Remote auditing has shifted from pandemic emergency measure to accepted business practice across the ISO standards landscape. What began as a temporary necessity in 2020 has become a legitimate audit methodology that many organisations now prefer. However, the standards themselves have evolved quietly, and auditors who haven't updated their approach risk missing critical evidence, failing to engage properly with auditees, and ultimately delivering weaker audit outcomes. The rules governing remote audits under ISO 9001, ISO 14001, and ISO 45001 are now clearer, but they're also more demanding about competence, planning, and verification methods. This article examines what has genuinely changed, what the standards expect, and how to conduct remote audits that meet professional standards rather than simply meeting basic compliance.
On this page
The Standards Framework for Remote Auditing
ISO 19011:2023, the standard that governs auditing practices across all management systems, made remote auditing an explicit topic rather than something to be inferred. The previous version (2011) barely mentioned it. The 2023 update acknowledges that audits can occur "on site, remotely, or using a combination of approaches," but crucially, it does not mean all audits are equally suitable for remote delivery. The standard emphasises that audit scope, objectives, and the organisation's context must determine the method, not convenience or cost savings.
The key shift is this: remote auditing is no longer something auditors should apologise for or treat as inferior. It's a legitimate methodology with specific requirements, strengths, and limitations. However, organisations that defaulted to remote audits during the pandemic often failed to apply these requirements rigorously. Many auditors treated remote audits as simpler and faster than on site work, when the truth is the opposite. A properly conducted remote audit demands more planning, more structured communication, more deliberate evidence gathering, and more rigorous follow up than an equivalent on site audit.
Under ISO 9001 Clause 9.2, organisations must conduct internal audits at planned intervals to assess conformity and determine whether the quality management system conforms to the ISO 9001 requirements. The clause does not prescribe on site audits exclusively. However, the auditor must ensure that evidence is gathered in a way that provides reasonable assurance about actual conformity. This is where many remote audits fail. Auditors who rely too heavily on screen sharing, document review, and video calls without visiting the actual location cannot verify that documented processes match on ground reality. A procedure manual can describe a calibration process perfectly; a remote audit using only video calls cannot verify that calibration is actually happening as described.
What the Standards Say About Remote Auditing Specifically
ISO 19011:2023 states that when auditing remotely, the auditor must consider several specific factors that on site audits may not require the same emphasis. First, the auditor must verify the authenticity of evidence presented during remote sessions. This is more difficult when you're not physically present. Second, the auditor must ensure adequate two way communication, which video conferencing enables but email and document review do not. Third, the auditor must confirm that personnel being interviewed are genuine employees in genuine roles, not scripted representatives unable to speak authentically about their work. Fourth, the auditor must assess whether the technology being used is sufficient to gather credible evidence.
For organisations with ISO 14001 environmental management systems, remote auditing introduces specific challenges around verifying actual environmental conditions. You cannot assess the effectiveness of spill containment procedures, stormwater management controls, or waste segregation through a video call alone. You cannot observe whether staff actually follow the labelling requirements for hazardous materials when no auditor is watching. A remote audit of ISO 14001 might effectively verify documentation and process knowledge, but it cannot reliably verify behavioural conformity or the actual physical state of the facility. Leading certification bodies increasingly require a combination of remote and on site work for ISO 14001 audits.
ISO 45001 occupational health and safety audits face similar constraints. A remote audit can verify that hazard registers exist, that risk assessments have been conducted, and that procedures are documented. It cannot verify that workers actually wear required personal protective equipment, that housekeeping standards match policy, or that reported unsafe conditions have genuinely been addressed. The most concerning aspect of fully remote ISO 45001 audits is the auditor's inability to observe the actual work environment and assess conditions that workers face daily. This creates genuine compliance risk for the organisation being audited and professional risk for the auditor.
How Audit Planning Has Changed
The most significant practical change in remote auditing is the planning phase. On site audits require auditors to make scheduling and logistical decisions, but the audit itself begins when the auditor arrives. Remote audits require planning to begin much earlier and be far more detailed.
Before conducting a remote audit, auditors must now establish clear agreement with the organisation about what technology will be used, who will be available, what records will be shared, and how the audit will proceed. This should be documented rather than assumed. An auditor who turns up for a scheduled remote audit only to discover that the organisation lacks stable video conferencing capability, or that the person who was supposed to be interviewed is unavailable, has lost hours of productivity. This happens regularly in practice because remote audit planning is treated casually.
The audit programme planning process must now explicitly address the audit methodology for each area being audited. A single remote session cannot effectively audit manufacturing processes, environmental controls, and health and safety conditions across a multi location facility. The organisation and auditor must together determine which areas are suitable for remote auditing and which require on site presence. This is a material compliance consideration under ISO 9001 Clause 9.2, because audits that don't adequately examine the actual workplace are not fulfilling the conformity assessment requirement.
Auditors are now expected to prepare more extensive evidence gathering protocols before the remote session. If you're auditing a document control process on site, you can observe the physical document store, check what's actually there, ask spontaneous questions as you see things, and adapt in real time. In a remote audit, you must prepare a detailed list of specific records you want to examine, specific questions about specific scenarios, and a structured interview protocol. This preparation takes more time, not less.
Technology and Evidence Requirements
The standards don't specify which technology must be used for remote auditing, but they do require that whatever technology is chosen must be fit for purpose. A phone call is not sufficient for an audit that requires observation or detailed document examination. A shared screen with a poor internet connection is not adequate if the auditor cannot reliably see what's being displayed.
In practice, this means organisations should ensure they have video conferencing capability with good bandwidth, the ability to share screens clearly, and the ability to record sessions (with participant consent) so the auditor has evidence of what was discussed. Email exchanges about audit matters are inadequate because they lack the clarity of verbal communication and the ability to ask probing follow up questions. However, email can serve as supporting evidence after a video conversation to confirm what was discussed and agreed.
When auditing remotely, the auditor should request that specific documents or records be shown during the video session, not simply provided in advance. Showing a document during a video call allows the auditor to ask questions in real time, observe the auditee's responses, and direct attention to specific sections. Emailing a PDF in advance and asking the auditee to review it is a passive approach that doesn't constitute auditing. The auditor cannot ask spontaneous clarifying questions or probe beyond what the document appears to show.
Photography and video recordings of processes, facilities, and conditions have become standard evidence sources in remote audits. However, the auditor must verify the authenticity of such materials. A video recording of a process could have been staged, edited, or recorded at a time not representative of normal operations. The auditor should request videos be recorded live during the audit session when possible, should ask the auditee to narrate what's being shown, and should ask questions that test whether the person presenting the video understands the process or is simply reading a script.
Interviewing Techniques for Remote Audits
Remote interviewing is genuinely different from face to face interviewing, and many auditors have not adapted. On site, an auditor can observe body language, read the room, notice hesitation or contradictions, and adjust questions accordingly. An auditor can notice if a person is clearly uncomfortable answering a question, and explore that professionally. On video, much of this information is lost, particularly if the camera angle is poor or the connection is unreliable.
Remote audit interviews require more structure and more explicit explanation of what the auditor is trying to accomplish. An on site auditor can walk around with an employee, observe their work, and ask questions naturally. A remote auditor must arrange a specific meeting time, explain what will be discussed, and conduct the interview within a defined session. This is actually more formal and less natural. To compensate, auditors should be more transparent about their intentions and more direct in their questions.
One critical change is the need to independently verify identities and roles in remote audits. An auditor cannot simply assume that the person on the video call is who they claim to be or that they actually perform the role being described. Leading audit practice now includes verifying employee details against organisational records, asking specific technical questions that test genuine knowledge, and requesting that employees provide examples or evidence of their actual work.
Auditors should also be aware that employees may feel less comfortable speaking candidly in a remote setting, particularly if management is present or if the employee suspects the session is being recorded. On site audits have the advantage that an auditor can arrange to speak with people away from their supervisor or in a more informal setting. Remote audits should specifically plan to offer opportunities for private conversations and should respect that some candour may be lost in a formal video meeting format.
Evidence Gathering and Verification in Remote Audits
The definition of adequate audit evidence changes in a remote context. Auditors must gather evidence that is sufficient, reliable, and relevant. In an on site audit, the auditor can directly observe many things. A remote auditor cannot. This means remote audits often rely more heavily on documentary evidence, interviews, and recorded materials.
The problem is that documentary evidence alone is insufficient for conformity assessment. A document can accurately describe what should happen, but the auditor cannot verify that it actually happens, unless the evidence gathered includes some form of observation. Gathering audit evidence that stands up to scrutiny in a remote setting requires deliberate strategies. The auditor should request records that show actual implementation, not just policy. For example, in a quality audit, don't just ask to see the document control procedure; ask to see the controlled document register showing dates updated, versions issued, and distribution records. Ask for quality records that show the procedure is actually being followed (inspection records, test certificates, customer complaints related to document control failures).
In environmental audits, request records that show actual environmental performance: waste disposal documentation, utility consumption data, environmental incident records, and correspondence with regulators or environmental consultants. Request records that show staff training on environmental procedures has actually occurred. Request records of internal environmental audits conducted by the organisation itself.
In health and safety audits, request copies of incident reports, hazard assessment records, corrective action records, and training attendance documentation. Request records of near misses reported and investigated. Request maintenance records that show equipment and controls are functioning. Request documents showing supervision and worker engagement activities related to safety.
For all remote audits, request that records be made available during the audit session rather than in advance. This prevents the organisation from curating only the best examples. During the video call, ask the auditee to select records at random from their filing systems or electronic databases and show them. This reduces the risk that you're only seeing a carefully prepared sample.
Blended Auditing: The Emerging Standard Practice
The clear trend among professional audit organisations is toward blended auditing: a combination of remote and on site elements. A typical blended audit might include an on site opening meeting and facility tour to understand the operation, followed by remote sessions for detailed interviews and document review, followed by a final on site closing meeting. Alternatively, an auditor might conduct most detailed work remotely, with a shorter on site visit focused on direct observation of critical processes and verification that processes match what was described remotely.
Blended auditing requires careful planning to determine which elements must occur on site and which can occur remotely. For quality audits, on site observation of manufacturing, assembly, inspection, or service delivery processes is often essential. For management system audits that focus more on administration and policy, remote work may be adequate. For environmental and safety audits, on site observation is usually necessary to verify that actual conditions match documented commitments.
The advantage of blended auditing is that it combines the efficiency of remote sessions with the credibility of direct observation. The disadvantage is cost and complexity. Audit schedules become harder to arrange when they require both remote and on site work. Travel is still required, though often in shorter bursts than traditional on site audits.
Competence Requirements for Remote Auditors
As remote auditing has become more rigorous, the competence requirements for auditors have increased rather than decreased. An auditor who can conduct effective on site audits is not automatically competent to conduct effective remote audits. Remote auditing requires additional skills in technology use, virtual communication, and evidence gathering in constrained circumstances.
Specifically, auditors conducting remote audits should be competent in video conferencing platforms, screen sharing, document management and display, and recording technology. They should understand the limitations of their technology and have fallback options when technology fails. An auditor who relies entirely on video conferencing and has no plan for what happens if the video call drops is not adequately prepared.
Auditors should also be more competent in interview techniques for remote contexts. This includes the ability to establish rapport through a screen, to phrase questions clearly when you cannot rely on body language to show that you've been understood, to notice when an answer seems rehearsed or inauthentic, and to probe effectively within the constraints of a formal video meeting.
Auditors should be competent in evaluating recorded evidence. If the organisation provides a video showing a process, the auditor must be able to assess whether the video is authentic, representative, and genuinely shows what the organisation claims. This is more subtle than it sounds. A perfectly filmed and narrated video might not actually represent normal operations. An auditor needs to ask questions like: "Is this how it typically happens, or is this the best case scenario?" and "How often does this process occur?" and "Can you show me an actual work order from this week that went through this process?"
Certification Body Guidance on Remote Auditing
Major international certification bodies have issued detailed guidance on remote auditing. These organisations, which conduct third party audits for organisations seeking ISO certification, now explicitly state which types of audits they will accept as fully remote and which require at least some on site presence.
Most certification bodies will now accept initial surveillance audits (the routine annual or two yearly audits conducted after certification is granted) as fully remote if sufficient evidence can be gathered. However, initial certification audits and recertification audits typically require on site presence, at least for part of the audit. Some bodies require a full on site audit for initial certification but accept blended approaches for surveillance audits.
For internal audits within organisations, there is no requirement from the standards that they be on site or remote. However, organisations should make deliberate decisions about which audits require on site presence based on what needs to be verified. An audit of administrative functions like management review effectiveness, document control, or contract review can often be fully remote. An audit of operational processes, manufacturing, facility conditions, or occupational health and safety usually requires on site work.
Documentation and Records in Remote Audits
Remote audits create a different documentary footprint than on site audits. Because much of the interaction occurs through video or online platforms, auditors should ensure that their working notes, evidence gathering, and key findings are thoroughly documented. An auditor's verbal observations during an on site audit might later be reconstructed from the audit report. In a remote audit, if something important wasn't documented in writing at the time, there's less likelihood that the auditor will recall it accurately.
Auditors should maintain detailed records of which documents were reviewed, on what date, and what was observed. If a video recording was made, the auditor should note key findings from that recording. If interviews were conducted, the auditor should document key questions asked and responses received. This documentation should be specific enough that the auditor could reconstruct the audit and justify their findings without relying on memory.
The organisation being audited should also expect that the auditor will request more detailed documentation than they might in an on site audit. This is because the auditor cannot supplement documentary evidence with direct observation. Planning documents, work instructions, training records, quality records, environmental records, incident reports, and corrective action records should all be assembled and made readily available before or at the start of the audit.
Communication and Engagement
One significant change is the increased importance of clear, documented communication between the auditor and the organisation before, during, and after the audit. On site audits allow for ad hoc clarification and adjustment. Remote audits must be planned more precisely because all interaction occurs in scheduled sessions.
The auditor should provide the organisation with a detailed plan in advance. This should include the scope of the audit, the audit objectives, the dates and times of planned sessions, the areas that will be covered, the people who should be available, and the documents or records that should be assembled. The organisation should have the opportunity to ask questions and clarify what's required before the audit begins.
The opening meeting, whether conducted on site or remotely, should clarify expectations and address any concerns the organisation has about the audit methodology. If the audit is fully remote, the opening meeting should explicitly confirm that the auditor has explained the methodology and that the organisation understands and agrees that a remote audit is appropriate. The organisation should understand that certain limitations exist (for example, the auditor cannot observe the facility) and that this may affect the scope or timeline of the audit.
Follow up and Verification of Corrective Actions
Remote auditing has also changed how auditors verify that corrective actions have been implemented. On site, an auditor can often see the results of corrective actions in person. In a fully remote context, the auditor must rely on records, photographs, or video evidence that corrective actions have been effective. Managing corrective actions after an ISO audit in a remote context requires that the organisation provides clear documentary evidence of what was done.
Best practice is that the organisation should submit photographic or video evidence of corrective actions, along with records showing the action was implemented (purchase orders, work orders, training records, process changes, etc.). The auditor should then verify this evidence through a follow up session, either remote or on site. If the original audit was fully remote, many auditors now schedule at least a brief on site visit to verify that major corrective actions have genuinely been implemented, rather than relying solely on submitted evidence.
Practical Advantages and Disadvantages of Remote Auditing
The advantages of remote auditing are clear: reduced cost, less disruption to the organisation, easier scheduling across time zones, and the ability to include auditors who cannot travel. For auditing administrative functions, compliance with documentation requirements, and process knowledge, remote auditing is often as effective as on site auditing.
The disadvantages are also clear: inability to observe the actual work environment, reduced ability to establish rapport with personnel, difficulty in verifying behaviour against policy, technology failures, and the constraint that all interaction must occur in scheduled sessions rather than ad hoc observation. For auditing operational processes, occupational health and safety conditions, and environmental compliance, remote auditing has significant limitations.
The emerging consensus is that most audits should include at least some on site component. A purely remote audit is appropriate only when the audit scope is limited to administrative, documentary, or knowledge based matters, and when the organisation and auditor have explicitly agreed that this approach is adequate.
Audit Workshop offers accredited ISO auditor training at Foundation, Internal Auditor, and Lead Auditor levels for ISO 9001, ISO 14001, and ISO 45001. Our courses are Exemplar Global recognised and include practical exercises, case studies, and assessment support.








