Remote auditing, offshoring & outsourcing: where’s the sweet spot? w/ Tom Edwards & Selvan Pillay

Budget pressures. Global talent pools. Post-pandemic working norms. In 2025, the way we deliver audit and risk work has changed. Remote auditing, offshoring and outsourcing are firmly in play. But they’re not always the silver bullet they promise to be. The challenge is balancing cost, control, and capability. 

To dig into the trade-offs, I spoke with Selvan Pillay, a Governance, Risk & Compliance leader with over 20 years’ experience spanning the Big Four, Financial Services, FMCG, logistics, and pharma. A global career that’s taken him from South Africa to the UK and now Switzerland.

In the second edition of Behind the Controls, we explore the real-world pros and cons of audit decentralisation, and what “best in class” looks like today.

Why organisations are rethinking the model

When I asked Selvan why functions make the move to outsourcing, offshoring or remote auditing, he didn’t hesitate:

“Number one is budget. Cost pressures drive the move to cheaper resources. But it’s not just cost. Expertise is another factor. AI, data analytics… you can tap up highly trained people anywhere.”

Four big drivers came up in our discussion:

• Cost efficiency – cheaper resourcing in lower-cost countries.
• Specialist skills – access niche expertise regardless of geography.
• Tech enablement – post-COVID, video calls and cloud access make remote work feasible.
• Standardisation – mature, global processes make remote testing easier.

“I’ve worked in external audit, internal audit, IT audit, and now global risk management. One thing is clear: the shape and delivery of audit must reflect the business it serves. There’s no one-size-fits-all.”

The case for remote auditing

When processes are standardised and documentation is in a common language, remote auditing can work well. But Selvan warns:

“I wouldn’t remote audit China if all the documentation is in Chinese. I’d rather do it face-to-face with a Chinese speaker.”

Best fit for remote auditing:

• Compliance or SOX testing following the same framework everywhere.
• Highly standardised accounting or reporting processes.
• Mature functions with well-documented controls.

Poor fit for remote auditing:

• Complex, localised procurement or tax audits.
• Entities with different languages, systems or cultural practices.
• High-risk or newly acquired businesses.
  
  

Offshoring: more than a postcode

I asked Selvan how he’d design a decentralised audit function. His answer? Think hubs, not scattered dots on a map.

Selvan’s advice:

• Concentrate auditors in HQ or regional hubs to avoid isolation.
• Consider time zones and travel links.
• Match skills to region: don’t send someone from Costa Rica to Japan if they’ve never worked there, or don’t understand the language or culture.

And what about the head of department?

Selvan stresses:

“You want your Head of Audit where the decisions are being made, with an ear to the ground on risks, and where strategy happens.”

This proximity to senior leadership is essential for building a risk-aware culture and driving real-time insights.

Outsourcing: when it works

We agreed outsourcing can work. But only in the right environment.

• The organisation is highly standardised.
• The work is process-driven, with little need for deep business context.
• You need scalable resource for peak demand.

It’s less effective when:

• You need risk-based, judgement-heavy auditing.
• Speed of action matters more than cost.
• Stakeholder relationships drive audit impact.
• Highly structured contracts inhibit the outsourced party’s flexibility or speed to deliver when auditing high risk areas.

Now, should auditors still travel?

Pre-2020, many teams were on the road 80% of the time. That’s changed. With tighter budgets and ESG pressures, travel is increasingly scrutinised. But Selvan believes targeted travel still plays a vital role.

“Now I’d say 40% travel is the norm for global FMCG and pharma. Acquisitions, integrations, and high-risk sites still need a full team on the ground. You can’t fully understand business nuance through a screen.”

He also adds that junior auditors or new team members learning new processes especially benefit from in-person exposure:

“Walkthroughs, learning how the business actually works, building stakeholder trust, these are hard to replicate remotely.”

Selvan’s travel rule of thumb:

• Fly for integration of new acquisitions, high-risk situations, or training junior/mid-career auditors.
• Stay put for routine, standardised audits in stable regions.

Designing your model: Selvan’s decision-making checklist

I asked Selvan how he would structure a world-class audit function today. His answer? It depends but make it intentional.

“First, understand your business: how mature it is, how standardised, how complex. Then match your audit model accordingly. Don’t offshore just because it’s cheaper. Do it because it makes sense operationally.”

He advises using shared service hubs (offshoring) for consistent, repeatable audits like SOX, ITGCs, or finance controls. But for risk-based, high-impact audits, he believes face-to-face remains essential.

When building your model, Selvan recommends weighing up:

• Organisation size – from 4 people to 100+, the resourcing model will differ.
• Culture – appetite for face-to-face engagement versus remote oversight.
• Process maturity – the more standardised, the easier to offshore or outsource.
• Budget – travel and onshore expertise cost more.
• Risk appetite – how much risk are you willing to accept in remote work?

And above all:

“As Head of Audit, you need to be comfortable. You’re the gatekeeper for the audit committee, shareholders and stakeholders. You have to stand behind the quality of the work, wherever it’s done.”

Final thought

There’s no one-size-fits-all answer. The right mix of remote, offshore and outsourced work depends on your organisation’s maturity, risk profile and budget.

But one thing’s clear: the post-COVID world demands a more deliberate, strategic approach to where and how audit teams operate.

“Your audit model needs to reflect your organisation’s maturity, risk appetite, and ambition. Use offshore and remote delivery wisely. But never lose sight of the need to truly understand the business. Because ultimately, it’s your name in front of the Audit Committee.”

Over to you: How is your audit function balancing face-to-face, remote and offshore work?

Want more insights like this?

Subscribe to Behind the Controls to stay ahead of what’s shaping Audit, Risk and Compliance leadership, and how top professionals are navigating it.