Onsite Visits vs. Remote Audits

by Joseph Kirkpatrick / August 23rd, 2019

When you start an audit, youā€™re looking for a quality experience in a timely manner. One of the biggest aspects of an audit is the onsite visit – but what if an auditing firm that you’re considering working with offers to skip the onsite visit in order to deliver your report faster? What if they say your internal controls don’t require an onsite visit? What if you have an entirely virtual workforce, so you don’t even have a location for an onsite visit? We encourage you to choose  quality over convenience when it comes to choosing an auditing firm, and that decision includes onsite visits versus remote audits. What are the differences between these types of audit experiences? Letā€™s talk through what a 100% remote audit looks like and the value an onsite visit brings to the audit process.

What is a Remote Audit and Why Do They Fall Short?

A remote audit is an assessment conducted entirely online with no face-to-face interaction with an experienced auditor. Audit firms that engage in 100% remote audits use electronic communication to understand an organizationā€™s internal controls.  No auditor invading your space, no time wasted during an onsite visit, no money spent on auditor travel expenses…sounds convenient, right? At KirkpatrickPrice, we believe that an onsite visit is a priority and necessity for any audit engagement. There are some things that just can’t be learned or understood over the Internet. Remote audits can only reach so far. Where do remote audits miss the mark?

  • Face-to-Face Contact: How can we accurately depict your organization if we’ve never met your staff in-person? How can we get a feel for your company culture if we’ve never step foot in your building? When an auditor issues an opinion, they are putting their name, reputation, and their firmā€™s reputation on the line ā€“ at KirkpatrickPrice, we take that responsibility seriously. On the flip side, why would you trust your organizationā€™s compliance efforts in the hands of a remote auditor who you’ve never met in-person?
  • Quality: High quality audits require attention to detail, accuracy in testing, and a thorough check of an organizationā€™s controls. To reach this level of quality, an organization needs to have an auditor on the ground observing procedures, testing controls, and interviewing employees. Remote audits fail to provide these basic aspects of a quality audit.
  • Longevity: Compliance is a journey that your organization should not have to face alone. During an onsite visit, a senior-level auditor is focused on understanding your organization and where you are non-compliant so you can begin remediation. Remote audits donā€™t allow for a full understanding of compliance because they canā€™t physically check all of your requirements and donā€™t add to the longevity of your organizationā€™s compliance.

At KirkpatrickPrice, we do use the Online Audit Manager to complete about 80% of an audit, but the other 20% of our audit process is an onsite visit for testing and verification. To get the most out of the audit process, you need to go through an onsite visit with your auditor.

What Should You Expect During an Onsite Visit?

Why should an onsite visit be included in the audit process? What can you expect when an auditor steps through your doors? How can you prepare for an onsite visit?

At KirkpatrickPrice, we begin the audit process through the Online Audit Manager to help you prepare as much as possible before the onsite visit. You will work with an Audit Support Professional to explain your controls, answer review questions, and send proper documentation to form a foundation for your onsite visit. When an auditor arrives to physically observe, review, and report on your internal controls, you can rest assured that they are focused on performing high-quality testing and understanding your organization better. An auditor will test physical security, organizational processes, personnel procedures, and any other controls that arenā€™t able to be tested remotely. The detailed onsite visit will leave your organization with the assurance that you received a quality audit and are headed in the right direction towards compliance.

When it comes to quality, one of the things that I cannot impress upon our clients enough is the importance of the onsite visit with your auditor. When our company started in 2005, we were actually the originator of the remote audit. We developed a tool called the Online Audit Manager that allowed people to work with us remotely, submit evidence, and prepare for their audit. But we never eliminated the reason for the onsite visit, which was to send one of our qualified, experienced auditors into your environment, get to know you personally, work with you and observe your processes so that we can add value and help you address the risks that you face. We never want to see these audits performed 100% remotely because you would miss that very important aspect of it. Our company recently went down to Kennedy Space Center and one of the things that we saw is how our country has been sending missions to Mars. We have the Mars Rover, for example, on that planet taking evidence and performing a site visit, if you will. Why is NASA making every effort to send humans to Mars? They said itā€™s because humans can do things that robots canā€™t do. Thatā€™s why at KirkpatrickPrice, we believe that itā€™s so important to have these expert people come and visit you and work with you, because no one else can take their place.

About the Author

Joseph Kirkpatrick

Joseph Kirkpatrick is the Managing Partner at KirkpatrickPrice and holds the CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, IT governance, and regulatory compliance. He enjoys helping our clients and stakeholders by navigating them through the complex maze of compliance and regulatory requirements.