Approve Certification Body: Accreditation Body

Award certification: Certification Body

Recommend certification: Audit Team Leader

Maintain certification:

Comprehensive Detailed ExplanationIn the context of a third-party ISO 9001 audit, different entities play specific roles in the certification process. Here's a detailed explanation of the responsibilities:

Approve Certification Body: Accreditation BodyThe Accreditation Body is responsible for approving Certification Bodies. Accreditation Bodies are independent entities that evaluate the competence of Certification Bodies, ensuring they meet international standards like ISO/IEC 17021, which sets out the criteria for bodies providing audit and certification of management systems. In this role, they confirm that the Certification Body is capable of conducting ISO 9001 audits and granting certifications in accordance with international guidelines.

Award Certification: Certification BodyThe Certification Body is the entity that ultimately awards the certification to an organization after verifying that it meets the ISO 9001 standards. Certification Bodies conduct audits, either directly or through a team of auditors, and based on the audit outcomes, they issue the certification, indicating that the organization complies with ISO 9001.

Recommend Certification: Audit Team LeaderThe Audit Team Leader is responsible for leading the audit and making a recommendation to the Certification Body. This recommendation is based on the audit findings—whether the organization meets the ISO 9001 requirements or if there are areas of non-compliance that need corrective action. The final decision on certification is not made by the Audit Team Leader but by the Certification Body.

Maintain Certification: Certification BodyMaintaining certification refers to the ongoing process of ensuring that an organization continues to comply with ISO 9001 requirements. The Certification Body conducts regular surveillance audits (e.g., annually) and may also perform recertification audits (typically every three years). This ongoing monitoring ensures that the certified organization continues to adhere to the quality management standards over time.

This breakdown clearly assigns responsibility based on the defined roles of Accreditation Bodies, Certification Bodies, and Audit Teams in the ISO 9001 certification process.

According to ISO 19011:2018, clause 6.3.2, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the following information1:

•the audit objectives, scope and criteria

•the audit team members and their roles and responsibilities

•the audit schedule, including the date, time and location of each audit activity

•the expected time and duration of meetings and interviews

•the allocation of appropriate resources to critical areas of the audit

•the identification of the audit client and the auditee

•the identification of the guides and observers, if any

•the documents and records to be reviewed before and during the audit

•the audit methods and tools to be used

•the audit language and terminology

•the audit report content, format, distribution and expected completion date

•the risk to achieving audit objectives and the contingency plan, if any

Therefore, the issue which is not expected to be included in the audit plan is C, expectations of the organisation’s management. This issue is not relevant to the conduct of the audit, as the audit is based on the audit criteria, not on the management’s expectations. The management’s expectations may be considered during the audit initiation or the audit programme management, but they are not part of the audit plan.

References: ISO 19011:2018(en), Guidelines for auditing management systems, How to create an ISO 9001 internal audit plan - Advisera

According to the ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities1, an improvement opportunity is a suggestion made by the auditor for the auditee to consider that, if implemented, may enhance the performance of the QMS. Improvement opportunities are not mandatory, but they should be based on objective evidence and aligned with the audit criteria and objectives. Improvement opportunities should also be realistic, feasible, and beneficial for the auditee. In this case, the evidence statements that represent acceptable improvement opportunities in the report are A, C, and E, because they address the potential causes and effects of the spelling errors in the print run, and propose possible actions that may improve the quality of the products and services, and the effectiveness of the QMS. These options are consistent with the requirements and principles of ISO 9001, such as clause 6.1 on actions to address risks and opportunities, clause 8.1 on operational planning and control, clause 8.5.1 on control of production and service provision, and clause 10.2 on nonconformity and corrective action. The other options are not appropriate improvement opportunities, because they are either irrelevant, unrealistic, or unhelpful for the auditee. For example, option B may contradict the audit objective and scope, option D may imply a lack of auditor competence or impartiality, option F may not address the root cause of the problem, option G may not be applicable or effective, and option H may not be feasible or justified. References: ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities, ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Audit Evidence

Understanding Clause 7.1.5.2 – Measurement Traceability:ISO 9001:2015 requires organizations to ensure that measuring equipment (e.g., spectrometers) is calibrated and traceable to recognized standards. The failure to maintain calibration within valid dates directly violates this clause and raises concerns about the reliability of the measurement results.

Root Cause of the Nonconformity:The organization failed to plan for the possibility that the calibration service provider (X-TECH) might become unavailable, leading to expired calibration. This indicates inadequate risk-based thinking, which is required under Clause 6.1 of ISO 9001:2015.

Option Analysis:

A. Select one sample for external lab analysis to use as an internal standard:Incorrect. While using an internal standard could provide short-term verification of results, this action does not address the root cause (failure to consider risks associated with external providers).

B. Look for a local company to provide this service:Incorrect. While finding a new local service provider resolves the immediate calibration issue, it does not address the risk of future provider unavailability.

C. Double-check one out of ten samples externally:Incorrect. This corrective action ensures some quality assurance for batch release but does not resolve the nonconformance related to expired calibration.

D. Add this issue to the external issue register, assess its associated risk, and plan action to address that risk:Correct. This approach directly addresses the root cause (failure to anticipate the calibration provider leaving) and ensures proper risk management. ISO 9001:2015 emphasizes risk-based thinking under Clause 6.1, requiring organizations to identify risks and opportunities and implement plans to mitigate them.

Why D is the Best Option:

By adding the issue to the external issue register, the organization ensures it is monitored and tracked.

Assessing the risk ensures proactive measures are in place for similar issues in the future.

Planning actions to address the risk ensures a sustainable solution is implemented, such as identifying multiple service providers or ensuring backup plans for calibration services.

ISO 9001 References:

Clause 6.1 (Actions to Address Risks and Opportunities): Requires organizations to consider risks and opportunities that could affect the intended results of the QMS.

Clause 7.1.5.2 (Measurement Traceability): Mandates that measuring equipment must be calibrated and traceable to ensure valid results.

Clause 10.2 (Nonconformity and Corrective Action): Requires organizations to determine the root cause of nonconformities and take actions to ensure they do not recur.

The purpose of conducting a document review is to determine the conformity of the system, as far as documented, with audit criteria and to gather information to support the audit activities. A document review is a systematic and objective examination of the documented information that is relevant to the audit objectives and scope. It can help the auditor to verify if the documented information is complete, accurate, consistent, and up-to-date. It can also help the auditor to identify any gaps, errors, or nonconformities in the documented information that may affect the audit findings or conclusions.

The other options are not correct because they do not reflect the true purpose of a document review. Option A describes the purpose of an audit report, which is to communicate the audit results and recommendations to the management and other interested parties. Option B describes the purpose of an audit plan, which is to define the scope, objectives, criteria, methods, resources, and schedule of an audit. Option C describes the purpose of an audit evidence report, which is to provide evidence of nonconformities or opportunities for improvement identified during an audit. Option D describes the purpose of an audit decision report, which is to justify or explain why certain decisions were made during an audit.

I hope this answer helps you understand why option F is correct and why options A-C-D are incorrect. If you want to learn more about ISO 9001 Lead Auditor exam questions and answers, you can check out some of these resources:

ISO 9001 Lead Auditor Sample Exam Questions and Answers: This article provides some sample questions and answers for each section of the ISO 9001 Lead Auditor exam.

ISO 9001 (QMS) Lead Auditor Quiz Questions and Answers: This article provides some quiz questions and answers on various topics related to ISO 9001 QMS.

ISO 9001 Lead Auditor - Exam Practice Tests: This course offers practice tests with explanations for each question.

Irca Lead Auditor Exam Questions And Answers Pdf: This document contains some exam questions and answers in PDF format.

Here is the correct matching of actions to the statements in the context of leading the internal audit:

If practicablecarry out a formal opening meeting

You should notaudit production (as you are a supervisor in that area, and this would compromise audit objectivity)

You need notchange the audit team (unless there is a specific reason, such as conflict of interest)

You mustraise audit findings if necessary (this is a key responsibility of an auditor when nonconformities are found)

You must notsend the audit report to the Quality Manager (the audit report must be reviewed first; it is typically part of the internal audit process to go through necessary channels before final submission)

You shouldsend the audit report to the Quality Manager (after appropriate reviews and approvals)

This reflects key principles of conducting an internal audit according to ISO 9001:2015, ensuring objectivity, proper documentation, and clear reporting procedures.

According to ISO 19011:2018, clause 6.3.3, the audit plan should be reviewed and revised as necessary to address changes that occur during the audit planning. The audit plan should be agreed upon, preferably in writing, by the audit team leader, the audit client and the auditee1. Therefore, if there is a significant change in the auditee’s situation, such as the cancellation of all orders for the next week, the audit plan should be reviewed and revised accordingly, with the agreement of all parties involved.

According to ISO/IEC 17021-1:2015, clause 9.1.4, the certification body should have a process to ensure that the audit team has the competence to achieve the audit objectives, and that the audit methods are appropriate for the scope and complexity of the audit. The certification body should also have a process to ensure that the audit is conducted under reasonable conditions and within a reasonable time frame2. Therefore, if there is a risk that the audit objectives cannot be achieved, or that the audit methods are not suitable, due to the change in the auditee’s situation, the certification body should be consulted and informed on how to proceed with the audit.

Therefore, the best action to take is B, ask the certification body you work for how to proceed with the audit. This action will ensure that the audit plan is revised and agreed upon by all parties, and that the audit team has the competence and the methods to conduct the audit effectively and efficiently. The other options are not correct, as they may compromise the quality and validity of the audit:

•A. Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week: This action may not be feasible or acceptable, as it may extend the audit duration and cost beyond the agreed terms, and it may not provide sufficient and appropriate audit evidence to verify the conformity and effectiveness of the auditee’s processes. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•C. Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer’s premises they cleaned the week before: This action may not be relevant or reliable, as it may not reflect the current performance and condition of the auditee’s processes. The audit evidence collected from the previous customer may not be valid or representative of the audit criteria, and it may not address the risks and opportunities associated with the auditee’s context and objectives. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•D. Complete the audit but ask the quality manager to clean some windows at the ABC’s office, simulating the process they carry out at customers’ premises: This action may not be objective or impartial, as it may introduce bias and influence in the audit process. The audit evidence collected from the simulated process may not be accurate or authentic, and it may not demonstrate the actual capability and effectiveness of the auditee’s processes. Moreover, this action may not be ethical or professional, as it may compromise the integrity and credibility of the audit and the certification.

References: ISO 19011:2018(en), Guidelines for auditing management systems, ISO/IEC 17021-1:2015(en), Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements

In a third-party certification audit, auditors are responsible for maintaining confidentiality as part of their professional duties. Here’s how they can demonstrate it:

A. Adhere to the CQI Professional Code of Conduct: The CQI (Chartered Quality Institute) Code of Conduct outlines ethical principles, including confidentiality. Auditors must adhere to professional standards, ensuring sensitive information is protected and not disclosed improperly.

B. Confirm the confidentiality arrangements with the auditee regarding the use of mobile devices/cameras: Before using mobile devices or cameras, auditors must seek explicit permission from the auditee and agree on confidentiality terms, preventing unauthorized recording or sharing of sensitive information.

Options C, D, and E involve breaching confidentiality and are not acceptable practices in an ISO 9001:2015 certification audit. Sharing sensitive information, removing evidence without consent, or discussing it with unauthorized parties violates audit principles and the standard's confidentiality requirements​.

In this scenario, the organization has set a quality objective of achieving a 90% minimum exam pass rate for all courses. The auditor’s task is to assess whether this objective is being monitored effectively and if appropriate actions are taken when the objective is not met.

B. You would determine how the exam pass rate figures were analysed: ISO 9001:2015, particularly Clause 9.1 (Monitoring, measurement, analysis, and evaluation), requires organizations to evaluate performance data. The auditor should verify how the organization analyses the pass rate data to ensure trends are identified, and corrective actions are planned based on this analysis.

D. You would determine what corrective action was being taken to address the low pass rates: When performance falls short of the objective, as seen with Course 4 (where the pass rate is below 90% in all months), Clause 10.2 (Nonconformity and corrective action) requires organizations to take corrective actions to address issues. The auditor would need to check if corrective actions have been initiated to address consistently low pass rates.

Statements A, C, E, and F do not directly address the monitoring and corrective action required under ISO 9001:2015 in this context​​.

 Clause Reference – ISO 9001:2015 Clause 8.6 (Release of Products and Services):ISO 9001 requires that products and services are not released to the customer until:

All planned verification activities have been completed.

Acceptance criteria have been met.

Any necessary approvals have been obtained.

In this scenario:

The sacrificial anodes for Project DK were shipped before the galvanic efficiency test results were analyzed.

This constitutes a nonconformity against Clause 8.6 because the products were released without completing the required tests.

 Option Analysis:

A. A retrospective concession was not sought from the customer once the test results had been approved by the Quality Manager:Incorrect. While obtaining a concession might mitigate the situation, the nonconformity pertains to the process failure of releasing the products without completing required tests, not the absence of a concession.

B. Release of the product without acceptable test results has been accepted by the customer for Project DK:Incorrect. The customer was not informed before the release, and there is no indication that this was accepted beforehand. Furthermore, ISO 9001 requires planned processes to be followed, regardless of later acceptance.

C. Products for Project DK have been released before product approval through the quality control process:Correct. This description accurately reflects the nonconformity. The quality control process required test results to be analyzed and verified before release, which did not happen.

D. The untested product was not recalled until the galvanic efficiency of the anodes was verified:Incorrect. The issue is not about recalling the product but about releasing it without completing the required tests. Recalling the product is not mentioned in the scenario.

 Why C is Correct:

The nonconformity is a clear breach of Clause 8.6, where the products were released without meeting the planned verification requirements.

This demonstrates a failure in adhering to quality control processes, which is a critical aspect of ISO 9001 compliance.

 Key ISO 9001 Reference:

Clause 8.6: Products and services shall not be released to the customer until all planned activities (e.g., testing) have been satisfactorily completed, or the customer has approved the release with knowledge of deviations.

The appropriate response in this situation would be:

C. I will raise it as a minor nonconformity; you have the option to appeal to our Certification Body.

This response acknowledges the restaurant manager’s point that the shortage of some hamburgers may not constitute a management system failure. However, the fact remains that the menu was not updated to reflect the current availability of products, which led to customer dissatisfaction. This is a deviation from the ISO 9001 standard, which requires that the organization ensures the availability of resources needed to provide products and services as promised1. Raising it as a minor nonconformity allows the organization to address the issue within a specified timeframe and provides an opportunity for appeal if the organization disagrees with the auditor’s decision2.

According to clause 4.1 of ISO 9001:2015, the organization should determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended results of its quality management system. The organization should monitor and review these issues and update them as necessary. Although the standard does not explicitly require documented information of these issues, it does require documented information as evidence of the implementation of the actions taken to address risks and opportunities, as per clause 6.1. The organization should also retain documented information as evidence of the results of the monitoring, measurement, analysis and evaluation of its QMS, as per clause 9.1. Therefore, the auditor should not accept the legal compliance expert answering the question, as he is not the person responsible for the process and may not have the necessary competence or knowledge of the QMS. The auditor should also look for evidence that the actions resulting from the risk assessment had been taken, as this is a requirement of the standard and a way to verify the effectiveness of the QMS. The other options are not appropriate courses of action for the auditor, because they do not address the audit objective or criteria, or they may compromise the audit integrity or impartiality. For example, option B may not be feasible or reliable, as the Technical Manager may not be available or able to provide the necessary evidence by phone. Option C may cause unnecessary delay and inconvenience for the audit process and the auditee. Option E may not solve the problem, as the guide is not the main source of evidence or information for the audit. Option F may be disrespectful or unprofessional, as the consultant may have a legitimate role or interest in the audit. References: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Context of the Organization, ISO 9001 Auditing Practices Group Guidance on Audit Evidence

•To evaluate the preparedness of the organisation for a Stage 2 audit: This objective involves assessing the readiness of the organisation to undergo the Stage 2 audit, where the conformity and effectiveness of the quality management system will be verified123. The audit team will check the level of implementation and understanding of the quality management system, identify any major gaps or nonconformities, and confirm the audit scope, criteria, and plan123.

•To review the quality manual: This objective involves reviewing the documented information of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team will also evaluate the organisation’s understanding and application of the standard, and identify any areas of improvement or concern123.

The other options are not included in the objectives of the Stage 1 initial certification audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.

Therefore, the correct answer is B and D.

References: 1: ISO 9001 Certification Audits | Stage 1 and Stage 2 - 9001. Simplified 2: Stage 1 of your Audit | NQA Blog 3: Getting Certified to ISO 9001 - the Stage 1 Audit

Here is the correct matching of the ISO 9001 Clause 8 extracts to the audit evidence:

Audit evidence: Three subcontract trainers who had delivered training were not approved as defined in procedure SA1 Supplier Approval revision 3.ISO 9001 Clause 8 extract: 8.4.1 ...shall apply criteria for ... external providers...(This clause requires the organization to control external providers, including ensuring their approval and competence.)

Audit evidence: A training programme for a customer was not documented as required in procedure TD 2 Training revision 2.ISO 9001 Clause 8 extract: 8.3.5 ...shall retain documented information on design and development outputs.(This clause addresses the need to retain documented information related to design and development outputs, such as a training programme.)

Audit evidence: One trainer had not recorded the damage to a customer’s training room wall caused by using sticky tape to hang training aids, as required in procedure TD 2 Training revision 2.ISO 9001 Clause 8 extract: 8.5.3 ...shall retain documented information on what has occurred.(This clause relates to retaining documented information on activities and outcomes, including records of damage or issues encountered.)

Audit evidence: Five sales orders had no record of having been reviewed to verify the ability to provide these courses.ISO 9001 Clause 8 extract: 8.2.3.1 ...shall conduct a review before committing...(This clause specifies the requirement to review and verify the organization's ability to meet customer requirements before accepting sales orders.)

These mappings reflect the specific requirements of ISO 9001:2015 for managing external providers, retaining documented information, and reviewing contracts.

According to clause 10.2.1.b of ISO 9001:2015, the organization should evaluate the need for action to eliminate the causes of nonconformities, in order to prevent their recurrence. This means that the organization should identify and address the root causes and contributing factors of the nonconformities, and implement appropriate corrective actions that are effective and proportional to the impact of the nonconformities. In this case, the evidence statement that supports the finding of nonconformance is C, because it shows that the organization did not take effective actions to prevent the recurrence of the spelling errors in the print run, which resulted in repeated customer rejections and dissatisfaction. The other options are not directly related to clause 10.2.1.b, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option A may relate to clause 7.2 on competence, option B may relate to clause 8.6 on release of products and services, and option D may relate to clause 7.1 on resources. References: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Nonconformity and Corrective Action], ISO 9001 Clause 10. Improvement - ISO-templates.com

According to the ISO 9001:2015 standard, clause 4.1 requires organizations to determine the external and internal issues that are relevant to their purpose and that affect their ability to achieve the intended outcomes of their quality management system. Clause 6.1 requires organizations to plan actions to address the risks and opportunities associated with these issues. These actions must be integrated into the quality management system processes and evaluated for effectiveness.

In this scenario, the General Manager of the pharmaceutical organization has shown a lack of understanding and involvement in the process of identifying and addressing the external and internal issues that affect their quality management system. The General Manager has relied on the legal compliance expert, who is not an employee of the organization, to guide them on this process. The General Manager has also admitted that they did not document these issues, which is contrary to the requirement of retaining documented information on the context of the organization. The General Manager has also delegated the responsibility of determining and planning the actions to address the risks and opportunities to the Technical Manager, who is absent due to COVID-19.

Based on this information, you can respond to the General Manager’s suggestion by taking two options:

B. I would ask for a different guide instead of the legal compliance expert: You can request to have a different guide who is an employee of the organization and who is familiar with the quality management system processes and the external and internal issues that affect them. The legal compliance expert may not have the necessary knowledge and authority to answer your questions or provide you with the relevant evidence.

C. I would look for evidence that the actions resulting from the risk assessment had been taken: You can verify whether the organization has implemented and evaluated the actions to address the risks and opportunities associated with the external and internal issues. You can look for evidence such as records of risk analysis, action plans, monitoring and review results, and improvement measures.

These two options would help you to assess the conformity and effectiveness of the organization’s quality management system with respect to the requirements of clauses 4.1 and 6.1.

A screenshot of a chat Description automatically generated

According to the ISO 9000:2015 document, the seven quality management principles are:

Customer focus

Leadership

Engagement of people

Process approach

Improvement

Evidence-based decision making

Relationship management

For each principle, the document provides a statement, a rationale, key benefits, and actions you can take to apply the principle in your organization.

Based on the document, here is a possible way to match a potential benefit to each of the four quality management principles you mentioned:

Table

Quality management principle

Potential benefit

Customer focus

Increased revenue and market share

Engagement of people

Enhanced trust and collaboration throughout the organization

Improvement

Enhanced drive for innovation

Evidence-based decision making

Increased ability to demonstrate effectiveness of past actions

 Responsibilities of the Audit Team Leader:ISO 19011:2018 (guidelines for auditing management systems), which supports the principles in ISO 9001:2015, specifies the responsibilities of an audit team leader. These responsibilities include:

Planning the audit and establishing effective communication between the audit team and auditee.

Ensuring that formal communication channels are agreed upon and followed.

Reporting the audit progress, significant findings, and any concerns to the auditee or audit client as necessary.

Managing the audit team and ensuring adherence to the defined objectives and scope.

 Analysis of Options:

A. Reporting unattainable audit objectives to the accreditation body:Incorrect. This is not the responsibility of the audit team leader. The accreditation body oversees the certification body and is not directly involved in specific audits. If objectives are unattainable, the audit team leader would report them to the audit client (the certification body), not the accreditation body.

B. Planning formal communication arrangements:Correct. This is one of the responsibilities of the audit team leader. They ensure auditees can communicate with auditors as needed during the audit process.

C. Confirming communication channels during the opening meeting:Correct. During the opening meeting, the audit team leader must establish clear communication protocols to ensure effective information exchange between the audit team and auditee.

D. Communicating progress, findings, and concerns:Correct. Keeping the auditee and audit client informed about progress and significant findings is a critical responsibility of the audit team leader to maintain transparency and ensure the audit objectives are met.

 Why Option A is Correct:The audit team leader does not have any obligation to report unattainable objectives to the accreditation body. Instead, they are responsible for communicating issues to the audit client (typically the certification body). The accreditation body operates at a higher level and is concerned with overseeing certification bodies, not individual audits.

 Relevant References:

ISO 19011:2018, Clause 6.4 (Conducting the Audit): Emphasizes the responsibilities of the audit team leader, including communication with the auditee and client.

ISO 9001:2015, Clause 9.2 (Internal Audit): Highlights the importance of planning and communication during audits, which is reflected in third-party audits as well.

ISO/IEC 17021-1 is the standard that specifies requirements for bodies providing audit and certification of management systems. It includes provisions for determining audit time for third-party certification audits, ensuring that the audits are conducted in a consistent, comparable, and reliable manner, which can be applied to a variety of management systems, including ISO 9001.

References: ISO/IEC 17021-1; IAF Mandatory Document for the Determination of Audit Time of Quality and Environmental Management Systems Certification

The purpose of a Stage 1 third-party audit is to determine an organization’s readiness for their Stage 2 Certification Audit. During the Stage 1, the auditor will review the organization’s management system documented information, evaluate the site-specific conditions, and have discussions with personnel. The objective is to assess the alignment of the organization’s design with ISO 9001 requirements and to identify any areas of concern that could be classified as a nonconformance during the Stage 2 Audit. The auditor will also use the Stage 1 Audit to complete Stage 2 Audit planning, including a review of the allocation of resources and details for the next phase of the audit. Therefore, the option that best describes the purpose of a Stage 1 third-party audit is A, to determine the auditees understanding of ISO 9001. The other options are not correct, as they are not the main focus of a Stage 1 audit:

•B. To get to know the organization’s customers: This is not the purpose of a Stage 1 audit, as the auditor is not interested in the specific details of the organization’s customers, but rather in the organization’s ability to meet customer and applicable statutory and regulatory requirements.

•C. To learn about the organization’s procurement processes: This is not the purpose of a Stage 1 audit, as the auditor is not interested in the specific details of the organization’s procurement processes, but rather in the organization’s ability to control externally provided processes, products and services.

•D. To introduce the audit team to the client: This is not the purpose of a Stage 1 audit, as the auditor is not there to make introductions, but rather to conduct a preliminary examination of the organization’s compliance with ISO 9001 standards.

References: What is the difference between Stage 1 and Stage 2 Audits? - ISO Update, The ISO 9001 Audit Process Explained | ISO Explained, What is an ISO Stage 2 Audit? — RiskOptics - Reciprocity

According to ISO 9001:2015, clause 9.2.2.e, the organization is required to retain documented information as evidence of the implementation of the audit programme and the audit results. This includes the records of the nonconformities identified during the internal audits and the corrective actions taken to address them. The organization is also required to verify the effectiveness of the corrective actions, as per clause 10.2.2.

Therefore, in the scenario given, the Quality Manager’s decision to automatically close any nonconformance over 3 years old without obtaining any confirmation from the relevant departments or verifying the effectiveness of the corrective actions is a clear violation of the requirements of clause 9.2.2.e. This indicates a lack of control and follow-up of the internal audit process, as well as a potential risk of recurrence or occurrence of the nonconformities in other areas. This also undermines the credibility and value of the internal audit programme, as well as the risk-based approach claimed by the Quality Manager.

Hence, the best course of action to take is D, to raise a nonconformance report against clause 9.2.2.e of ISO 9001, and to communicate the audit findings to the relevant management. The other options are either insufficient or irrelevant to address the issue, as they do not directly relate to the noncompliance with clause 9.2.2.e.

References:

ISO 9001:2015(en), Quality management systems — Requirements, clause 9.2.2 and 10.2.2

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.4.4 and 6.7.2

ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”

ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 5 and 6

Sequence:

Stage 1 Audit

Stage 2 Opening Meeting

Interviews

Stage 2 Closing Meeting

Close-out of Stage 2 Audit Findings

Issue Certificate

Surveillance Audit

Follow-up Audit

To complete the sequence, you can drag and drop the options to the appropriate blank section.

Here is a brief explanation of each step:

Stage 1 Audit: This is the initial audit that aims to assess the readiness of the organization for the stage 2 audit. It involves reviewing the documentation of the quality management system, evaluating the scope and objectives of the audit, and identifying any major gaps or nonconformities34.

Stage 2 Opening Meeting: This is the meeting that marks the start of the stage 2 audit. It involves confirming the audit plan, the audit criteria, the audit scope, and the audit team. It also provides an opportunity for the auditee to ask any questions or raise any concerns34.

Interviews: This is the main activity of the stage 2 audit, where the audit team collects evidence by interviewing the personnel involved in the quality management system, observing the processes and activities, and examining the records and documents. The audit team uses various techniques, such as sampling, measurement, analysis, and evaluation, to verify the conformity and effectiveness of the quality management system345.

Stage 2 Closing Meeting: This is the meeting that marks the end of the stage 2 audit. It involves presenting the audit findings, the audit conclusions, and the audit report to the auditee. It also provides an opportunity for the auditee to provide feedback, ask questions, or dispute any findings34.

Close-out of Stage 2 Audit Findings: This is the process of verifying that the auditee has taken appropriate corrective actions to address any nonconformities or opportunities for improvement identified during the stage 2 audit. The audit team may request evidence or conduct a follow-up visit to confirm the effectiveness of the corrective actions34.

Issue Certificate: This is the process of issuing a certificate of conformity to the auditee, if the audit team is satisfied that the quality management system meets the requirements of the standard and that there are no major nonconformities or unresolved issues. The certificate is valid for a specified period, usually three years, and is subject to periodic surveillance audits34.

Surveillance Audit: This is the process of conducting periodic audits, usually once a year, to monitor the continued conformity and effectiveness of the quality management system. It involves reviewing the changes, improvements, and performance of the quality management system, and identifying any new nonconformities or opportunities for improvement34.

Follow-up Audit: This is the process of conducting an additional audit, usually in response to a significant change, a complaint, or a major nonconformity, to verify the impact and the corrective actions taken by the auditee. It may result in the suspension, withdrawal, or renewal of the certificate, depending on the outcome of the audit34.

Effectiveness and efficiency are two of the seven quality management principles that form the basis of ISO 9001. According to ISO 9000:2015, clause 3.2.14, effectiveness is the “extent to which planned activities are realized and planned results achieved”. According to clause 3.2.15, efficiency is the “relationship between the result achieved and the resources used”. In other words, effectiveness is about doing the right things, and efficiency is about doing things right. ISO 9001:2015, clause 10.3, requires the organisation to continually improve the suitability, adequacy, and effectiveness of the quality management system. This implies that the organisation should also improve the efficiency of its processes, products, and services, as efficiency is a key factor in achieving customer satisfaction, reducing costs, and increasing profitability. Some of the ways that the organisation can improve its effectiveness and efficiency are: - Establishing SMART (specific, measurable, achievable, relevant, and time-bound) objectives and monitoring their progress - Implementing the Plan-Do-Check-Act (PDCA) cycle to plan, execute, evaluate, and improve its activities - Applying the process approach to manage its interrelated processes as a coherent system - Using evidence-based decision making to analyse data and information and take appropriate actions - Seeking feedback from customers and other interested parties and addressing their needs and expectations - Identifying and addressing risks and opportunities that can affect its performance and conformity - Encouraging innovation and creativity to find new and better ways of doing things - Benchmarking its performance against best practices and industry standards - Providing training and development opportunities for its personnel to enhance their competence and motivation 12345 References:

1: ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary

2: ISO 9001:2015 - Quality management systems — Requirements

3: ISO 9001 Explained: A Comprehensive Guide to Quality Management Systems - ISMS.online

4: The 7 Principles of ISO 9001 | ISO Standards Explained

5: Key Elements of an ISO 9001:2015 Quality Management System

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, correction is defined as “action to eliminate a detected nonconformity”. A nonconformity is defined as “non-fulfilment of a requirement”. Therefore, the process of modifying a non-conforming product to bring it within acceptance criteria is a correction, as it eliminates the non-fulfilment of the product specification. The other options are not correct, as they have different definitions and purposes:

•Concession: permission to release or use a nonconforming product, service or process

•Corrective action: action to eliminate the cause of a nonconformity and to prevent recurrence

•Preventive action: action to eliminate the cause of a potential nonconformity or other undesirable potential situation

References: ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, ISO 9001 nonconforming product: How to understand dispositions - Advisera

Evaluate the effectiveness of the management system: This objective involves verifying that the quality management system meets the requirements of a specific standard, such as ISO 9001:2015, and that it achieves the intended results and outcomes. The audit team will collect and analyse audit evidence to determine the degree of conformity and performance of the quality management system23.

•Evaluate the capability of the management system to establish and achieve objectives: This objective involves verifying that the quality management system supports the strategic direction and policies of the organization, and that it addresses the needs and expectations of the interested parties. The audit team will assess the suitability, adequacy, and alignment of the quality management system objectives, and the effectiveness of the planning and implementation processes to achieve them23.

The other options are not the most relevant objectives of a third-party audit, according to the web search results from my internal tool. They may be related to other aspects or types of audits, but they are not the focus of a third-party audit.

Therefore, the correct answer is B and D.

References: 1: Safeguarding Your Business: The Power of Third-Party Security Audits 2: ISO 19011:2018 - Guidelines for auditing management systems 3: Third Party Audit – QMSGurus.com

Based on the scenario provided, there is evidence of nonconformity with the requirements defined in:

C. Clause 7.5.1 Documented information - General: The scenario indicates that there is no formal process for informing users about updates to the SWIFT database, which suggests a lack of control over documented information. This could lead to users being unaware of important changes and not using the latest version of the software, which is required by the quality management system1.

E. Clause 7.5.3 Control of documented information: The Operations Director’s approach to updating the SWIFT database and the lack of communication to users about these updates indicate that the documented information is not adequately controlled. Allowing users to revert to earlier versions of the software at their discretion further suggests that the organization does not have a proper mechanism in place to ensure the integrity and suitability of documented information2.

These clauses are part of the ISO 9001:2015 standard, which requires organizations to have a systematic approach to controlling and managing documented information as part of their quality management system. The scenario described shows a casual approach to managing critical software updates, which could affect the organization’s ability to consistently meet customer and regulatory requirements.

According to the ISO 9001:2015 standard, clause 6.2.1 requires organizations to establish quality objectives at relevant functions, levels, and processes needed for the quality management system. The quality objectives must be consistent with the quality policy and the strategic direction of the organization. The quality objectives must also be measurable, monitored, communicated, and updated as appropriate.

In this scenario, the Quality Manager of XYZ Corporation has set quality objectives for every employee in the organization except top management. This has created a lot of resistance to the QMS, and the Chief Executive is asking questions about the cost and the method of setting objectives. The Quality Manager asks for your opinion as an auditor on whether this is the correct method of setting objectives.

As an auditor, you cannot provide advice to the organization on how it should operate its QMS. Your role is to assess the conformity and effectiveness of the QMS against the requirements of the standard and the organization’s own policies and objectives. Therefore, you should respond with the following options:

B. Advise the Quality Manager to read the ISO 9001 standard and interpret in relation to the organization’s requirements: You can suggest that the Quality Manager should familiarize himself with the requirements of clause 6.2.1 and understand how they apply to his organization. He should also consider the context and the needs and expectations of interested parties when setting quality objectives. He should ensure that the quality objectives are aligned with the quality policy and the strategic direction of the organization.

C. Advise the Quality Manager that you will raise an opportunity for improvement if the quality objectives are not addressed properly: You can inform the Quality Manager that you will evaluate the quality objectives during the audit and check whether they meet the requirements of clause 6.2.1. If you find any gaps or weaknesses in the quality objectives, you will raise an opportunity for improvement to help the organization improve its QMS. You will also verify whether the quality objectives are monitored, communicated, and updated as appropriate.

D. Inform the Quality Manager that you will comment on the subject in your audit report: You can inform the Quality Manager that you will document your findings and observations on the quality objectives in your audit report. You will also provide a summary of the audit results and any recommendations for improvement. You will also indicate the level of conformity and effectiveness of the QMS.

These three options would help you to maintain your impartiality and professionalism as an auditor and to provide constructive feedback to the organization

B. Applicable procedure: SP-701

D. Identification number of the washing machine

H. The concentration of the cleaning liquid used vs the concentration fixed in SP-701

I. The planned duration of the process vs the minimum time required in SP-701

J. Weight of linen being washed vs the maximum weight required in SP-701

C. Competence record of the machine operator