Historically, auditors spent weeks out in the field holed up at the headquarters of the company undergoing an audit. However, sparked by the onset of the COVID-19 pandemic, which forced many companies to go remote essentially overnight, a growing number of firms are opting to remain remote, or at least hybrid.
Thanks to advancements in technology — such as cloud-based solutions, teleconferencing, data-sharing platforms, and drones with cameras — remote audits are possible as long as the right tools and policies are in place.
How do you develop a remote audit policy?
When developing a remote audit policy, it is important to plan, set expectations, and be intentional. This means being intentional as to what remote work will look like, which processes will be in place, and the technology that will be leveraged.
Remote work is not simply an electronic version of the traditional, manual processes. The policy must provide a clear roadmap of how the audit team will operate to achieve success.
“We’re not paving a cow path with remote work. You really want to think about it like building a new freeway, which requires thought. It requires planning, and it requires a feedback loop to make sure we have processes in place that work for everyone, said Stephanie Lanke, Senior Accounting and Auditing Consultant at Thomson Reuters.
When developing a remote audit policy, factors to consider include:
- What technology will be used? Is there room to bring your own devices (BYOD) and what does that entail?
- What are the procedures to ensure that appropriate permissions are obtained?
- Which processes, sites, and activities can be audited remotely?
- What are the security and privacy protocols for any software that may be used?
- What is the availability of both staff and clients? Set those guidelines.
What should be included in a remote audit policy?
A remote audit policy should outline what technology will be used and how it will be used in such areas as document reviews, site reconnaissance, and remote interviews.
Ensuring that documents can be securely and effectively accessed is critical. A policy should outline which client documents should be sent ahead of time, how the documents will be sent, and in what format.
This helps ensure that data remains secure and audit teams have timely access to the documents they need. The sooner auditors can begin reviewing documents, the better.
As it relates to document access, consider the following:
- How will documents be accessed? Outline the protocols for a secured file sharing site.
- What should be listed on the advance document request list?
- Are there file folders for each of the processes included in the audit scope so documents can be easily located and reviewed?
- How should documents be named and/or numbered so they can be easily located?
- What is the preferred digital format?
- Is there a “living” document request/delivery list on the shared file site?
This is, perhaps, one of the most challenging aspects of a remote audit. In a remote audit, auditors may not be there to physically check the client’s inventory. Therefore, the audit policy should address the technology that will be used, and how it will be used, for site reconnaissance.
For instance, what technology will the team leverage for live walkthroughs (i.e., two-way communication technology like live streaming)? How and when will the firm use drones or company cell phones for video and digital photographs in remote inventory observations?
Additional factors to keep in mind:
- What are the procedures for testing technology and ensuring adequate Wi-Fi connections?
- Is there an onsite facilitator to help resolve any technology-related problems?
- What are the methodologies for the remote viewing of video?
- The use of digital devices likely requires special permissions. What are the procedures for obtaining those permissions?
Thanks to technology, remote interviews can be conducted similarly to in-person interviews.
For example, video conferencing technology, like Zoom or Microsoft Teams, enables auditors to see the client and pick up on non-verbal cues. Screen share can be used to help with observations, walk-throughs, and testing access controls.
Therefore, the remote audit policy should cover the procedures and technology to be used in managing and conducting remote interviews.
How do you manage a remote audit team?
When managing a remote audit team, it is important to ensure managerial support, sustain firm culture, and promote well-being. While working remotely can have its benefits, it can present some challenges like increased feelings of isolation and falling victim to always “being on.”
To help better manage a remote audit team and mitigate employee burnout, consider the following:
Hold regularly scheduled stand-up meetings. This can be a great way for remote staff to remain engaged and share the status of their work. These meetings also present an opportunity to celebrate small wins and promote accountability and preparation. “
It’s a quick moment of day, first thing in the morning, to align the goals, avoid distractions, and to make sure that everybody is properly prioritizing,” Lanke said.
Other opportunities for managing a remote audit team:
- Establish the best method for facilitating communication between team members. This could include email, instant messaging, video calls, etc.
- Determine which channel/tool should be used for which kind of communication.
- Encourage a healthy work-life balance. This includes taking breaks, exercising, setting realistic deadlines, creating a work schedule, and prioritizing work.
Remote audits are here to stay. Take steps now to have the right tools and remote work policies in place for success.
Learn more about how to manage a successful remote audit with our white paper, Remote audit best practices. Explore cloud-based engagement software, remote audit techniques to perform better engagements, and best practices for managing both remote audits and remote audit teams.