Sofema Aviation Services (SAS) considers acceptable practice for the performance of a remote audit.
Remote Audit Introduction
This auditing process is available to:
- Competent authorities when overseeing regulated organisations;
- Regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and
- When evaluating vendors, suppliers, and subcontractors.
Terminology
āremote auditā
- Means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site;
- The specificities of each type of approval/letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the āremote auditā concept;
āauditing entityā
- means the competent authority or organisation that performs the remote audit;
āauditeeā
- means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);
Note –Ā It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.
The conduct of a remote audit
- The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:
o The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimize the conventional audit process.
o Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.
o Measures to ensure that security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).
o Examples of the use of remote ICT during audits may include but are not limited to:
– Meetings by means of teleconference facilities, including audio, video and data sharing;
– Assessment of documents and records by means of remote access, in real time;
– Recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;
– Visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.
Audit Agreement
An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:
- Determining the platform for hosting the audit;
- Granting security and/or profile access to the auditor(s);
- Testing platform compatibility between the auditing entity and the auditee prior to the audit;
- Considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;
- Establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimize their effectiveness and efficiency while maintaining the integrity of the audit process;
- If necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;
- A documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and
- Data protection aspects.
Equipment Configuration
The following equipment and set-up elements should be considered:
- The suitability of video resolution, fidelity, and field of view for the verification being conducted;
- The need for multiple cameras, imaging systems, or microphones, and
- whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;
- the controllability of viewing direction, zoom, and lighting;
- The appropriateness of audio fidelity for the evaluation being conducted; and
- Real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).
Competence to Perform Remote Audits
When using remote Information and Communication TechnologiesĀ ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s).
- The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.
- Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.
Next Steps
FollowĀ this linkĀ to our Library to find & Download related documents for Free.
Sofema Aviation ServicesĀ www.sassofia.comĀ & Sofema OnlineĀ www.sofemaonline.comĀ provide Part 21 and CS 25 Training as Classroom, Webinar and Online Courses ā for additional details please emailĀ team@sassofia.com
Tags:
aviation, EASA, Sofema Aviation Services, Audit, Regulatory Compliance, EASA regulations, Part 21, easa part 21, SAS blogs, Part 21 G, remote audit, Information and Communication Technologies (ICT), 2021/007/R