Remote auditing: what it is, why it matters, and what every auditor should know

Remote auditing is no longer a workaround — it is a recognized, structured approach to auditing management systems. If you are new to auditing or thinking about becoming a management system auditor, understanding how remote audits work is no longer optional. It is part of what it means to be a competent auditor today.

What is a remote audit?

An audit is a systematic, independent and documented process for obtaining objective evidence and evaluating it to determine whether requirements are being met. That definition has not changed. What has changed is where the auditor is when conducting the audit.

A remote audit is conducted from any place other than the location of the organization being audited — the auditee. Instead of travelling on-site, the auditor uses technology: video conferencing, screen sharing, file sharing platforms, digital document review, and other information and communication tools to gather evidence, conduct interviews, and reach audit conclusions.

It is important to understand that remote auditing is not a replacement for on-site auditing. It is an additional method that can be used on its own or in combination with on-site activities. When a combination is used — part of the audit done remotely and part on-site — it is referred to as a hybrid or blended audit. Many organizations and certification bodies now use this hybrid approach as their default.

Why remote auditing has become so common

Remote auditing existed before the COVID-19 pandemic, but the pandemic accelerated its adoption dramatically. Certification bodies and organizations that had never considered remote options were forced to adapt quickly. What many of them discovered was that, for a significant portion of audit activities, remote methods worked well — sometimes better than on-site visits.

ISO responded to this shift. ISO/IEC TS 17012, the technical specification on remote auditing methods, was published in 2024 to provide structured guidance on how remote audits should be planned and conducted. The new edition of ISO 19011 — the guidelines for auditing management systems — is expected to be published in 2026 and formally integrates remote auditing guidance, drawing directly on ISO/IEC TS 17012. This represents a clear signal from the international standards community: remote auditing is here to stay.

The practical reasons for this shift are straightforward. Remote auditing reduces travel costs and time. It allows organizations to include technical experts who would otherwise be unavailable. It makes it easier to conduct audits across multiple locations or in challenging environments. It also reduces the environmental impact of audit activities. For organizations operating across different countries or time zones, remote methods often make the audit process simpler to organize and schedule.

The benefits of remote auditing

From the perspective of both auditors and the organizations they audit, remote methods offer real advantages:

Reduced travel time and cost for auditors, making it possible to conduct more audits without the burden of long-haul travel.
Greater flexibility in scheduling, particularly for multi-site audits or audits involving participants in different locations.
Easier access to technical experts, who can join remotely for specific parts of an audit without needing to travel.
Faster response time for unscheduled or short-notice audits — when a specific issue needs to be investigated quickly, a remote session can be arranged with minimal lead time.
Improved access to large volumes of documented information, since electronic records can be shared and reviewed efficiently without physical access.
Lower environmental impact from reduced travel.

The risks and limitations

Remote auditing is not without challenges. A good auditor understands these limitations and plans accordingly.

Some audit activities are difficult or impossible to conduct remotely. Physical observations of operational processes — inspecting a production facility, observing a safety procedure in action, assessing the physical condition of equipment — require an on-site presence. Remote cameras and live video feeds can partially compensate, but they are not always adequate. This is one of the main reasons why hybrid audits have become popular: the document review and interviews happen remotely, while the physical observation happens on-site.

Other risks specific to remote auditing include:

Technology failures — internet connectivity issues, platform incompatibilities, or hardware problems can disrupt the audit. A good remote audit always has a contingency plan.
Information security risks — sharing documents electronically introduces risks related to data protection, confidentiality, and the integrity of the evidence being reviewed.
Reduced ability to observe body language and non-verbal signals during interviews, which can affect the quality of certain audit activities.
The risk that the auditee controls what is being shown — unlike on-site audits where the auditor can move freely, remote audits depend heavily on the auditee providing access to the right information.
Sensory limitations — temperature, noise, odors, and physical conditions that might be relevant in certain industries cannot be assessed remotely.

None of these risks make remote auditing unsuitable — they make planning and competence more important. ISO/IEC TS 17012 dedicates significant attention to risk assessment before and during remote audits, and ISO 19011 reinforces that remote methods should only be used when they do not compromise the achievement of audit objectives.

What remote auditing means for auditors

If you are working towards becoming a management system auditor — whether for ISO 9001, ISO/IEC 27001, ISO 14001, ISO/IEC 42001, or any other standard — you need to be prepared to work in remote and hybrid environments. This is not a specialized skill for the future. It is a current expectation.

ISO 19011 is explicit about this. Auditor competence includes the ability to apply knowledge and skills to achieve intended audit results regardless of the auditing method used. That phrase — regardless of the auditing method used — is deliberate. An auditor who can only work effectively on-site is a less complete auditor than one who can adapt to remote and hybrid settings.

In practical terms, this means developing familiarity with:

Video conferencing and collaboration platforms, commonly used in audit settings.
Secure file sharing and document review tools.
Techniques for conducting effective remote interviews — how to ask questions, manage participation, and gather reliable evidence when you cannot be in the same room as the people you are interviewing.
Planning for technology failures and knowing how to adapt when a remote session is interrupted.
Understanding the information security and confidentiality requirements that apply when conducting an audit electronically.
Recognizing when a process or activity genuinely requires on-site observation and communicating this clearly to the audit client.

Beyond the technical skills, remote auditing also requires specific personal attributes. ISO/IEC TS 17012 highlights patience, adaptability, confidence with technology, sensitivity to digital data privacy, and resilience under the stress that technical difficulties can create. These are not dramatically different from the attributes needed for on-site auditing — but they manifest differently in a remote environment.

Remote, on-site, or hybrid: how the decision is made

The decision about which auditing method to use is not arbitrary. It is based on a risk assessment. The key question is whether the chosen method — remote, on-site, or hybrid — allows the audit objectives to be achieved. If remote methods introduce risks that cannot be adequately managed, they should not be used, or should be combined with on-site activities.

Factors that influence this decision include the nature of the organization's processes, the availability of electronic documentation, the technical capability of both the auditor and the auditee, the type of management system being audited, and any requirements from the certification scheme or accreditation bodies.

For example, an audit of an information security management system — where much of the evidence is inherently digital — lends itself well to remote methods. An audit of a food safety management system in a production facility will almost always require at least some on-site observation to verify that physical processes, hygiene conditions, and equipment meet requirements.

The role of ISO 19011 and ISO/IEC TS 17012

ISO 19011 is the foundational document for anyone involved in management system auditing. It covers the principles of auditing, how to manage an audit programme, how to plan and conduct individual audits, and how auditor competence is determined and maintained. The upcoming 2026 edition will formally integrate guidance on remote auditing methods, reflecting how the profession has evolved.

ISO/IEC TS 17012:2024 goes deeper on the specific topic of remote methods — covering how to assess feasibility, manage technology, maintain information security, adapt auditor competence requirements, and handle the specific challenges that arise when auditing without physical presence. Together, these two documents form the current best practice framework for remote and hybrid auditing.

For auditors, familiarity with both documents is part of building a solid professional foundation — not to memorize every clause, but to understand the reasoning behind the guidance and be able to apply it in practice.

Start building your auditing credentials

Understanding remote auditing is one part of becoming a well-rounded management system auditor. The other part is demonstrating that you have the knowledge to audit specific management systems — quality, information security, AI governance, environmental, and others.

At RIGCERT Education, we offer online training and certifications that you can earn at your own pace, with no prerequisites required. If you are working towards a career in auditing or looking to validate your existing knowledge, explore our auditor certification programs:

You can also browse our full range of certification programs to find the credential that fits your professional goals.