Our Blended Audit Approach
What is a blended audit?
Prior to the global pandemic, the majority of audits conducted across the certification industry were conducted onsite at a client’s premises. During the pandemic and in order to protect the safety of staff and clients, NQA conducted the majority of audits remotely.
Whilst remote audits are effective, it is important to recognise the importance of conducting all or part of an audit onsite – there are simply somethings that cannot be audited effectively remotely. It is also important however to recognise that in some instances, there is a need or desire for a remote approach to auditing to ensure client value is received and an efficient and effective audit is conducted.
NQA are using lessons learned during the pandemic to ensure that technology is utilised in a correct and effective way audits to ensure that we provide a “best of both worlds” solution to clients - blended audits.
A blended audit is an audit that involves a combination of on-site assessment and remote assessment using IT. They are designed to enable a certification body to efficiently and effectively audit an organisation.
The content of a blended audit does not vary from a full on-site audit, nor does the allocated audit duration. You will receive the same audit duration as if it were conducted fully onsite and the audit will be conducted in just as much depth. What does differ however is the method of auditing.
Documented aspects of a management system can effectively be audited remotely, whereas specific risks and processes may need to be audited on site. For example processes such as management review and document control can be audited effectively whilst remote using IT.
Can the blended audit approach be applied to all businesses?
The suitability of a business for a blended audit approach is dependant upon multiple factors including client appetite, risk, industry and applicable standards*, which could impact the proportion of an audit being conducted on-site and remotely.
*The list below details standards where the blended audit approach is applicable:
ISO 45001 (including SSIP)
Please note: If the standard you are applying for does not feature in the list above, it doesn’t mean the blended audit approach isn’t applicable. In some instances it may not be applicable or there may be further restrictions in place.
Prior to NQA conducting a blended audit we also have to understand:
If you would like a blended audit – some organisations don’t – that’s fine!
If you have the relevant infrastructure to support a blended audit (e.g. appropriate IT capabilities)
NQA will evaluate your individual circumstances and suitability for a blended audit. A blended audit will not be permitted if the evaluation conducted by NQA identifies that the approach will be unsuitable. The evaluation is based on the information you have provided us about your organisation and your preferences
My organisation would like a blended audit, how much time can I expect to be remote?
The extent the audit can be conducted remotely is set by your organisation’s on-site rating and the type of audit you are receiving. This rating is determined at the blended audit evaluation. This is based on your activities and industry classification which are set across the certification sector. The on-site rating is either High, Medium, Low or Limited. This sets out the extent to which the audit must be conducted on-site, as detailed in the table below.
NQA will typically round to the nearest full day of on-site time.
ISO 27001 and ISO 27701 audits will not typically exceed 30% of the audit duration being conducted remotely.
The audit time permitted to be conducted remotely and may be increased or decreased depending on client system performance, organisational characterises and technological capabilities.
Should you have any questions about your audit and whether you will receive a blended audit at your next assessment, please don’t hesitate to get in touch.