DRAG DROP
Below are four of the seven principles on which ISO 9000 series are based. Match a potential benefit to each of the quality management principles (QMP).
To complete the table click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the options below. Alternatively, drag and drop each of the following potential benefits to a QMP.
Explanation:
A screenshot of a chat Description automatically generated
According to the ISO 9000:2015 document, the seven quality management principles are:
Customer focus
Leadership
Engagement of people
Process approach
Improvement
Evidence-based decision making
Relationship management
For each principle, the document provides a statement, a rationale, key benefits, and actions you can take to apply the principle in your organization.
Based on the document, here is a possible way to match a potential benefit to each of the four quality management principles you mentioned: Table
Quality management principle
Potential benefit
Customer focus
Increased revenue and market share
Engagement of people
Enhanced trust and collaboration throughout the organization Improvement
Enhanced drive for innovation
Evidence-based decision making
Increased ability to demonstrate effectiveness of past actions
DRAG DROP
Match the process descriptions below to the process names:
To complete the table click on the blank section you want to complete s it is highlighted in red and then click on the applicable text from the options below. Alternatively you may drag and drop each of the following process names to the descriptions;
Explanation:
A white background with black text Description automatically generated
DRAG DROP
Select the word that best completes the sentence:
To complete the sentence with the best word, click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the option(s) below. Alternatively drag and drop the option(s) to the appropriate blank section.
Explanation:
According to the ISO – Management system standards page, the key benefits of an effective management system include improved operational effectiveness and efficiency, improved risk management and protection of people and the environment, and enhanced drive for innovation.
The Integrated Use of Management System Standards (IUMSS) handbook also states that the purpose and objectives of management system standards are to help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives.
Therefore, the complete sentence is:
“The purpose of a management system standard is to improve the performance of an organization.”
Select the term that best describes the purpose of retaining documented information in a quality management system to ISO 9001.
- A . To facilitate auditing for proof of conformity to the standard.
- B . To provide confidence in the effectiveness of the quality management system.
- C . To safeguard the integrity of the quality management system.
- D . To support the operation of the processes of the quality management system.
D
Explanation:
Documented information is a means by which an organization demonstrates compliance. It communicates what we do and how we do things, it communicates what happened and what results were achieved. It is, essentially, a tool for communication. ISO 9001:2015 allows an organization flexibility in the way it chooses to document its quality management system (QMS). This enables each individual organization to determine the correct amount of documented information needed in order to demonstrate the effective planning, operation and control of its processes and the implementation and continual improvement of the effectiveness of its QMS. The standard states that the organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned. Therefore, the purpose of retaining documented information is to support the operation of the processes of the QMS, not to facilitate auditing, provide confidence or safeguard integrity, which are secondary benefits of documented information.
Reference: Guidance on the requirements for Documented Information of ISO
9001:2015, ISO 9001:2015 documented information | CQI | IRCA, Documented Information Required
by ISO 9001:2015 – 9000 Store
Which two of the following are the key expected results of a quality management system that conforms to the requirements of ISO 9001:2015?
- A . Decreased number of nonconforming products in all stages of the manufacturing cycle
- B . Decreased number of management system nonconformities
- C . Consistently provide products that meet customers’ requirements
- D . Increased profits
- E . Decreased number of warranty claims
- F . Enhanced customer satisfaction
C, F
Explanation:
According to the ISO 9001:2015 document, the key expected results of a quality management system that conforms to the requirements of ISO 9001:2015 are:
• the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements;
• the enhancement of customer satisfaction.
These results are derived from the quality management principles of customer focus and process approach, which are the basis of the ISO 9000 family of standards1. Customer focus means understanding and meeting customer needs and expectations, as well as exceeding them when possible1. Process approach means managing activities as interrelated processes that function as a coherent system, which leads to consistent and predictable results1. Therefore, the correct answer is C and F.
Reference: 2: ISO 9001:2015 – Quality management systems ― Requirements 1: ISO – Quality management principles
Which two of the following aspects of a quality management system must the organisation continually improve?
- A . Suitability
- B . Adaptability
- C . Effectiveness
- D . Responsiveness
- E . Efficiency
- F . Applicability
C,E
Explanation:
According to the ISO 9001:2015 document, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system1. However, among the six options given, only effectiveness is directly mentioned as an aspect of the quality management system that must be continually improved. Therefore, C is one of the correct answers.
Efficiency, on the other hand, is not explicitly stated as an aspect of the quality management system that must be continually improved, but it is implied by the quality management principle of improvement, which states that successful organisations have an ongoing focus on improvement2. One of the key benefits of applying this principle is improving operational effectiveness and efficiency2. Therefore, E is another correct answer.
Suitability, adaptability, responsiveness, and applicability are not aspects of the quality management system that must be continually improved, according to the ISO 9001:2015 document. They may be related to the quality management system, but they are not the focus of continual improvement. Therefore, the correct answer is C and E.
Reference: 1: ISO 9001:2015 – Quality management systems ― Requirements 2: ISO – Quality management principles
DRAG DROP
Put the following steps of a third-party audit into the correct sequence in which they happen.
To complete the sequence click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the options below. Alternatively, drag and drop the options to the appropriate blank section.
Explanation:
Sequence:
Stage 1 Audit
Stage 2 Opening Meeting
Interviews
Stage 2 Closing Meeting
Close-out of Stage 2 Audit Findings
Issue Certificate
Surveillance Audit
Follow-up Audit
To complete the sequence, you can drag and drop the options to the appropriate blank section.
Here is a brief explanation of each step:
Stage 1 Audit: This is the initial audit that aims to assess the readiness of the organization for the stage 2 audit. It involves reviewing the documentation of the quality management system, evaluating the scope and objectives of the audit, and identifying any major gaps or nonconformities34.
Stage 2 Opening Meeting: This is the meeting that marks the start of the stage 2 audit. It involves confirming the audit plan, the audit criteria, the audit scope, and the audit team. It also provides an opportunity for the auditee to ask any questions or raise any concerns34.
Interviews: This is the main activity of the stage 2 audit, where the audit team collects evidence by interviewing the personnel involved in the quality management system, observing the processes and activities, and examining the records and documents. The audit team uses various techniques, such as sampling, measurement, analysis, and evaluation, to verify the conformity and effectiveness of the quality management system345.
Stage 2 Closing Meeting: This is the meeting that marks the end of the stage 2 audit. It involves presenting the audit findings, the audit conclusions, and the audit report to the auditee. It also provides an opportunity for the auditee to provide feedback, ask questions, or dispute any findings34.
Close-out of Stage 2 Audit Findings: This is the process of verifying that the auditee has taken appropriate corrective actions to address any nonconformities or opportunities for improvement identified during the stage 2 audit. The audit team may request evidence or conduct a follow-up visit to confirm the effectiveness of the corrective actions34.
Issue Certificate: This is the process of issuing a certificate of conformity to the auditee, if the audit team is satisfied that the quality management system meets the requirements of the standard and that there are no major nonconformities or unresolved issues. The certificate is valid for a specified period, usually three years, and is subject to periodic surveillance audits34.
Surveillance Audit: This is the process of conducting periodic audits, usually once a year, to monitor the continued conformity and effectiveness of the quality management system. It involves reviewing the changes, improvements, and performance of the quality management system, and identifying any new nonconformities or opportunities for improvement34.
Follow-up Audit: This is the process of conducting an additional audit, usually in response to a significant change, a complaint, or a major nonconformity, to verify the impact and the corrective actions taken by the auditee. It may result in the suspension, withdrawal, or renewal of the certificate, depending on the outcome of the audit34.
According to ISO 19011, what two activities take place during the conduct of a audit follow-up?
- A . Verify the effectiveness of the implemented corrective actions
- B . Verify corrections taken to fix the reported non-conformities
- C . Verify legal compliance
- D . Plan the next audit
- E . Determine feasibility of the audit
- F . Assign roles and responsibilities of observers
A,B
Explanation:
According to ISO 19011:2018, clause 6.7, the audit follow-up is the process of verifying the completion and effectiveness of corrective actions taken by the auditee as a result of an audit. The audit follow-up can include two main activities:
Verifying the effectiveness of the implemented corrective actions: this means checking whether the actions taken by the auditee have addressed the root causes of the nonconformities and prevented their recurrence or occurrence in other areas. The verification can be done by reviewing documents, records, data, or other evidence provided by the auditee, or by conducting a follow-up audit on site or remotely.
Verifying corrections taken to fix the reported non-conformities: this means checking whether the auditee has corrected the nonconformities identified during the audit and eliminated their immediate effects. The verification can be done by reviewing documents, records, data, or other evidence provided by the auditee, or by conducting a follow-up audit on site or remotely.
The audit follow-up can be conducted as a separate audit or as part of a subsequent audit, depending on the audit programme, the audit objectives, the audit criteria, the audit scope, the audit risks, and the audit findings. The audit follow-up should be planned and conducted in accordance with the same principles and processes as the initial audit, and the results should be documented and reported accordingly.
Reference:
ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.7
ISO 19011 Management Systems Audit Checklist | Process Street, task 6.7.1 and 6.7.2
Conducting the Audit Follow-Up: When to Verify – The Auditor, section “Conducting the audit follow-up”
DRAG DROP
Select the words that best complete the sentence:
To complete the sentence with the best word(s), click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the option(s) below. Alternatively, drag and drop the option(s) to the appropriate blank section.
Explanation:
According to the ISO 19011:2018 document, the audit plan should provide the basis for agreement regarding the conduct and scheduling of the audit activities. The amount of detail provided in the audit plan should reflect the scope and complexity of the audit, as well as the risk of not achieving the audit objectives1. The scope of the audit refers to the extent and boundaries of the audit, such as the audit criteria, the audit objectives, the organizational and functional units, and the processes to be audited1. The complexity of the audit refers to the degree of difficulty or intricacy of the audit, such as the number and diversity of the auditees, the audit criteria, the audit methods, and the audit team composition2. The risk of not achieving the audit objectives refers to the possibility that the audit may fail to provide reliable and sufficient audit evidence to support the audit conclusions and report1.
Therefore, the complete sentence is:
In the context of a third-party audit, the amount of detail provided in the audit plan should reflect the scope and complexity of the audit, as well as the risk of not achieving the audit objectives.
Reference: 1: ISO 19011:2018 – Guidelines for auditing management systems 2: Audit Complexity – an overview | ScienceDirect Topics
DRAG DROP
Match each of the following statements into the table below to show whether they apply to first-party audits, second-party audits or third-party audits:
To complete the table click on the blank section you want to complete so it is highlighted n red and then click on the statements below. Alliteratively you may drag and drop each of the statements to the appropriate space.
Explanation:
Table
Statement
First-party audits
Second-party audits
Third-party audits
The audit scope is typically determined by the organisation being audited.
Yes
No
No
The outcome of the audit is typically certification to a recognised standard.
No
No
Yes
The audit scope is typically confined to service/product provision capability.
No
Yes
No
Here is a brief explanation of each statement:
The audit scope is typically determined by the organisation being audited: This statement applies to first-party audits, also known as internal audits, where the organisation audits its own processes and activities to ensure conformity and improvement1. The organisation can decide the scope of the audit based on its own needs and objectives2. This statement does not apply to second-party audits, where the customer audits the supplier, or third-party audits, where an independent body audits the organisation. In these cases, the audit scope is determined by the customer or the certification body, respectively34.
The outcome of the audit is typically certification to a recognised standard: This statement applies to third-party audits, where an independent body audits the organisation to verify that it meets the requirements of a specific standard, such as ISO 9001, and issues a certificate of conformity if the audit is successful34. This statement does not apply to first-party audits or second-party audits, where the outcome of the audit is not certification, but rather self-improvement or supplier qualification13.
The audit scope is typically confined to service/product provision capability: This statement applies to second-party audits, where the customer audits the supplier to ensure that they are meeting the requirements specified in the contract, such as service or product quality, delivery, or performance34. The audit scope is usually focused on the specific aspects of the service or product that are of interest to the customer3. This statement does not apply to first-party audits or third-party audits, where the audit scope is broader and covers the entire quality management system or the relevant clauses of the standard14.
Which two of the following statements related to Stage 1 of an initial certification audit against ISO
9001:2015 are true?
- A . During the Stage 1 audit, the audit team:
- B . Verifies the degrees of customer satisfaction
- C . Evaluates the conditions of all sites
- D . Reviews the client’s management system documented information
- E . Evaluates the results of the last management review
- F . Verifies the compliance with legal requirements
- G . Reviews the processes with high level of risk
D,G
Explanation:
• Reviews the client’s management system documented information: This activity involves checking the documentation of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team also evaluates the client’s understanding and implementation of the standard, and identifies any gaps or nonconformities that need to be addressed before the Stage 2 audit123.
• Reviews the processes with high level of risk: This activity involves assessing the processes that have a significant impact on the quality of the products or services, or that pose a high risk of nonconformity or customer dissatisfaction123. The audit team also verifies the client’s risk management approach, and evaluates the effectiveness of the controls and actions taken to mitigate the risks123.
The other options are not statements that are true for the Stage 1 audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.
Therefore, the correct answer is D and G.
Reference: 1: ISO 9001 Certification Audits | Stage 1 and Stage 2 – 9001. Simplified 2: Stage 1 of your
Audit | NQA Blog 3: Getting Certified to ISO 9001 – the Stage 1 Audit
Which two of the following are included in the objectives of the ‘Stage 1 initial certification audit’?
- A . To evaluate the performance of monitoring and reviewing activities.
- B . To evaluate the preparedness of the organisation for a Stage 2 audit.
- C . To evaluate the internal audit and management review processes.
- D . To review the quality manual.
- E . To make a decision on certification to ISO 9001:2015.
- F . To evaluate the operational processes of the organisation.
B,D
Explanation:
• To evaluate the preparedness of the organisation for a Stage 2 audit: This objective involves assessing the readiness of the organisation to undergo the Stage 2 audit, where the conformity and effectiveness of the quality management system will be verified123. The audit team will check the level of implementation and understanding of the quality management system, identify any major gaps or nonconformities, and confirm the audit scope, criteria, and plan123.
• To review the quality manual: This objective involves reviewing the documented information of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team will also evaluate the organisation’s understanding and application of the standard, and identify any areas of improvement or concern123.
The other options are not included in the objectives of the Stage 1 initial certification audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.
Therefore, the correct answer is B and D.
Reference:
1: ISO 9001 Certification Audits | Stage 1 and Stage 2 – 9001. Simplified
2: Stage 1 of your Audit | NQA Blog 3: Getting Certified to ISO 9001 – the Stage 1 Audit
You are conducting a third-party Stage 1 audit at ABC Ltd, a single-site organisation that manufactures wooden furniture. You interview the Technical Director to learn more about the organisation. The Technical Director explains that they have had a successful year and that obtaining ISO 9001 certification will support the further growth of the business. You ask for an overview of the organisation’s structure and its interrelationships with external interested parties.
The Technical Director shows you a document detailing all business processes and interrelationships. You notice in this document that another organisation called Teak Ltd manufactures wooden furniture on behalf of ABC Ltd. The Technical Director confirms this capability has been accounted for in the scope of the quality management system. You learn that the furniture manufactured by Teak Ltd has accounted for 40% of the sales revenue over the previous 12 months.
Which two of the following options best describe how you would plan the audit of the interrelationship with Teak Ltd during the Stage 2 audit at ABC Ltd?
- A . Verify Teak Ltd supply arrangements as described in the ABC Ltd quality management system
- B . Verify if Teak Ltd are certified to ISO 9001
- C . Verify the controls concerning customer property implemented by Teak Ltd
- D . Verify how ABC Ltd evaluates the performance of Teak Ltd
- E . Verify the quality management system at Teak Ltd by conducting an audit at their site
- F . Verify whether the design processes of Teak Ltd comply with ISO 9001
A,D
Explanation:
According to ISO 9001:2015, clause 8.4, an organization is required to control the processes, products and services provided by external providers, including those that affect the quality of the organization’s own products and services. This includes determining the controls to be applied to the external provision of processes, products and services, as well as the information to be communicated to the external providers. The organization is also required to monitor, measure, and evaluate the performance of the external providers and retain documented information of these activities.
Therefore, in the scenario given, ABC Ltd is responsible for controlling the processes, products and services provided by Teak Ltd, as they affect the quality of ABC Ltd’s own products and services. This means that ABC Ltd should have established criteria and methods for evaluating the performance of Teak Ltd, as well as documented information of the results of such evaluation. ABC Ltd should also have defined the supply arrangements with Teak Ltd, including the specifications, requirements, and verification activities related to the products and services provided by Teak Ltd.
Hence, the best options to describe how to plan the audit of the interrelationship with Teak Ltd during the Stage 2 audit at ABC Ltd are A and D, as they are aligned with the requirements of ISO 9001:2015, clause 8.4. The other options are either irrelevant or beyond the scope of the audit, as they do not pertain to the control of external provision by ABC Ltd.
Reference: ISO 9001:2015(en), Quality management systems ― Requirements, clause 8.4
ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.1 and 6.4.2
ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”
ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 5 and 6
Which two of the following should be included in an audit plan?
- A . List of findings from the last audit
- B . Name of the auditee general manager
- C . Signature of Certification Body Technical Reviewer
- D . Sequence and timings of audit activities
- E . Date of next audit
- F . Name of auditees and auditors
D,F
Explanation:
According to ISO 19011:2018, clause 6.3.2, an audit plan should include the following information:
The audit objectives, scope, and criteria
The audit team members and their roles and responsibilities
The audit schedule, including the sequence and timings of audit activities, such as opening meeting, document review, interviews, observations, closing meeting, etc. The expected time and duration of each audit activity and location
The name and contact details of the auditee’s representative and other relevant parties The allocation of appropriate resources to support the audit activities
The audit methods and techniques to be used, such as interviews, observations, sampling, etc.
The audit documents and records to be prepared and retained
The audit language and communication methods
The audit risks and opportunities and how to address them
The audit follow-up arrangements, if applicable
Therefore, the correct answer is D and F, as they are essential elements of an audit plan. The other options are either irrelevant or optional for an audit plan.
Reference:
ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.2
ISO 19011: Guidelines for Auditing Management Systems | ASQ, section “Making audit arrangements”
ISO 19011 Management Systems Audit Checklist | Process Street, task 6.3.2
DRAG DROP
The following are stages of an audit, put them in the order they would be conducted.
The first and last stages have been done for you.
To complete the sequence click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the options below. Alternatively, drag and drop the options to the appropriate blank section.
Explanation:
Establishing the audit programme objectives
Determining and evaluating the audit programme risks and opportunities
Establishing the audit programme
Initiating the audit
Preparing all audit activity
Conducting the audit activities
To complete the sequence, you can drag and drop the options to the appropriate blank section.
Here is a brief explanation of each stage:
Establishing the audit programme objectives: This is the first stage of the audit process, where the purpose, scope, and criteria of the audit programme are defined. The audit programme objectives should be aligned with the strategic direction and policies of the organization, and should address the needs and expectations of the interested parties12.
Determining and evaluating the audit programme risks and opportunities: This is the second stage of the audit process, where the factors that can affect the achievement of the audit programme objectives are identified and assessed. The audit programme risks and opportunities should consider the internal and external issues, the requirements and changes of the interested parties, and the results and feedback from previous audits12.
Establishing the audit programme: This is the third stage of the audit process, where the audit programme is designed and implemented. The audit programme should include the audit programme procedures, the audit programme resources, the audit methods and techniques, the audit frequency and schedule, and the audit programme performance indicators12.
Initiating the audit: This is the fourth stage of the audit process, where the audit is prepared and planned. The audit initiation involves selecting the audit team, establishing the contact with the auditee, defining the audit objectives, scope, and criteria, developing the audit plan, and conducting the document review123.
Preparing all audit activity: This is the fifth stage of the audit process, where the audit activities are organized and coordinated. The audit preparation involves assigning the audit tasks, communicating with the auditee and the audit team, arranging the logistics, preparing the working documents, and conducting the opening meeting123.
Conducting the audit activities: This is the sixth and final stage of the audit process, where the audit evidence is collected and evaluated. The audit conduct involves performing the audit activities, such as interviews, observations, document reviews, and tests, documenting the audit findings, preparing the audit conclusions, and conducting the closing meeting123.
I hope this helps you with your ISO 9001 Lead Auditor objectives and content. If you have any further questions, please feel free to ask.
Reference:
1: ISO 19011:2018 – Guidelines for auditing management systems
2: Audit Process | Flowchart | Summary – Accountinguide
3: What are the Stages of the Auditing Process & Why it is Important …
You work for organisation A. You are asked to lead an internal audit of A’s quality management system. It has a head office in Plant A1 and a second Plant A2 nearby. Due to the COVID-19 pandemic, production in A2 was discontinued and it was rented to a logistics organisation B, not related to A. There are no A employees working in A2. Organisation A expects to reassume production in A2 as soon as possible.
Which of the following actions would you consider appropriate when planning the internal audit of A’s quality management system?
- A . Visit Plant A2 to interview personnel of company B
- B . Visit Plant A2 to interview B’s quality manager
- C . Visit Plant A2 to interview A’s security personnel and B’s maintenance department
- D . Interview the A2 plant manager, now working in Plant A1
D
Explanation:
In this scenario, the organisation A has two plants, A1 and A2, but the production in A2 was discontinued due to the COVID-19 pandemic and the plant was rented to another organisation B. There are no A employees working in A2, and the organisation A expects to reassume production in A2 as soon as possible.
Therefore, the appropriate action to plan the internal audit of A’s quality management system is:
• Interview the A2 plant manager, now working in Plant A1: This action involves interviewing the person who is responsible for the management and operation of the plant A2, and who is currently working in the plant A1. The interview should aim to gather information about the status and condition of the plant A2, the impact of the COVID-19 pandemic on the quality management system, the arrangements and agreements with the organisation B, and the plans and actions to resume production in the plant A25. This action is relevant and necessary for the internal audit, as it can help to assess the readiness and effectiveness of the quality management system, and to identify any gaps or nonconformities that need to be addressed.
The other options are not appropriate actions to plan the internal audit of A’s quality management system, according to the web search results from my internal tool.
They are:
• Visit Plant A2 to interview personnel of company B: This action involves visiting the plant A2 and interviewing the personnel of the organisation B, who are not related to the organisation A and who are not part of the quality management system. This action is irrelevant and unnecessary for the internal audit, as it can not provide any evidence or information about the conformity and improvement of the quality management system of the organisation A5.
• Visit Plant A2 to interview B’s quality manager: This action involves visiting the plant A2 and interviewing the quality manager of the organisation B, who is not related to the organisation A and who is not part of the quality management system. This action is irrelevant and unnecessary for the internal audit, as it can not provide any evidence or information about the conformity and improvement of the quality management system of the organisation A5.
• Visit Plant A2 to interview A’s security personnel and B’s maintenance department: This action involves visiting the plant A2 and interviewing the security personnel of the organisation A and the maintenance department of the organisation B, who are not directly involved in the quality management system. This action is irrelevant and unnecessary for the internal audit, as it can not provide any evidence or information about the conformity and improvement of the quality management system of the organisation A5.
Therefore, the correct answer is D.
Reference:
1: Quality audit – Wikipedia
2: A step-by-step guide to internal quality audits
3: ISO 9001:2015 – Quality management systems ― Requirements
4: ISO 19011:2018 – Guidelines for auditing management systems
5: Audit Process | Flowchart | Summary – Accountinguide: What are the Stages of the Auditing Process & Why it is Important …
You have been nominated audit team leader of a third-party audit.
Which of the following could be the two most relevant objectives of this audit?
- A . Evaluate the satisfaction interested parties
- B . Evaluate the effectiveness of the management system
- C . Identify the need of resources
- D . Evaluate the capability of the management system to establish and achieve objectives
- E . Identify opportunities for improvement
- F . Evaluate the benefits obtained since the implementation of the management system
B,D
Explanation:
Evaluate the effectiveness of the management system: This objective involves verifying that the quality management system meets the requirements of a specific standard, such as ISO 9001:2015, and that it achieves the intended results and outcomes. The audit team will collect and analyse audit evidence to determine the degree of conformity and performance of the quality management system23.
• Evaluate the capability of the management system to establish and achieve objectives: This objective involves verifying that the quality management system supports the strategic direction and policies of the organization, and that it addresses the needs and expectations of the interested parties. The audit team will assess the suitability, adequacy, and alignment of the quality management system objectives, and the effectiveness of the planning and implementation processes to achieve them23.
The other options are not the most relevant objectives of a third-party audit, according to the web search results from my internal tool. They may be related to other aspects or types of audits, but they are not the focus of a third-party audit.
Therefore, the correct answer is B and D.
Reference:
1: Safeguarding Your Business: The Power of Third-Party Security Audits
2: ISO 19011:2018 – Guidelines for auditing management systems
3: Third Party Audit C QMSGurus.com
Who would be defined as a witness during a witness audit? Choose two of the following options:
- A . Someone with a qualification from the certification body
- B . An auditor
- C . An existing member of the audit team
- D . An assessor for the accreditation body
B,D
Explanation:
Comprehensive and Detailed = According to the web search results from my internal tool, a witness audit is a technique used during an accreditation audit, where the accreditation body observes the performance and competence of the certification body auditors in conducting an audit12. A witness audit can also be used by a certification body to monitor and evaluate its own auditors3.
During a witness audit, the following roles can be defined:
• An auditor: This is the person who is being witnessed by the accreditation body or the certification body. The auditor is responsible for conducting the audit according to the audit plan, criteria, and standards, and for providing audit evidence and findings123.
• An assessor for the accreditation body: This is the person who witnesses the auditor on behalf of the accreditation body. The assessor is responsible for evaluating the auditor’s performance and competence, and for providing feedback and recommendations to the accreditation body123. The other options are not defined as witnesses during a witness audit, according to the web search results from my internal tool.
They are:
• Someone with a qualification from the certification body: This is not a specific role in a witness audit, as anyone who is involved in the audit process should have a qualification from the certification body. Moreover, having a qualification does not necessarily mean that the person is a witness or an auditor4.
• An existing member of the audit team: This is not a specific role in a witness audit, as the audit team consists of the auditors who are conducting the audit, not the ones who are witnessing it. The witness audit is a separate activity from the audit itself, and the witness should not interfere with the audit process or influence the audit outcome123.
Therefore, the correct answer is B and D.
Reference:
1: DQS Inc. | Witness Audits | Auditor Training
2: Have you ever been involved with a witness audit? – IFSQN
3: Certac – Witness Audit of Certification Bodies
4: ISO 19011:2018 – Guidelines for auditing management systems
DRAG DROP
You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The organization manufactures cosmetics for major retailers. You are interviewing the Manufacturing Manager (MM).
You: "I would like to begin by looking at the cleaning controls."
MM: "We record the cleaning of the equipment at the end of every batch. This document details the minimum cleaning frequency and the procedures to follow for all areas and each item of equipment. The person who carries out the cleaning puts their initial on the document and records the time and date alongside."
Narrative: You sample production records over 3-days and note down evidence of nonconformity as per the table below.
You decide to raise a nonconformity.
To complete the nonconformity report click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the options below. Alternatively, you may drag and drop the options to the appropriate blank section.
Explanation:
Nonconformity report
ISO 9001 Clause Number: 8.5.4 Nature of problem: Cleaning and sanitising records are not available for every batch. ISO 9001 requirement that has not been fulfilled: ISO 9001 – “The organization shall implement planned arrangements, at appropriate stages, to verify that the product requirements have been met.” Evidence: 40 cleaning records are available for 63 batches.
DRAG DROP
You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The organization manufactures cosmetics for major retailers and the name of the retailer supplied appears on the product packaging. Sales turnover has increased significantly over the past five years.
You are interviewing the new Product Development Manager. You note that a software application called SWIFT is used to help control the product development process.
You have gathered audit evidence as outlined in the table. Match the ISO 9001 clause 8.3 extracts to the audit evidence.
To complete the table click on the blank section you want to complete so it is highlighted in red and then click on the Iso 9001 cause 8.3 extracts listed below. Alternatively, drag and drop each clause to the audit evidence that applies.
DRAG DROP
You are carrying out an annual audit at an organisation that offers home security services. You are interviewing the Quality Manager (QM)
You: "Would you tell me about your management review process?"
QM: "The senior management team plans to review the management system every six months. The review follows a set agenda and records are maintained."
You: "May I see the records from the last two management reviews?"
Narrative: The Quality Manager gives you the latest record, which shows the last management review took place nine months ago.
The Quality Manager then gives you the previous management review record, which took place one year before the latest review.
You: "Are there any other review reports in the last two years?
QM: "No, these are the only ones."
You decide to raise a nonconformity.
To complete the nonconformity report click on the blank section you want to complete se it is highlighted in red and then click on the applicable text from the options below. Alternatively, drag and drop the options to the appropriate blank section.
Explanation:
Nonconformity report
ISO 9001 Clause Number: 9.3.1 Nature of problem: Management review has not been conducted at
the defined frequency. ISO 9001 requirement that has not been fulfilled: ISO 9001 – “Top management shall review the organization’s quality management system at planned intervals.” Evidence: The last management review took place nine months ago, and the previous one took place one year before the latest review. The planned interval is six months.
DRAG DROP
Whistlekleen is a national dry cleaning and laundry company with 50 shops. You are conducting a surveillance audit of the Head Office and are sampling customer complaints. You find that 80% of complaints originate from five shops in the same region. Most of these complaints relate to damage to customer laundry. The Quality Manager tells you that these are the oldest shops in the company. The cleaning equipment needs replacing but the company cannot afford it at the moment. You learn that the shop managers were told to dismiss most of the claims on the basis of the poor quality of the laundered materials.
On raising the matter with senior management, you are told that there are plans to replace the equipment in these shops over the next five years.
You raised a nonconformity against clause 8.5.1 of 150 9001. Select the words that best complete the sentence;
To complete the sentence click on the blank section you want to complete so it is highlighted in red and then dick on the applicable text from the options below., Alternatively, drag and drop the options to the appropriate blank section.
Explanation:
The quality system failed to control the laundry services provided for customers in five shops.
The equipment used was not capable of consistently producing the required service.
DRAG DROP
Below are four of the seven principles on which ISO 9000 series are based. Match a potential benefit to each of the quality management principles (QMP).
To compete the table click on the blank section you want to complete so itis highlighted in red and then Click on the applicable text form the options below.
Explanation:
Quality management principles:
Customer focus = Increased revenue and market share
Engagement of people = Enhanced trust and collaboration throughout the organisation
Improvement = Enhanced drive for innovation
Evidence-based decision-making = Increased ability to demonstrate effectiveness of past actions
According to the Quality management principles document published by ISO, each quality management principle has a statement, a rationale, key benefits, and actions you can take to apply it. Based on these descriptions, the potential benefits can be matched to the corresponding principles as follows:
Customer focus: The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. The key benefits of this principle include increased customer value, customer satisfaction, customer loyalty, repeat business, reputation, customer base, revenue and market share.
Engagement of people: Competent, empowered and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value. The key benefits of this principle include improved understanding of the organization’s objectives and values, increased involvement in improvement activities, enhanced personal development, increased motivation and empowerment, enhanced trust and collaboration, and increased recognition and rewards. Improvement: Successful organizations have an ongoing focus on improvement. The key benefits of this principle include improved organizational capabilities, alignment of improvement activities at all levels, increased ability to anticipate and react to opportunities and threats, enhanced drive for innovation, and increased levels of satisfaction.
Evidence-based decision-making: Decisions based on the analysis and evaluation of data and information are more likely to produce desired results. The key benefits of this principle include improved decision-making processes, increased ability to demonstrate the effectiveness of past decisions, increased ability to review, challenge and change opinions and decisions, and increased ability to improve performance.
DRAG DROP
Match the process descriptions below to the process names:
To complete the table click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the options below. Alternatively you may drag and drop each of the following process names to the descriptions:
Explanation:
Match the process descriptions below to the process names:
The process by which the accuracy of test equipment is checked against a known standard. = Calibration
The process by which a product or service is visually examined to determine conformity to requirements. = Evaluation
The process by which data is examined in detail to reach a specific answer or answers. = Analysis
The process by which a parameter of a product or service is examined to determine a specific value. = Measurement
According to the ISO 9000:2015 – Quality management systems ― Fundamentals and vocabulary, the definitions of the process names are as follows:
Calibration: operation that, under specified conditions, in a first step, establishes a relation between the quantity values with measurement uncertainties provided by measurement standards and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication. Evaluation: determination of the suitability, adequacy or effectiveness of an object to achieve established objectives.
Analysis: detailed examination of the elements or structure of something.
Measurement: process to experimentally obtain one or more quantity values that can reasonably be attributed to a quantity.
Therefore, the process descriptions can be matched to the process names based on these definitions.
Reference: ISO 9000:2015 – Quality management systems ― Fundamentals and vocabulary
Select the term which best describes the quality management system process of modifying a non-conforming product to bring it within acceptance criteria.
- A . Concession
- B . Correction
- C . Corrective action
- D . Preventive action
B
Explanation:
According to the ISO 9000:2015 – Quality management systems ― Fundamentals and vocabulary, correction is defined as “action to eliminate a detected nonconformity”. A nonconformity is defined as “non-fulfilment of a requirement”. Therefore, the process of modifying a non-conforming product to bring it within acceptance criteria is a correction, as it eliminates the non-fulfilment of the product specification. The other options are not correct, as they have different definitions and purposes:
• Concession: permission to release or use a nonconforming product, service or process
• Corrective action: action to eliminate the cause of a nonconformity and to prevent recurrence
• Preventive action: action to eliminate the cause of a potential nonconformity or other undesirable potential situation
Reference: ISO 9000:2015 – Quality management systems ― Fundamentals and vocabulary, ISO 9001
nonconforming product: How to understand dispositions – Advisera
Which one of the following options best describes the purpose of a Stage 1 third-party audit?
- A . To determine the auditees understanding of ISO 9001.
- B . To get to know the organisation’s customers.
- C . To learn about the organisation’s procurement processes.
- D . To introduce the audit team to the client.
A
Explanation:
The purpose of a Stage 1 third-party audit is to determine an organization’s readiness for their Stage 2 Certification Audit. During the Stage 1, the auditor will review the organization’s management system documented information, evaluate the site-specific conditions, and have discussions with personnel. The objective is to assess the alignment of the organization’s design with ISO 9001 requirements and to identify any areas of concern that could be classified as a nonconformance during the Stage 2 Audit. The auditor will also use the Stage 1 Audit to complete Stage 2 Audit planning, including a review of the allocation of resources and details for the next phase of the audit. Therefore, the option that best describes the purpose of a Stage 1 third-party audit is A, to determine the auditees understanding of ISO 9001.
The other options are not correct, as they are not the main focus of a Stage 1 audit:
• B. To get to know the organization’s customers: This is not the purpose of a Stage 1 audit, as the auditor is not interested in the specific details of the organization’s customers, but rather in the organization’s ability to meet customer and applicable statutory and regulatory requirements.
• C. To learn about the organization’s procurement processes: This is not the purpose of a Stage 1 audit, as the auditor is not interested in the specific details of the organization’s procurement processes, but rather in the organization’s ability to control externally provided processes, products and services.
• D. To introduce the audit team to the client: This is not the purpose of a Stage 1 audit, as the auditor is not there to make introductions, but rather to conduct a preliminary examination of the organization’s compliance with ISO 9001 standards.
Reference: What is the difference between Stage 1 and Stage 2 Audits? – ISO Update, The ISO 9001 Audit Process Explained | ISO Explained, What is an ISO Stage 2 Audit? ― RiskOptics – Reciprocity
Which two of the following auditors would not participate in a first-party audit?
- A . An auditor employed by an external consultancy organisation
- B . An auditor from an interested party
- C . An auditor trained in-house
- D . An auditor trained in the IRCA scheme
- E . An auditor certified by IRCA
- F . An auditor from a customer
A,F
Explanation:
A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited1. The purpose of a first-party audit is to assess the conformity of the organization’s quality management system to the requirements of ISO 9001 and to identify opportunities for improvement2.
Therefore, the two auditors who would not participate in a first-party audit are:
• A. An auditor employed by an external consultancy organization: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit (if the external consultancy organization is a customer or supplier of the organization being audited) or a third-party audit (if the external consultancy organization is a certification body or registrar).
• F. An auditor from a customer: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit, as a customer is an interested party that has specific requirements for the organization being audited.
The other options are not correct, as they could participate in a first-party audit, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited:
• B. An auditor from an interested party: This auditor could be a first-party auditor, as long as the interested party is within the organization being audited. For example, an auditor from the finance department could audit the production department, as long as they are not involved in the production process or affected by its outcomes.
• C. An auditor trained in-house: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The source of the auditor’s training is not relevant for determining the type of audit, as long as the auditor is competent and qualified to perform the audit.
• D. An auditor trained in the IRCA scheme: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The IRCA scheme is a professional certification scheme for auditors of management systems, which provides recognition of the auditor’s competence and credibility3. However, being trained in the IRCA scheme does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.
• E. An auditor certified by IRCA: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. Being certified by IRCA means that the auditor has met the requirements of the IRCA scheme and has demonstrated their competence and credibility as an auditor of management systems3. However, being certified by IRCA does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.
Reference: First Party Audits: The 5 Steps to Success – Sync Resource Inc, ISO 9001 Auditing Practices
Group, IRCA – International Register of Certificated Auditors
Which two of the following are the key expected results of a quality management system that conforms to the requirements of ISO 9001:2015?
- A . Consistently provide products that meet customers’ requirements
- B . Decreased number of management system nonconformities
- C . Decreased number of warranty claims
- D . Decreased number of nonconforming products in all stages of the manufacturing cycle
- E . Enhanced customer satisfaction
- F . Increased profits
A,E
Explanation:
The key expected results of a quality management system that conforms to the requirements of ISO 9001:2015 are stated in clause 0.1 of the standard, which says: “The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives. The potential benefits to an organization of implementing a quality management system based on this International Standard are: a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements; b) facilitating opportunities to enhance customer satisfaction; c) addressing risks and opportunities associated with its context and objectives; d) the ability to demonstrate conformity to specified quality management system requirements.” Therefore, the two options that best match these benefits are A and E, as they directly relate to providing products and services that meet customer requirements and enhancing customer satisfaction. The other options are not explicitly mentioned as key expected results, although they may be possible outcomes of implementing a quality management system.
Reference: ISO 9001:2015 – Quality management systems ― Requirements, Key Elements of an ISO 9001:2015 Quality Management System, What is ISO 9001 2015 as a Quality Management Systems?
DRAG DROP
In the context of a management system audit, identify the sequence of a typical process for collecting and verifying information. The first one has been done for you.
To complete the sequence click on the blank section you want to complete so it is highlighted in red and then click on the applicable text from the options below. Alternatively, drag and drop the options to the appropriate blank section.
Explanation:
Identifying the source of information
Sampling available data
Gathering audit evidence
Verifying objective evidence
Evaluating evidence against the audit criteria
Making audit conclusions
Evaluating against the audit criteria
According to ISO 19011:2018, clause 6.4, the process of collecting and verifying information during an audit involves the following steps1:
Identifying the source of information: The audit team should identify the sources of information that are relevant to the audit objectives, scope and criteria. These sources may include documents, records, personnel, processes, activities, facilities, equipment, etc. The audit team should also determine the methods and tools for accessing and collecting the information, such as interviews, observations, document review, sampling, etc. Sampling available data: The audit team should select a representative sample of the available data to verify the conformity and effectiveness of the management system. The sample size and selection method should be based on the audit objectives, scope and criteria, as well as the level of confidence and risk. The audit team should also consider the validity, reliability, relevance and sufficiency of the data.
Gathering audit evidence: The audit team should use the methods and tools identified in the previous step to collect audit evidence, which is the records, statements of fact or other information that are relevant to the audit criteria and verifiable. The audit team should record the audit evidence in a clear, concise and objective manner, using notes, checklists, photographs, audio or video recordings, etc.
Verifying objective evidence: The audit team should verify the accuracy, completeness and authenticity of the audit evidence collected. This may involve cross-checking different sources of information, confirming the identity and authority of the persons providing the information, examining the original documents or records, etc. The audit team should also identify any discrepancies, inconsistencies or gaps in the audit evidence.
Evaluating evidence against the audit criteria: The audit team should compare the audit evidence with the audit criteria to determine the extent of conformity and nonconformity. The audit team should also identify any opportunities for improvement, best practices, positive aspects or potential risks. The audit team should use professional judgement and apply the principles of auditing when evaluating the audit evidence.
Making audit conclusions: The audit team should consolidate the audit findings and evaluate the overall performance and effectiveness of the management system. The audit team should also consider the audit objectives, scope and criteria, as well as the context and expectations of the auditee and other interested parties. The audit team should provide a clear, concise and objective statement of the audit conclusions, which may include the degree of conformity, the achievement of the intended outcomes, the need for corrective actions, the suitability for certification, etc. Evaluating against the audit criteria: The audit team should review the audit conclusions and ensure that they are consistent with the audit criteria and supported by sufficient and appropriate audit evidence. The audit team should also ensure that the audit conclusions are communicated to the auditee and other relevant parties in a timely and effective manner, using the agreed audit report format and distribution method.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems
DRAG DROP
In the context of a third-party certification audit, match the roles with the following responsibilities:
To complete the table click on the blank section you want to complete so it is highlighted in red and then click con the applicable text from the options below.
Explanation:
In the context of a third-party certification audit, match the roles with the following responsibilities:
Responsibilities:
Conduct the audit to the assigned area. = Auditors
Assist the auditors in identifying personnel to participate in the audit. = Guide
Assign each team member’s responsibility for the audit. = Audit team leader
Respond to questions and provide evidence to the auditor. = Auditee
According to ISO 19011:2018, clause 3, the definitions of the roles are as follows1:
Auditors: persons with the competence to conduct an audit
Guide: person appointed by the auditee to assist the audit team
Auditee: organization being audited
Audit team leader: member of an audit team appointed to manage the audit or an audit team Therefore, the roles can be matched to the responsibilities based on these definitions and the description of the audit process in clause 6 of the standard1.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems
In the context of a third-party audit, select the issue which is not expected to be included in the audit plan.
- A . Number of sites to be audited
- B . Risk to achieving audit objectives
- C . Expectations of the organisation’s management
- D . Scope of the audit
C
Explanation:
According to ISO 19011:2018, clause 6.3.2, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit.
The audit plan should include the following information1:
• the audit objectives, scope and criteria
• the audit team members and their roles and responsibilities
• the audit schedule, including the date, time and location of each audit activity
• the expected time and duration of meetings and interviews
• the allocation of appropriate resources to critical areas of the audit
• the identification of the audit client and the auditee
• the identification of the guides and observers, if any
• the documents and records to be reviewed before and during the audit
• the audit methods and tools to be used
• the audit language and terminology
• the audit report content, format, distribution and expected completion date
• the risk to achieving audit objectives and the contingency plan, if any
Therefore, the issue which is not expected to be included in the audit plan is C, expectations of the organisation’s management. This issue is not relevant to the conduct of the audit, as the audit is based on the audit criteria, not on the management’s expectations. The management’s expectations may be considered during the audit initiation or the audit programme management, but they are not part of the audit plan.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems, How to create an ISO 9001 internal audit plan – Advisera
In a third-party audit to ISO 9001, select two options of when the organisation is required to act in response to reported findings.
- A . A recommendation is given in the report.
- B . A finding of good practice is reported.
- C . An opportunity for improvement is raised.
- D . A major non-conformity is raised.
- E . A finding of conformity is reported.
- F . A minor non-conformity is raised.
D,F
Explanation:
According to ISO 19011:2018, clause 6.6.2, a nonconformity is the non-fulfilment of a requirement. A nonconformity can be classified as either major or minor, depending on the nature and extent of the deviation from the audit criteria. A major nonconformity is a nonconformity that affects the ability or the integrity of the organization’s management system to achieve the intended results. A minor nonconformity is a nonconformity that does not affect the ability or the integrity of the organization’s management system to achieve the intended results, but is a deviation from the audit criteria1.
According to ISO/IEC 17021-1:2015, clause 9.4.9, the organization is required to analyze the cause and describe the specific correction and corrective actions taken, or planned to be taken, to eliminate detected nonconformities, within a defined time. The organization is also required to provide the certification body with records and evidence of the implementation and effectiveness of the correction and corrective actions taken. The certification body will then verify the correction and corrective actions taken by the organization and decide on the certification status2.
Therefore, the two options of when the organization is required to act in response to reported findings are D and F, as they indicate the presence of nonconformities that need to be corrected and prevented from recurring.
The other options are not correct, as they do not require the organization to act in response to reported findings:
• A. A recommendation is given in the report: A recommendation is a suggestion for improvement that is not related to a nonconformity. A recommendation is not binding for the organization and does not affect the certification status. The organization may choose to accept or reject the recommendation, but it is not required to act on it.
• B. A finding of good practice is reported: A finding of good practice is a positive observation that indicates a strength or a best practice of the organization’s management system. A finding of good practice is not related to a nonconformity and does not affect the certification status. The organization may choose to acknowledge or share the finding of good practice, but it is not required to act on it.
• C. An opportunity for improvement is raised: An opportunity for improvement is a potential area where the organization’s management system can be enhanced or optimized. An opportunity for improvement is not related to a nonconformity and does not affect the certification status. The
organization may choose to pursue or ignore the opportunity for improvement, but it is not required to act on it.
• E. A finding of conformity is reported: A finding of conformity is a confirmation that the organization’s management system fulfils the audit criteria. A finding of conformity is not related to a nonconformity and does not affect the certification status. The organization may choose to celebrate or communicate the finding of conformity, but it is not required to act on it.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems, ISO/IEC 17021-
1:2015(en), Conformity assessment ― Requirements for bodies providing audit and certification of
management systems ― Part 1: Requirements
DRAG DROP
The following are stages of an audit, put them in the order they would be conducted.
The first and last stages have been done for you
To complete the sequence click on the bank section you want to complete so it is highlighted in red and then click on the applicable text from the options below.
Explanation:
Establishing the audit programme objectives
Determining and evaluating the audit programme risks and opportunities
Establishing the audit programme
Initiating the audit
Preparing all audit activity
Conducting the audit activities
According to ISO 19011:2018, clause 5, the audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose. The audit programme includes all activities necessary to plan, organize, and conduct the audits. The audit programme management involves the following steps1:
Establishing the audit programme objectives: The audit programme objectives define the intended outcomes of the audit programme, such as verifying conformity, evaluating performance, identifying improvement opportunities, etc. The audit programme objectives should be aligned with the strategic direction and policies of the organization and the needs and expectations of the interested parties.
Determining and evaluating the audit programme risks and opportunities: The audit programme
risks and opportunities are the factors that can affect the achievement of the audit programme objectives, such as changes in the internal or external context, availability of resources, competence of auditors, etc. The audit programme risks and opportunities should be identified, analyzed, and evaluated to determine the appropriate actions to address them.
Establishing the audit programme: The audit programme is established by defining the audit programme scope, criteria, methods, and resources. The audit programme scope defines the extent and boundaries of the audit programme, such as the processes, functions, sites, activities, etc. that will be audited. The audit programme criteria are the set of policies, procedures, or requirements used as a reference for the audits. The audit programme methods are the techniques used to conduct the audits, such as interviews, observations, document review, sampling, etc. The audit programme resources are the human, technical, and financial resources needed to implement the audit programme.
Initiating the audit: The audit initiation is the process of formally establishing the arrangements for an individual audit within the audit programme. The audit initiation involves contacting the auditee and the audit client, confirming the audit objectives, scope, and criteria, and obtaining the necessary information and access for the audit.
Preparing all audit activity: The audit preparation is the process of developing the audit plan and the audit work documents for an individual audit. The audit plan is a document that provides the basis for agreement regarding the conduct of the audit, such as the audit schedule, the audit team, the audit methods, the audit language, the audit report, etc. The audit work documents are the records that provide evidence of the audit activities, such as the audit checklist, the audit notes, the audit findings, etc.
Conducting the audit activities: The audit activities are the processes of collecting and verifying audit evidence and evaluating it against the audit criteria to make the audit conclusions. The audit activities include the opening meeting, the communication during the audit, the roles and responsibilities of the audit team and the auditee, the audit evidence collection and verification, the audit findings generation and recording, the closing meeting, and the audit report preparation and distribution.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems
Audit criteria are a set of requirements used as a reference against which objective evidence is compared.
Which two of the following are not potential audit criteria?
- A . ISO management system standards
- B . Verbal statements by the general manager
- C . Verbal agreements with interested parties
- D . Health and safety notices
- E . Written agreements with interested parties
- F . Commercial advertisements
- G . Organisation’s documented information
- H . Claims made on the organisation’s website
- I . Commitment to follow principles issued by an NGO
- J . Environmental aspects register
F,H
Explanation:
According to ISO 19011:2018, clause 3.2, audit criteria are a set of policies, procedures or requirements used as a reference against which objective evidence is compared. Audit criteria are usually selected by the audit client or by agreement between the audit client and the auditee, and they should be appropriate for the audit scope and objectives1.
Audit criteria may include, but are not limited to, the following sources2:
• ISO management system standards, such as ISO 9001, ISO 14001, ISO 45001, etc.
• Verbal statements by the general manager or other top management, as long as they are consistent with the documented policies and objectives of the organisation
• Verbal agreements with interested parties, such as customers, suppliers, regulators, etc., as long as they are documented and approved by the relevant authorities
• Health and safety notices, such as posters, signs, labels, etc., that communicate the organisation’s legal obligations, policies, or procedures
• Written agreements with interested parties, such as contracts, orders, specifications, etc., that define the requirements and expectations of the parties involved
• Organisation’s documented information, such as policies, procedures, manuals, records, etc., that describe the organisation’s management system and its processes
• Commitment to follow principles issued by an NGO, such as the United Nations Global Compact, the International Labour Organization, etc., as long as they are relevant to the organisation’s context and objectives
• Environmental aspects register, such as a list of the environmental impacts and risks associated with the organisation’s activities, products, and services
Therefore, the two options that are not potential audit criteria are F and H, as they are not reliable or verifiable sources of information, and they may not reflect the actual performance or conformity of the organisation’s management system. Commercial advertisements and claims made on the organisation’s website are forms of marketing communication that may be exaggerated, misleading, or inaccurate, and they are not subject to the same level of scrutiny or approval as the other sources of audit criteria.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems, What are audit criteria? – ISO Update
Which of the following two documents does an auditor need to prepare and complete prior to the on-site audit?
- A . Audit Report
- B . Audit Plan
- C . Procedures
- D . Checklist / Prompts
- E . Risk Matrices
- F . Findings
B,D
Explanation:
According to ISO 19011:2018, clause 6.3, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the information listed in my previous response, such as the audit objectives, scope, criteria, schedule, team, methods, report, etc. The audit plan should be prepared and completed prior to the on-site audit, and should be communicated to the audit team and the auditee1.
According to ISO 19011:2018, clause 6.4.3, the checklist / prompts are documents that list the questions or topics that need to be covered during an audit. The checklist / prompts can help the auditor to collect and verify information relevant to the audit criteria, and to ensure the consistency and completeness of the audit. The checklist / prompts should be prepared and completed prior to the on-site audit, and should be based on the audit plan and the audit scope and objectives1. Therefore, the two documents that an auditor needs to prepare and complete prior to the on-site audit are B and D, as they are essential for planning and conducting the audit. The other options are not correct, as they are either prepared or completed after the on-site audit, or not required by the standard:
• A. Audit Report: The audit report is a document that provides a complete, accurate, concise, and clear record of the audit. The audit report should include the information listed in my previous response, such as the audit objectives, scope, criteria, findings, conclusions, etc. The audit report should be prepared and completed after the on-site audit, and should be distributed to the audit client and the auditee1.
• C. Procedures: Procedures are documents that specify the way activities are to be performed. Procedures may be part of the audit criteria, if they are part of the organization’s management system, or part of the audit programme, if they are part of the certification body’s or registrar’s requirements. Procedures are not prepared or completed by the auditor prior to the on-site audit, but rather reviewed or followed by the auditor during the audit1.
• E. Risk Matrices: Risk matrices are tools that help to assess and prioritize the risks and opportunities associated with the audit programme or the audit. Risk matrices may be part of the audit programme management, if they are used to determine and evaluate the audit programme risks and opportunities, or part of the audit preparation, if they are used to determine and evaluate the audit risks and opportunities. Risk matrices are not prepared or completed by the auditor prior to the on-site audit, but rather used or updated by the auditor during the audit programme management or the audit preparation1.
• F. Findings: Findings are the results of the evaluation of the collected audit evidence against the audit criteria. Findings can indicate either conformity or nonconformity, as well as positive aspects or opportunities for improvement. Findings are not prepared or completed by the auditor prior to the on-site audit, but rather generated and recorded by the auditor during the audit activities1.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems
You will lead a third-party audit next Monday on ABC, an organisation that provides services for cleaning windows from the outside of tall buildings. They work on demand, and usually have 4-5 orders per week. All documented information on these activities is kept at the central office.
On Friday evening, before the audit, you are informed by mail that customers cancelled all orders for the next week; therefore, the auditors will not have the chance to see them working at the customer’s premises, but the field supervisors will be available at the ABC offices.
You have prepared the audit plan and the checklist. Choose the best action you would take:
- A . Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week.
- B . Ask the Certification Body you work for how to proceed with the audit.
- C . Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer’s premises they cleaned the week before.
- D . Complete the audit but ask the quality manager to clean some windows at the ABC’s office, simulating the process they carry out at customers’ premises.
B
Explanation:
According to ISO 19011:2018, clause 6.3.3, the audit plan should be reviewed and revised as necessary to address changes that occur during the audit planning. The audit plan should be agreed upon, preferably in writing, by the audit team leader, the audit client and the auditee1. Therefore, if there is a significant change in the auditee’s situation, such as the cancellation of all orders for the next week, the audit plan should be reviewed and revised accordingly, with the agreement of all parties involved.
According to ISO/IEC 17021-1:2015, clause 9.1.4, the certification body should have a process to ensure that the audit team has the competence to achieve the audit objectives, and that the audit methods are appropriate for the scope and complexity of the audit. The certification body should also have a process to ensure that the audit is conducted under reasonable conditions and within a reasonable time frame2. Therefore, if there is a risk that the audit objectives cannot be achieved, or that the audit methods are not suitable, due to the change in the auditee’s situation, the certification body should be consulted and informed on how to proceed with the audit.
Therefore, the best action to take is B, ask the certification body you work for how to proceed with the audit. This action will ensure that the audit plan is revised and agreed upon by all parties, and that the audit team has the competence and the methods to conduct the audit effectively and efficiently. The other options are not correct, as they may compromise the quality and validity of the audit:
• A. Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week: This action may not be feasible or acceptable, as it may extend the audit duration and cost beyond the agreed terms, and it may not provide sufficient and appropriate audit evidence to verify the conformity and effectiveness of the auditee’s processes. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.
• C. Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer’s premises they cleaned the week before: This action may not be relevant or reliable, as it may not reflect the current performance and condition of the auditee’s processes. The audit evidence collected from the previous customer may not be valid or representative of the audit criteria, and it may not address the risks and opportunities associated with the auditee’s context and objectives. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.
• D. Complete the audit but ask the quality manager to clean some windows at the ABC’s office, simulating the process they carry out at customers’ premises: This action may not be objective or impartial, as it may introduce bias and influence in the audit process. The audit evidence collected from the simulated process may not be accurate or authentic, and it may not demonstrate the actual capability and effectiveness of the auditee’s processes. Moreover, this action may not be ethical or professional, as it may compromise the integrity and credibility of the audit and the certification.
Reference: ISO 19011:2018(en), Guidelines for auditing management systems, ISO/IEC 17021-1:2015(en), Conformity assessment ― Requirements for bodies providing audit and certification of management systems ― Part 1: Requirements
Select which one of the following statements is true.
- A . The team leader shall be an auditor that is qualified in the scheme.
- B . An audit team can include non-qualified auditors.
- C . A technical expert can replace a qualified auditor on an audit team.
- D . Audits leading to auditor qualification are undertaken annually.
A
Explanation:
According to the ISO 19011:2018 standard, which provides guidelines for auditing management systems, the team leader of an audit team should be an auditor who has demonstrated the competence to manage an audit of the relevant management system scheme. This means that the team leader should have the appropriate knowledge, skills, and experience to plan, conduct, report, and follow-up an audit of the specific management system, such as ISO 9001 for quality management systems.
The other options are false because:
B. An audit team can include non-qualified auditors, but only as observers or trainees who do not contribute to the audit findings or conclusions.
C. A technical expert can assist a qualified auditor on an audit team, but cannot replace them, as a technical expert does not have the competence to perform audits.
D. Audits leading to auditor
qualification are not undertaken annually, but rather as part of a certification process that involves meeting certain criteria, such as education, work experience, audit experience, and examination.
Reference: ISO 19011:2018, PECB Certified ISO 9001 Lead Auditor Exam Preparation Guide, ISO 9001:2015 Quality Management Systems Lead Auditor Training Course
Select one option that must be considered when determining the scope of a QMS to ISO 9001.
- A . Business improvement
- B . Performance of business processes
- C . External issues of the organisation’s context
- D . Competence of top management
C
Explanation:
According to ISO 9001:2015, clause 4.3, the organization is required to determine the scope of its quality management system (QMS) by considering the external and internal issues referred to in clause 4.1. Clause 4.1 requires the organization to determine the external and internal issues that are relevant to its purpose and strategic direction, and that affect its ability to achieve the intended results of its QMS. These issues can include positive and negative factors or conditions for consideration, such as legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local. The organization is also required to monitor and review these issues.
Therefore, the correct answer is C, as external issues of the organization’s context are one of the factors that must be considered when determining the scope of the QMS. The other options are either not directly related to the scope of the QMS, or are not explicitly mentioned in clause 4.3.
Reference: ISO 9001:2015(en), Quality management systems ― Requirements, clause 4.1 and 4.3
ISO 9001:2015 C How to determine the scope of your QMS – Advisera, section “Considerations for determining the scope of the QMS in ISO 9001”
ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives” ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 4
DRAG DROP
The following list gives examples of records that may be evidence of how an organisation has fulfilled the requirements of clause 8.4 of ISO 9001. Match the records to the appropriate requirement of clause 8.4.
To complete the table click on the blank section you want to complete so it is highlighted in red and then click on the appropriate record from the option listed. Alternatively, drag and drop the appropriate record to the requirement of clause 8.4 that applies.
Explanation:
The following table shows the possible matching of the records to the requirements of clause 8.4:
Table
Requirements
Records
Define product requirements
Product specification
Criteria for selection
List of requirements to be met by the external provider
Evaluation of potential external provider
External provider questionnaire
External provider selection
Approved external provider list
Communicate requirements
Purchase order
Monitoring of performance
External provider delivery times and quality issues
Comprehensive and Detailed = According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements. To do so, the organization should:
Define the product requirements that are relevant for the external provision, such as specifications, drawings, standards, codes, etc. These should be documented and communicated to the external provider. A record of the product specification can be used as evidence of this requirement. Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently. A record of the list of requirements to be met by the external provider can be used as evidence o this requirement.
Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed. A record of the external provider questionnaire can be used as evidence of this requirement.
Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved. A record of the approved external provider list can be used as evidence of this requirement.
Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely. A record of the purchase order can be used as evidence of this requirement.
Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed. A record of the external provider delivery times and quality issues can be used as evidence of this requirement.
Reference: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Scope], Mastering the Scope of ISO 9001 Quality Management Systems
An audit team leader arrives at a printing organisation to carry out a Stage 2 audit for a certification body. At a meeting with the Quality Manager, she is told that they have won their biggest contract from a computer manufacturer to print and compile computer documentation packages. They have leased the unit next door for space reasons but have never worked in this sector before. The Quality Manager wants the ISO 9001 certificate to cover the new contract.
During the audit, a team member finds that a number of print jobs have been rejected by several clients over a number of months due to spelling errors in the print run. The Print Manager blames the new employees they had to take on because of a big contract. The auditor raises a nonconformance against clause 10.2.1.b of ISO 9001.
Which one of the evidence statements would support this finding?
- A . There was no record that the organisation evaluated the effectiveness of the training given to new
employees. - B . There was no evidence that a check of spelling took place before the release of printing to the client.
- C . The actions taken to deal with customer complaints did not prevent recurrence of the problem.
- D . The organisation did not provide the correct resources to prevent nonconformity.
C
Explanation:
According to clause 10.2.1.b of ISO 9001:2015, the organization should evaluate the need for action to eliminate the causes of nonconformities, in order to prevent their recurrence. This means that the organization should identify and address the root causes and contributing factors of the nonconformities, and implement appropriate corrective actions that are effective and proportional to the impact of the nonconformities. In this case, the evidence statement that supports the finding of nonconformance is C, because it shows that the organization did not take effective actions to prevent the recurrence of the spelling errors in the print run, which resulted in repeated customer rejections and dissatisfaction. The other options are not directly related to clause 10.2.1.b, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option A may relate to clause 7.2 on competence, option B may relate to clause 8.6 on release of products and services, and option D may relate to clause 7.1 on resources.
Reference: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Nonconformity and Corrective Action], ISO 9001 Clause 10. Improvement – ISO-templates.com
You are conducting a third-party audit to ISO 9001 and the next item on your audit plan is ‘internal auditing’.
When reviewing a sample of audit records up to 5 years previously, you find that many contain non-conformance reports and no actions have been taken. You interview the Quality Manager.
You: "I have noted that many of the older files contain non-conformances that have not had any corrective action taken."
Quality Manager: "Because the business is always changing, the departmental managers tell me that the non-conformances are no longer applicable. I made a decision that any non-conformance over 3 years old is automatically closed"
You: "Do you obtain any confirmation beforehand from the appropriate departments that the non-conformances are no longer applicable."
Quality Manager: " No, because they are so old I consider that they are no longer appropriate. Please remember that we take a risk-based approach which means we audit where and when it is considered important to do so.
Select one course of action you would now take from the options.
- A . Interview Top management to determine whether they were aware of and agreed the actions of the Quality Manager
- B . Review all non-conformances reports related to clause 9.2 of ISO 9001
- C . Interview relevant Departmental managers to assess whether the older non-conformances are still valid.
- D . Raise a non-conformance report against clause 9.2.2.e of ISO 9001
D
Explanation:
According to ISO 9001:2015, clause 9.2.2.e, the organization is required to retain documented information as evidence of the implementation of the audit programme and the audit results. This includes the records of the nonconformities identified during the internal audits and the corrective actions taken to address them. The organization is also required to verify the effectiveness of the corrective actions, as per clause 10.2.2.
Therefore, in the scenario given, the Quality Manager’s decision to automatically close any nonconformance over 3 years old without obtaining any confirmation from the relevant departments or verifying the effectiveness of the corrective actions is a clear violation of the requirements of clause 9.2.2.e. This indicates a lack of control and follow-up of the internal audit process, as well as a potential risk of recurrence or occurrence of the nonconformities in other areas. This also undermines the credibility and value of the internal audit programme, as well as the risk-based approach claimed by the Quality Manager.
Hence, the best course of action to take is D, to raise a nonconformance report against clause 9.2.2.e of ISO 9001, and to communicate the audit findings to the relevant management. The other options are either insufficient or irrelevant to address the issue, as they do not directly relate to the noncompliance with clause 9.2.2.e.
Reference:
ISO 9001:2015(en), Quality management systems ― Requirements, clause 9.2.2 and 10.2.2
ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.4.4 and 6.7.2
ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”
ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 5 and 6
During a third-party audit of a pharmaceutical organisation (CD9000) site of seven COVID-19 testing laboratories in various terminals at a major international airport, you interview the CD 9000’s General Manager (GM), who was accompanied by Jack, the legal compliance expert. Jack is acting as the guide in the absence of the Technical Manager due to him contracting COVID-19.
You: "What external and internal issues have been identified that could affect CD9000 and its quality management system?"
GM: "Jack guided us on this. We identified issues like probable competition of another laboratory organisation in the airport, legal requirements on COVID-19 continuously changing, the shortage of competent laboratory analysists, the epidemic declining soon,
shortage of chemicals for the analysis. It was quite a good experience."
You: "Did you document these issues?"
GM: "No. Jack said that ISO 9001 does not require us to document these issues."
You: "How did you determine the risks associated with the issues and did you plan actions to address them?"
GM: "I am not sure. The Technical Manager is responsible for this process. Jack may be able to answer this question in his absence."
Select two options for how you would respond to the General Manager’s suggestion:
- A . I would not accept the legal compliance expert answering the question.
- B . I would ask to audit the Technical Manager by phone.
- C . I would delay the audit until the return of the technical manager
- D . I would look for evidence that the actions resulting from the risk assessment had been taken.
- E . I would ask for a different guide instead of the legal compliance expert.
- F . I would ask the consultant to leave the meeting since he is not an employee of the organisation.
A,D
Explanation:
According to clause 4.1 of ISO 9001:2015, the organization should determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended results of its quality management system. The organization should monitor and review these issues and update them as necessary. Although the standard does not explicitly require documented information of these issues, it does require documented information as evidence of the implementation of the actions taken to address risks and opportunities, as per clause 6.1. The organization should also retain documented information as evidence of the results of the monitoring, measurement, analysis and evaluation of its QMS, as per clause 9.1. Therefore, the auditor should not accept the legal compliance expert answering the question, as he is not the person responsible for the process and may not have the necessary competence or knowledge of the QMS. The auditor should also look for evidence that the actions resulting from the risk assessment had been taken, as this is a requirement of the standard and a way to verify the effectiveness of the QMS. The other options are not appropriate courses of action for the auditor, because they do not address the audit objective or criteria, or they may compromise the audit integrity or impartiality. For example, option B may not be feasible or reliable, as the Technical Manager may not be available or able to provide the necessary evidence by phone. Option C may cause unnecessary delay and inconvenience for the audit process and the auditee. Option E may not solve the problem, as the guide is not the main source of evidence or information for the audit. Option F may be disrespectful or unprofessional, as the consultant may have a legitimate role or interest in the audit.
Reference: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Context of the Organization, ISO 9001 Auditing Practices Group Guidance on Audit Evidence
During a second-party audit, the auditor examines the records that are available for the external provider, ABC Forgings, to whom manufacturing has recently been outsourced.
There are standard external provider checklists for three competitors for the contract and there are inspection records from the trial manufacturing batches produced by ABC Forgings. There is no documented evidence of the criteria used to confirm the appointment of ABC Forgings, and no contract or terms and conditions. Ongoing monitoring indicates that external provider performance is satisfactory, but no documented information has been retained.
Select two options for the evidence which demonstrates a nonconformity with clause 8.4 of ISO 9001.
- A . There was no documentation which provided evidence of any monitoring of the external provider.
- B . The auditee required the outsourced products on an urgent basis before the completion of the paperwork.
- C . The auditee did not retain documentation on the selection and evaluation of the external provider.
- D . The external provider asked for the contract details to be verbal only.
- E . There were no receipt inspection records of the incoming materials.
- F . The auditee trusted the external provider because of a long-standing relationship with them.
A,C
Explanation:
According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements.
To do so, the organization should:
• Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently.
• Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed.
• Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved.
• Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the
documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely.
• Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed.
In this case, the evidence statements that demonstrate a nonconformity with clause 8.4 are A and C, because they show that the organization did not retain documented information of the selection and evaluation of the external provider, and the monitoring of the external provider’s performance.
These are requirements of the standard and essential for ensuring the quality of the externally provided processes, products, and services. The other options are not directly related to clause 8.4, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option B may relate to clause 7.1.3 on contingency planning, option D may relate to clause 8.2.3 on review of requirements, option E may relate to clause 8.6 on release of products and services, and option F may relate to clause 5.1.1 on leadership and commitment.
Reference: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Scope], Mastering the Scope of ISO 9001 Quality Management Systems
XYZ Corporation is an organisation that employs 100 people. As the audit team leader, you conduct a certification audit at Stage 1. When reviewing the quality management system (QMS), you find that the objectives have been defined by an external consultant using those of a competitor, but nothing is documented. The Quality Manager complains that this has created a lot of resistance to the QMS, and the Chief Executive is asking questions about how much it will cost.
Which two options describe the circumstances in which you could raise a nonconformity against clause 6.2 of ISO 9001?
- A . The consultant has not interpreted ISO 9001 correctly.
- B . Quality objectives were not established in alignment with the organisation’s quality policy.
- C . Quality objectives are not maintained as documented information.
- D . Establishing quality objectives did not include top management.
- E . The organisation cannot afford to undertake quality objectives all at once.
- F . Quality objectives are not being implemented by the organisations’ personnel.
B,C
Explanation:
According to ISO 9001:2015, clause 6.2.1, the organization is required to establish quality objectives at relevant functions, levels, and processes for the quality management system (QMS). The quality objectives must be consistent with the quality policy, measurable, monitored, communicated, and updated as appropriate. The organization is also required to maintain documented information on the quality objectives, as per clause 7.5.1.
Therefore, in the scenario given, the quality objectives defined by the external consultant are not in
alignment with the organization’s quality policy, as they are based on those of a competitor, rather than the organization’s own purpose, strategic direction, and customer requirements. This creates a mismatch between the organization’s vision and goals, and the quality objectives that are supposed to guide and measure the QMS performance. Moreover, the quality objectives are not maintained as documented information, which makes it difficult to communicate, monitor, and update them, as well as to demonstrate evidence of their implementation and achievement.
Hence, the circumstances in which a nonconformity against clause 6.2 of ISO 9001 could be raised are
B and C, as they indicate a failure to comply with the requirements of clause 6.2.1. The other options
are either irrelevant or not directly related to clause 6.2, as they do not pertain to the establishment
and documentation of quality objectives.
Reference:
ISO 9001:2015(en), Quality management systems ― Requirements, clause 6.2.1 and 7.5.1
ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.4.4 and 6.7.2
ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”
ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 5 and 6
Noitol is an organisation specialising in the design and production of e-learning training materials for the insurance market. During an ISO 9001 audit of the development department, the auditor asks the Head of Development about the process used for validation of the final course design. She states that they usually ask customers to validate the product with volunteers. She says that the feedback received often leads to key improvements.
The auditor samples the design records for a recently completed course for the 247 Insurance organisation. Design verification was carried out but there was no validation report. The Head of Development advises that this customer required the product on an urgent basis, so the validation stage was omitted. When asked, the Head estimates that this occurs about 50% of the time. She confirms that they always ask for feedback and often make changes. There is no record of feedback in the design file for the course.
The auditor decides to review the training course design process in more depth.
Select three options that provide a meaningful audit trail for this process.
- A . How are students advised about prior learning requirements?
- B . How is customer feedback integrated into the course?
- C . How is the cost of the course calculated?
- D . What risks and opportunities have been notified to interested parties?
- E . How is design documentation controlled and managed?
- F . How is technical content of courses verified as correct?
- G . How is the tutor trained to deliver the completed course?
- H . What are the qualifications of the administrative staff?
B,E,F
Explanation:
According to clause 8.3 of ISO 9001:2015, the organization should establish, implement, and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.
The design and development process should include the following activities:
• Determining the requirements for the products and services to be designed and developed, considering the intended use, the statutory and regulatory requirements, the customer and other relevant interested parties’ needs and expectations, and the potential risks and opportunities.
• Defining the design and development objectives, stages, responsibilities, and authorities, and ensuring the availability of adequate resources and competence.
• Implementing design and development controls, such as reviews, verification, and validation, to ensure that the design and development outputs meet the design and development inputs, and to identify and resolve any problems or errors.
• Maintaining documented information on the design and development inputs, outputs, reviews, verification, validation, and changes, and ensuring the traceability and conformity of the products and services to the requirements.
• Managing the design and development changes, by identifying, reviewing, and controlling them, and evaluating their effects on the products and services and the QMS.
In this case, the evidence statements that provide a meaningful audit trail for the design and development process are B, E, and F, because they relate to the design and development controls, the documented information, and the verification activities that are required by the standard. These options can help the auditor to assess the effectiveness and conformity of the design and development process, and to identify any nonconformities or opportunities for improvement. The other options are not directly related to clause 8.3, although they may be relevant for other aspects of the QMS, such as clause 7.2 on competence, clause 7.3 on awareness, clause 7.4 on communication, clause 8.2 on requirements for products and services, clause 8.4 on externally provided processes, products, and services, and clause 8.7 on control of nonconforming outputs.
Reference: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Design and Development, ISO 9001 Clause 8.3 Design and development of products and services
An audit team leader arrives at a printing company to carry out a Stage 2 audit for a certification body. At a meeting with the Quality Manager, she is told that they have won their biggest contract from a computer manufacturer to print and compile computer documentation packages. The Quality Manager wants the ISO 9001 certificate to cover the new contract.
During the audit, a team member found that some print jobs had been rejected by several clients over some months due to spelling errors in the print run. The Print Manager blames the new employees they had to take on because of a big contract.
The auditor finds that the responsibility for checking spelling errors is placed on the printer that sets up the print run.
In line with the policy of the certification body, the audit team raise improvement opportunities in the audit report.
Which three of the following options would represent acceptable opportunities for improvement in the report?
- A . Operational planning activities may benefit from a clearer risk-based approach.
- B . The organisation needs to delay its certification to gain more experience of the QMS.
- C . The responsibility for checking printing needs to be independent of the operators.
- D . A business consultant can be recommended for advice on improving operations.
- E . A plan to determine why the errors occur and to prevent them.
- F . An intensive training plan that involves all production personnel.
- G . The recruitment process to include spelling tests to filter out unsuitable candidates.
- H . More process time needs to be allocated to the new employees.
A,C,E
Explanation:
According to the ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities1, an improvement opportunity is a suggestion made by the auditor for the auditee to consider that, if implemented, may enhance the performance of the QMS. Improvement opportunities are not mandatory, but they should be based on objective evidence and aligned with the audit criteria and objectives. Improvement opportunities should also be realistic, feasible, and beneficial for the auditee. In this case, the evidence statements that represent acceptable improvement opportunities in the report are A, C, and E, because they address the potential causes and effects of the spelling errors in the print run, and propose possible actions that may improve the quality of the products and services, and the effectiveness of the QMS. These options are consistent with the requirements and principles of ISO 9001, such as clause 6.1 on actions to address risks and opportunities, clause 8.1 on operational planning and control, clause 8.5.1 on control of production and service provision, and clause 10.2 on nonconformity and corrective action. The other options are not appropriate improvement opportunities, because they are either irrelevant, unrealistic, or unhelpful for the auditee. For example, option B may contradict the audit objective and scope, option D may imply a lack of auditor competence or impartiality, option F may not address the root cause of the problem, option G may not be applicable or effective, and option H may not be feasible or justified.
Reference: ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities, ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Audit Evidence
Takitup is a small fabrication organisation that manufactures steel fencing, stairs and platforms for the construction sector. It has been certified to ISO 9001 for some time and has appointed a new Quality Manager. The audit plan during a surveillance audit covers the organisation’s improvement actions and the auditor asks to see the most recent management review meeting minutes.
The auditor finds that the management review report records that none of the improvement actions set by the previous review has been realised for a second time. A new Quality Manager has been brought in at the middle management level to rectify the situation as the organisation is concerned that it might lose its certification.
Select three options that would provide evidence of conformance with clause 10.3 of ISO 9001.
- A . Outsource more processes to external providers
- B . Removing expensive external providers from the database.
- C . An increase in the number of quality staff.
- D . A quality objective to achieve lower reject rates by quality control.
- E . Considering results from the analysis of the effectiveness of corrective actions to determine improvement opportunities.
- F . The certification body auditor reporting fewer nonconformities.
- G . An enhanced customer satisfaction survey score than in the previous year.
- H . Automate the fabrication process to increase profitability.
You are an auditor from a construction organisation who is conducting a second party audit to ISO 9001 at a steel rolling mill producing structural steelwork. When auditing the rolling process, you find that the operator who is unloading the furnace does not use the adjacent infrared pyrometer to measure the appropriate product temperature in readiness for the next production stage.
You: "How do you tell when the billet is ready for the rolling stage?"
Operator: "I’ve done this job for 20 years. I can tell by the bright red colour."
You: "What happens if the colour is wrong?"
Operator: "The billet goes back into the furnace."
You: "Is the pyrometer ever used?"
Operator: "Only in borderline cases."
You continue to interview the operator and find that around 25% of the billets are sent back to the furnace. This includes 80% of the borderline cases.
Select three options that would provide evidence of conformance with clause 9.1.1 of ISO 9001.
- A . Periodic analysis of the results of temperature checks.
- B . Certification of conformance to national standards from the manufacture of the pyrometer.
- C . An increase in the use of the pyrometer by operators.
- D . Maintenance plan for the furnace.
- E . A procedure that provides instruction in taking billet temperature.
- F . Planning for monitoring and measuring the billet temperature.
- G . A quality objective to achieve lower recycle rates for billets.
- H . Annual review records for furnace operators.
A,E,F
Explanation:
According to ISO 9001:2015, clause 9.1.1, the organization is required to determine what needs to be monitored and measured, the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results, and when the monitoring and measuring shall be performed. The organization is also required to retain appropriate documented information as evidence of the results.
Therefore, in the scenario given, the organization should have planned for monitoring and measuring the billet temperature, as it is a critical factor for the quality of the product and the process. The organization should also have established a procedure that provides instruction in taking billet temperature, using the pyrometer or other suitable methods, to ensure consistency and accuracy. The organization should also have performed periodic analysis of the results of temperature checks, to identify trends, problems, and opportunities for improvement.
Hence, the options that would provide evidence of conformance with clause 9.1.1 of ISO 9001 are A, E, and F, as they are aligned with the requirements of the clause. The other options are either irrelevant or not directly related to clause 9.1.1, as they do not pertain to the monitoring and measurement of the billet temperature.
Reference:
ISO 9001:2015(en), Quality management systems ― Requirements, clause 9.1.1
ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.4.4 and 6.7.2
ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”
ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 5 and 6
DRAG DROP
You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The organisation offers warehousing and export services to customers. Customers are invoiced for the time stock items are stored in the warehouse. Transport to and from the warehouse is controlled by the organisation and approved subcontract transport services are used. The organization does not have its own transport vehicles. Stock items are not purchased by the organisation.
You have gathered audit evidence as outlined in the table. Match the ISO 9001 Clause 8 extract to the audit evidence.
To complete the table, click on the blank section you want to complete so it is highlighted in red and then click on the ISO 9001 Clause 8 extracts listed below. Alternatively, drag and drop each clause to the audit evidence that applies.
Explanation:
The table below shows the possible matching of the ISO 9001 Clause 8 extract to the audit evidence.
Table
Audit evidence
Four of the 10 pallets of stock sampled in the warehouse were not labelled.
A damaged pallet of stock seen in the quarantine area was leaking liquid onto the floor.
One of the fork-lift truck drivers had no fork-lift truck driving licence.
There was no pest control provision in the warehouse.
Two pallets of temperature-sensitive stock items were being stored at ambient as the chilled storage facility was full.
ISO 9001 Clause 8 extract
“8.5.2 … shall use suitable means to identify outputs …
“8.7.1 … shall ensure that outputs that do not conform their requirements are identified and controlled …”
“8.5.1 e … shall include, as applicable … the appointme of competent persons …”
“8.5.4 … shall preserve the outputs during production service provision …”
“8.1 … shall plan, implement and control the processes
DRAG DROP
You are conducting an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The organisation manufactures cosmetics for major retailers and the name of the retailer supplied appears on the product packaging. Sales turnover has increased significantly over the past five years
You are interviewing the new Product Development Manager. You note that a software application called SWIFT is used to help control the product development process.
You have gathered audit evidence as outlined in the table. Match the ISO 9001 clause 8.3 extracts to the audit evidence.
To complete the table click on the blank section you want to complete so it is highlighted in red and then click on the ISO 9001 Clause 8.3 extracts listed below. Alternatively, drag and drop each clause to the audit evidence that applies.
Explanation:
The table below shows the possible matching of the ISO 9001 Clause 8.3 extract to the audit
evidence.
Table
Audit evidence
Half of all new products launched in the past 12 months were late. The NPD Manager explains he has not got enough people on his team to cope with the demand for new products.
The NPD Manager explains many changes are made to cosmetic formulations during product development owing to retailer feedback. Only when confirmed by the retailer is the agreed formulation documented on SWIFT.
The NPD Manager explains that the customer confirms their approval to
ISO 9001 Clause 8.3 extract
“8.3.2 e) … internal … resource needs the design and development of prod …”
“8.3.5 … retain documented informat …”
“8.3.6 … retain documented informat
proceed with a new formulation by email. These emails are kept on SWIFT.
The NPD Manager shows you evidence of consumer trials that are carried out for some new products prior to full-scale launch.
The NPD Manager explains that an approved external laboratory is used to perform shelf-life stability trials on some formulations during product development.
…”
“8.3.4 d) … conducted to ensure that resulting products and services meet requirements …”
“8.3.2 e) … external … resource need the design and development of prod …”