits make it easy to meet every prerequisite while making sure that the health of everyone involved is protected.
Mixed audits – the best of both worlds
Sometimes it’s better to take the middle road. A mixed audit can be the perfect option, as it is conducted both on-site and remotely.
This type of audit usually starts remotely by asking about all the general processes and going through all the details virtually, and is then completed on-site.
In this way the bulk of the audit can be covered remotely, while the investigation of the physical space of the office and all hard copy documents remains as the last step.
Mixed audits combine the best of both worlds: they are economically and organizationally easier like virtual audits, and they also reduce direct human contact; on the other hand, they allow the auditor to check in person everything that was discussed online with the auditee.
Good organization is the key to a good audit, whether virtual or on-site
Good preparation should prevent the occurrence of any risks. Moreover, you should approach the audit in a composed and steady-paced manner, without haste, while calmly answering the auditor’s questions. In any case, it is better to read the procedures outlined in the SOP (which may take longer) than to say something off the top of your head (which may be incorrect). Ultimately, this is a process that would also take place during routine work: procedures are always available so that employees can read them whenever they need to check something.
Marti Farm has been conducting virtual audits more intensely since the start of the COVID-19 pandemic, and will prefer and perform them in the future.
The advantages outweigh the drawbacks, and we always work to make audits more efficient, both remote and on-site.
If you’re interested in holding a virtual audit, get in touch with our Quality team.
Ana Prelec, MSc / Head of Quality Assurance Department
Lašćinska cesta 40
Planinska ulica 13/2
Office: +385 1 5588 297
Pharmacovigilance: +385 1 5588 297
Clinical trials: +385 1 5614 330
Registration: +385 1 242 0873
Marketing: +385 1 2420 890
Fax: +385 1 2420 860
Tel: +385 1 5588 297
Full company name
Short company name
Marti Farm Ltd. Trade and Services
Marti Farm Ltd.
Lašćinska cesta 40, HR-10000 Zagreb
Planinska ulica 13/2, HR-10000 Zagreb
a limited liability company
Commercial Court of Zagreb
HRK 20,000.00 (paid in its entirety)
Martina Diminić Smetiško, director of the
company (Representing the company
individually and independently, Responsible
person for data protection)
HR3623600001102197724 (Zagrebačka banka)
HR4324020061100628669 (Erste banka)
Full company name: Marti Farm Ltd. Trade and Services
Short company name: Marti Farm Ltd.
Headquarters: Lašćinska cesta 40, HR-10000 Zagreb
Office: Planinska ulica 13/2, HR-10000 Zagreb
Legal form: a limited liability company
Court register: Commercial Court of Zagreb
Registration number: 080751121
Share capital: HRK 20,000.00 (paid in its entirety)
Authorized representative: Martina Diminić Smetiško, director of the company (Representing the company individually and independently, Responsible person for data protection)
Bank account: HR3623600001102197724 (Zagrebačka banka), HR4324020061100628669 (Erste banka)