ISO-9001-Lead-Auditor QMS ISO 9001:2015 Lead Auditor Exam Questions and Answers

Comprehensive and Detailed In-Depth Explanation:

Stage 1 Audit (ISO 9001:2015, Clause 9.2.2) is a documentation review to assess the readiness for a Stage 2 Audit. The auditor must document:

Observations that could lead to nonconformities, ensuring they are addressed before Stage 2.

Areas needing improvement, such as missing documented information or unclear process definitions.

While understanding the auditee’s main processes is important, documenting interviews is not a requirement at Stage 1.

Comprehensive and Detailed In-Depth Explanation:

Audit evidence includes information collected through different methods to assess compliance with ISO 9001:2015 requirements.

Clause References:

ISO 19011:2018, Clause 6.4.6 – Audit Evidence: Audit evidence must be objective, verifiable, and based on facts.

ISO 9001:2015, Clause 9.1.1 – Monitoring, Measurement, Analysis, and Evaluation: Requires organizations to collect and analyze data from multiple sources to verify effectiveness.

Types of Audit Evidence Collected in Scenario 3:

Verbal Evidence – Employee interviews regarding training and awareness sessions.

Documentary Evidence – Organizational charts, job descriptions, training records.

Physical Evidence – Workplace observations to assess working conditions.

Why is the Correct Answer B?

The audit team used a combination of verbal (interviews), documentary (records), and physical (site observations) evidence.

This triangulation approach enhances audit reliability and ensures compliance verification.

Why are the Other Options Incorrect?

A (Confirmative evidence) → Not a formal audit term in ISO 9001 or ISO 19011.

C (Analytical evidence) → Incorrect, as analysis was not a primary method used.

D (Qualitative evidence only) → Incorrect because the audit involved both qualitative (interviews) and quantitative (documents, physical) evidence.

Identifying the source of information

Sampling available data

Gathering audit evidence

Verifying objective evidence

Evaluating evidence against the audit criteria

Making audit conclusions

Evaluating against the audit criteria

According to ISO 19011:2018, clause 6.4, the process of collecting and verifying information during an audit involves the following steps1:

Identifying the source of information: The audit team should identify the sources of information that are relevant to the audit objectives, scope and criteria. These sources may include documents, records, personnel, processes, activities, facilities, equipment, etc. The audit team should also determine the methods and tools for accessing and collecting the information, such as interviews, observations, document review, sampling, etc.

Sampling available data: The audit team should select a representative sample of the available data to verify the conformity and effectiveness of the management system. The sample size and selection method should be based on the audit objectives, scope and criteria, as well as the level of confidence and risk. The audit team should also consider the validity, reliability, relevance and sufficiency of the data.

Gathering audit evidence: The audit team should use the methods and tools identified in the previous step to collect audit evidence, which is the records, statements of fact or other information that are relevant to the audit criteria and verifiable. The audit team should record the audit evidence in a clear, concise and objective manner, using notes, checklists, photographs, audio or video recordings, etc.

Verifying objective evidence: The audit team should verify the accuracy, completeness and authenticity of the audit evidence collected. This may involve cross-checking different sources of information, confirming the identity and authority of the persons providing the information, examining the original documents or records, etc. The audit team should also identify any discrepancies, inconsistencies or gaps in the audit evidence.

Evaluating evidence against the audit criteria: The audit team should compare the audit evidence with the audit criteria to determine the extent of conformity and nonconformity. The audit team should also identify any opportunities for improvement, best practices, positive aspects or potential risks. The audit team should use professional judgement and apply the principles of auditing when evaluating the audit evidence.

Making audit conclusions: The audit team should consolidate the audit findings and evaluate the overall performance and effectiveness of the management system. The audit team should also consider the audit objectives, scope and criteria, as well as the context and expectations of the auditee and other interested parties. The audit team should provide a clear, concise and objective statement of the audit conclusions, which may include the degree of conformity, the achievement of the intended outcomes, the need for corrective actions, the suitability for certification, etc.

Evaluating against the audit criteria: The audit team should review the audit conclusions and ensure that they are consistent with the audit criteria and supported by sufficient and appropriate audit evidence. The audit team should also ensure that the audit conclusions are communicated to the auditee and other relevant parties in a timely and effective manner, using the agreed audit report format and distribution method.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.3 (Roles and Responsibilities of Guides and Observers):

The auditee assigns a guide to assist the audit team.

The guide provides logistical support, helps with navigation, and arranges access to necessary personnel and records.

The audit team leader does not assign the guide, but they may request one.

Comprehensive and Detailed In-Depth Explanation:

ISO 19011:2018, Clause 5.1 (Impartiality) states that:

Internal auditors must be independent of the processes they audit to ensure objectivity.

Auditing one’s own department introduces bias and is not permitted.

Thus, Sean must not allow the auditor to audit their own department.

According to the ISO 9001:2015 standard, clause 8.4.1 requires organizations to ensure that externally provided processes, products and services conform to requirements. Controls must be applied to externally provided processes, products and services when:

The products and services are intended for incorporation into the organization’s own products and services.

They are provided directly to customers by the external provider on behalf of the organization.

A process, or part of a process, is provided by an external provider as a result of a decision by the organization.

In this scenario, the auditee has chosen a supplier to manufacture their own brand products based on their design drawings, supplier questionnaire and trial batches. This means that the supplier is providing a process (manufacturing) as a result of a decision by the organization (the auditee). Therefore, clause 8.4.1 applies to this situation.

ISO 9001:2015 makes it clear that an organisation remains responsible for conformity to requirements even when processes are outsourced. Certification audits must therefore evaluate not only the organisation’s internal activities, but also the control and effectiveness of externally provided processes.

ISO 9001:2015, Clause 8.4.1 requires that the organisation ensure externally provided processes, products and services conform to requirements. The organisation must determine controls to be applied to those outsourced processes.

ISO 9001:2015, Clause 4.4.1 further requires the organisation to determine processes needed for the quality management system and their application throughout the organisation, including outsourced processes.

For a third-party certification audit, sufficient objective evidence must be obtained to demonstrate that:

Outsourced processes are effectively controlled

The organisation’s quality management system achieves its intended results

Why option C is the best decision:

Proceeding with the audit in Bolivia and including all ABC personnel and all outsourced processes ensures that the certification audit:

Covers the full scope of the QMS, including outsourced production, maintenance, procurement, and HR activities

Allows direct evaluation of how ABC controls and manages its external providers in the location where those processes are actually performed

Provides sufficient objective evidence to support a valid certification decision

Reviewing only internal audits or auditing only planning activities would not provide adequate assurance of conformity for a high-risk, core operational activity such as lithium extraction.

Why the other options are not acceptable:

A: Auditing only the Planning function would exclude core operational and support processes that are within the scope of the QMS.

B: Reviewing internal audit results alone is insufficient for a third-party certification audit and does not replace direct assessment of outsourced processes.

D: ISO 9001 explicitly allows outsourcing of processes; the organisation remains responsible for control, not prohibited from outsourcing.

ISO-aligned conclusion:

In a third-party ISO 9001 certification audit, outsourced processes that are within scope must be audited, either directly or through appropriate controls. In this scenario, auditing the outsourced processes in Bolivia is necessary to ensure a complete, credible, and compliant certification audit.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015 (Conformity Assessment – Requirements for Certification Bodies), Clause 9.3.1.2, the Stage 1 Audit typically consumes around 30% of the total audit time.

This time is allocated to:

Reviewing documented information.

Assessing the readiness for Stage 2.

Identifying potential nonconformities.

A 20% allocation (Answer A) is too low, and 40% (Answer C) is excessive, as the majority of the audit should be spent on Stage 2 (on-site verification).

Comprehensive and Detailed In-Depth Explanation:

An audit’s feasibility must be assessed using multiple factors, not just resource availability.

Clause References:

ISO 19011:2018, Clause 5.3 – Establishing the Audit Program: Requires consideration of logistical, technical, and cooperation factors when assessing audit feasibility.

ISO/IEC 17021-1:2015, Clause 9.1.3 – Determining Feasibility of the Audit: Requires evaluating more than just resources to ensure a successful audit.

Why is the Correct Answer B?

Audit feasibility should consider:

Availability of information (documents, records).

Cooperation from the auditee.

Operational conditions that might affect the audit.

Scope and complexity of the QMS being audited.

Resource availability alone is not enough to determine feasibility.

Why are the Other Options Incorrect?

A (Top management determines feasibility) → Incorrect because feasibility is determined by the certification body, not the auditee.

C (Resources alone are sufficient) → Incorrect because other key factors must be evaluated.

D (Final authority lies with the audit leader) → Incorrect because ISO requires multiple factors to be considered, not just an auditor’s decision.

Clause 8.2.4 of ISO 9001:2015 – Changes to Requirements for Products and Services:ISO 9001:2015 Clause 8.2.4 states that when changes to requirements for products or services are made, they must be communicated and agreed upon with relevant interested parties (in this case, the Health Trust). The lack of communication and agreement for substituting the cleaning chemical represents a clear violation of this clause.

Analysis of the Corrective Action Proposed:The organization proposed "obtaining a concession from the Health Trust for the use of the new chemical." This action is reactive and assumes approval from the Health Trust without addressing the systemic issue: the lack of a defined change control process for managing contract changes.

Option Analysis:

A. The substitute chemical has not been used before in the Health Trust:Incorrect. While this may be a concern, it is not directly relevant to the root cause of the nonconformity, which is the absence of a process to handle contract changes.

B. The action assumes that the Health Trust will agree to the change:Incorrect. Although this is true, it is not the primary issue. The nonconformity lies in the lack of a structured approach to obtain agreement, not whether the Health Trust agrees.

C. Staff have not been trained in the use of the new chemical:Incorrect. This is a separate issue related to staff competence (Clause 7.2), but it is not the main reason why the corrective action is unacceptable under Clause 8.2.4.

D. The process for making changes to the contract has not been addressed:Correct. The fundamental issue is the organization's failure to follow or establish a change control process for amending contracts, including gaining formal agreement from the Health Trust. The proposed corrective action does not ensure that such issues will be systematically prevented in the future.

E. The substitute chemical may not be as effective as the original:Incorrect. The effectiveness of the substitute chemical is secondary to the primary issue, which is the lack of a change management process.

ISO 9001 References Supporting the Correct Answer:

Clause 8.2.4: Requires that changes to product/service requirements be reviewed, communicated, and agreed upon with the customer.

Clause 10.2 (Nonconformity and Corrective Action): Requires the organization to address the root cause of the nonconformity and take actions to ensure it does not recur. In this case, the root cause is the absence of a change control process.

Why D is the Best Answer:The core issue is that the organization did not have a formalized process for managing and agreeing upon changes to contract requirements. Addressing this process gap is essential to prevent recurrence of similar nonconformities. Merely seeking a concession from the Health Trust is a one-off solution that does not address the systemic issue.

According to the ISO 9001:2015 standard, clause 10.2 requires organizations to review nonconformities, including any arising from customer complaints, and to take appropriate actions to determine the cause, implement corrections and preventive actions, and verify their effectiveness. The organization must also monitor the effectiveness of the actions taken and make changes if necessary.

In this scenario, the auditee is facing a legal dispute with a customer over damage to an expensive cashmere coat. This is a nonconformity that arises from customer complaint and has a significant impact on customer satisfaction and reputation. Therefore, clause 10.2 applies to this situation.

The best option for how this should be handled by the Quality Management System is B.

B means that the organization should report the situation to the customer with suggested remedial action. This option follows the principle of transparency and accountability, as well as respecting the customer’s rights and expectations. The organization should also investigate the root cause of the damage and prevent it from happening again in other shops or products.

The other options are not appropriate because:

A means that the organization should settle the court case by negotiation with the customer. This option may not be feasible or satisfactory for both parties, especially if there is a large amount of compensation involved or if there are legal implications for other customers.

C means that the organization should make an offer to replace the coat with a new one. This option may not be sufficient or acceptable for both parties, especially if there is evidence of negligence or poor quality on behalf of the organization.

D means that the organization should give an explanation to the customer of what went wrong. This option may not be enough or convincing for both parties, especially if there is no evidence of negligence or poor quality on behalf of the organization.

Comprehensive and Detailed In-Depth Explanation:

Reliability in service quality refers to the consistent and dependable delivery of promised services.

ISO 9001:2015 emphasizes reliability through:

Clause 8.2.1 (Customer Communication) – Ensuring clarity in service commitments.

Clause 8.5.1 (Control of Service Provision) – Ensuring processes meet requirements consistently.

Other options do not fully define reliability:

Option A (Safe services) relates to safety, not reliability.

Option B (Readiness and goodwill) relates to responsiveness, not reliability.

Option D (Low cost) focuses on pricing, not quality.

According to the definition in ISO 9000, a nonconformity is “non-fulfillment of a requirement”. There are three parts to a well-documented nonconformity: the audit evidence to support auditor findings; a record of the requirement against which the nonconformity is detected; and the statement of nonconformity1. In this case, the audit evidence is the dispatch records that show the same batch number of the product being delivered by two different trucks at different times. The requirement is the procedure P-02 Rev.3 that says that trucks should carry a complete batch. The statement of nonconformity is that the batch 33555 was delivered split in two different trucks (011 and 025), which does not conform to the procedure. Therefore, option C best describes the identified nonconformity, as it includes all three parts of a well-documented nonconformity. Option A is not correct, as it does not state the audit evidence or the requirement. Option B is not correct, as it does not specify the audit evidence or the statement of nonconformity. Option D is not correct, as it does not match the audit evidence or the requirement. References: 1: ISO 9001 Auditing Practices Group Guidance on Nonconformity - Documenting.

ISO 9001:2015 requires organisations to take corrective action to eliminate the cause of a nonconformity in order to prevent recurrence, not merely to contain or correct individual instances.

Relevant ISO 9001 requirements

Clause 10.2.1 – Nonconformity and corrective actionThe organisation shall react to the nonconformity, evaluate the need for action to eliminate the cause(s), and implement actions to prevent recurrence.

Clause 8.5.1 – Control of production and service provisionProduction shall be carried out under controlled conditions, including suitable infrastructure and environmental conditions.

Explanation of the correct corrective actions:

D. Redesign the factory layout to better handle finished products

This addresses a systemic cause of the problem by improving how finished products are handled after ejection, reducing the likelihood of products falling to the floor. This is a true corrective action aligned with Clause 10.2.

E. Set up a system of regular inspection of the floor condition

The dirty and wet floor is a contributing cause to product rejection. Establishing regular inspection and maintenance of floor conditions addresses the environmental conditions for production, as required by Clause 8.5.1, and helps prevent recurrence.

G. Install guides at the point of ejection to better direct products into the baskets

This directly eliminates the root cause of products missing the collection baskets by improving equipment control. It is an effective corrective action that prevents the nonconformity from happening again.

Explanation of why the other options are not corrective actions:

A: Recording nonconformities is detection, not prevention.

B: Placing a worker is a temporary containment action, not elimination of the root cause.

C: Asking customers to accept dirty products is unacceptable and contrary to ISO 9001.

F: Awareness alone does not remove the cause of the problem.

H: Cleaning products before release is correction, not corrective action, and does not prevent recurrence.

ISO-aligned conclusion:

Corrective actions must remove the root causes of nonconformities. In this scenario, improving product handling design, controlling environmental conditions, and modifying equipment to ensure correct ejection are the only actions that effectively prevent the recurrence of rejected products. Therefore, the correct answers are D, E and G.

A screenshot of a computer AI-generated content may be incorrect.

Clause 8.5.3 – Property Belonging to Customers or External Providers:This clause requires the organization to care for customer property while it is under their control. If there is damage, they must inform the customer and retain documented information. Thus, informing customers of the reason for laundry damage relates directly to this clause.???? Reference: ISO 9001:2015 Clause 8.5.3

Clause 7.1.3 b – Infrastructure:It refers to the provision and maintenance of infrastructure necessary for the operation of processes. This includes equipment. If resources are not allocated for outdated equipment, it directly breaches this clause.???? Reference: ISO 9001:2015 Clause 7.1.3 b

Clause 10.2.1 b – Corrective Action:This clause covers actions to eliminate the causes of nonconformities to prevent recurrence, including evaluating and correcting customer complaints.???? Reference: ISO 9001:2015 Clause 10.2.1 b

Clause 5.1.2 b – Customer Focus (Top Management):Top management must ensure risks to customer satisfaction, including property damage, are addressed. This aligns with addressing the risk of damaging customer laundry.???? Reference: ISO 9001:2015 Clause 5.1.2 b

Clause 6.2 – Quality Objectives and Planning to Achieve Them:Setting objectives for reducing customer complaints (like those about laundry damage) falls under this clause.???? Reference: ISO 9001:2015 Clause 6.2

In a third-party certification audit, auditors are responsible for maintaining confidentiality as part of their professional duties. Here’s how they can demonstrate it:

A. Adhere to the CQI Professional Code of Conduct: The CQI (Chartered Quality Institute) Code of Conduct outlines ethical principles, including confidentiality. Auditors must adhere to professional standards, ensuring sensitive information is protected and not disclosed improperly.

B. Confirm the confidentiality arrangements with the auditee regarding the use of mobile devices/cameras: Before using mobile devices or cameras, auditors must seek explicit permission from the auditee and agree on confidentiality terms, preventing unauthorized recording or sharing of sensitive information.

Options C, D, and E involve breaching confidentiality and are not acceptable practices in an ISO 9001:2015 certification audit. Sharing sensitive information, removing evidence without consent, or discussing it with unauthorized parties violates audit principles and the standard's confidentiality requirements​.

According to ISO 9001:2015, clause 6.2.1, the organization is required to establish quality objectives at relevant functions, levels, and processes for the quality management system (QMS). The quality objectives must be consistent with the quality policy, measurable, monitored, communicated, and updated as appropriate. The organization is also required to maintain documented information on the quality objectives, as per clause 7.5.1.

Therefore, in the scenario given, the quality objectives defined by the external consultant are not in alignment with the organization’s quality policy, as they are based on those of a competitor, rather than the organization’s own purpose, strategic direction, and customer requirements. This creates a mismatch between the organization’s vision and goals, and the quality objectives that are supposed to guide and measure the QMS performance. Moreover, the quality objectives are not maintained as documented information, which makes it difficult to communicate, monitor, and update them, as well as to demonstrate evidence of their implementation and achievement.

Hence, the circumstances in which a nonconformity against clause 6.2 of ISO 9001 could be raised are B and C, as they indicate a failure to comply with the requirements of clause 6.2.1. The other options are either irrelevant or not directly related to clause 6.2, as they do not pertain to the establishment and documentation of quality objectives.

Comprehensive and Detailed In-Depth Explanation:

Once a Stage 2 certification audit has commenced, certain logistical or planning-related elements may still be adjusted, while others are fixed by prior agreement and cannot be changed.

✅ C. Audit Plan:

The audit plan is a document that outlines the scope, objectives, criteria, and logistics of the audit. According to ISO/IEC 17021-1:2015 (the standard for bodies providing audit and certification of management systems), clause 9.2.3.3 allows for modification of the audit plan based on real-time conditions during the audit — such as availability of auditees or changes in process access.

✅ F. Increase of Audit Duration:

Audit duration is generally determined during audit planning based on factors like employee count, risk, complexity, etc. However, if during Stage 2 it is found that more time is needed (e.g., due to additional processes, scope not fully covered, or significant findings), auditors are permitted to extend the audit. This ensures full coverage of all required areas as per ISO/IEC 17021-1 clause 9.1.4 and IAF MD 5.

❌ A. Agreed Language of the Audit:

This is determined and agreed upon in the contract and audit planning stages. Changing it during Stage 2 would create communication and documentation issues, especially in multi-site or multi-national audits.

❌ B. Audit Scope:

The audit scope is defined in the contract and certification agreement based on clause 4.3 of ISO 9001:2015. Changing it mid-audit would invalidate planning, required competencies, and potentially even the certification basis.

❌ D. Agreed Standard for the Audit Criteria:

Changing the standard (e.g., from ISO 9001 to ISO 13485) is fundamentally altering the purpose and contractual basis of the audit and is not permissible once Stage 2 has started.

❌ E. Audit Checklist:

The checklist is a tool prepared by the auditor as part of audit preparation and is based on the audit plan and standard requirements. While it may be adapted during the audit (e.g., if new risks arise), it does not constitute a formal change like duration or scope.

Relevant References:

ISO/IEC 17021-1:2015 Clause 9.2.3.3 (Audit Plan Modification)

IAF MD 5:2019 (Duration of QMS Audits)

ISO 9001:2015 Clause 4.3 (Scope of the QMS)

ISO/IEC 17021-1:2015 Clause 9.1.4 (Audit Duration)

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015, Clause 6.2 (Quality Objectives and Planning to Achieve Them) states that an organization must establish measurable and relevant quality objectives to improve QMS effectiveness.

Bell's strategy for handling customer complaints aligns with this requirement because it includes specific, measurable goals (biweekly customer surveys) to enhance customer satisfaction and service quality.

Other options are not directly related to defining quality objectives:

Option B (Implementing a QMS) refers to the overall system, not specific objectives.

Option C (Creating a QMS team) is an implementation step, not an objective.

Option D (Assigning responsibilities) is necessary for QMS but does not define objectives.

ISO 9001:2015 requires audits to be conducted in an objective and impartial manner. Although ISO 9001 does not list specific threats to impartiality, it explicitly refers to ISO 19011 for guidance on auditing principles, including impartiality.

ISO 9001:2015, Clause 9.2.2 (NOTE) states that guidance on auditing is given in ISO 19011 .

According to ISO 19011:2018, one of the fundamental auditing principles is impartiality, defined as the basis for the objectivity of audit conclusions. ISO 19011 identifies several threats to impartiality, including self-interest and familiarity.

Explanation of the correct options:

C. Self-interest

ISO 19011 identifies self-interest as a primary threat to impartiality. This occurs when an auditor has a personal, financial, or professional interest in the outcome of the audit, which could influence audit judgement or conclusions.

Examples include financial gain, career advantage, or personal benefit linked to the audit outcome.

E. Your spouse is working in the organisation being audited

This represents a familiarity or relationship threat. ISO 19011 highlights that close personal relationships with the auditee can compromise, or be perceived to compromise, auditor impartiality. Even if the auditor remains objective, the relationship creates a clear conflict of interest.

Explanation of why the other options are not selected:

A. Competence: Competence supports effective auditing and is not a threat to impartiality.

B. Lack of Experience: This affects audit effectiveness, not impartiality.

D. Consulting: Consulting can create a conflict of interest in certain contexts, but on its own it is not necessarily an impartiality threat unless it involves consulting for the same organisation or system being audited, which is not stated here.

F. Expert knowledge of the process: Technical expertise improves audit effectiveness and does not threaten impartiality.

Summary aligned to ISO guidance:

The most likely threats to auditor impartiality are those involving personal interest or close relationships with the auditee. Therefore, self-interest and a spouse working in the audited organisation are the correct answers under ISO 9001–aligned auditing guidance.

According to ISO 9001:2015, clause 9.2.2.e, the organization is required to retain documented information as evidence of the implementation of the audit programme and the audit results. This includes the records of the nonconformities identified during the internal audits and the corrective actions taken to address them. The organization is also required to verify the effectiveness of the corrective actions, as per clause 10.2.2.

Therefore, in the scenario given, the Quality Manager’s decision to automatically close any nonconformance over 3 years old without obtaining any confirmation from the relevant departments or verifying the effectiveness of the corrective actions is a clear violation of the requirements of clause 9.2.2.e. This indicates a lack of control and follow-up of the internal audit process, as well as a potential risk of recurrence or occurrence of the nonconformities in other areas. This also undermines the credibility and value of the internal audit programme, as well as the risk-based approach claimed by the Quality Manager.

Hence, the best course of action to take is D, to raise a nonconformance report against clause 9.2.2.e of ISO 9001, and to communicate the audit findings to the relevant management. The other options are either insufficient or irrelevant to address the issue, as they do not directly relate to the noncompliance with clause 9.2.2.e.

The table below shows the possible matching of the ISO 9001 Clause 8 extract to the audit evidence.

Table

Audit evidence

ISO 9001 Clause 8 extract

Four of the 10 pallets of stock sampled in the warehouse were not labelled.

“8.5.2 … shall use suitable means to identify outputs …”

A damaged pallet of stock seen in the quarantine area was leaking liquid onto the floor.

“8.7.1 … shall ensure that outputs that do not conform to their requirements are identified and controlled …”

One of the fork-lift truck drivers had no fork-lift truck driving licence.

“8.5.1 e … shall include, as applicable … the appointment of competent persons …”

There was no pest control provision in the warehouse.

“8.5.4 … shall preserve the outputs during production and service provision …”

Two pallets of temperature-sensitive stock items were being stored at ambient as the chilled storage facility was full.

“8.1 … shall plan, implement and control the processes …”

Related Activity

Correct Quality Management Principle

Communicate client needs and expectations throughout the organisation.

Customer focus

Encourage an organisation-wide commitment to quality.

Leadership

Empower staff to determine constraints to performance and to take the initiative without fear.

Engagement of people

Establish authority, responsibility, and accountability for managing processes.

Process approach

Continuously educate and train people at all levels on how to apply basic tools and methodologies to achieve objectives.

Improvement

Determine, measure, and monitor key indicators to demonstrate the organisation’s performance.

Evidence-based decision making

Determine relevant interested parties (such as providers, partners, customers, investors, employees, or society as a whole) and their connection with the organisation.

Relationship management

1. Customer focus

ISO 9001 states that organizations must understand and consistently meet customer needs and expectations.

➡ Communicating client needs throughout the organization ensures alignment and customer satisfaction.

Establishing the audit programme objectives

Determining and evaluating the audit programme risks and opportunities

Establishing the audit programme

Initiating the audit

Preparing all audit activity

Conducting the audit activities

To complete the sequence, you can drag and drop the options to the appropriate blank section.

Here is a brief explanation of each stage:

Establishing the audit programme objectives: This is the first stage of the audit process, where the purpose, scope, and criteria of the audit programme are defined. The audit programme objectives should be aligned with the strategic direction and policies of the organization, and should address the needs and expectations of the interested parties12.

Determining and evaluating the audit programme risks and opportunities: This is the second stage of the audit process, where the factors that can affect the achievement of the audit programme objectives are identified and assessed. The audit programme risks and opportunities should consider the internal and external issues, the requirements and changes of the interested parties, and the results and feedback from previous audits12.

Establishing the audit programme: This is the third stage of the audit process, where the audit programme is designed and implemented. The audit programme should include the audit programme procedures, the audit programme resources, the audit methods and techniques, the audit frequency and schedule, and the audit programme performance indicators12.

Initiating the audit: This is the fourth stage of the audit process, where the audit is prepared and planned. The audit initiation involves selecting the audit team, establishing the contact with the auditee, defining the audit objectives, scope, and criteria, developing the audit plan, and conducting the document review123.

Preparing all audit activity: This is the fifth stage of the audit process, where the audit activities are organized and coordinated. The audit preparation involves assigning the audit tasks, communicating with the auditee and the audit team, arranging the logistics, preparing the working documents, and conducting the opening meeting123.

Conducting the audit activities: This is the sixth and final stage of the audit process, where the audit evidence is collected and evaluated. The audit conduct involves performing the audit activities, such as interviews, observations, document reviews, and tests, documenting the audit findings, preparing the audit conclusions, and conducting the closing meeting123.

I hope this helps you with your ISO 9001 Lead Auditor objectives and content. If you have any further questions, please feel free to ask. ????

According to ISO 19011:2018, clause 6.3.2, an audit plan should include the following information:

The audit objectives, scope, and criteria

The audit team members and their roles and responsibilities

The audit schedule, including the sequence and timings of audit activities, such as opening meeting, document review, interviews, observations, closing meeting, etc.

The expected time and duration of each audit activity and location

The name and contact details of the auditee’s representative and other relevant parties

The allocation of appropriate resources to support the audit activities

The audit methods and techniques to be used, such as interviews, observations, sampling, etc.

The audit documents and records to be prepared and retained

The audit language and communication methods

The audit risks and opportunities and how to address them

The audit follow-up arrangements, if applicable

Therefore, the correct answer is D and F, as they are essential elements of an audit plan. The other options are either irrelevant or optional for an audit plan. References:

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.2

ISO 19011: Guidelines for Auditing Management Systems | ASQ, section “Making audit arrangements”

ISO 19011 Management Systems Audit Checklist | Process Street, task 6.3.2

The tasks that are expected to be completed at the audit team meeting of a third-party audit team leader and his audit team in preparation for a Closing meeting for a four-day initial certification audit are:

•Option C: Final audit team meeting to agree findings and categories including clarification of any uncertainties. This option is correct because the audit team meeting is an opportunity for the audit team leader and the audit team members to review and consolidate the audit findings, to ensure that they are clear, accurate, objective, and supported by sufficient audit evidence. The audit team should also agree on the categories of the findings, such as nonconformity, observation, or opportunity for improvement, and resolve any uncertainties or disagreements among the audit team members.

•Option D: Agree the roles of each audit team member for the closing meeting. This option is correct because the audit team meeting is an opportunity for the audit team leader to assign the roles and responsibilities of each audit team member for the closing meeting, such as presenting the audit findings, answering questions, or taking notes. The audit team leader should also ensure that the audit team members are prepared and confident to perform their roles and to communicate effectively with the auditee.

•Option E: Audit team review any points raised by the auditee nominated representative. This option is correct because the audit team meeting is an opportunity for the audit team to review any points raised by the auditee nominated representative during the audit, such as requests for clarification, feedback, or complaints. The audit team should consider the validity and relevance of the points raised and decide how to address them in the closing meeting or in the audit report.

•Option F: Audit team agree final audit outcome recommendation. This option is correct because the audit team meeting is an opportunity for the audit team to agree on the final audit outcome recommendation, based on the audit findings and the audit criteria. The audit team should also consider the implications and consequences of the audit outcome recommendation for the auditee and the certification body, and ensure that the recommendation is consistent and justified.

•Option H: Audit team complete final version of their individual findings. This option is correct because the audit team meeting is an opportunity for the audit team to complete the final version of their individual findings, based on the agreement and feedback from the audit team meeting. The audit team should ensure that their individual findings are written in a clear, concise, and factual manner, and that they include the audit criteria, the audit evidence, and the audit conclusion. The audit team should also submit their individual findings to the audit team leader for review and approval.

•Option I: Re-audit corrective actions taken to correct findings found during the audit. This option is correct because the audit team meeting is an opportunity for the audit team to re-audit the corrective actions taken by the auditee to correct the findings found during the audit, if applicable and feasible. The audit team should verify the effectiveness and adequacy of the corrective actions and update the audit findings accordingly. The audit team should also document the results of the re-audit and communicate them to the auditee.

The following options are not correct:

•Option A: Audit team leader informs the individual(s) managing the audit programme that the closing meeting is ready to be held. This option is not correct because this task is not part of the audit team meeting, but part of the communication between the audit team leader and the individual(s) managing the audit programme. The audit team leader should inform the individual(s) managing the audit programme that the closing meeting is ready to be held after the audit team meeting, when the audit team has completed all the tasks and is ready to present the audit results to the auditee.

•Option B: Hold daily audit team meeting to review any timetable issues and potential findings and their impact on the audit for other team members. This option is not correct because this task is not part of the final audit team meeting, but part of the daily audit team meetings that are held during the audit. The daily audit team meetings are opportunities for the audit team to review the progress and performance of the audit, to identify and resolve any issues or problems, and to coordinate and adjust the audit plan and activities as needed.

•Option G: Audit team leader completes final report, including individual findings and certification recommendation. This option is not correct because this task is not part of the audit team meeting, but part of the audit reporting process. The audit team leader should complete the final report, including the individual findings and the certification recommendation, after the closing meeting, when the audit team has received and considered the feedback and comments from the auditee. The audit team leader should also ensure that the final report is reviewed and approved by the appropriate authorities before issuing it to the auditee and the certification body.

•Option J: Write the audit finding report out when detected and obtain signature of the auditee. This option is not correct because this task is not part of the audit team meeting, but part of the audit evidence collection and documentation process. The audit team should write the audit finding report out when detected and obtain the signature of the auditee during the audit, when the audit team has observed and verified the audit evidence and has communicated the audit finding to the auditee. The signature of the auditee does not indicate acceptance or agreement with the audit finding, but only acknowledgement of receipt.

The auditor could raise the following nonconformities to ISO 9001 based on the scenario:

•Option A: 10.3 - The organisation did not continuously improve. Reject rates were unchanged. This option is correct because ISO 9001:2015 clause 10.3 requires the organization to improve the suitability, adequacy and effectiveness of the quality management system. The organization did not demonstrate any improvement in reducing the reject rate of the finished product, which was a stated objective of top management. The corrective action taken by the organization was not effective in addressing the root cause of the problem and preventing its recurrence.

•Option B: 7.1.4 - The factory environment is not suitably maintained to prevent dirty products. This option is correct because ISO 9001:2015 clause 7.1.4 requires the organization to determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services. The organization did not ensure that the factory floor was clean and dry, which affected the quality of the products and increased the risk of nonconformity.

•Option C: 7.1.1 - The organization failed to provide the required resources to prevent nonconforming products. This option is correct because ISO 9001:2015 clause 7.1.1 requires the organization to determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system. The organization did not provide adequate collection baskets for the products ejecting from the moulding machines, which resulted in products falling onto the factory floor and becoming nonconforming.

The following options are not correct:

•Option D: 9.2.2 - Report IA202 contained a poorly worded nonconformity (NC 3). This option is not correct because ISO 9001:2015 clause 9.2.2 does not specify the requirements for the wording of nonconformities in internal audit reports. The nonconformity (NC 3) stated by the internal auditor was clear and relevant to the audit criteria and audit evidence. The issue is not with the report, but with the corrective action taken by the organization.

•Option E: 8.6 - Dirty products were released to the customer. This option is not correct because ISO 9001:2015 clause 8.6 requires the organization to implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met. The scenario does not indicate that the dirty products were released to the customer, but that they were recalled and repaired then returned to the customers. The issue is not with the release, but with the production process and the environment.

•Option F: 7.3 - Staff were not aware that products were falling onto the factory floor. This option is not correct because ISO 9001:2015 clause 7.3 requires the organization to ensure that the persons doing work under its control are aware of the quality policy, relevant quality objectives, their contribution to the effectiveness of the quality management system, and the implications of not conforming with the quality management system requirements. The scenario does not indicate that the staff were not aware of these aspects, but that the management did not provide adequate resources and environment for the staff to perform their work. The issue is not with the awareness, but with the management responsibility and resource provision.

•Option G: 10.2.1 - Conduct of an investigation was not sufficient to understand the cause of the nonconformity. This option is not correct because ISO 9001:2015 clause 10.2.1 requires the organization to react to the nonconformity and, as applicable, take action to control and correct it and deal with the consequences. The scenario indicates that the Quality Manager conducted an investigation into the reject rates and identified the cause of the nonconformity. The issue is not with the investigation, but with the corrective action taken by the management.

•Option H: 8.5.1 - Production operations were not properly controlled to avoid reject products. This option is not correct because ISO 9001:2015 clause 8.5.1 requires the organization to implement production and service provision under controlled conditions. The scenario indicates that the production operations were controlled by the moulding machines, which ejected the products into the collection baskets. The issue is not with the production operations, but with the size of the collection baskets and the condition of the factory floor.

Comprehensive and Detailed In-Depth Explanation:

Clause References:

ISO 19011:2018 (Guidelines for Auditing Management Systems), Clause 5.3 – Establishing the Audit Objectives

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning

Why is the Correct Answer C?

Audit objectives must be clearly defined in the audit offer to ensure that the scope, criteria, and purpose are agreed upon in advance.

ISO/IEC 17021-1:2015 (which governs certification bodies) requires that audit objectives be established before the audit begins to ensure transparency and effectiveness.

Sending audit objectives after an agreement has been reached could lead to misalignment between the auditee’s expectations and the audit’s purpose.

Why are the Other Options Incorrect?

A (Audit objectives should be known only after agreement) → Incorrect because objectives must be pre-defined in the audit offer.

B (Only the auditee should know the objectives) → Incorrect because both the auditor and auditee must align on objectives.

D (Approval from the lead auditor is sufficient) → Incorrect because audit planning follows formal procedures defined by ISO/IEC 17021-1.

According to the ISO 9001:2015 standard, clause 10.2.1 defines nonconformity as the non-fulfilment of a requirement. A requirement can be related to the quality management system, the products and services, the customer expectations, or the applicable statutory and regulatory requirements. Nonconformities can be detected through various sources, such as audits, inspections, tests, customer complaints, or internal reviews. Nonconformities must be addressed by taking appropriate actions to correct them and prevent their recurrence.

In this scenario, the auditee has shown several issues that indicate nonconformities in their quality management system. Two statements that apply to the term nonconformity are:

A. No quality objectives planned for the top management team: According to ISO 9001, clause 6.2.1, the organization must establish quality objectives at relevant functions, levels, and processes. The quality objectives must be consistent with the quality policy and the strategic direction of the organization. The top management team is responsible for providing leadership and direction for the quality management system and ensuring its alignment with the organization’s purpose and context. Therefore, the absence of quality objectives for the top management team is a nonconformity as it violates the requirement of clause 6.2.1.

E. Quality improvements not aligning with the quality policy: According to ISO 9001, clause 5.2.1, the quality policy is a statement of the organization’s intentions and direction regarding quality, as formally expressed by top management. The quality policy must provide a framework for setting quality objectives and be compatible with the context and strategic direction of the organization. The quality policy must also be communicated, understood, and applied within the organization. Therefore, if the quality improvements are not aligned with the quality policy, it is a nonconformity as it violates the requirement of clause 5.2.1.

As the audit team leader, it is crucial to manage differing opinions constructively and ensure that the correct clause is selected for the nonconformity based on solid evidence. Here’s how the situation should be handled:

E. Invite you and the second auditor to fully explain your point of view and then decide which clause to select: This promotes collaboration and transparency, allowing both auditors to present their rationale for choosing the specific clause.

F. Review the evidence with you and the second auditor, and then decide which clause of ISO 9001 would best apply: Reviewing the evidence in relation to the specific requirements of ISO 9001 is essential for determining which clause is most appropriate.

H. Try to obtain a consensus between you and the second auditor after a discussion of the different opinions: Consensus-building is a crucial skill for an audit team leader. Achieving agreement ensures the nonconformity is addressed accurately and with full team support.

Options such as overruling immediately (D) or deferring the decision without full discussion (B) could undermine team dynamics and the audit process. Consulting the quality manager (A) or selecting an entirely different clause (G) is unnecessary, as the team should resolve the issue internally​​.

The following table shows the possible matching of the records to the requirements of clause 8.4:

Table

Requirements

Records

Define product requirements

Product specification

Criteria for selection

List of requirements to be met by the external provider

Evaluation of potential external provider

External provider questionnaire

External provider selection

Approved external provider list

Communicate requirements

Purchase order

Monitoring of performance

External provider delivery times and quality issues

Comprehensive and Detailed Explanation: = According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements. To do so, the organization should:

Define the product requirements that are relevant for the external provision, such as specifications, drawings, standards, codes, etc. These should be documented and communicated to the external provider. A record of the product specification can be used as evidence of this requirement.

Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently. A record of the list of requirements to be met by the external provider can be used as evidence of this requirement.

Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed. A record of the external provider questionnaire can be used as evidence of this requirement.

Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved. A record of the approved external provider list can be used as evidence of this requirement.

Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely. A record of the purchase order can be used as evidence of this requirement.

Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed. A record of the external provider delivery times and quality issues can be used as evidence of this requirement.

According to the ISO 9001:2015 standard, clause 8.7 requires that an organization identify and control any nonconforming outputs that do not conform to the requirements of the customer or other relevant requirements. Nonconforming outputs are any outputs from the process, product or service that do not meet the specified quality criteria. Nonconforming outputs must be dealt with in one or more of the following ways:

Correction of the nonconformity

Segregation, containment, return or suspension of provision of products and services

Informing the customer

Authorisation for acceptance under concession

The organization must also retain documented information on the description of the nonconformity, the actions taken, any concessions obtained, and the identification of the authority deciding the action to resolve the nonconformity.

In this scenario, you have interviewed a line supervisor who is responsible for managing a manual picking line where operators are removing contaminant materials from incoming products. The supervisor has explained that these plastic items are rejected at this stage because they do not meet their processing standards and they can damage their machinery and compromise their quality standards. The supervisor has also mentioned that some of these rejected items are melted down in another process later on and some are disposed of as waste products that cannot be recycled.

Based on this information, you can investigate further by taking two actions:

A. Check the process for handling nonconforming items: You can verify whether there is a documented procedure for identifying, segregating, containing, returning or suspending provision of nonconforming items at this stage. You can also check whether there is a system for informing customers about any nonconforming items that may affect their satisfaction or expectations.

D. Determine what happens to the waste products: You can verify whether there is a documented procedure for disposing of waste products that cannot be recycled as per environmental regulations and customer requirements.

These two actions would help you to determine whether there are any nonconforming outputs at this stage and how they are controlled by the organization.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 5.2 (Audit Program Management):

The audit committee is responsible for establishing the internal audit program.

The audit schedule (A) is determined within the program, but it is not the main role of the committee.

Thus, C is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.9 (Audit Conclusions):

Audit conclusions must be based on verified evidence.

The evidence must be evaluated both quantitatively and qualitatively to ensure accuracy.

Observations alone (A) are insufficient; conclusions must be supported by objective evidence.

Thus, B is the correct answer.

Audit Evidence and Applicable ISO 9001:2015 Clause 8.3 Extracts

Half of all new products launched in the past 12 months were late. The Product Development Manager explains he has not got enough people on his team to cope with the demand for new products.→ ISO 9001 Clause 8.3.2 e) – “…internal resource needs for the design and development of products and services…”

The Product Development Manager explains many changes are made to cosmetic formulations during product development owing to retailer feedback. Only when confirmed by the retailer is the agreed formulation documented on SWIFT.→ ISO 9001 Clause 8.3.5 – “…retain documented information on design and development changes…”

The Product Development Manager explains that the customer confirms their approval to proceed with a new formulation by email. These emails are kept on SWIFT.→ ISO 9001 Clause 8.3.6 – “…retain documented information on design and development outputs…”

The Product Development Manager shows you evidence of consumer trials that are carried out for some new products before a full-scale launch.→ ISO 9001 Clause 8.3.4 d) – “…conducted to ensure that the resulting products and services meet the requirements…”

The Product Development Manager explains that an approved external laboratory is used to perform shelf-life stability trials on some formulations during product development.→ ISO 9001 Clause 8.3.2 e) – “…external resource needs for the design and development of products and services…”

ISO 9001:2015 Clause 8.3 (Design and development of products and services) requires organisations to plan, control, review, verify, validate, and document design and development activities to ensure products meet requirements.

Explanation of clause alignment:

Clause 8.3.2 e) requires the organisation to determine both internal and external resource needs. Lack of personnel causing late launches directly evidences internal resource shortfalls, while the use of an external laboratory demonstrates control of external resources.

Clause 8.3.5 requires organisations to control design and development changes and retain documented information describing those changes, which is demonstrated by controlled updates in SWIFT following retailer confirmation.

Clause 8.3.6 requires retention of documented information on design and development outputs, including customer approvals, which are evidenced by stored emails in SWIFT.

Clause 8.3.4 d) requires design and development activities such as verification and validation, ensuring outputs meet requirements. Consumer trials prior to launch clearly meet this requirement.

ISO-aligned conclusion:

The evidence provided demonstrates structured control of product design and development, including planning, resourcing, change management, validation, and retention of documented information, all mapped directly to ISO 9001:2015 Clause 8.3 requirements.

Top management is responsible for establishing, implementing, and maintaining the quality policy. The quality policy provides a framework for setting quality objectives and must be compatible with the context of the organization and support its strategic direction. It should also provide a commitment to satisfy applicable requirements and to continuous improvement.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 emphasizes risk-based thinking, which helps organizations identify factors that could prevent achieving planned results and take preventive action. Clause 6.1 (Actions to Address Risks and Opportunities) requires organizations to determine risks and opportunities and implement actions to mitigate potential negative impacts.

In the scenario, AL-TAX identified potential risks and implemented preventive actions, aligning with risk-based thinking. ISO 9001:2015 integrates risk management throughout the standard, ensuring processes are designed to minimize uncertainties.

Comprehensive and Detailed In-Depth Explanation:

ISO 9000:2015 defines quality as "the degree to which a set of inherent characteristics of an object fulfills requirements."

Clause 3.6.2 (Quality) confirms this definition.

Quality is determined by how well an object (product, service, or process) meets defined requirements (customer, regulatory, or internal).

The other options do not align with the official ISO definition:

Option A refers to performance capability but does not define quality.

Option C describes work conditions, not quality.

Option D focuses on efficiency rather than fulfilling requirements.

In the context of ISO 9001:2015 audits, it is the audit team leader who holds the responsibility for assigning work to the audit team. According to ISO 19011:2018 (Guidelines for auditing management systems, which complements ISO 9001:2015), the audit team leader is responsible for the organization and direction of the audit, including assigning specific roles and responsibilities to audit team members. This includes preparation of the audit plan, leading the audit, and ensuring that each team member understands their tasks.

Sequence:

Stage 1 Audit

Stage 2 Opening Meeting

Interviews

Stage 2 Closing Meeting

Close-out of Stage 2 Audit Findings

Issue Certificate

Surveillance Audit

Follow-up Audit

To complete the sequence, you can drag and drop the options to the appropriate blank section.

Here is a brief explanation of each step:

Stage 1 Audit: This is the initial audit that aims to assess the readiness of the organization for the stage 2 audit. It involves reviewing the documentation of the quality management system, evaluating the scope and objectives of the audit, and identifying any major gaps or nonconformities34.

Stage 2 Opening Meeting: This is the meeting that marks the start of the stage 2 audit. It involves confirming the audit plan, the audit criteria, the audit scope, and the audit team. It also provides an opportunity for the auditee to ask any questions or raise any concerns34.

Interviews: This is the main activity of the stage 2 audit, where the audit team collects evidence by interviewing the personnel involved in the quality management system, observing the processes and activities, and examining the records and documents. The audit team uses various techniques, such as sampling, measurement, analysis, and evaluation, to verify the conformity and effectiveness of the quality management system345.

Stage 2 Closing Meeting: This is the meeting that marks the end of the stage 2 audit. It involves presenting the audit findings, the audit conclusions, and the audit report to the auditee. It also provides an opportunity for the auditee to provide feedback, ask questions, or dispute any findings34.

Close-out of Stage 2 Audit Findings: This is the process of verifying that the auditee has taken appropriate corrective actions to address any nonconformities or opportunities for improvement identified during the stage 2 audit. The audit team may request evidence or conduct a follow-up visit to confirm the effectiveness of the corrective actions34.

Issue Certificate: This is the process of issuing a certificate of conformity to the auditee, if the audit team is satisfied that the quality management system meets the requirements of the standard and that there are no major nonconformities or unresolved issues. The certificate is valid for a specified period, usually three years, and is subject to periodic surveillance audits34.

Surveillance Audit: This is the process of conducting periodic audits, usually once a year, to monitor the continued conformity and effectiveness of the quality management system. It involves reviewing the changes, improvements, and performance of the quality management system, and identifying any new nonconformities or opportunities for improvement34.

Follow-up Audit: This is the process of conducting an additional audit, usually in response to a significant change, a complaint, or a major nonconformity, to verify the impact and the corrective actions taken by the auditee. It may result in the suspension, withdrawal, or renewal of the certificate, depending on the outcome of the audit34.

 A → 8.4.3.a

 B → 7.2.b

 C → 10.2.2

 D → 10.2.1

 E → 6.2

Comprehensive and Detailed Explanation From Exact Extract:

✅ A. There is no specification for incoming materials → 8.4.3.a

Clause 8.4.3(a) relates to the control of externally provided processes, products, and services, specifically the requirement to communicate appropriate specifications and requirements to suppliers:

“The organization shall ensure the adequacy of requirements prior to their communication to the external provider.”

Failure to specify requirements for incoming materials (e.g., what is acceptable waste plastic) risks compromising product quality.

✅ B. The picking operators have been trained → 7.2.b

Clause 7.2(b) relates to Competence and mandates:

“Ensure that these persons are competent on the basis of appropriate education, training, or experience.”

Training is a critical part of establishing and maintaining operator competence in quality-affecting tasks.

✅ C. The picked reject materials are not documented → 10.2.2

This clause focuses on the retention of documented information regarding nonconformities and actions taken:

“The organization shall retain documented information as evidence of: the nature of the nonconformities and any subsequent actions taken…”

If rejects are not recorded, traceability and root cause analysis for quality failures are weakened.

✅ D. The rejected materials are segregated → 10.2.1

Clause 10.2.1 relates to nonconformity and corrective action, including containment activities such as:

“Deal with nonconforming outputs in one or more of the following ways: correction; segregation, containment…”

Segregation ensures nonconforming material doesn’t contaminate acceptable output.

✅ E. Management has set an objective for the level of rejects → 6.2

Clause 6.2 is about quality objectives. It requires organizations to:

“Establish quality objectives at relevant functions... The quality objectives shall be measurable…”

Setting a measurable reject-level target aligns with improving process control and reducing waste.

According to the ISO 19011:2018 document, the audit plan should provide the basis for agreement regarding the conduct and scheduling of the audit activities. The amount of detail provided in the audit plan should reflect the scope and complexity of the audit, as well as the risk of not achieving the audit objectives1. The scope of the audit refers to the extent and boundaries of the audit, such as the audit criteria, the audit objectives, the organizational and functional units, and the processes to be audited1. The complexity of the audit refers to the degree of difficulty or intricacy of the audit, such as the number and diversity of the auditees, the audit criteria, the audit methods, and the audit team composition2. The risk of not achieving the audit objectives refers to the possibility that the audit may fail to provide reliable and sufficient audit evidence to support the audit conclusions and report1.

Therefore, the complete sentence is:

In the context of a third-party audit, the amount of detail provided in the audit plan should reflect the scope and complexity of the audit, as well as the risk of not achieving the audit objectives.

Comprehensive and Detailed In-Depth Explanation:

ISO 19011:2018 requires auditors to conduct audits professionally and diligently.

Clause References:

ISO 19011:2018, Clause 4.4 – Professional Care: Auditors must exercise due diligence in conducting audits.

ISO 9001:2015, Clause 9.2 – Internal Audit: Requires objective and systematic audits to evaluate QMS effectiveness.

Why is the Correct Answer A?

The audit team followed best practices by gathering verifiable audit evidence through interviews, document reviews, and observations.

They ensured fair presentation of findings in the final audit report.

They complied with ISO 9001 and ISO 19011 guidelines for audit procedures.

Why are the Other Options Incorrect?

B (Ordinary negligence) → No evidence of negligence; the team followed structured audit processes.

C (Gross negligence) → No indication that the auditors ignored important responsibilities.

D (Willful misconduct) → The auditors acted professionally and did not intentionally disregard rules.

Comprehensive and Detailed Explanation From Exact Extract:

✅ Correct Option D – “I will sign all the purchase orders now.”

This response represents an immediate correction in accordance with ISO 9001:2015 Clause 8.4.3 – Information for external providers, which requires control over procurement documentation. The absence of required authorisation (signature) is a nonconformity in executing the organization’s purchasing procedure.

Clause 8.4.3 specifically mandates that the organization:

“Shall communicate to external providers its requirements for:

a) the processes, products and services to be provided;

b) the approval of:

products and services;

methods, processes, and equipment;

the release of products and services.”

The purchase order process includes documented approval, which in this case was defined internally as a signature by the Purchasing or Production Manager. Signing the documents retroactively, while not ideal, is a correction to bring the documentation back into compliance and resolve the immediate issue.

❌ Why Other Options Are Incorrect:

A. "No correction needed": Dismissing the nonconformity based on product performance fails to address the lack of documented control, violating Clause 8.4.3 and internal procedures.

B. "I will ask the Production Manager to sign them now": This option shows intention but lacks immediacy and ownership. Also, backdating signatures without traceability can be ethically questionable.

C. "I do not accept the nonconformity": This reflects noncompliance and a poor quality culture, contradicting ISO 9001’s Clause 5.1.1 (Leadership commitment).

Actions and Applicable ISO 9001:2015 Clauses

We identified risks and opportunities.→ Clause 6.1 (Actions to address risks and opportunities)

We found suitable suppliers.→ Clause 8.4 (Control of externally provided processes, products and services)

We determined the need to keep updated with new IT technologies.→ Clause 4.1 (Understanding the organization and its context)

We put together a plan for the change to IT provision outsourcing.→ Clause 6.3 (Planning of changes)

We monitored the performance of the new suppliers.→ Clause 8.4.2 (Type and extent of control of external providers)

We monitored our productivity targets to understand why they were being missed.→ Clause 9.1.1 (Monitoring, measurement, analysis and evaluation – General)

We communicated the plan internally.→ Clause 7.4 (Communication)

We looked at the data at the management review and decided we needed to do something different.→ Clause 9.3.2 (Management review inputs)

ISO 9001:2015 requires organizations to manage change in a planned, risk-based, and controlled manner, particularly when changes affect product realization and customer satisfaction.

Clause 6.1 requires organizations to identify risks and opportunities arising from changes, such as outsourcing software development.

Clause 4.1 supports understanding internal and external issues, including rapid changes in IT technology that affect strategic direction.

Clause 6.3 requires changes to the QMS (such as outsourcing a core activity) to be planned, considering purpose, consequences, resources, and responsibilities.

Clause 8.4 and 8.4.2 ensure that when processes are outsourced, the organization selects suitable providers and monitors their performance to ensure conformity.

Clause 7.4 requires effective internal communication so that personnel understand changes and their roles.

Clause 9.1.1 requires monitoring and measurement of performance indicators (such as productivity targets) to understand performance issues.

Clause 9.3.2 requires top management to review performance data and determine actions when the QMS is no longer achieving intended results.

ISO-aligned conclusion:

The auditee’s actions demonstrate a systematic and compliant approach to managing change, covering context analysis, risk-based thinking, planning, control of outsourced processes, performance monitoring, communication, and management review, all in line with ISO 9001:2015 requirements.

According to ISO 19011:2018, clause 6.3.2, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the following information1:

•the audit objectives, scope and criteria

•the audit team members and their roles and responsibilities

•the audit schedule, including the date, time and location of each audit activity

•the expected time and duration of meetings and interviews

•the allocation of appropriate resources to critical areas of the audit

•the identification of the audit client and the auditee

•the identification of the guides and observers, if any

•the documents and records to be reviewed before and during the audit

•the audit methods and tools to be used

•the audit language and terminology

•the audit report content, format, distribution and expected completion date

•the risk to achieving audit objectives and the contingency plan, if any

Therefore, the issue which is not expected to be included in the audit plan is C, expectations of the organisation’s management. This issue is not relevant to the conduct of the audit, as the audit is based on the audit criteria, not on the management’s expectations. The management’s expectations may be considered during the audit initiation or the audit programme management, but they are not part of the audit plan.

Comprehensive and Detailed In-Depth Explanation:

One of the common misconceptions about ISO 9001 is that it only applies to manufacturing companies producing tangible goods. However, ISO 9001:2015 is designed for all types of organizations, including service providers such as financial, healthcare, and IT companies.

Clause 1 (Scope) clearly states that ISO 9001 is applicable to any organization, regardless of type, size, or the products and services it provides. AL-TAX, being a financial services company, is equally eligible for implementing a QMS under ISO 9001.

Comprehensive and Detailed Explanation From Exact Extract:

Clause 9.1.1 – Monitoring, measurement, analysis and evaluation (General) requires the organization to:

“Determine what needs to be monitored and measured, the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results, and when results shall be analyzed and evaluated.”

The goal is to ensure valid, reliable, and consistent measurement of process and product performance. Here's how each correct option supports compliance:

✅ B. Analysis of the results of sensory tests

This directly aligns with the requirement for analysis and evaluation of monitoring results. Clause 9.1.3 also supports the use of such data for evaluating product conformity and process effectiveness.

✅ G. Sensory testing results are recorded

This supports documented evidence of monitoring results, as required under 9.1.1(e), to verify that quality checks (such as flavor and aroma assessments) are being done consistently.

✅ H. The Hedonic Method is used to monitor the quality of the product

Use of a standardized measurement method like the Hedonic Scale aligns with 9.1.1(b), which requires defined methods to ensure valid and reproducible results.

Why the Other Options Are Incorrect or Less Relevant:

A. University degrees → Related to competence (Clause 7.2), not monitoring and measurement (Clause 9.1.1).

C. Independent expert review → Not part of regular monitoring unless it’s built into the process.

D. Respiratory testing → Irrelevant to product quality monitoring.

E. Outsourcing → Would shift responsibility but doesn’t demonstrate internal conformance.

F. Safe disposal → Pertains to Clause 8.5.4 (Preservation), not Clause 9.1.1.

Approve Certification Body: Accreditation Body

Award certification: Certification Body

Recommend certification: Audit Team Leader

Maintain certification:

Comprehensive Detailed Explanation

In the context of a third-party ISO 9001 audit, different entities play specific roles in the certification process. Here's a detailed explanation of the responsibilities:

Approve Certification Body: Accreditation BodyThe Accreditation Body is responsible for approving Certification Bodies. Accreditation Bodies are independent entities that evaluate the competence of Certification Bodies, ensuring they meet international standards like ISO/IEC 17021, which sets out the criteria for bodies providing audit and certification of management systems. In this role, they confirm that the Certification Body is capable of conducting ISO 9001 audits and granting certifications in accordance with international guidelines.

Award Certification: Certification BodyThe Certification Body is the entity that ultimately awards the certification to an organization after verifying that it meets the ISO 9001 standards. Certification Bodies conduct audits, either directly or through a team of auditors, and based on the audit outcomes, they issue the certification, indicating that the organization complies with ISO 9001.

Recommend Certification: Audit Team LeaderThe Audit Team Leader is responsible for leading the audit and making a recommendation to the Certification Body. This recommendation is based on the audit findings—whether the organization meets the ISO 9001 requirements or if there are areas of non-compliance that need corrective action. The final decision on certification is not made by the Audit Team Leader but by the Certification Body.

Maintain Certification: Certification BodyMaintaining certification refers to the ongoing process of ensuring that an organization continues to comply with ISO 9001 requirements. The Certification Body conducts regular surveillance audits (e.g., annually) and may also perform recertification audits (typically every three years). This ongoing monitoring ensures that the certified organization continues to adhere to the quality management standards over time.

This breakdown clearly assigns responsibility based on the defined roles of Accreditation Bodies, Certification Bodies, and Audit Teams in the ISO 9001 certification process.

Analyzing Each Statement:

A.Incorrect. The audit team leader must communicate concerns as they arise, not just during the closing meeting. Per ISO 19011:2018 Clause 6.4.9, significant concerns should be shared promptly with the auditee and audit client during the audit process to allow for immediate understanding and potential resolution.

B.Incorrect. The auditor or team leader is not specifically required to inform the general manager about uncontrolled documents. Instead, the issue is communicated within the framework of the audit findings to the audit client or auditee, as appropriate.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires collaboration between the auditee (TD Advertising), the certification body, and the audit leader when making changes to audit scope.

Clause References:

ISO/IEC 17021-1:2015, Clause 9.2.3 – Conducting the Audit: Any change in audit scope must be agreed upon by all parties before proceeding.

Why is the Correct Answer C?

TD cannot unilaterally change the scope without agreement from the certification body and audit leader.

The certification body must ensure the scope remains relevant and that resources are allocated properly.

Why are the Other Options Incorrect?

A (Anne cannot withdraw) → Incorrect, Anne CAN withdraw if the changes make the audit unfeasible, but she must consult with the certification body first.

B (TD cannot change the scope) → Incorrect, scope changes are allowed but must be formally approved.

D (Anne has full authority to reject scope changes) → Incorrect, scope changes require mutual agreement among all parties.

Here is the correct matching of the activities with the responsible parties in the context of a second-party audit:

Define the audit scope: Customer

Develop the audit plan: Audit team leader

Respond to the audit findings: External provider

Conduct the audit: Audit team

This reflects the typical division of responsibilities in a second-party audit, where the customer (the party commissioning the audit) sets the scope, the audit team leader manages the planning, the external provider responds to findings, and the audit team carries out the audit.

Comprehensive and Detailed In-Depth Explanation:

Certification bodies must remain independent and impartial. If a certification body (ABC-CERT) provides consulting services to an organization through its subsidiary (Consultancy ABC), it cannot later certify the same organization.

Clause References:

ISO/IEC 17021-1:2015, Clause 5.2.5 – Impartiality Requirements:

A certification body must not certify an organization to which it has provided consultancy services.

ISO/IEC 17021-1:2015, Clause 5.2.6:

Subsidiaries of certification bodies must not provide consulting services to prevent conflicts of interest.

Why is the Correct Answer C?

Certifying a client after providing consultancy creates a conflict of interest and violates ISO/IEC 17021-1:2015 impartiality rules.

The certification body (ABC-CERT) and consultancy firm (Consultancy ABC) are related entities, making it impossible to remain objective and independent.

Why are the Other Options Incorrect?

A (Waiting two years) → ISO does not specify a time frame; the issue is impartiality, not just time.

B (Signing an agreement to ensure objectivity) → Conflicts of interest cannot be resolved through an agreement; independence is required.

Comprehensive and Detailed In-Depth Explanation:

Stratified sampling is the best method when the population consists of different groups or categories. In this case:

ME has two areas of operations (electrical and mechanical services).

Complaints were collected separately for each area.

By choosing representative samples from each category (electrical & mechanical complaints), Li Na ensured a balanced approach.

Systematic sampling selects samples at fixed intervals, which does not ensure proportional representation of both groups.

Block selection sampling is used when focusing on a specific time period or section, which does not apply here.

Thus, stratified sampling (B) is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.8 (Audit Reporting):

The audit report must be submitted to the certification body regardless of corrective actions.

Corrective actions are reviewed after the audit, but the audit process should not be delayed.

Certification decisions should be made based on the audit findings and evidence, not pending corrective actions.

Thus, delaying audit activities until corrective actions are submitted is not acceptable.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9001:2015, Clause 9.2 (Internal Audit):

Internal audits are conducted by employees of the company who are trained as auditors.

External auditors are not mandatory unless required by the organization.

Thus, A is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

Discussing audit findings before the closing meeting ensures that:

The audit objectives have been met (ISO 19011:2018, Clause 6.4.10).

The auditee has an opportunity to clarify misunderstandings or provide additional evidence.

The audit team and the auditee agree on the accuracy of findings before finalizing the report.

While encouraging corrective actions (B) is beneficial, the primary purpose of discussing findings is to ensure that the audit was conducted effectively and aligned with objectives. Identifying responsible persons (C) is not the auditor’s role.

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, correction is defined as “action to eliminate a detected nonconformity”. A nonconformity is defined as “non-fulfilment of a requirement”. Therefore, the process of modifying a non-conforming product to bring it within acceptance criteria is a correction, as it eliminates the non-fulfilment of the product specification. The other options are not correct, as they have different definitions and purposes:

•Concession: permission to release or use a nonconforming product, service or process

•Corrective action: action to eliminate the cause of a nonconformity and to prevent recurrence

•Preventive action: action to eliminate the cause of a potential nonconformity or other undesirable potential situation

Comprehensive and Detailed In-Depth Explanation:

ISO 19011:2018, Clause 5.4 (Audit Records Management) states that the audit schedule must be maintained as a key record.

Thus, C is the correct answer.

ISO 9001:2015 requires top management to review the quality management system at planned intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organisation. The auditor’s focus, especially during a surveillance audit covering improvement actions, must therefore be on evidence that management review is being carried out correctly and that it results in QMS-related decisions and changes.

Relevant ISO 9001 clauses include:

Clause 9.3.1 – Management review (General)Top management shall review the organisation’s quality management system at planned intervals.

Clause 9.3.3 – Management review outputsThe outputs of management review shall include decisions and actions related to opportunities for improvement and any need for changes to the QMS.

Explanation of the correct options:

A. The date of the most recent management review meeting

This is directly relevant because ISO 9001 requires management reviews to occur at planned intervals. The auditor must confirm that the review has taken place and that it is current, especially during a surveillance audit.

E. Changes made to the quality system by the new Quality Manager

This is directly linked to management review outputs and improvement actions. Since a new Quality Manager has been appointed, the auditor must verify whether changes to the QMS were reviewed, approved, and monitored through management review in line with Clauses 9.3.3 and 10.3.

Explanation of why the other options are not relevant:

B: Workforce redundancies are a human resources or business decision unless they directly affect QMS effectiveness, which is not indicated here.

C: Increased profitability is a business outcome, not a required management review input or output under ISO 9001.

D: Pension scheme improvements are unrelated to QMS performance or improvement.

F: A bonus scheme may relate to productivity, but unless it directly affects QMS objectives or process performance reviewed in management review, it is not a required checklist item.

ISO-aligned conclusion:

For an audit focusing on improvement actions and management review, the auditor’s checklist should confirm:

That management review has been conducted as required, and

That QMS-related changes and improvements (especially under a new Quality Manager) are being reviewed and controlled.

A second-party audit is typically performed by an organization (often a customer) on an external provider (supplier) to evaluate their capability and performance—i.e., to determine whether they can consistently meet requirements.

ISO 9001:2015 supports this purpose through its requirements for control of externally provided processes, products and services, where the organization must evaluate and monitor external providers:

ISO 9001 requires the organization to “determine and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with requirements.” ➜ This aligns directly with Option B (evaluate an external provider’s management system), because evaluating a provider’s system/process controls is a primary way to confirm their ability to meet requirements.

ISO 9001 also requires analysis/evaluation of data including “the performance of external providers.” ➜ This reinforces that ISO 9001 expects organizations to evaluate suppliers, which is the practical purpose of a second-party audit.

Why the other options are not correct under ISO 9001 context:

A (certify) is not the purpose of a second-party audit; certification is done by an independent third-party certification body, not by a customer/supplier relationship.

C (inspect products) can be one control activity, but ISO 9001’s requirement is broader—evaluate/monitor/re-evaluate the provider’s capability and performance, not only inspect output.

D (approve processes) may occur as a result of evaluation, but ISO 9001 explicitly emphasizes evaluation and monitoring, making B the best definition.

The activities that are specifically required by ISO 17021-1 as part of third-party (Certification Body) surveillance audit processes are:

•Option A: Audit use of certification marks on marketing materials. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to audit the client’s use of marks and/or any other reference to certification, as applicable, to ensure conformity with the certification requirements.

•Option B: Review changes to the QMS since last visit. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review any changes affecting the client’s quality management system and its ability to continue to fulfil the requirements of the standard used for certification.

•Option C: Confirm effectiveness of internal audit and management review. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to confirm the continuing effectiveness of the client’s quality management system, including the effectiveness of the internal audit and management review processes.

•Option F: Review the status of previously raised findings and audit effectiveness of any outstanding findings. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review the status of findings and any corrective actions taken by the client in response to previous audits, and to verify the effectiveness of the implemented corrective actions.

•Option H: Verify legal compliance. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to verify the client’s compliance with applicable statutory and regulatory requirements related to the scope of certification.

•Option I: Handling of customer complaints since last visit. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review the client’s handling of customer complaints related to the certified activities since the last audit.

The following options are not correct:

•Option D: Complete a full document review of the quality management system. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to complete a full document review of the quality management system during surveillance audits. A full document review is only required during the initial certification audit or when there are significant changes to the quality management system or the certification requirements.

•Option E: Failing to meet financial responsibilities. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to audit the client’s financial responsibilities during surveillance audits. The certification body may have contractual arrangements with the client regarding the payment of fees, but this is not part of the surveillance audit process.

•Option G: Review the calibration status of the instrumentation. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to review the calibration status of the instrumentation during surveillance audits. The certification body may audit the client’s monitoring and measuring resources as part of the quality management system requirements, but this is not a specific activity required by ISO 17021-1.

•Option J: Conduct a minimum number of annual surveillance audits during the certification period. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to conduct a minimum number of annual surveillance audits during the certification period. The certification body may determine the frequency and duration of surveillance audits based on the risk and performance of the client, but this is not a specific activity required by ISO 17021-1.