Feasibility and prospects for the use of digital technologies in the audit of a testing laboratory

. Confirmation of the testing laboratory competence is a necessary condition for ensuring the high quality of its functioning. Currently, the competence check of the testing laboratory is organized through the quality management system (QMS) audit procedure based on the requirements of the legislation. Distinctive features of the present time have determined the necessity to move from traditional formats of QMS audit to remote audit using digital technologies. Thus, the study focuses on the features of remote audit, the main factors determining the effectiveness of its implementation, the analysis of remote audit possibilities when checking the competence of the testing laboratory and development of a program for its implementation. The stages are defined and their characteristics are given for conducting a remote audit when checking the competence of the testing laboratory. On the basis of a risk-oriented approach, key stages and tasks are defined when using digital technologies during remote audit.


Introduction
In order to regularly obtain official recognition of the testing laboratory competence, it is necessary to confirm the capability of the laboratory activities through passing of competence checks, including internal audit of the organization and external audit implemented by the inspection body.The rapid digitalization of the Economy, as well as the requirement to withstand various global challenges, such as epidemics, political and economic instability and related restrictions has become the basis for remote audits.Remote audit (RA) is one of the innovative approaches that have gained popularity, focused on solving audit problems using digital technologies and providing an increase in the enterprise efficiency.
Based on all the above mentioned reasons, and also taking into account the lack of the legislative documents regulating the procedure for conducting a remote assessment during the audit of the testing laboratories, it became necessary to analyze the possibilities of conducting a remote audit and develop a methodology for its implementation when checking the competence of the testing laboratory.

Overview of the situation in the subject area
Despite the fact that most of the Russian authors works in the field of audit are devoted to traditional internal audit, in recent years there have appeared publications devoted to the topic of remote audit as an approach for solving internal audit problems.
Works [1,2] consider theoretical aspects of remote audit.Authors in [3] observe the methodological approach for conducting RA of QMS when checking compliance with the requirements of the standards governing the functioning of the organization QMS; they give recommendations for drawing up an audit plan.The key issues of the work [4] are the organization of RA and the need for special training of expert auditors to conduct inspections of the production state and production management systems.
A significant part of works in the field of RA belongs to the foreign scientists.The work [5] presents the influence of RA methods on the quality and effectiveness of the audit.The study [6] is devoted to the issues of introducing new technologies into the internal audit processes and fundamental rethinking of the internal audit paradigm on this basis.New approaches to the audit of innovations as part of internal audit are discussed in the article [7].
The study [8] presents the issues of the digitalization impact on audits, in particular, the audit of reserves.The study [9] covers the conceptual foundations of risk-based audit.Works [10][11][12][13][14] present various aspects of RA when using cloud storage, including decentralized cloud data audit, as well as the use of blockchain technology.
However, when describing the contribution of foreign researchers, we should note that the results obtained by them are mainly applied to enterprises that have an extensive network of branches in various countries.
Nowadays, the issue of introducing RA for Russian testing laboratories is under development.Therefore, the study focuses on the analysis of possibilities of RA conducting and the prospects for its application to improve the effectiveness of the organization QMS.

Task setting and solution methods
The study focuses on the activities of testing laboratories that carry out a set of works to assess the conformity of products for compliance with the requirements of the Technical Regulations of the Eurasian Union TR EAEU 038/2016 "On the safety of attractions" and TR EAEU 042/2017 "On the safety of equipment for children playgrounds".
Requirements for participants in the confirmation of competence in the national accreditation system are defined in the Federal Law "On accreditation in the national accreditation system" dated December 28, 2013 No. 412-FZ.In addition, in the Russian Federation, when conducting an external audit by an inspection body, Decree of the Government of the Russian Federation No. 2050 establishes the procedure for testing the competence of a testing laboratory, which includes an assessment of the conformity of an accredited person in the format of a documentary assessment and field assessment.According to the provisions of the document, field assessment can be carried out remotely.
An important document containing the accreditation cri-teria, the fulfillment of which allows to successfully pass the competence test procedure for accredited persons, is the Order of the Ministry of Economic Development of the Russian Federation dated October 26, 2020 N 707 "On approval of accreditation criteria and a list of documents, confirming the compliance of the applicant, accredited person with the accreditation criteria".The accreditation criteria themselves can be divided into three blocks in accordance with the requirements: • Criteria connected with technological infrastructure and regulatory basis; • Criteria related to the personnel competence; • Criteria for the QMS of the laboratory, which include requirements for the availability of a QMS that complies with GOST ISO/IEC 17025-2019 and the availability of a documentation management system.After analyzing the regulatory requirements, we can say that the proficiency testing procedure includes such an important stage as field conformity assessment, which is carried out by independent experts and presents an external audit, which in modern conditions can be carried out remotely.But the procedure for conducting remote evaluation is not defined.
The solution of this problem requires the development of a RA program based on the systematization of conducting RA features when checking the competence of a testing laboratory [16] and taking into account the factors influencing the organization of conducting RA QMS and the results obtained [15,17].

Results of the study
The features of conducting RA when checking the competence of a testing laboratory include: • Definition of RA methods; • Assessment of risks and opportunities associated with the use of RA methods and digital technologies; • Selection and provision of information and communication technologies; • Assessment of the requirements related to the activities of the testing laboratory (in particular, the possibility of using remote audit methods); • Availability of competence of auditors and personnel of the audited laboratory on the application of RA methods; • Assessment of the impact of the application of RA methods and relevant information and communication technologies on the integrity of the audit; • Analysis of the applicability of RA methods to obtain accurate conclusions and audit reports, based on the specifics of the testing laboratory.Based on the traditional and remote audit comparative characteristics analysis, it is possible to determine the factor space for introducing RA into the audit system.All factors can be divided into those having a positive impact on the organization of the RA procedure and limiting factors.
Limiting factors are associated with the presence of barriers to the full-scale introduction of RA and its further implementation on a regular basis, they include: the presence of manual operations; paperwork management; the need to improve information systems intended for storage, search and processing of information; incomplete information, incompatibility of data formats and others.
Positive impact factors determine the benefits that arise from the introduction of RA, this is the transition to continuous monitoring of processes; increase in the number of subdivisions, functions, parameters checked with the help of RA; increasing the efficiency of the audit through the use of IT tools; increasing digital competencies and skills of employees of audited organizations and auditors; improving the quality of reporting materials.
To identify the possibilities of conducting RA in the testing laboratory, we will evaluate the effectiveness of the quality management system of the laboratory.Performance evaluation enables the laboratory to determine the level of compliance with its established requirements, identify actual non-conformities and eliminate them before an external audit is carried out.We have identified ten criteria (Table 1) to evaluate the performance, characterizing the testing laboratory productivity, and their quantitative indicators by the expert method.Comparison of the average of all criteria with the established values enabled to establish a high degree of effectiveness of the laboratory management system.The found indicator of effectiveness may mean that the activities of the laboratory meet the established requirements and allow it to successfully carry out its activities, and, as a result, successfully pass the competency test.
Not all of the listed criteria for evaluating the performance of an organization characterize the readiness to conduct RA.In other words, an organization may be ready for a traditional audit but fail to pass the RA.
The criteria for assessing the possibility of conducting RA include the criterion for personnel competence (P1) and the criterion for the suitability of equipment (P3).These criteria must be determined first.And only after confirming the high actual value of these indicators, it is possible to proceed to the calculation of the values of the remaining criteria.If one of the criterion for assessing the possibility of conducting RA has an unacceptable degree of effectiveness, then conducting RA is impossible.
The procedure for confirming the competence of the testing laboratory consists of the following steps: • Holding a preliminary meeting; • Submission of an application for accreditation and the documents attached to it to the national accreditation body; • Adoption by the national accreditation body of a decision based on the results of the application for accreditation and the documents attached to it; • Documentary assessment of the testing laboratory by the national accreditation body; • Field assessment of the testing laboratory conformity; • Registration of the procedure results for confirming the competence of the testing laboratory; • Information submission to the unified register of accredited testing laboratories and certification bodies by the national accreditation body.Remote examination is carried out in accordance with the Remote Assessment Program within the framework of the field examination, developed in accordance with the requirements of GOST R ISO 19011-2021 and based on risk assessment while planning and preparing a remote audit.
The RA program for testing the competence of the testing laboratory includes an action plan; each item of the plan differs from its implementation in the traditional format (Table 2).Based on the results of a documentary and field (remote) assessment, an expert group appointed by the accreditation body draws up an Expertise Report based on the results of a remote audit when checking the competence of the testing laboratory, which reflects the implementation of the points of the developed Program.
Despite the fact that the benefits of implementing RA are clear, the consideration and application of RA requires risk assessment to ensure that the audit objectives and conclusions are reached.
As a rule, audit companies begin their risk assessment with a preliminary analysis of the organization and QMS elements to be audited, and provide the audit company with initial information about the level of risk.This level of risk is associated not only with access to documents, premises and personnel of the organization, but also with the technology that will be used for RA.Identified risks are assessed by auditors to ensure that action is taken to mitigate risks and ensure a successful and compliant audit.
The main digital technologies used in the audit include video communications, hardware, cloud technologies, remote access to electronic databases, telemetry, e-mail, platforms for the exchange and processing of textual information, photo, video, audio and other digital information, antivirus and encryption software.
Once the risk assessment is completed, a remote audit program needs to be developed.It should be borne in mind that planning a remote audit is much more difficult than a field audit: it is necessary not only to form an audit sample correctly, but also to evaluate what audit procedures can achieve the audit goal, given the current level of technical and digital development of the audited organization.When planning a remote audit, it is important to note the video platform used meets all the requirements for identification procedure.It is necessary to take time to enter the video platform and check video access, working speakers and microphones.
Further, as a rule, before the date of the field audit, the auditor requests a review of the policy, documented procedures and other documents confirming the implementation and functioning of QMS, and these documents are provided during the interview.As part of the remote audit planning process, it is easier to request these documents prior to the audit date to give the auditor time to review the documents.It also saves time for both the auditor and the auditee.
When assessing the QMS, it is necessary to organize a reliable transfer of information through online recording or pre-filmed operations and processes.In both cases, additional risks also arise due to technological features, noise levels and, of course, the human factor (both the personnel who take picture and the personnel involved in the implementation of the processes).
In a remote audit environment, special backup planning is needed in case of a video platform failure Wi-Fi outage; mainly if the audit objectives cannot be achieved.
Ergonomics is an important element of conducting remote audits, which many auditors do not take into account during field audits.It is important to create breaks during the day for both the auditor and the auditee.
Answering the question: is remote audit a temporary measure or a technology of the future?We can note that the digitalization of business processes will increasingly transfer audit activities to a remote format, but it is obvious that it is impossible to completely distance oneself from the objects of audits and fully automate expert activities.A balance needs to be struck between traditional and remote auditing.
For testing laboratories, the following regime has been established for conducting proficiency testing within 5 years: after 2 years -after 2 years -after 1 year.In this case, the first two checks can be carried out remotely, taking into account all the features, and the final check must be carried out internally.

Gained results and conclusion
Below we present the main results obtained in the course of the study.
The analysis of the research works of Russian and foreign authors showed that the issue of introducing RA in Russian enterprises has not yet been sufficiently studied, and the experience of foreign colleagues must be adapted to the conditions of Russian legislation and the specifics of the activities of Russian enterprises.
The features of RA implementation are formulated and the factor space of RA implementation is determined.
We have proposed the approaches for identifying the possibilities for conducting RA in a testing laboratory based on the assessment of the effectiveness of the laboratory quality management system.
A RA program has been developed for testing the competence of a testing laboratory using digital technologies.
The key risks of using digital technologies during RA are identified.It is noted that, in general, the remote audit process can be successful through careful planning, the application of a risk-based approach and successful communication between all participants in the audit.The RA planning stage is the most significant for ensuring the achievement of the audit objectives, the main tasks that must be solved at this stage are given.As a development of the issues under consideration, it is possible to propose the creation of a single platform for conducting RA, which will avoid the problem of incomplete information and incompatibility of data.At the legislative level, remains the task to develop regulatory documents that determine the possibility of conducting RA, including digital technologies using, and reflecting the specifics of the organization of the procedure, the procedure for interaction between the audit team and the audited organization, compiling reporting documents and signing them with an electronic signature, assessing the competence of persons involved to the RA procedure.

Table 1 .
Criteria for the assessment of the testing laboratory performance

Table 2 .
List and characteristics of measures for carrying out a remote audit when checking the competence of a testing laboratory