On-site audits no longer the only option for nuclear sector

When the Covid-19 pandemic hit, it threw all of us into undertaking new ways of working to ensure the business could remain up and running. I work specifically in the nuclear sector as Audit Manager at the Devonport Royal Dockyard Ltd in Plymouth, and before the pandemic, all auditing was completed entirely on site, face to face.  

Although at Devonport Royal Dockyard a high percentage of employees were considered key workers, this did not mean we could continue to audit on site as we normally would. It meant we had to adapt quickly to auditing remotely, which had its challenges given we work within the defence industry.  

Challenges 

The standard definition of remote audit is one that is performed without an auditor physically present at the site of the third party. Within the first three months of the pandemic, I created a remote auditing support document to benefit the auditor and auditee with key guidance. This included information on security restrictions, systems to use, how to prepare, and also highlighted the need to expect possible time challenges in undertaking the audit remotely. 

Given the heightened security restrictions we have on our site, we are unable to use camera or drone technology and, where these restrictions are in place, audits had to be de-scoped to allow us to undertake a remote review.

Given the security restrictions we have on our site, we are unable to use camera or drone technology and, because these restrictions are in place, remote audits cannot be undertaken to their full potential.  Auditing on-board vessels was significantly reduced. Previously auditing on-board, or around the dockside would have been a regular occurrence, with the audit programme averageing around 150/audits year, auditing conformance to customer contractual requirements. There is limited space on-board a warship or submarine and so only critical workers with suitable PPE and risk assessments could continue as normal. Where audits couldn’t be undertaken on a vessel, some audits were cancelled, but the majority had the scope reviewed so that an audit could be conducted remotely. 

A surveillance audit was carried out by a third party during the pandemic, which meant taking on a hybrid approach to being audited. In this case, we were audited remotely, with minimal onsite presence. There are restrictions in place that mean we cannot share information above a certain level with the audit bodies using remote platforms. This meant information could not always be evidenced, which was a huge challenge. The same challenges still exist, and to mitigate this in future, onsite audits will need to be conducted in specific areas. 

The hybrid approach to auditing from a third party proves more challenging than internal audit, as we can manipulate scope for internal audits to suit whether they are on site or offsite. Further mitigation for ease of third-party remote auditing is the implementation of security aspect letters, a document that defines the security contractual conditions, which allow information to be shared, where these agreements are in place. 

Lessons learned 

One thing I’ve learned, along with many other auditors, is to be more adaptable and flexible. De-scope an audit if you think it is unachievable to audit it remotely. Learn to be more patient – allow a grace period for evidence to be provided.  

The positives of a remote audit in this sector are that there is minimised travel time, and less planning involved; working on a dockyard that is three or four miles long means it takes time to get to an audit.  

Negatives that we have found when remote auditing in this sector are that it can take longer overall to undertake the audit as you are relying on the timeliness of auditees, and following up on documentation can take time. 

Restrictions of reviewing evidence over an online platform such as Microsoft Teams can cause an issue because of the security requirements, which is why the hybrid approach now works well. Technical glitches can stop the flow of any audit, from which it can be difficult to recover. Also, as auditors, we rely very much on reading facial expressions and body language to ascertain a response to a question – difficult if auditing remotely. A key skill of an auditor is to build up a rapport with auditees, which allows for future relationships. However, this can be much more difficult over the phone or online. 

Non conforming outputs appears to be the same with remote auditing in comparison with pre-pandemic levels, but it does take longer to close Non-Conformances without regular on-site presence. Calls and emails can easily be ignored; physically turning up for a chat to the office, certainly has its benefits when you are struggling to garner a response. 

Although we as a company have recently removed all Covid-19 restrictions, the hybrid approach to auditing will continue to work for Devonport Royal Dockyard, as audits can be planned to suit any audit topic, area or security restrictions. If an area can be audited remotely, then great, but if we can go on site and audit, then we should do so.