ISO-9001-Lead-Auditor QMS ISO 9001:2015 Lead Auditor Exam Questions and Answers

This option reflects a balanced and professional approach. The audit team leader should first gather information directly from the involved auditor to understand the situation before making any decisions. It demonstrates due diligence and fairness.

This ensures that the situation is properly escalated and handled in accordance with the auditing body’s procedures. Consulting the audit programme manager helps ensure consistency in handling such incidents.

The nonconformity raised is based on objective evidence, independent of the incident with the photographs. ISO 9001 audits are evidence-based, and the validity of the findings should not be compromised by unrelated issues.

1. A. Advise the Quality Manager that he, as audit team leader, needs to speak to the auditor about the situation and he will report back to the Quality Manager once this is done:2. D. Delay the Closing meeting until the audit team leader has consulted his audit programme manager at Head Office:3. E. Insist that the nonconformities must stand since they have been agreed by the team from other evidence gathered:

B. Advise the Quality Manager that the auditor will be reported to Head Office:

Reporting the auditor directly without first investigating the situation is premature and unprofessional. It might escalate the issue unnecessarily.

C. Apologize for the situation and ensure the Quality Manager that all photographs will be deleted during the Closing meeting:

Deleting evidence without proper consultation could be seen as tampering or unprofessional conduct. It’s essential to understand the context of the photographs first.

F. State that the auditor will take no further part in the audit and all his photographs will be deleted:

This is an extreme response without first investigating the situation. Taking unilateral action without gathering facts can damage the audit's integrity.

Why Not the Other Options:

Comprehensive and Detailed In-Depth Explanation:

As per ISO 9001:2015, Clause 10.2 (Nonconformity and Corrective Action), all identified nonconformities, including minor ones, must be documented and communicated to the auditee.

Minor nonconformities can lead to major issues if left unaddressed. The auditor must inform the organization before moving to the next audit phase so that corrective actions can be taken. Clause 9.2.2 (Internal Audit) states that audit findings should be reported without undue delay.

Since Li Na did not report the minor nonconformities immediately, her decision was incorrect. Minor nonconformities should always be documented and communicated before proceeding to the next phase.

Comprehensive and Detailed In-Depth Explanation:

Clause 5.1.1 of ISO 9001:2015 – Leadership and Commitment – specifically mandates that top management must take accountability for the effectiveness of the QMS. They are also responsible for ensuring:

Integration of the QMS into business processes (5.1.1 c)

Promotion of customer focus and continual improvement (5.1.1 d, i)

Availability of necessary resources (5.1.1 e)

That the QMS achieves its intended results (5.1.1 g)

Let’s analyze the selected options:

✅ A. Top management is not accountable for the effectiveness of the QMS.

This directly violates clause 5.1.1 a, which explicitly requires top management to take accountability for the effectiveness of the QMS. Delegating this to a middle-level Quality Manager, as described in the scenario, constitutes a nonconformity.

✅ F. The Quality Manager does not have access to the resources needed for the QMS.

According to clause 5.1.1 e, top management must ensure the availability of required resources for maintaining and improving the QMS. If the Quality Manager is resource-constrained, it indicates top management has failed to meet this requirement.

Now, why the other options are incorrect in terms of direct clause 5.1.1 nonconformity:

❌ B. Avoiding giving improvement actions to the Chief Executive – While this may reflect poor communication, it is not, by itself, a clear breach of 5.1.1 unless linked directly to top management’s lack of accountability or commitment.

❌ C. Chief Executive never attending meetings – ISO 9001 does not require physical attendance of the Chief Executive at management reviews. What matters is whether top management is fulfilling their roles, not how.

❌ D. Completing only half of improvement actions – This indicates performance issues but does not necessarily indicate top management’s lack of accountability, unless they failed to monitor progress entirely.

❌ E. Reporting to one designated senior manager – This is not inherently nonconforming unless that senior manager does not fulfill top management’s responsibilities under 5.1.1.

Relevant ISO 9001:2015 Reference:

Clause 5.1.1 a, e, g, h:

"Top management shall demonstrate leadership and commitment with respect to the quality management system by:

a) taking accountability for the effectiveness of the quality management system;

e) ensuring that the resources needed for the quality management system are available..."

A screenshot of a chat Description automatically generated

According to the ISO 9000:2015 document, the seven quality management principles are:

Customer focus

Leadership

Engagement of people

Process approach

Improvement

Evidence-based decision making

Relationship management

For each principle, the document provides a statement, a rationale, key benefits, and actions you can take to apply the principle in your organization.

Based on the document, here is a possible way to match a potential benefit to each of the four quality management principles you mentioned:

Table

Quality management principle

Potential benefit

Customer focus

Increased revenue and market share

Engagement of people

Enhanced trust and collaboration throughout the organization

Improvement

Enhanced drive for innovation

Evidence-based decision making

Increased ability to demonstrate effectiveness of past actions

According to ISO 19011:2018, clause 6.3.2, an audit plan should include the following information:

The audit objectives, scope, and criteria

The audit team members and their roles and responsibilities

The audit schedule, including the sequence and timings of audit activities, such as opening meeting, document review, interviews, observations, closing meeting, etc.

The expected time and duration of each audit activity and location

The name and contact details of the auditee’s representative and other relevant parties

The allocation of appropriate resources to support the audit activities

The audit methods and techniques to be used, such as interviews, observations, sampling, etc.

The audit documents and records to be prepared and retained

The audit language and communication methods

The audit risks and opportunities and how to address them

The audit follow-up arrangements, if applicable

Therefore, the correct answer is D and F, as they are essential elements of an audit plan. The other options are either irrelevant or optional for an audit plan. References:

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.2

ISO 19011: Guidelines for Auditing Management Systems | ASQ, section “Making audit arrangements”

ISO 19011 Management Systems Audit Checklist | Process Street, task 6.3.2

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 recognizes change management as essential for maintaining process integrity and preventing nonconformities.

Clause References:

Clause 6.3 (Planning of Changes) → Focuses on long-term changes that may impact QMS integrity.

Clause 8.5.6 (Control of Changes) → Focuses on changes occurring during production and service provision to ensure conformity.

Why is the Correct Answer A?

Clause 8.5.6 applies specifically to operational changes, ensuring that modifications in production or service processes do not compromise quality.

Organizations must document who approves changes, how they are controlled, and how they affect product/service conformity.

Why are the Other Options Incorrect?

B (Changes during design and development) → Covered under Clause 8.3 (Design and Development), not 8.5.6.

C (Changes to legal and regulatory requirements) → Addressed under Clause 4.2 (Interested Parties' Requirements).

D (Leadership responsibilities) → Covered under Clause 5.1 (Leadership and Commitment), not 8.5.6.

ISO/IEC 17021-1 is the standard that specifies requirements for bodies providing audit and certification of management systems. It includes provisions for determining audit time for third-party certification audits, ensuring that the audits are conducted in a consistent, comparable, and reliable manner, which can be applied to a variety of management systems, including ISO 9001.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015, Clause 5.1.2 (Customer Focus) states that top management must ensure customer satisfaction by monitoring customer perceptions.

In scenario 2, top management initiated customer surveys, demonstrating their commitment to customer focus as required by Clause 5.1.2.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.9 (Audit Conclusions):

Audit conclusions must be based on verified evidence.

The evidence must be evaluated both quantitatively and qualitatively to ensure accuracy.

Observations alone (A) are insufficient; conclusions must be supported by objective evidence.

Thus, B is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 5.1 (Impartiality):

Internal auditors must not audit areas where they have direct responsibilities to avoid conflicts of interest.

Outsourcing (C) is not required, as long as impartiality is maintained internally.

Thus, B is the correct answer.

Match the process descriptions below to the process names:

The process by which the accuracy of test equipment is checked against a known standard. = Calibration

The process by which a product or service is visually examined to determine conformity to requirements. = Evaluation

The process by which data is examined in detail to reach a specific answer or answers. = Analysis

The process by which a parameter of a product or service is examined to determine a specific value. = Measurement

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, the definitions of the process names are as follows:

Calibration: operation that, under specified conditions, in a first step, establishes a relation between the quantity values with measurement uncertainties provided by measurement standards and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication.

Evaluation: determination of the suitability, adequacy or effectiveness of an object to achieve established objectives.

Analysis: detailed examination of the elements or structure of something.

Measurement: process to experimentally obtain one or more quantity values that can reasonably be attributed to a quantity.

Therefore, the process descriptions can be matched to the process names based on these definitions.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 emphasizes risk-based thinking, which helps organizations identify factors that could prevent achieving planned results and take preventive action. Clause 6.1 (Actions to Address Risks and Opportunities) requires organizations to determine risks and opportunities and implement actions to mitigate potential negative impacts.

In the scenario, AL-TAX identified potential risks and implemented preventive actions, aligning with risk-based thinking. ISO 9001:2015 integrates risk management throughout the standard, ensuring processes are designed to minimize uncertainties.

A Stage 1 audit is a preliminary assessment to evaluate the readiness of the organisation for the Stage 2 certification audit. The audit scope is defined by the audit client and the certification body based on the application and the contract. If the organisation wants to include a new work area that was not part of the original scope, the auditor should advise the Quality Manager that an extension of the scope is possible but will have to go through established procedures, such as submitting a formal request, providing relevant information, and paying additional fees. The auditor should also suggest that the Quality Manager will advise the programme manager, who is responsible for managing the audit programme, that the audit scope should be revised to include the new work area. The programme manager will then decide whether to approve or reject the request, and communicate the decision to the auditor and the Quality Manager. The auditor should not proceed with the audit of the new work area without the approval of the programme manager and the confirmation of the audit scope. 1234 References:

1: ISO 19011:2018 - Guidelines for auditing management systems

2: ISO 9001 Certification Audits | Stage 1 and Stage 2 - 9001. Simplified

3: What is the difference between Stage 1 and Stage 2 Audits? - ISO Update

4: Getting Certified to ISO 9001 - the Stage 1 Audit

According to the ISO 9001:2015 standard, clause 8.7 requires that an organization identify and control any nonconforming outputs that do not conform to the requirements of the customer or other relevant requirements. Nonconforming outputs are any outputs from the process, product or service that do not meet the specified quality criteria. Nonconforming outputs must be dealt with in one or more of the following ways:

Correction of the nonconformity

Segregation, containment, return or suspension of provision of products and services

Informing the customer

Authorisation for acceptance under concession

The organization must also retain documented information on the description of the nonconformity, the actions taken, any concessions obtained, and the identification of the authority deciding the action to resolve the nonconformity.

In this scenario, you have interviewed a line supervisor who is responsible for managing a manual picking line where operators are removing contaminant materials from incoming products. The supervisor has explained that these plastic items are rejected at this stage because they do not meet their processing standards and they can damage their machinery and compromise their quality standards. The supervisor has also mentioned that some of these rejected items are melted down in another process later on and some are disposed of as waste products that cannot be recycled.

Based on this information, you can investigate further by taking two actions:

A. Check the process for handling nonconforming items: You can verify whether there is a documented procedure for identifying, segregating, containing, returning or suspending provision of nonconforming items at this stage. You can also check whether there is a system for informing customers about any nonconforming items that may affect their satisfaction or expectations.

D. Determine what happens to the waste products: You can verify whether there is a documented procedure for disposing of waste products that cannot be recycled as per environmental regulations and customer requirements.

These two actions would help you to determine whether there are any nonconforming outputs at this stage and how they are controlled by the organization.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.2.2 (Audit Planning):

The audit team leader is responsible for planning the audit and assigning roles.

Top management (A) does not plan the audit, but they provide resources.

While team members may provide input, the leader has the final authority.

Thus, B is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.6 (Conducting Interviews), group interviews should be conducted with at least two auditors to ensure objectivity and accuracy.

This prevents bias or misinterpretation of responses.

It allows for cross-validation of information.

It ensures that the audit results remain objective and impartial.

Since Li Na conducted the group interviews alone, she did not follow audit best practices. The correct approach would have been to have another auditor present during the interviews.

The appropriate response in this situation would be:

C. I will raise it as a minor nonconformity; you have the option to appeal to our Certification Body.

This response acknowledges the restaurant manager’s point that the shortage of some hamburgers may not constitute a management system failure. However, the fact remains that the menu was not updated to reflect the current availability of products, which led to customer dissatisfaction. This is a deviation from the ISO 9001 standard, which requires that the organization ensures the availability of resources needed to provide products and services as promised1. Raising it as a minor nonconformity allows the organization to address the issue within a specified timeframe and provides an opportunity for appeal if the organization disagrees with the auditor’s decision2.

Comprehensive and Detailed In-Depth Explanation:

A horizontal audit examines one process across multiple departments to assess consistency.

Thus, A is the correct answer.

According to ISO 19011:2018, clause 3.2, audit criteria are a set of policies, procedures or requirements used as a reference against which objective evidence is compared. Audit criteria are usually selected by the audit client or by agreement between the audit client and the auditee, and they should be appropriate for the audit scope and objectives1. Audit criteria may include, but are not limited to, the following sources2:

•ISO management system standards, such as ISO 9001, ISO 14001, ISO 45001, etc.

•Verbal statements by the general manager or other top management, as long as they are consistent with the documented policies and objectives of the organisation

•Verbal agreements with interested parties, such as customers, suppliers, regulators, etc., as long as they are documented and approved by the relevant authorities

•Health and safety notices, such as posters, signs, labels, etc., that communicate the organisation’s legal obligations, policies, or procedures

•Written agreements with interested parties, such as contracts, orders, specifications, etc., that define the requirements and expectations of the parties involved

•Organisation’s documented information, such as policies, procedures, manuals, records, etc., that describe the organisation’s management system and its processes

•Commitment to follow principles issued by an NGO, such as the United Nations Global Compact, the International Labour Organization, etc., as long as they are relevant to the organisation’s context and objectives

•Environmental aspects register, such as a list of the environmental impacts and risks associated with the organisation’s activities, products, and services

Therefore, the two options that are not potential audit criteria are F and H, as they are not reliable or verifiable sources of information, and they may not reflect the actual performance or conformity of the organisation’s management system. Commercial advertisements and claims made on the organisation’s website are forms of marketing communication that may be exaggerated, misleading, or inaccurate, and they are not subject to the same level of scrutiny or approval as the other sources of audit criteria.

Comprehensive and Detailed Explanation: = According to the web search results from my internal tool, a witness audit is a technique used during an accreditation audit, where the accreditation body observes the performance and competence of the certification body auditors in conducting an audit12. A witness audit can also be used by a certification body to monitor and evaluate its own auditors3. During a witness audit, the following roles can be defined:

•An auditor: This is the person who is being witnessed by the accreditation body or the certification body. The auditor is responsible for conducting the audit according to the audit plan, criteria, and standards, and for providing audit evidence and findings123.

•An assessor for the accreditation body: This is the person who witnesses the auditor on behalf of the accreditation body. The assessor is responsible for evaluating the auditor’s performance and competence, and for providing feedback and recommendations to the accreditation body123.

The other options are not defined as witnesses during a witness audit, according to the web search results from my internal tool. They are:

•Someone with a qualification from the certification body: This is not a specific role in a witness audit, as anyone who is involved in the audit process should have a qualification from the certification body. Moreover, having a qualification does not necessarily mean that the person is a witness or an auditor4.

•An existing member of the audit team: This is not a specific role in a witness audit, as the audit team consists of the auditors who are conducting the audit, not the ones who are witnessing it. The witness audit is a separate activity from the audit itself, and the witness should not interfere with the audit process or influence the audit outcome123.

Therefore, the correct answer is B and D.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires organizations to ensure that auditors have the necessary competence and knowledge to conduct audits effectively.

Clause References:

ISO 19011:2018, Clause 7.2.1 – Determining Competence of Auditors: Auditors must have knowledge of applicable legal and regulatory requirements that affect the scope of the audit.

ISO/IEC 17021-1:2015, Clause 7.1.2 – Competence Requirements: Certification bodies must ensure that auditors assigned to the audit team possess relevant knowledge in areas such as legal and regulatory compliance.

Why is the Correct Answer C?

Each audit team member should have sufficient knowledge of relevant legal and regulatory requirements to ensure compliance.

This helps auditors identify gaps or nonconformities related to compliance obligations.

Having multiple team members with knowledge reduces reliance on a single expert and ensures a comprehensive assessment.

Why are the Other Options Incorrect?

A (Only one team member needs knowledge) → Incorrect because audits involve various aspects, and all auditors should have basic awareness of legal and regulatory requirements.

B (Legal knowledge is not necessary) → Incorrect because compliance is essential for QMS effectiveness.

D (Only the lead auditor needs legal knowledge) → Incorrect because ISO requires all auditors to be competent in applicable laws, not just the leader.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires organizations to measure and monitor customer perceptions to determine whether customer requirements are being met.

Clause Reference:

Clause 9.1.2 – Customer Satisfaction states that organizations must monitor customer perceptions using relevant methods such as customer surveys, feedback forms, and complaint analysis.

One of the most effective ways to do this is gap analysis, which identifies differences between customer expectations and actual service or product performance.

Why is the Correct Answer C?

Gap analysis helps determine discrepancies between current performance and customer expectations, allowing organizations to improve quality.

It is a standard quality improvement tool used to assess customer satisfaction.

Why are the Other Options Incorrect?

A (PEST analysis) → Focuses on external macroeconomic factors (Political, Economic, Social, Technological) rather than customer satisfaction.

B (Market-share analysis) → Examines business performance relative to competitors, not customer perceptions.

D (Competitive benchmarking) → Involves comparing processes with competitors but does not directly monitor customer perceptions.

Quality management principles:

Customer focus = Increased revenue and market share

Engagement of people = Enhanced trust and collaboration throughout the organisation

Improvement = Enhanced drive for innovation

Evidence-based decision-making = Increased ability to demonstrate effectiveness of past actions

According to the Quality management principles document published by ISO, each quality management principle has a statement, a rationale, key benefits, and actions you can take to apply it. Based on these descriptions, the potential benefits can be matched to the corresponding principles as follows:

Customer focus: The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. The key benefits of this principle include increased customer value, customer satisfaction, customer loyalty, repeat business, reputation, customer base, revenue and market share.

Engagement of people: Competent, empowered and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value. The key benefits of this principle include improved understanding of the organization’s objectives and values, increased involvement in improvement activities, enhanced personal development, increased motivation and empowerment, enhanced trust and collaboration, and increased recognition and rewards.

Improvement: Successful organizations have an ongoing focus on improvement. The key benefits of this principle include improved organizational capabilities, alignment of improvement activities at all levels, increased ability to anticipate and react to opportunities and threats, enhanced drive for innovation, and increased levels of satisfaction.

Evidence-based decision-making: Decisions based on the analysis and evaluation of data and information are more likely to produce desired results. The key benefits of this principle include improved decision-making processes, increased ability to demonstrate the effectiveness of past decisions, increased ability to review, challenge and change opinions and decisions, and increased ability to improve performance.

In this scenario, the audit team leader must balance maintaining the integrity of the audit plan while considering the auditee’s request. The two best responses allow for flexibility without compromising the audit's rigor:

A. I could audit the other laboratories virtually at the end of this audit: Virtual audits can be a valid option, especially in multi-site audits. ISO 9001:2015 does not prohibit virtual audits, and in certain situations, they are practical for reviewing documentation or observing operations remotely.

C. I could try to revise the audit programme to see if I can audit all laboratories: Revising the audit programme to accommodate additional site visits is a reasonable compromise. ISO 9001:2015 audits are based on risk and sampling, but the audit team leader has the flexibility to adjust the audit scope if it fits within the audit duration and resources.

The other options, such as extending the audit duration (B, F) or strictly adhering to the original plan (D, E), may not be practical or necessary. Revising the plan to audit all laboratories or using virtual auditing ensures that the audit remains efficient while addressing the organization's concerns​.

Evaluate the effectiveness of the management system: This objective involves verifying that the quality management system meets the requirements of a specific standard, such as ISO 9001:2015, and that it achieves the intended results and outcomes. The audit team will collect and analyse audit evidence to determine the degree of conformity and performance of the quality management system23.

•Evaluate the capability of the management system to establish and achieve objectives: This objective involves verifying that the quality management system supports the strategic direction and policies of the organization, and that it addresses the needs and expectations of the interested parties. The audit team will assess the suitability, adequacy, and alignment of the quality management system objectives, and the effectiveness of the planning and implementation processes to achieve them23.

The other options are not the most relevant objectives of a third-party audit, according to the web search results from my internal tool. They may be related to other aspects or types of audits, but they are not the focus of a third-party audit.

Therefore, the correct answer is B and D.

Comprehensive and Detailed In-Depth Explanation:

The audit schedule provides a structured timeline of activities to be conducted during the audit.

Clause References:

ISO 19011:2018, Clause 6.4.2 – Preparing the Audit Plan:

Requires the development of an audit schedule, including the sequence and timing of activities.

ISO/IEC 17021-1:2015, Clause 9.1.3 – Audit Program:

Certification bodies must establish a schedule for conducting audits.

Why is the Correct Answer C?

The audit schedule ensures systematic execution of the audit by defining activities, responsible auditors, and timeframes.

A well-planned schedule improves efficiency and helps auditors cover all necessary areas within the given time.

Why are the Other Options Incorrect?

A (Audit objectives) → Define why the audit is conducted, not the schedule.

B (Audit criteria) → Define the standards and requirements to be evaluated, not the timeline.

D (Audit offer) → Refers to the initial proposal sent to the auditee, not the activity timeline.

Comprehensive and Detailed In-Depth Explanation:

An autocratic management style is characterized by:

Top management making all decisions without delegation.

Strict control over employees.

A lack of employee input in decision-making.

Centralized management (Answer C) refers to decision-making being concentrated at the top, but it does not necessarily imply strict control. Laissez-faire management (Answer B) allows employees high independence, which contradicts the scenario.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9001:2015, Clause 9.2 (Internal Audit):

Internal audits are conducted by employees of the company who are trained as auditors.

External auditors are not mandatory unless required by the organization.

Thus, A is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

During communication with top management, the auditor should discuss:

The quality policy (ISO 9001:2015, Clause 5.2.1), ensuring that it is established, communicated, and understood.

Internal audits (ISO 9001:2015, Clause 9.2), verifying that they are planned and effectively implemented.

These discussions help assess leadership commitment and the effectiveness of the QMS.

According to ISO 19011:2018, clause 6.6.2, a nonconformity is the non-fulfilment of a requirement. A nonconformity can be classified as either major or minor, depending on the nature and extent of the deviation from the audit criteria. A major nonconformity is a nonconformity that affects the ability or the integrity of the organization’s management system to achieve the intended results. A minor nonconformity is a nonconformity that does not affect the ability or the integrity of the organization’s management system to achieve the intended results, but is a deviation from the audit criteria1.

According to ISO/IEC 17021-1:2015, clause 9.4.9, the organization is required to analyze the cause and describe the specific correction and corrective actions taken, or planned to be taken, to eliminate detected nonconformities, within a defined time. The organization is also required to provide the certification body with records and evidence of the implementation and effectiveness of the correction and corrective actions taken. The certification body will then verify the correction and corrective actions taken by the organization and decide on the certification status2.

Therefore, the two options of when the organization is required to act in response to reported findings are D and F, as they indicate the presence of nonconformities that need to be corrected and prevented from recurring. The other options are not correct, as they do not require the organization to act in response to reported findings:

•A. A recommendation is given in the report: A recommendation is a suggestion for improvement that is not related to a nonconformity. A recommendation is not binding for the organization and does not affect the certification status. The organization may choose to accept or reject the recommendation, but it is not required to act on it.

•B. A finding of good practice is reported: A finding of good practice is a positive observation that indicates a strength or a best practice of the organization’s management system. A finding of good practice is not related to a nonconformity and does not affect the certification status. The organization may choose to acknowledge or share the finding of good practice, but it is not required to act on it.

•C. An opportunity for improvement is raised: An opportunity for improvement is a potential area where the organization’s management system can be enhanced or optimized. An opportunity for improvement is not related to a nonconformity and does not affect the certification status. The organization may choose to pursue or ignore the opportunity for improvement, but it is not required to act on it.

•E. A finding of conformity is reported: A finding of conformity is a confirmation that the organization’s management system fulfils the audit criteria. A finding of conformity is not related to a nonconformity and does not affect the certification status. The organization may choose to celebrate or communicate the finding of conformity, but it is not required to act on it.

The key expected results of a quality management system that conforms to the requirements of ISO 9001:2015 are stated in clause 0.1 of the standard, which says: “The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives. The potential benefits to an organization of implementing a quality management system based on this International Standard are: a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements; b) facilitating opportunities to enhance customer satisfaction; c) addressing risks and opportunities associated with its context and objectives; d) the ability to demonstrate conformity to specified quality management system requirements.” Therefore, the two options that best match these benefits are A and E, as they directly relate to providing products and services that meet customer requirements and enhancing customer satisfaction. The other options are not explicitly mentioned as key expected results, although they may be possible outcomes of implementing a quality management system. References: ISO 9001:2015 - Quality management systems — Requirements, Key Elements of an ISO 9001:2015 Quality Management System, What is ISO 9001 2015 as a Quality Management Systems?

Comprehensive and Detailed In-Depth Explanation:

ISO 9000:2015 defines quality as "the degree to which a set of inherent characteristics of an object fulfills requirements."

Clause 3.6.2 (Quality) confirms this definition.

Quality is determined by how well an object (product, service, or process) meets defined requirements (customer, regulatory, or internal).

The other options do not align with the official ISO definition:

Option A refers to performance capability but does not define quality.

Option C describes work conditions, not quality.

Option D focuses on efficiency rather than fulfilling requirements.

Comprehensive and Detailed Explanation From Exact Extract:

✅ Correct Option D – “I will sign all the purchase orders now.”

This response represents an immediate correction in accordance with ISO 9001:2015 Clause 8.4.3 – Information for external providers, which requires control over procurement documentation. The absence of required authorisation (signature) is a nonconformity in executing the organization’s purchasing procedure.

Clause 8.4.3 specifically mandates that the organization:

“Shall communicate to external providers its requirements for:

a) the processes, products and services to be provided;

b) the approval of:

products and services;

methods, processes, and equipment;

the release of products and services.”

The purchase order process includes documented approval, which in this case was defined internally as a signature by the Purchasing or Production Manager. Signing the documents retroactively, while not ideal, is a correction to bring the documentation back into compliance and resolve the immediate issue.

❌ Why Other Options Are Incorrect:

A. "No correction needed": Dismissing the nonconformity based on product performance fails to address the lack of documented control, violating Clause 8.4.3 and internal procedures.

B. "I will ask the Production Manager to sign them now": This option shows intention but lacks immediacy and ownership. Also, backdating signatures without traceability can be ethically questionable.

C. "I do not accept the nonconformity": This reflects noncompliance and a poor quality culture, contradicting ISO 9001’s Clause 5.1.1 (Leadership commitment).

Comprehensive and Detailed In-Depth Explanation:

Auditors must focus on key processes that impact QMS effectiveness to ensure audit risks are minimized.

Clause References:

ISO 19011:2018, Clause 6.3 – Managing Audit Risk: Auditors should prioritize critical processes to obtain reasonable assurance.

Why is the Correct Answer A?

Some processes are critical (e.g., production quality, customer complaints handling).

If these material processes fail, the QMS could collapse.

Why are the Other Options Incorrect?

B (Needs of internal parties) → Important, but not the primary focus for reducing audit risk.

C (Previous audit results) → Useful for improvement but does not directly reduce current audit risks.

D (Financial risks) → ISO 9001 focuses on quality risks, not financial risks.

According to ISO 19011:2018, clause 6.3.3, the audit plan should be reviewed and revised as necessary to address changes that occur during the audit planning. The audit plan should be agreed upon, preferably in writing, by the audit team leader, the audit client and the auditee1. Therefore, if there is a significant change in the auditee’s situation, such as the cancellation of all orders for the next week, the audit plan should be reviewed and revised accordingly, with the agreement of all parties involved.

According to ISO/IEC 17021-1:2015, clause 9.1.4, the certification body should have a process to ensure that the audit team has the competence to achieve the audit objectives, and that the audit methods are appropriate for the scope and complexity of the audit. The certification body should also have a process to ensure that the audit is conducted under reasonable conditions and within a reasonable time frame2. Therefore, if there is a risk that the audit objectives cannot be achieved, or that the audit methods are not suitable, due to the change in the auditee’s situation, the certification body should be consulted and informed on how to proceed with the audit.

Therefore, the best action to take is B, ask the certification body you work for how to proceed with the audit. This action will ensure that the audit plan is revised and agreed upon by all parties, and that the audit team has the competence and the methods to conduct the audit effectively and efficiently. The other options are not correct, as they may compromise the quality and validity of the audit:

•A. Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week: This action may not be feasible or acceptable, as it may extend the audit duration and cost beyond the agreed terms, and it may not provide sufficient and appropriate audit evidence to verify the conformity and effectiveness of the auditee’s processes. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•C. Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer’s premises they cleaned the week before: This action may not be relevant or reliable, as it may not reflect the current performance and condition of the auditee’s processes. The audit evidence collected from the previous customer may not be valid or representative of the audit criteria, and it may not address the risks and opportunities associated with the auditee’s context and objectives. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•D. Complete the audit but ask the quality manager to clean some windows at the ABC’s office, simulating the process they carry out at customers’ premises: This action may not be objective or impartial, as it may introduce bias and influence in the audit process. The audit evidence collected from the simulated process may not be accurate or authentic, and it may not demonstrate the actual capability and effectiveness of the auditee’s processes. Moreover, this action may not be ethical or professional, as it may compromise the integrity and credibility of the audit and the certification.

According to the ISO - Management system standards page, the key benefits of an effective management system include improved operational effectiveness and efficiency, improved risk management and protection of people and the environment, and enhanced drive for innovation. The Integrated Use of Management System Standards (IUMSS) handbook also states that the purpose and objectives of management system standards are to help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives.

Therefore, the complete sentence is:

“The purpose of a management system standard is to improve the performance of an organisation.”

The table below shows the possible matching of the ISO 9001 Clause 8.3 extract to the audit evidence.

Table

Audit evidence

ISO 9001 Clause 8.3 extract

Half of all new products launched in the past 12 months were late. The NPD Manager explains he has not got enough people on his team to cope with the demand for new products.

“8.3.2 e) … internal … resource needs for the design and development of products …”

The NPD Manager explains many changes are made to cosmetic formulations during product development owing to retailer feedback. Only when confirmed by the retailer is the agreed formulation documented on SWIFT.

“8.3.5 … retain documented information …”

The NPD Manager explains that the customer confirms their approval to proceed with a new formulation by email. These emails are kept on SWIFT.

“8.3.6 … retain documented information …”

The NPD Manager shows you evidence of consumer trials that are carried out for some new products prior to full-scale launch.

“8.3.4 d) … conducted to ensure that the resulting products and services meet the requirements …”

The NPD Manager explains that an approved external laboratory is used to perform shelf-life stability trials on some formulations during product development.

“8.3.2 e) … external … resource needs for the design and development of products …”

Questions no: 16 Verified Answer: = C. 7.4 Communication Comprehensive But Short Explanation: = Clause 7.4 of ISO 9001:2015 requires the organization to determine the internal and external communications relevant to the quality management system, including what will be communicated, when, with whom, and how. The scenario indicates a potential gap in communication with subcontractors regarding the Quality Policy, objectives, and plans to address risks and opportunities, which is a requirement even if the subcontractors have their own ISO 9001 certified systems123. References: = This response is based on the general requirements of ISO 9001:2015 related to communication with external parties, such as subcontractors, as outlined in various resources discussing Clause 7.4123.

Comprehensive and Detailed In-Depth Explanation:

A combined audit is when multiple management systems (e.g., ISO 9001 for Quality, ISO 14001 for Environmental Management, and ISO 45001 for Occupational Health & Safety) are audited together in a single organization.

Clause References:

ISO 19011:2018, Clause 5.4 – Combined Audits:

A combined audit is performed when two or more management systems are assessed simultaneously at the same auditee.

Why is the Correct Answer A?

A combined audit reduces duplication of effort by auditing multiple standards together at a single organization.

Example: A company certified to both ISO 9001 and ISO 14001 can have one audit covering both standards.

Why are the Other Options Incorrect?

B (Two or more auditing organizations cooperating on a single auditee) → This is a joint audit, not a combined audit.

C (Two or more management systems audited at multiple auditees) → This is a multiple-site audit, not a combined audit.

According to the guidance on conducting the audit closing meeting1, the audit team leader should provide a summary of the audit findings and conclusions, invite discussions, and agree on timelines for any corrective actions. The audit team leader should also be respectful, constructive, and objective when presenting the nonconformities, and avoid any personal or emotional comments. The audit team leader should also consider the impact of the disruptive event (such as the Covid-19 pandemic) on the auditee’s context, interested parties, and risks2, and acknowledge any good practices or improvements observed during the audit. Therefore, option D is the best option, as it follows the best practices for the closing meeting and allows the auditee to understand the nonconformities and their implications, and to participate in the analysis and resolution of the issues. Option A is not correct, as it is not respectful, constructive, or objective, and it does not invite any discussion or feedback from the auditee. It also assumes that the audit team leader has the authority to recommend the removal of the supplier from the approved list, which may not be the case. Option B is not correct, as it does not provide enough information or explanation to the auditee, and it does not allow any discussion or feedback from the auditee. It also does not follow the best practices for the closing meeting, such as providing a summary of the audit, acknowledging any good practices, and agreeing on timelines for corrective actions. Option C is not correct, as it does not involve the other managers who are responsible for the functions or processes that were audited, and who may have valuable input or information to share. It also does not follow the best practices for the closing meeting, such as providing a summary of the audit, inviting discussions, and agreeing on timelines for corrective actions. References: 1: Conducting the Audit Closing Meeting: Sharing the Results2: Auditing ISO 9001:2015 in the Context of a Disruptive Event.

According to clause 8.3 of ISO 9001:2015, the organization should establish, implement, and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services. The design and development process should include the following activities:

•Determining the requirements for the products and services to be designed and developed, considering the intended use, the statutory and regulatory requirements, the customer and other relevant interested parties’ needs and expectations, and the potential risks and opportunities.

•Defining the design and development objectives, stages, responsibilities, and authorities, and ensuring the availability of adequate resources and competence.

•Implementing design and development controls, such as reviews, verification, and validation, to ensure that the design and development outputs meet the design and development inputs, and to identify and resolve any problems or errors.

•Maintaining documented information on the design and development inputs, outputs, reviews, verification, validation, and changes, and ensuring the traceability and conformity of the products and services to the requirements.

•Managing the design and development changes, by identifying, reviewing, and controlling them, and evaluating their effects on the products and services and the QMS.

In this case, the evidence statements that provide a meaningful audit trail for the design and development process are B, E, and F, because they relate to the design and development controls, the documented information, and the verification activities that are required by the standard. These options can help the auditor to assess the effectiveness and conformity of the design and development process, and to identify any nonconformities or opportunities for improvement. The other options are not directly related to clause 8.3, although they may be relevant for other aspects of the QMS, such as clause 7.2 on competence, clause 7.3 on awareness, clause 7.4 on communication, clause 8.2 on requirements for products and services, clause 8.4 on externally provided processes, products, and services, and clause 8.7 on control of nonconforming outputs. References: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Design and Development, ISO 9001 Clause 8.3 Design and development of products and services

Non-Conformity Report:

ISO 9001 Clause Number

Nature of Problem

ISO 9001 Requirement That Has Not Been Fulfilled

6.1.1

Several risks and opportunities have not been determined.

"The organization shall consider the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed."

6.1.2 (a)

Actions to address risks and opportunities not planned.

"The organization shall plan actions to address risks and opportunities."

Step-by-Step Reasoning:

Clause 6.1.1 - Determining Risks and Opportunities:

Requirement: The organization must determine risks and opportunities that are relevant to its Quality Management System (QMS). This ensures that the QMS achieves intended results and prevents undesired effects.

Problem Identified: While some risks and opportunities were discussed, the organization did not perform a systematic evaluation of all risks (e.g., health and safety legislation changes, retiring trainers).

Clause 6.1.2 (a) - Planning Actions for Risks and Opportunities:

Requirement: The organization must plan actions to address identified risks and opportunities. These actions should be integrated into the QMS processes to ensure continuous improvement.

Problem Identified: The Quality Systems Manager confirmed that no plans were made to address the risks and opportunities because the Managing Director deemed it unnecessary. This violates the requirement to plan actions.

Correct Options Selected:

Clause 6.1.1 with the nature of the problem as: "Several risks and opportunities have not been determined."

Clause 6.1.2 (a) with the nature of the problem as: "Actions to address risks and opportunities not planned."

ISO 9001 Requirements Not Fulfilled:

For 6.1.1:"The organization shall consider the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed."

For 6.1.2 (a):"The organization shall plan actions to address risks and opportunities."

Based on the scenario provided, there is evidence of nonconformity with the requirements defined in:

C. Clause 7.5.1 Documented information - General: The scenario indicates that there is no formal process for informing users about updates to the SWIFT database, which suggests a lack of control over documented information. This could lead to users being unaware of important changes and not using the latest version of the software, which is required by the quality management system1.

E. Clause 7.5.3 Control of documented information: The Operations Director’s approach to updating the SWIFT database and the lack of communication to users about these updates indicate that the documented information is not adequately controlled. Allowing users to revert to earlier versions of the software at their discretion further suggests that the organization does not have a proper mechanism in place to ensure the integrity and suitability of documented information2.

These clauses are part of the ISO 9001:2015 standard, which requires organizations to have a systematic approach to controlling and managing documented information as part of their quality management system. The scenario described shows a casual approach to managing critical software updates, which could affect the organization’s ability to consistently meet customer and regulatory requirements.

The purpose of conducting a document review is to determine the conformity of the system, as far as documented, with audit criteria and to gather information to support the audit activities. A document review is a systematic and objective examination of the documented information that is relevant to the audit objectives and scope. It can help the auditor to verify if the documented information is complete, accurate, consistent, and up-to-date. It can also help the auditor to identify any gaps, errors, or nonconformities in the documented information that may affect the audit findings or conclusions.

The other options are not correct because they do not reflect the true purpose of a document review. Option A describes the purpose of an audit report, which is to communicate the audit results and recommendations to the management and other interested parties. Option B describes the purpose of an audit plan, which is to define the scope, objectives, criteria, methods, resources, and schedule of an audit. Option C describes the purpose of an audit evidence report, which is to provide evidence of nonconformities or opportunities for improvement identified during an audit. Option D describes the purpose of an audit decision report, which is to justify or explain why certain decisions were made during an audit.

I hope this answer helps you understand why option F is correct and why options A-C-D are incorrect. If you want to learn more about ISO 9001 Lead Auditor exam questions and answers, you can check out some of these resources:

ISO 9001 Lead Auditor Sample Exam Questions and Answers: This article provides some sample questions and answers for each section of the ISO 9001 Lead Auditor exam.

ISO 9001 (QMS) Lead Auditor Quiz Questions and Answers: This article provides some quiz questions and answers on various topics related to ISO 9001 QMS.

ISO 9001 Lead Auditor - Exam Practice Tests: This course offers practice tests with explanations for each question.

Irca Lead Auditor Exam Questions And Answers Pdf: This document contains some exam questions and answers in PDF format.

Comprehensive and Detailed In-Depth Explanation:

Stage 1 Audit (ISO 9001:2015, Clause 9.2.2) is a documentation review to assess the readiness for a Stage 2 Audit. The auditor must document:

Observations that could lead to nonconformities, ensuring they are addressed before Stage 2.

Areas needing improvement, such as missing documented information or unclear process definitions.

While understanding the auditee’s main processes is important, documenting interviews is not a requirement at Stage 1.

According to ISO 9001:2015, clause 8.4, an organization is required to control the processes, products and services provided by external providers, including those that affect the quality of the organization’s own products and services. This includes determining the controls to be applied to the external provision of processes, products and services, as well as the information to be communicated to the external providers. The organization is also required to monitor, measure, and evaluate the performance of the external providers and retain documented information of these activities.

Therefore, in the scenario given, ABC Ltd is responsible for controlling the processes, products and services provided by Teak Ltd, as they affect the quality of ABC Ltd’s own products and services. This means that ABC Ltd should have established criteria and methods for evaluating the performance of Teak Ltd, as well as documented information of the results of such evaluation. ABC Ltd should also have defined the supply arrangements with Teak Ltd, including the specifications, requirements, and verification activities related to the products and services provided by Teak Ltd.

Hence, the best options to describe how to plan the audit of the interrelationship with Teak Ltd during the Stage 2 audit at ABC Ltd are A and D, as they are aligned with the requirements of ISO 9001:2015, clause 8.4. The other options are either irrelevant or beyond the scope of the audit, as they do not pertain to the control of external provision by ABC Ltd.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.3 (Roles and Responsibilities of Guides and Observers):

The auditee assigns a guide to assist the audit team.

The guide provides logistical support, helps with navigation, and arranges access to necessary personnel and records.

The audit team leader does not assign the guide, but they may request one.

Comprehensive and Detailed In-Depth Explanation:

Policies and guidelines are considered documentary evidence because they are written records that demonstrate how an organization complies with ISO 9001 requirements.

Clause References:

ISO 19011:2018, Clause 6.4.6 – Audit Evidence:

Documentary evidence includes manuals, procedures, and policies.

Why is the Correct Answer C?

Documentary evidence includes written records such as policies, procedures, and documented instructions that support QMS implementation.

Auditors review policies to verify conformance with ISO 9001.

Why are the Other Options Incorrect?

A (Confirmative evidence) → Not a recognized category in ISO auditing.

B (Technical evidence) → Technical evidence refers to measurements, test results, or product data, not policies.

The ISO 9001 Lead Auditor exam requires the auditor to have a thorough understanding of the ISO 9001:2015 standard and its requirements, as well as the organization’s context, processes, risks, opportunities, and performance. Therefore, the auditor needs to ask for additional information that can help them verify these aspects during the audit planning stage. Some of the information that can be useful are:

A description of responsibilities and authorities of the key roles of XYZ: This can help the auditor to identify who is accountable for what in the organization and how they communicate with each other.

The number of personnel involved in activities related to the quality management system: This can help the auditor to assess if there are enough resources and competencies to support the QMS implementation and operation.

Information to understand XYZ’s operations: This can help the auditor to understand how XYZ produces or delivers its products or services and what are its main processes and inputs.

The results of XYZ’s last internal audit: This can help the auditor to evaluate if XYZ has implemented corrective actions based on previous audit findings and if it has maintained its QMS effectiveness.

The results of the last two management reviews: This can help the auditor to determine if XYZ has monitored its QMS performance against its objectives and if it has identified any significant changes or opportunities for improvement.

The quality manual (B) is not a required document for ISO 9001 certification, but it may be useful for internal reference or training purposes. It is not necessary for audit planning.

According to ISO 9001:2015, clause 4.3, the organization is required to determine the scope of its quality management system (QMS) by considering the external and internal issues referred to in clause 4.1. Clause 4.1 requires the organization to determine the external and internal issues that are relevant to its purpose and strategic direction, and that affect its ability to achieve the intended results of its QMS. These issues can include positive and negative factors or conditions for consideration, such as legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local. The organization is also required to monitor and review these issues.

Therefore, the correct answer is C, as external issues of the organization’s context are one of the factors that must be considered when determining the scope of the QMS. The other options are either not directly related to the scope of the QMS, or are not explicitly mentioned in clause 4.3.

According to clause 10.2.1.b of ISO 9001:2015, the organization should evaluate the need for action to eliminate the causes of nonconformities, in order to prevent their recurrence. This means that the organization should identify and address the root causes and contributing factors of the nonconformities, and implement appropriate corrective actions that are effective and proportional to the impact of the nonconformities. In this case, the evidence statement that supports the finding of nonconformance is C, because it shows that the organization did not take effective actions to prevent the recurrence of the spelling errors in the print run, which resulted in repeated customer rejections and dissatisfaction. The other options are not directly related to clause 10.2.1.b, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option A may relate to clause 7.2 on competence, option B may relate to clause 8.6 on release of products and services, and option D may relate to clause 7.1 on resources. References: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Nonconformity and Corrective Action], ISO 9001 Clause 10. Improvement - ISO-templates.com

Comprehensive and Detailed In-Depth Explanation:

Auditors must report findings truthfully and accurately to ensure an unbiased assessment of the QMS.

Clause References:

ISO 19011:2018, Clause 4 – Principles of Auditing:

Fair Presentation → Requires auditors to report truthfully and accurately, without bias or omission.

Integrity → Ensures auditors adhere to ethical conduct.

Why is the Correct Answer A?

The audit team reported findings truthfully, based on collected evidence.

Fair presentation ensures that both positive and negative findings are included in the audit report.

Objective evidence was gathered through interviews, document reviews, and observations.

Why are the Other Options Incorrect?

B (Integrity) → Related to ethics and professional conduct, but not specifically about presenting findings.

C (Confidentiality) → Important, but does not apply to the principle of reporting findings accurately.

D (Objectivity) → Ensures impartiality, but "fair presentation" directly addresses accurate reporting of findings.

Comprehensive and Detailed In-Depth Explanation:

One of the seven quality management principles in ISO 9001:2015 is Improvement, which emphasizes continual enhancement of processes, products, and services.

Clause 10.3 (Continual Improvement) states that organizations must continuously assess risks, consequences, and impacts to improve their QMS.

Risk-based thinking (Clause 0.3.3) supports improvement by identifying and mitigating risks before they affect performance.

Clause 6.1 (Actions to Address Risks and Opportunities) requires organizations to take a proactive approach, ensuring long-term success.

Other options do not fully align with the question:

Process approach (A) focuses on managing interrelated activities.

Leadership (B) ensures commitment but does not directly address risk assessment.

Relationship management (D) deals with interested parties, not risk mitigation.

Reduced incoming inspection → A. Quality

Improved communication with suppliers → B. Procurement

Purchased materials received on time → C. Logistics

Reduced variability within processes → D. Production

According to ISO 9001:2015, Clause 8.4 - Control of externally provided processes, products and services, organisations are required to ensure that externally provided products and services conform to specified requirements. When an organisation sources from ISO 9001 certified suppliers, there is greater assurance of consistency in quality, delivery, and communication. This enhances internal operations across various functions:

Reduced incoming inspection (Quality): ISO 9001 certified suppliers have robust quality controls (Clause 8.4.2), reducing the need for repeated inspections upon receipt. This aligns with Quality’s responsibility for incoming inspection and verification.

Improved communication with suppliers (Procurement): Clause 8.4.3 emphasizes the communication of detailed requirements to external providers. Procurement plays a key role in ensuring these requirements are understood and met.

Purchased materials received on time (Logistics): Timely deliveries are often a result of structured supplier evaluation and selection (Clause 8.4.1). Logistics benefits through fewer delays and better scheduling of internal processes.

Reduced variability within processes (Production): Consistency of supplied materials supports stable and predictable production processes, which is a key aspect of Clause 8.5 – Production and service provision.

Comprehensive and Detailed In-Depth Explanation:

Audit evidence includes information collected through different methods to assess compliance with ISO 9001:2015 requirements.

Clause References:

ISO 19011:2018, Clause 6.4.6 – Audit Evidence: Audit evidence must be objective, verifiable, and based on facts.

ISO 9001:2015, Clause 9.1.1 – Monitoring, Measurement, Analysis, and Evaluation: Requires organizations to collect and analyze data from multiple sources to verify effectiveness.

Types of Audit Evidence Collected in Scenario 3:

Verbal Evidence – Employee interviews regarding training and awareness sessions.

Documentary Evidence – Organizational charts, job descriptions, training records.

Physical Evidence – Workplace observations to assess working conditions.

Why is the Correct Answer B?

The audit team used a combination of verbal (interviews), documentary (records), and physical (site observations) evidence.

This triangulation approach enhances audit reliability and ensures compliance verification.

Why are the Other Options Incorrect?

A (Confirmative evidence) → Not a formal audit term in ISO 9001 or ISO 19011.

C (Analytical evidence) → Incorrect, as analysis was not a primary method used.

D (Qualitative evidence only) → Incorrect because the audit involved both qualitative (interviews) and quantitative (documents, physical) evidence.

According to the ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities1, an improvement opportunity is a suggestion made by the auditor for the auditee to consider that, if implemented, may enhance the performance of the QMS. Improvement opportunities are not mandatory, but they should be based on objective evidence and aligned with the audit criteria and objectives. Improvement opportunities should also be realistic, feasible, and beneficial for the auditee. In this case, the evidence statements that represent acceptable improvement opportunities in the report are A, C, and E, because they address the potential causes and effects of the spelling errors in the print run, and propose possible actions that may improve the quality of the products and services, and the effectiveness of the QMS. These options are consistent with the requirements and principles of ISO 9001, such as clause 6.1 on actions to address risks and opportunities, clause 8.1 on operational planning and control, clause 8.5.1 on control of production and service provision, and clause 10.2 on nonconformity and corrective action. The other options are not appropriate improvement opportunities, because they are either irrelevant, unrealistic, or unhelpful for the auditee. For example, option B may contradict the audit objective and scope, option D may imply a lack of auditor competence or impartiality, option F may not address the root cause of the problem, option G may not be applicable or effective, and option H may not be feasible or justified. References: ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities, ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Audit Evidence

According to ISO 9001:2015, clause 7.2, an auditor shall have the competence to:

Understand the requirements of ISO 9001 and how they relate to the audit

Understand the organization’s quality management system and its processes

Understand the applicable legal, regulatory, contractual and other requirements that affect the audit

Understand the needs and expectations of interested parties other than customers

Plan and conduct audits in accordance with ISO 19011

Evaluate audit evidence and draw appropriate conclusions

Communicate audit findings effectively1

Therefore, knowledge of ISO 9001 requirements and ISO 19011 audit principles are essential for every member of an audit team auditing an ISO 9001 quality management system.

In a third-party certification audit, auditors are responsible for maintaining confidentiality as part of their professional duties. Here’s how they can demonstrate it:

A. Adhere to the CQI Professional Code of Conduct: The CQI (Chartered Quality Institute) Code of Conduct outlines ethical principles, including confidentiality. Auditors must adhere to professional standards, ensuring sensitive information is protected and not disclosed improperly.

B. Confirm the confidentiality arrangements with the auditee regarding the use of mobile devices/cameras: Before using mobile devices or cameras, auditors must seek explicit permission from the auditee and agree on confidentiality terms, preventing unauthorized recording or sharing of sensitive information.

Options C, D, and E involve breaching confidentiality and are not acceptable practices in an ISO 9001:2015 certification audit. Sharing sensitive information, removing evidence without consent, or discussing it with unauthorized parties violates audit principles and the standard's confidentiality requirements​.