The Art of Remote Auditing

A hand typing on a laptop
Author: Ayseli Sen, CISA, CRISC, CFE, CIA, CPA, CRMA and Farah Sammour, CISA, CRISC
Date Published: 1 July 2025
Read Time: 10 minutes
Related: Destination: Agile Auditing

Remote audits have become the post–COVID-19 norm as employees around the world continue to work in a hybrid or fully remote environment. Although there are many benefits to a remote approach, it may cause auditors to experience communication challenges, fewer interpersonal interactions, decreased opportunities for on-the-job training, security concerns, and higher costs of technology. These factors contribute to two of the most significant challenges in remote auditing: enabling key relationships and accessing information.1

While remote audits pose new challenges, they also have numerous benefits, including decreased costs of travel and office space, flexibility in work-life balance, the ability to hire talent beyond a limited geographic region, and the potential for increased productivity thanks to time gained.

Remote auditing has transformed the way audits are performed, and with some adjustments, it is possible to conduct them productively. There is value to be gained from exploring suggestions for successfully navigating remote audits.

Strategies for Successful Remote Audits

Conducting remote audits requires some adjustments to ensure success. During the COVID-19 pandemic, employees demonstrated that audits could be conducted remotely in a productive and efficient manner. Despite many return-to-office mandates, employees have emphasized the value they place on the ability to work remotely. The auditing profession has already seen a decline in the number of graduates choosing an auditing career, so attracting and retaining talent are concerns for many enterprises.2

Remote auditors must continue to follow the necessary audit guidelines, even though the format of obtaining evidence and the method of execution may be different than a traditional audit. For example, the Institute of Internal Auditors (IIA) Standard 14.6 outlines requirements for engagement documentation and the need for the ability to reperform the audit work that supports the audit conclusions.3 Similarly, the Public Company Accounting Oversight Board (PCAOB) Auditing Standards (AS) 1105: Audit Evidence calls for sufficient appropriate audit evidence that will support the audit opinion.4

To conduct more valuable remote audits, enterprises should consider several tactics.

Embrace a Digital Protocol
The common audit techniques of inquiry, inspection, observation, confirmation, recalculation, and reperformance can all be conducted remotely (figure 1). For example, when conducting walk-throughs to assess control design, screen sharing can provide the auditor with a detailed understanding of the process and associated evidence. If organizational policy allows meetings to be recorded, this permits the auditor to focus on reviewing the process rather than taking notes to document it. The recording can be played back later to document the evidence. In addition, when many stakeholders are involved, virtual meetings may be easier to manage than in-person meetings, as virtual participation allows greater flexibility in scheduling.

Figure 1—Comparing Standard vs. Remote Audit Procedures

 
Activity Recalculation Remote Audit Procedure
Inquiry In-person Email, survey, virtual meeting
Inspection In-person review of physical documents Electronic document inspection, screenshare
Observation In-person Screenshare, virtual meeting
Confirmation Confirmation via mail Email confirmation with digital signatures
Recalculation Physical/electronic support Electronic support; continuous auditing via script/automation
Reperformance Physical/electronic support Electronic support; continuous auditing via script/automation

Shift to Digital Evidence
Virtual auditing has forced a shift to digital evidence. Gone are the binders filled with accounting reconciliations and other printed evidence with manual signatures. Digital signatures and email evidence are now acceptable. When obtaining screenshot evidence, auditors generally require inclusion of the date and time to verify when the screenshot was taken. With remote auditing, the emphasis is on ensuring that the evidence is properly retained and managing access to it so that evidence is protected from unauthorized modification.

Audit teams can send out surveys via a governance, risk, and compliance (GRC) audit platform tool to gather the information needed for the audit (e.g., process narrative updates, year-end inquiries to identify any changes in processes, process owners, or systems). This saves a significant amount of time compared to conducting meetings to collect this information. This method has also been well received by auditees.

Manage Audit Requests
As many auditors know, a common struggle is obtaining audit evidence in a timely manner. Following up on requests for information may be easier to do in person, so remote auditors need to be persistent in managing audit requests. A timeline for escalating unfulfilled requests should be established and communicated to the team.

Thriving in the Remote Workplace

In addition to implementing the recommended remote audit strategies, enterprises and auditors alike can benefit from reinforcing their commitment to remote workplace best practices.

Maintain Communication and Engagement
Less experienced audit team members may find it challenging to master their job duties in a remote environment. They may also feel that they are lacking mentorship. To combat the feelings of isolation that can result from working on a remote team, communicating and maintaining periodic touchpoints are key. This can be accomplished by having one-on-one meetings with direct reports as well as team meetings. Being on camera with team members adds a more human touch, but this needs to be balanced to avoid Zoom fatigue, or the pressure of being on camera all the time. An annual in-person meeting to give teammates the opportunity to meet face-to-face can be helpful. To replace the impromptu watercooler conversations that happen in the office, many teams utilize group chats.

Communication with auditees is also important, and in-person meetings can easily be shifted to a virtual format. Kickoff meetings, status meetings, walkthrough meetings, and exit meetings can be conducted virtually. Alternatively, in some cases a survey may be utilized to collect the necessary information. Cloud sites, such as SharePoint, can also be utilized to collect audit evidence.

Set Boundaries
Although some remote workers have expressed concern about blurred lines between work life and home life, establishing a daily routine and having a space devoted to work can help. Remote workers should be conscious of start and end times for working hours. Core hours when employees are expected to be online, based on their time zone, should be defined. Additionally, separate devices should be utilized for personal and work use. With the decrease or elimination of travel for conducting audits, enterprises benefit from a significant decrease in travel costs and employees enjoy a better work-life balance.

Establish Virtual Meeting Protocols
It is important to establish protocols for virtual meetings. For example, it may be necessary to remind team members that it is not acceptable to participate in a video call while in public, given background noise and distractions, even if they mute the microphone when not speaking. In addition, taking virtual meetings in public places can put the confidentiality of sensitive information at risk. Remote auditors need to be mindful of the conversations they have in public locations.

Enhance Security and Technology Efficiency
Remote work has forced enterprises to invest in enhanced security in the form of virtual private networks (VPNs), multifactor authentication (MFA), and data loss prevention (DLP) software to monitor and protect sensitive information. Adequate internet speed is also required. Additionally, there is a risk that remote workers may not connect to the network and may fail to receive patches and updates. Other frustrations include remote workers being unable to connect to home printers and remote password reset issues due to security restrictions.

Because of the fear of being unable to protect enterprise data, most of the data on local laptops is backed up to the cloud. Enterprises have no control over how their remote employees maintain the physical security of their laptops. For example, if employees are traveling, they should utilize a privacy screen to keep enterprise data confidential. The printing of data may also be a cause for concern. These security issues hinge on fostering employee trust and ensuring that they are familiar with enterprise policies. Enterprises should conduct awareness training for employees regarding their privacy and cybersecurity policies at least annually.

Limitations of Remote Audits

In some cases, a virtual audit may not be ideal or even possible. For example, a physical inventory may require the auditor to be onsite to ensure that all items in a warehouse are counted, to observe warehouse personnel counting the inventory, and to count items stored in multiple locations. Often, there is not an adequate internet connection in a warehouse environment.

However, it may be possible for auditors to virtually inspect data centers in various geographic locations. Technicians at the data centers can show the remote auditors that the various required items on their checklist are present (e.g., inspection tag on the fire extinguisher, fire detection and suppression systems, computer room air conditioning, locked cabinets, security cameras).

These security issues hinge on fostering employee trust and ensuring that they are familiar with enterprise policies. Enterprises should conduct awareness training for employees regarding their privacy and cybersecurity policies at least annually.

The Use of Guest Auditors

Many enterprises are under mounting pressure to reach cost savings goals, resulting in restrictive travel policies. For many, travel is not considered essential unless it directly supports sales, is critical to operations, or contributes to business development opportunities that drive revenue and help achieve strategic goals. As an alternative, the use of guest auditors may be employed to perform remote internal audits. Key considerations include:

  • Selection of the guest auditor—The selection process will depend on the qualifications needed to complete the audit. Identify an individual that offers subject matter expertise in the area to be audited, a high-performing employee looking to gain insights into other business areas, or merely a qualified employee at the audit location who can make observations or complete an audit checklist on behalf of the audit team.
  • Physical proximity to the entity to be audited—The location of the audited entity will determine the feasibility of utilizing guest auditors. Cost savings achieved should be weighed against value gained or lost by not engaging existing internal audit team members and related benefits and disadvantages should be evaluated.
  • Time frame for auditor involvement—The audit manager must ensure that the time frame for the guest auditor is adequate for achieving audit objectives. Guest auditors must have documented approval from their current manager. The typical guest auditor role lasts approximately 4-6 weeks and should be focused on specific tasks to mitigate interference with typical day-to-day activities.
  • Independence or potential conflicts of interest—Guest auditors should be required to disclose any potential conflict with the process under review. Ideally, a guest auditor should not audit a process they were directly involved with within the past year.

Guest auditors should be supervised similarly to managers’ direct reports. Additionally, they should receive appropriate training on internal audit methodologies and audit approaches to ensure successful execution of the audit.

Managing the Virtual Audit

The virtual audit has forced leaders to alter their management style. Instead of making a sweep to see who is in the office and at what time, or monitoring when employees are online, the emphasis is on on-time audit deliverables. This model requires thoughtful check-ins to gauge the audit status, clear communication, and an understanding of expectations. Most audit teams utilize a GRC tool, enabling them to easily monitor progress and run status reports. The audit manager may need to require that the team work in the tool directly in real time, rather than working outside the system and uploading the work when it is complete.

Conclusion

Changes to the digital world are swift and arguably constant. Auditors must continue exploring how to become more efficient by challenging traditional audit methods. For each audit engagement, the audit team should consider its geographic location and associated risk to determine whether an onsite or remote procedure would be more appropriate. For high-risk areas, the audit team may justify performing the audit onsite, whereas low risk areas may be audited remotely. International locations are more costly to reach, meaning a remote approach may be more cost-effective. Remote audits will require modification, the establishment of guidelines, and management’s enforcement of expectations. With the decline of graduates entering the auditing profession, attracting resources will become increasingly competitive. Global enterprises with locations spread over a wide geographic area with different time zones are already forced to rely on remote interactions, and this trend will continue. Adapting to remote audits is not just a necessity; it is a strategic advantage, allowing the auditor to move between onsite and remote options more fluidly. By proactively addressing these changes, audits can be enhanced while supporting the dynamic needs of the workforce.

Endnotes

1 Internal Audit Foundation, The Remote Auditor: Challenges, Opportunities and New Ways of Working, 2021
2 Kenney, A.; ”How Academia Is Tackling the Accounting Talent Shortage,” Journal of Accountancy, 1 September 2024 
3 The Institute of Internal Auditors, Global Internal Audit Standards, 9 January 2024
4 Public Company Accounting Oversight Board, AS 1105: Audit Evidence

AYSELI SEN, CISA, CRISC, CFE, CIA, CPA, CRMA

Is a senior director of internal audit at Windstream in Rochester, New York, USA.

FARAH SAMMOUR, CISA, CRISC

Is a director of internal audit at Frontier Communications in Rochester, New York, USA.