Comprehensive and Detailed In-Depth Explanation:

An autocratic management style is characterized by:

Top management making all decisions without delegation.

Strict control over employees.

A lack of employee input in decision-making.

Centralized management (Answer C) refers to decision-making being concentrated at the top, but it does not necessarily imply strict control. Laissez-faire management (Answer B) allows employees high independence, which contradicts the scenario.

In this scenario, the time allocated by the audit team leader for the Human Resources audit is fixed, and as an auditor, you must work within that constraint. Although the sampling criteria suggests reviewing 25 personnel files, it is acceptable to adjust the sample size based on time and resource limitations. ISO 9001:2015 emphasizes risk-based thinking and practical resource management (Clause 7.1), so it is reasonable to review a smaller sample if the time is insufficient.

Option B is a pragmatic approach, allowing you to focus on quality over quantity by reviewing as many cases as time allows without compromising the audit schedule.

Options like extending the audit (A, C, D) are impractical in a structured audit environment, especially for second-party audits where maintaining the agreed schedule is important​​.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9000:2015, which provides definitions for terms used in ISO 9001:2015, a management system is defined as a set of interrelated or interacting elements of an organization to establish policies, objectives, and processes to achieve those objectives.

A Quality Management System (QMS) is a type of management system that ensures organizations meet customer and regulatory requirements while improving performance.

Clause 3.5.3 of ISO 9000:2015 clearly defines "management system" and aligns with this question. The other options do not fit the definition:

Standard refers to an established norm or requirement.

Organization scope defines the boundaries of a QMS but is not a system itself.

Quality manual is a document (optional under ISO 9001:2015) that describes a QMS but is not the system itself.

According to the ISO 19011:2018 standard, which provides guidelines for auditing management systems, the team leader of an audit team should be an auditor who has demonstrated the competence to manage an audit of the relevant management system scheme. This means that the team leader should have the appropriate knowledge, skills, and experience to plan, conduct, report, and follow-up an audit of the specific management system, such as ISO 9001 for quality management systems. The other options are false because: B. An audit team can include non-qualified auditors, but only as observers or trainees who do not contribute to the audit findings or conclusions. C. A technical expert can assist a qualified auditor on an audit team, but cannot replace them, as a technical expert does not have the competence to perform audits. D. Audits leading to auditor qualification are not undertaken annually, but rather as part of a certification process that involves meeting certain criteria, such as education, work experience, audit experience, and examination. References: ISO 19011:2018, PECB Certified ISO 9001 Lead Auditor Exam Preparation Guide, ISO 9001:2015 Quality Management Systems Lead Auditor Training Course

A screenshot of a chat Description automatically generated

According to the ISO 9000:2015 document, the seven quality management principles are:

Customer focus

Leadership

Engagement of people

Process approach

Improvement

Evidence-based decision making

Relationship management

For each principle, the document provides a statement, a rationale, key benefits, and actions you can take to apply the principle in your organization.

Based on the document, here is a possible way to match a potential benefit to each of the four quality management principles you mentioned:

Table

Quality management principle

Potential benefit

Customer focus

Increased revenue and market share

Engagement of people

Enhanced trust and collaboration throughout the organization

Improvement

Enhanced drive for innovation

Evidence-based decision making

Increased ability to demonstrate effectiveness of past actions

The individual(s) managing the audit programme and the auditee are both roles that contribute to the audit outcomes. The individual(s) managing the audit programme are responsible for planning, conducting, and reporting on the audit activities, as well as ensuring that they are aligned with the organization’s quality objectives and risk management processes1. The auditee is the person or entity that is subject to an audit, and their participation, cooperation, and feedback are essential for achieving a successful audit outcome2. References:

ISO 9001 Lead Auditor Reference Materials

ISO 9001 Lead Auditor Candidate Handbook

ISO 9001 Lead Auditor Course Material

ISO 9001 Lead Auditor Training Course IRCA Certified

According to the ISO - Management system standards page, the key benefits of an effective management system include improved operational effectiveness and efficiency, improved risk management and protection of people and the environment, and enhanced drive for innovation. The Integrated Use of Management System Standards (IUMSS) handbook also states that the purpose and objectives of management system standards are to help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives.

Therefore, the complete sentence is:

“The purpose of a management system standard is to improve the performance of an organisation.”

Comprehensive and Detailed In-Depth Explanation:

Auditors must have competence in risk-based auditing to effectively assess an organization’s QMS performance and compliance.

Clause References:

ISO 19011:2018, Clause 7.2.3 – Determining Auditor Competence:

Auditors must have knowledge of risk-based thinking to assess risk impact on processes.

ISO 9001:2015, Clause 0.3.3 – Risk-Based Thinking:

The standard emphasizes proactive risk management, which auditors must understand.

Why is the Correct Answer B?

Risk-based auditing ensures audits focus on high-risk areas, improving audit effectiveness.

Auditors must assess how organizations apply risk-based thinking in decision-making, process control, and improvement.

Why are the Other Options Incorrect?

A (Industry knowledge) → While helpful, it is not mandatory for all auditors.

C (Expertise in all domains) → Auditors are not required to be experts in all areas, just in audit methodology.

D (Formal degree in quality management) → ISO does not require a formal degree, just competence in audit principles and methods.

Comprehensive and Detailed In-Depth Explanation:

During communication with top management, the auditor should discuss:

The quality policy (ISO 9001:2015, Clause 5.2.1), ensuring that it is established, communicated, and understood.

Internal audits (ISO 9001:2015, Clause 9.2), verifying that they are planned and effectively implemented.

These discussions help assess leadership commitment and the effectiveness of the QMS.

Based on the scenario provided, there is evidence of nonconformity with the requirements defined in:

C. Clause 7.5.1 Documented information - General: The scenario indicates that there is no formal process for informing users about updates to the SWIFT database, which suggests a lack of control over documented information. This could lead to users being unaware of important changes and not using the latest version of the software, which is required by the quality management system1.

E. Clause 7.5.3 Control of documented information: The Operations Director’s approach to updating the SWIFT database and the lack of communication to users about these updates indicate that the documented information is not adequately controlled. Allowing users to revert to earlier versions of the software at their discretion further suggests that the organization does not have a proper mechanism in place to ensure the integrity and suitability of documented information2.

These clauses are part of the ISO 9001:2015 standard, which requires organizations to have a systematic approach to controlling and managing documented information as part of their quality management system. The scenario described shows a casual approach to managing critical software updates, which could affect the organization’s ability to consistently meet customer and regulatory requirements.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015 (Conformity Assessment – Requirements for Certification Bodies), Clause 9.3.1.2, the Stage 1 Audit typically consumes around 30% of the total audit time.

This time is allocated to:

Reviewing documented information.

Assessing the readiness for Stage 2.

Identifying potential nonconformities.

A 20% allocation (Answer A) is too low, and 40% (Answer C) is excessive, as the majority of the audit should be spent on Stage 2 (on-site verification).

 Understanding "Context of the Organization":

The term "context of the organization" is defined in ISO 9001:2015 Clause 4.1, which states:

"The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system."

The definition emphasizes identifying both internal and external issues that influence the organization's approach to developing and achieving its objectives.

 Option Analysis:

Option A:Correct. This option aligns with the standard definition as it explicitly mentions the combination of internal and external issues that affect the organization’s approach to achieving its objectives, which is the essence of Clause 4.1.

Option B:Incorrect. The term "comparison of internal and external issues" does not reflect the ISO 9001 requirements. The standard does not require a comparison but rather an understanding of these issues.

Option C:Incorrect. Although it mentions "complexity," the focus of ISO 9001:2015 is on identifying relevant issues rather than the complexity of those issues.

Option D:Incorrect. This option mentions "coordination" and focuses only on the positive or negative effects. ISO 9001 requires identifying issues but does not emphasize coordination.

 Clause Reference and Relevance:

ISO 9001:2015 requires organizations to understand their context because internal and external factors can influence the Quality Management System's effectiveness. Understanding this context helps in:

Addressing risks and opportunities (Clause 6.1).

Aligning the QMS with the organization’s strategic direction.

 Why A is Correct:

"Combination of internal and external issues" captures the essence of Clause 4.1, making it the accurate definition of the context of the organization.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires specific roles and responsibilities for audit leaders and certification bodies.

Clause References:

ISO 19011:2018, Clause 5.5 – Conducting the Audit: Defines audit team leader responsibilities.

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning: Defines certification body responsibilities, including the certification agreement.

Why is the Correct Answer D?

The certification agreement is signed between the certification body and the auditee (TD Advertising).

Anne (audit team leader) does NOT have authority to sign the agreement—that is the responsibility of the certification body’s management.

Why are the Other Options Incorrect?

A (Establishing audit criteria and objectives) → Correct responsibility of the audit leader as per ISO 19011.

B (Determining audit feasibility) → Audit leaders assess feasibility but do not sign agreements.

C (Assigning responsibilities for the audit team) → This is part of the audit leader’s role in planning audits.

According to ISO 19011:2018, clause 6.3.3, the audit plan should be reviewed and revised as necessary to address changes that occur during the audit planning. The audit plan should be agreed upon, preferably in writing, by the audit team leader, the audit client and the auditee1. Therefore, if there is a significant change in the auditee’s situation, such as the cancellation of all orders for the next week, the audit plan should be reviewed and revised accordingly, with the agreement of all parties involved.

According to ISO/IEC 17021-1:2015, clause 9.1.4, the certification body should have a process to ensure that the audit team has the competence to achieve the audit objectives, and that the audit methods are appropriate for the scope and complexity of the audit. The certification body should also have a process to ensure that the audit is conducted under reasonable conditions and within a reasonable time frame2. Therefore, if there is a risk that the audit objectives cannot be achieved, or that the audit methods are not suitable, due to the change in the auditee’s situation, the certification body should be consulted and informed on how to proceed with the audit.

Therefore, the best action to take is B, ask the certification body you work for how to proceed with the audit. This action will ensure that the audit plan is revised and agreed upon by all parties, and that the audit team has the competence and the methods to conduct the audit effectively and efficiently. The other options are not correct, as they may compromise the quality and validity of the audit:

•A. Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week: This action may not be feasible or acceptable, as it may extend the audit duration and cost beyond the agreed terms, and it may not provide sufficient and appropriate audit evidence to verify the conformity and effectiveness of the auditee’s processes. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•C. Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer’s premises they cleaned the week before: This action may not be relevant or reliable, as it may not reflect the current performance and condition of the auditee’s processes. The audit evidence collected from the previous customer may not be valid or representative of the audit criteria, and it may not address the risks and opportunities associated with the auditee’s context and objectives. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•D. Complete the audit but ask the quality manager to clean some windows at the ABC’s office, simulating the process they carry out at customers’ premises: This action may not be objective or impartial, as it may introduce bias and influence in the audit process. The audit evidence collected from the simulated process may not be accurate or authentic, and it may not demonstrate the actual capability and effectiveness of the auditee’s processes. Moreover, this action may not be ethical or professional, as it may compromise the integrity and credibility of the audit and the certification.

According to the ISO 9001:2015 standard, clause 8.7 requires that an organization identify and control any nonconforming outputs that do not conform to the requirements of the customer or other relevant requirements. Nonconforming outputs are any outputs from the process, product or service that do not meet the specified quality criteria. Nonconforming outputs must be dealt with in one or more of the following ways:

Correction of the nonconformity

Segregation, containment, return or suspension of provision of products and services

Informing the customer

Authorisation for acceptance under concession

The organization must also retain documented information on the description of the nonconformity, the actions taken, any concessions obtained, and the identification of the authority deciding the action to resolve the nonconformity.

In this scenario, you have interviewed a line supervisor who is responsible for managing a manual picking line where operators are removing contaminant materials from incoming products. The supervisor has explained that these plastic items are rejected at this stage because they do not meet their processing standards and they can damage their machinery and compromise their quality standards. The supervisor has also mentioned that some of these rejected items are melted down in another process later on and some are disposed of as waste products that cannot be recycled.

Based on this information, you can investigate further by taking two actions:

A. Check the process for handling nonconforming items: You can verify whether there is a documented procedure for identifying, segregating, containing, returning or suspending provision of nonconforming items at this stage. You can also check whether there is a system for informing customers about any nonconforming items that may affect their satisfaction or expectations.

D. Determine what happens to the waste products: You can verify whether there is a documented procedure for disposing of waste products that cannot be recycled as per environmental regulations and customer requirements.

These two actions would help you to determine whether there are any nonconforming outputs at this stage and how they are controlled by the organization.

According to ISO 9001:2015, clause 4.3, the organization is required to determine the scope of its quality management system (QMS) by considering the external and internal issues referred to in clause 4.1. Clause 4.1 requires the organization to determine the external and internal issues that are relevant to its purpose and strategic direction, and that affect its ability to achieve the intended results of its QMS. These issues can include positive and negative factors or conditions for consideration, such as legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local. The organization is also required to monitor and review these issues.

Therefore, the correct answer is C, as external issues of the organization’s context are one of the factors that must be considered when determining the scope of the QMS. The other options are either not directly related to the scope of the QMS, or are not explicitly mentioned in clause 4.3.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.9 (Audit Conclusions & Reporting):

One consolidated audit report should be drafted based on all team members’ findings.

Each auditor does not draft separate reports (B) unless explicitly required.

Thus, A is the correct answer.

When an organization wishes to extend the scope of their current certification to include new services or activities, such as the printing and compilation of computer documentation packages, it requires an extension to the scope of the audit. This involves a formal application process with the certification body to ensure that the new activities are included in the audit plan and that the organization’s quality management system encompasses these new processes12. References: = The answer is based on the ISO 9001 Auditing Practices Group guidance on scope and applicability, which outlines the need for a formal application process when there is a change in the scope of the quality management system that affects the certification1. Additionally, the UKAS guide on the extension to scope (ETS) process provides information on how changes to the scope, including the addition of new services, require a formal application2.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.6 (Audit Follow-Up):

The primary focus of an audit follow-up is verifying that corrective actions were effectively implemented.

Internal audits and management reviews (B) are part of routine QMS operations, not the main objective of follow-ups.

Site conditions (C) are relevant but secondary to verifying corrective action effectiveness.

Thus, A is the correct answer.

According to the ISO 9001:2015 document, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system1. However, among the six options given, only effectiveness is directly mentioned as an aspect of the quality management system that must be continually improved. Therefore, C is one of the correct answers.

Efficiency, on the other hand, is not explicitly stated as an aspect of the quality management system that must be continually improved, but it is implied by the quality management principle of improvement, which states that successful organisations have an ongoing focus on improvement2. One of the key benefits of applying this principle is improving operational effectiveness and efficiency2. Therefore, E is another correct answer.

Suitability, adaptability, responsiveness, and applicability are not aspects of the quality management system that must be continually improved, according to the ISO 9001:2015 document. They may be related to the quality management system, but they are not the focus of continual improvement.

Therefore, the correct answer is C and E.

Understanding the Purpose of a Quality Management System (QMS):The primary objective of ISO 9001:2015 is to improve the overall performance of the organization by:

Ensuring consistent delivery of products and services that meet customer and regulatory requirements.

Focusing on enhancing customer satisfaction.

Promoting continual improvement of the organization’s processes and practices.

Comprehensive and Detailed In-Depth Explanation:

The PDCA (Plan-Do-Check-Act) cycle is a continuous improvement model used in ISO 9001:2015. The "Check" phase involves monitoring, measuring, and analyzing the results to assess if the planned actions have been effective.

In scenario 1, AL-TAX tested the effectiveness of the intended actions, which aligns with the Check stage of the PDCA cycle. Clause 9.1.1 (Monitoring, Measurement, Analysis, and Evaluation) requires organizations to evaluate their QMS and determine whether improvements are necessary.

Quality management principles:

Customer focus = Increased revenue and market share

Engagement of people = Enhanced trust and collaboration throughout the organisation

Improvement = Enhanced drive for innovation

Evidence-based decision-making = Increased ability to demonstrate effectiveness of past actions

According to the Quality management principles document published by ISO, each quality management principle has a statement, a rationale, key benefits, and actions you can take to apply it. Based on these descriptions, the potential benefits can be matched to the corresponding principles as follows:

Customer focus: The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. The key benefits of this principle include increased customer value, customer satisfaction, customer loyalty, repeat business, reputation, customer base, revenue and market share.

Engagement of people: Competent, empowered and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value. The key benefits of this principle include improved understanding of the organization’s objectives and values, increased involvement in improvement activities, enhanced personal development, increased motivation and empowerment, enhanced trust and collaboration, and increased recognition and rewards.

Improvement: Successful organizations have an ongoing focus on improvement. The key benefits of this principle include improved organizational capabilities, alignment of improvement activities at all levels, increased ability to anticipate and react to opportunities and threats, enhanced drive for innovation, and increased levels of satisfaction.

Evidence-based decision-making: Decisions based on the analysis and evaluation of data and information are more likely to produce desired results. The key benefits of this principle include improved decision-making processes, increased ability to demonstrate the effectiveness of past decisions, increased ability to review, challenge and change opinions and decisions, and increased ability to improve performance.

According to the ISO 9000:2015 quality management principles document1, risk-based approach is not one of the seven quality management principles that ISO 9000, ISO 9001 and other related quality management standards are based on. The seven quality management principles are:

Customer focus

Leadership

Engagement of people

Process approach

Improvement

Evidence-based decision making

Relationship management

Therefore, risk-based approach is not a quality management principle under ISO 9001:2015.

The appropriate response in this situation would be:

C. I will raise it as a minor nonconformity; you have the option to appeal to our Certification Body.

This response acknowledges the restaurant manager’s point that the shortage of some hamburgers may not constitute a management system failure. However, the fact remains that the menu was not updated to reflect the current availability of products, which led to customer dissatisfaction. This is a deviation from the ISO 9001 standard, which requires that the organization ensures the availability of resources needed to provide products and services as promised1. Raising it as a minor nonconformity allows the organization to address the issue within a specified timeframe and provides an opportunity for appeal if the organization disagrees with the auditor’s decision2.

As the audit team leader, it is crucial to manage differing opinions constructively and ensure that the correct clause is selected for the nonconformity based on solid evidence. Here’s how the situation should be handled:

E. Invite you and the second auditor to fully explain your point of view and then decide which clause to select: This promotes collaboration and transparency, allowing both auditors to present their rationale for choosing the specific clause.

F. Review the evidence with you and the second auditor, and then decide which clause of ISO 9001 would best apply: Reviewing the evidence in relation to the specific requirements of ISO 9001 is essential for determining which clause is most appropriate.

H. Try to obtain a consensus between you and the second auditor after a discussion of the different opinions: Consensus-building is a crucial skill for an audit team leader. Achieving agreement ensures the nonconformity is addressed accurately and with full team support.

Options such as overruling immediately (D) or deferring the decision without full discussion (B) could undermine team dynamics and the audit process. Consulting the quality manager (A) or selecting an entirely different clause (G) is unnecessary, as the team should resolve the issue internally​​.

Comprehensive and Detailed In-Depth Explanation:

Audit evidence includes information collected through different methods to assess compliance with ISO 9001:2015 requirements.

Clause References:

ISO 19011:2018, Clause 6.4.6 – Audit Evidence: Audit evidence must be objective, verifiable, and based on facts.

ISO 9001:2015, Clause 9.1.1 – Monitoring, Measurement, Analysis, and Evaluation: Requires organizations to collect and analyze data from multiple sources to verify effectiveness.

Types of Audit Evidence Collected in Scenario 3:

Verbal Evidence – Employee interviews regarding training and awareness sessions.

Documentary Evidence – Organizational charts, job descriptions, training records.

Physical Evidence – Workplace observations to assess working conditions.

Why is the Correct Answer B?

The audit team used a combination of verbal (interviews), documentary (records), and physical (site observations) evidence.

This triangulation approach enhances audit reliability and ensures compliance verification.

Why are the Other Options Incorrect?

A (Confirmative evidence) → Not a formal audit term in ISO 9001 or ISO 19011.

C (Analytical evidence) → Incorrect, as analysis was not a primary method used.

D (Qualitative evidence only) → Incorrect because the audit involved both qualitative (interviews) and quantitative (documents, physical) evidence.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 emphasizes continual improvement as a fundamental requirement of an effective Quality Management System (QMS).

Clause Reference:

Clause 4.4.1 (Quality Management System and Its Processes) states that organizations must:

Determine processes needed for the QMS

Establish criteria and methods for process effectiveness

Ensure continual improvement of the system

Why is the Correct Answer C?

Continual improvement is a core principle of ISO 9001.

Organizations must regularly assess and enhance their QMS to adapt to new challenges and maintain effectiveness.

Why are the Other Options Incorrect?

A (To change the QMS quarterly) → ISO 9001 does not mandate a specific frequency for system changes.

B (To review the QMS annually) → QMS reviews must be conducted as needed, not strictly annually.

D (To conduct a QMS gap analysis every two years) → Gap analysis is useful but is not a mandatory requirement under Clause 4.4.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires organizations to ensure competence of personnel whose work affects quality performance.

Clause References:

Clause 7.2 – Competence: Organizations must determine, provide, and evaluate competence of employees performing work under the QMS.

ISO 19011:2018, Clause 6.4.6 – Audit Evidence: Auditors should use a combination of document review, interviews, and observation to verify competence.

Why is the Correct Answer C?

The organizational chart shows reporting structures and helps verify roles and responsibilities.

Job descriptions outline required qualifications, skills, and competencies for each role.

These documents provide objective audit evidence that personnel meet the required competencies for their positions.

Why are the Other Options Incorrect?

A (Sufficient evidence) → Partially correct, but competence verification often requires multiple sources of evidence, including training records, certifications, and observations.

B (Not relevant) → Incorrect because verifying competence is crucial for ensuring effective QMS implementation.

D (Direct observation only) → Observation alone is insufficient; documentation and interviews are also required to confirm competence.

Sequence:

Stage 1 Audit

Stage 2 Opening Meeting

Interviews

Stage 2 Closing Meeting

Close-out of Stage 2 Audit Findings

Issue Certificate

Surveillance Audit

Follow-up Audit

To complete the sequence, you can drag and drop the options to the appropriate blank section.

Here is a brief explanation of each step:

Stage 1 Audit: This is the initial audit that aims to assess the readiness of the organization for the stage 2 audit. It involves reviewing the documentation of the quality management system, evaluating the scope and objectives of the audit, and identifying any major gaps or nonconformities34.

Stage 2 Opening Meeting: This is the meeting that marks the start of the stage 2 audit. It involves confirming the audit plan, the audit criteria, the audit scope, and the audit team. It also provides an opportunity for the auditee to ask any questions or raise any concerns34.

Interviews: This is the main activity of the stage 2 audit, where the audit team collects evidence by interviewing the personnel involved in the quality management system, observing the processes and activities, and examining the records and documents. The audit team uses various techniques, such as sampling, measurement, analysis, and evaluation, to verify the conformity and effectiveness of the quality management system345.

Stage 2 Closing Meeting: This is the meeting that marks the end of the stage 2 audit. It involves presenting the audit findings, the audit conclusions, and the audit report to the auditee. It also provides an opportunity for the auditee to provide feedback, ask questions, or dispute any findings34.

Close-out of Stage 2 Audit Findings: This is the process of verifying that the auditee has taken appropriate corrective actions to address any nonconformities or opportunities for improvement identified during the stage 2 audit. The audit team may request evidence or conduct a follow-up visit to confirm the effectiveness of the corrective actions34.

Issue Certificate: This is the process of issuing a certificate of conformity to the auditee, if the audit team is satisfied that the quality management system meets the requirements of the standard and that there are no major nonconformities or unresolved issues. The certificate is valid for a specified period, usually three years, and is subject to periodic surveillance audits34.

Surveillance Audit: This is the process of conducting periodic audits, usually once a year, to monitor the continued conformity and effectiveness of the quality management system. It involves reviewing the changes, improvements, and performance of the quality management system, and identifying any new nonconformities or opportunities for improvement34.

Follow-up Audit: This is the process of conducting an additional audit, usually in response to a significant change, a complaint, or a major nonconformity, to verify the impact and the corrective actions taken by the auditee. It may result in the suspension, withdrawal, or renewal of the certificate, depending on the outcome of the audit34.

Comprehensive and Detailed In-Depth Explanation:

The Stage 2 audit (ISO 17021-1:2015, Clause 9.3.1.3) is conducted to:

Verify whether the QMS is effectively implemented and operational.

Ensure compliance with ISO 9001 requirements in actual practice.

Identify nonconformities that may impact certification.

Reviewing documented information (Answer B) is part of Stage 1, and gathering scope information (Answer C) is done before the certification audit.

Nonconformity report

ISO 9001 Clause Number: 9.3.1 Nature of problem: Management review has not been conducted at the defined frequency. ISO 9001 requirement that has not been fulfilled: ISO 9001 - “Top management shall review the organization’s quality management system at planned intervals.” Evidence: The last management review took place nine months ago, and the previous one took place one year before the latest review. The planned interval is six months.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires organizations to measure and monitor customer perceptions to determine whether customer requirements are being met.

Clause Reference:

Clause 9.1.2 – Customer Satisfaction states that organizations must monitor customer perceptions using relevant methods such as customer surveys, feedback forms, and complaint analysis.

One of the most effective ways to do this is gap analysis, which identifies differences between customer expectations and actual service or product performance.

Why is the Correct Answer C?

Gap analysis helps determine discrepancies between current performance and customer expectations, allowing organizations to improve quality.

It is a standard quality improvement tool used to assess customer satisfaction.

Why are the Other Options Incorrect?

A (PEST analysis) → Focuses on external macroeconomic factors (Political, Economic, Social, Technological) rather than customer satisfaction.

B (Market-share analysis) → Examines business performance relative to competitors, not customer perceptions.

D (Competitive benchmarking) → Involves comparing processes with competitors but does not directly monitor customer perceptions.

Comprehensive and Detailed In-Depth Explanation:

Reliability in service quality refers to the consistent and dependable delivery of promised services.

ISO 9001:2015 emphasizes reliability through:

Clause 8.2.1 (Customer Communication) – Ensuring clarity in service commitments.

Clause 8.5.1 (Control of Service Provision) – Ensuring processes meet requirements consistently.

Other options do not fully define reliability:

Option A (Safe services) relates to safety, not reliability.

Option B (Readiness and goodwill) relates to responsiveness, not reliability.

Option D (Low cost) focuses on pricing, not quality.

Here is the correct matching of actions to the statements in the context of leading the internal audit:

If practicablecarry out a formal opening meeting

You should notaudit production (as you are a supervisor in that area, and this would compromise audit objectivity)

You need notchange the audit team (unless there is a specific reason, such as conflict of interest)

You mustraise audit findings if necessary (this is a key responsibility of an auditor when nonconformities are found)

You must notsend the audit report to the Quality Manager (the audit report must be reviewed first; it is typically part of the internal audit process to go through necessary channels before final submission)

You shouldsend the audit report to the Quality Manager (after appropriate reviews and approvals)

This reflects key principles of conducting an internal audit according to ISO 9001:2015, ensuring objectivity, proper documentation, and clear reporting procedures.

Comprehensive and Detailed In-Depth Explanation:

Certification bodies must remain independent and impartial. If a certification body (ABC-CERT) provides consulting services to an organization through its subsidiary (Consultancy ABC), it cannot later certify the same organization.

Clause References:

ISO/IEC 17021-1:2015, Clause 5.2.5 – Impartiality Requirements:

A certification body must not certify an organization to which it has provided consultancy services.

ISO/IEC 17021-1:2015, Clause 5.2.6:

Subsidiaries of certification bodies must not provide consulting services to prevent conflicts of interest.

Why is the Correct Answer C?

Certifying a client after providing consultancy creates a conflict of interest and violates ISO/IEC 17021-1:2015 impartiality rules.

The certification body (ABC-CERT) and consultancy firm (Consultancy ABC) are related entities, making it impossible to remain objective and independent.

Why are the Other Options Incorrect?

A (Waiting two years) → ISO does not specify a time frame; the issue is impartiality, not just time.

B (Signing an agreement to ensure objectivity) → Conflicts of interest cannot be resolved through an agreement; independence is required.

According to the ISO 9001:2015 standard, clause 10.2.1 defines nonconformity as the non-fulfilment of a requirement. A requirement can be related to the quality management system, the products and services, the customer expectations, or the applicable statutory and regulatory requirements. Nonconformities can be detected through various sources, such as audits, inspections, tests, customer complaints, or internal reviews. Nonconformities must be addressed by taking appropriate actions to correct them and prevent their recurrence.

In this scenario, the auditee has shown several issues that indicate nonconformities in their quality management system. Two statements that apply to the term nonconformity are:

A. No quality objectives planned for the top management team: According to ISO 9001, clause 6.2.1, the organization must establish quality objectives at relevant functions, levels, and processes. The quality objectives must be consistent with the quality policy and the strategic direction of the organization. The top management team is responsible for providing leadership and direction for the quality management system and ensuring its alignment with the organization’s purpose and context. Therefore, the absence of quality objectives for the top management team is a nonconformity as it violates the requirement of clause 6.2.1.

E. Quality improvements not aligning with the quality policy: According to ISO 9001, clause 5.2.1, the quality policy is a statement of the organization’s intentions and direction regarding quality, as formally expressed by top management. The quality policy must provide a framework for setting quality objectives and be compatible with the context and strategic direction of the organization. The quality policy must also be communicated, understood, and applied within the organization. Therefore, if the quality improvements are not aligned with the quality policy, it is a nonconformity as it violates the requirement of clause 5.2.1.

Understanding Clause 6.2 of ISO 9001:2015:Clause 6.2 (Quality Objectives and Planning to Achieve Them) specifies that organizations must:

Establish measurable and relevant quality objectives consistent with the quality policy (Clause 6.2.1).

Include objectives applicable to product/service conformity and customer satisfaction.

Document these objectives and their planning as documented information (Clause 6.2.1 & 6.2.2).

Plan how to achieve the objectives, including defining actions, resources, responsibilities, timelines, and methods for evaluation.

Analysis of Options:

A. Quality objectives are not being implemented by the organisation's personnel:Incorrect. While implementation is critical, this relates more to operational aspects rather than the direct requirements of Clause 6.2. Implementation issues would typically raise concerns under Clause 9.1 (Performance Evaluation).

B. The consultant has not interpreted ISO 9001 correctly:Incorrect. The consultant's interpretation of ISO 9001 is irrelevant in terms of Clause 6.2 compliance. The focus is on whether the organization aligns with the requirements, not the consultant's role.

C. Establishing quality objectives did not include top management:Incorrect. While top management involvement is vital for QMS effectiveness (Clause 5.1), this is not a direct requirement of Clause 6.2. Top management alignment is implied but not explicitly mandated for establishing quality objectives.

D. Quality objectives were not established in alignment with the organisation's quality policy:Correct. Clause 6.2.1 requires that quality objectives be consistent with the organization’s quality policy, ensuring they reflect its purpose, strategic direction, and commitment to continual improvement. Misalignment would constitute a nonconformity.

E. The organisation cannot afford to undertake quality objectives all at once:Incorrect. Financial constraints are not directly addressed in Clause 6.2. The clause focuses on planning to achieve objectives, which includes defining the necessary resources but does not demand achieving all objectives simultaneously.

F. Quality objectives are not maintained as documented information:Correct. Clause 6.2.1 specifically requires that quality objectives be maintained as documented information. Failure to document the objectives is a direct violation of this clause.

Why Options D and F Are Correct:

D: Misalignment between the quality objectives and the quality policy directly violates Clause 6.2.1, which mandates that objectives support the strategic direction of the organization.

F: Lack of documentation for quality objectives breaches the requirement to maintain them as documented information under Clause 6.2.1.

Relevant References:

Clause 6.2.1: Establishing quality objectives aligned with the quality policy.

Clause 6.2.2: Maintaining documented information for quality objectives and planning to achieve them.

Clause 5.1.1: Top management's responsibility to ensure alignment between the QMS and strategic direction.

According to ISO 19011:2018, clause 6.3, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the information listed in my previous response, such as the audit objectives, scope, criteria, schedule, team, methods, report, etc. The audit plan should be prepared and completed prior to the on-site audit, and should be communicated to the audit team and the auditee1.

According to ISO 19011:2018, clause 6.4.3, the checklist / prompts are documents that list the questions or topics that need to be covered during an audit. The checklist / prompts can help the auditor to collect and verify information relevant to the audit criteria, and to ensure the consistency and completeness of the audit. The checklist / prompts should be prepared and completed prior to the on-site audit, and should be based on the audit plan and the audit scope and objectives1.

Therefore, the two documents that an auditor needs to prepare and complete prior to the on-site audit are B and D, as they are essential for planning and conducting the audit. The other options are not correct, as they are either prepared or completed after the on-site audit, or not required by the standard:

•A. Audit Report: The audit report is a document that provides a complete, accurate, concise, and clear record of the audit. The audit report should include the information listed in my previous response, such as the audit objectives, scope, criteria, findings, conclusions, etc. The audit report should be prepared and completed after the on-site audit, and should be distributed to the audit client and the auditee1.

•C. Procedures: Procedures are documents that specify the way activities are to be performed. Procedures may be part of the audit criteria, if they are part of the organization’s management system, or part of the audit programme, if they are part of the certification body’s or registrar’s requirements. Procedures are not prepared or completed by the auditor prior to the on-site audit, but rather reviewed or followed by the auditor during the audit1.

•E. Risk Matrices: Risk matrices are tools that help to assess and prioritize the risks and opportunities associated with the audit programme or the audit. Risk matrices may be part of the audit programme management, if they are used to determine and evaluate the audit programme risks and opportunities, or part of the audit preparation, if they are used to determine and evaluate the audit risks and opportunities. Risk matrices are not prepared or completed by the auditor prior to the on-site audit, but rather used or updated by the auditor during the audit programme management or the audit preparation1.

•F. Findings: Findings are the results of the evaluation of the collected audit evidence against the audit criteria. Findings can indicate either conformity or nonconformity, as well as positive aspects or opportunities for improvement. Findings are not prepared or completed by the auditor prior to the on-site audit, but rather generated and recorded by the auditor during the audit activities1.

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, correction is defined as “action to eliminate a detected nonconformity”. A nonconformity is defined as “non-fulfilment of a requirement”. Therefore, the process of modifying a non-conforming product to bring it within acceptance criteria is a correction, as it eliminates the non-fulfilment of the product specification. The other options are not correct, as they have different definitions and purposes:

•Concession: permission to release or use a nonconforming product, service or process

•Corrective action: action to eliminate the cause of a nonconformity and to prevent recurrence

•Preventive action: action to eliminate the cause of a potential nonconformity or other undesirable potential situation

Comprehensive and Detailed In-Depth Explanation:

The audit schedule provides a structured timeline of activities to be conducted during the audit.

Clause References:

ISO 19011:2018, Clause 6.4.2 – Preparing the Audit Plan:

Requires the development of an audit schedule, including the sequence and timing of activities.

ISO/IEC 17021-1:2015, Clause 9.1.3 – Audit Program:

Certification bodies must establish a schedule for conducting audits.

Why is the Correct Answer C?

The audit schedule ensures systematic execution of the audit by defining activities, responsible auditors, and timeframes.

A well-planned schedule improves efficiency and helps auditors cover all necessary areas within the given time.

Why are the Other Options Incorrect?

A (Audit objectives) → Define why the audit is conducted, not the schedule.

B (Audit criteria) → Define the standards and requirements to be evaluated, not the timeline.

D (Audit offer) → Refers to the initial proposal sent to the auditee, not the activity timeline.

Top management is responsible for establishing, implementing, and maintaining the quality policy. The quality policy provides a framework for setting quality objectives and must be compatible with the context of the organization and support its strategic direction. It should also provide a commitment to satisfy applicable requirements and to continuous improvement.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.8 (Audit Reporting):

The certification body retains ownership of the audit report as it is responsible for the certification decision.

The auditee may receive a copy, but it does not own the report.

The audit team leader compiles the report but does not own it.

Thus, C is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

A guide is assigned by the auditee to assist the audit team by:

Managing logistics, such as ensuring that relevant documents are available and arranging interviews.

Assisting in the coordination of meetings and access to facilities.

Helping the auditors navigate the organization during the audit.

However, the guide does not fill gaps in the auditor’s knowledge or witness the audit for the certification body. Their primary function is logistical support, not providing interpretations or assessments.

The table below shows the possible matching of the ISO 9001 Clause 8.3 extract to the audit evidence.

Table

Audit evidence

ISO 9001 Clause 8.3 extract

Half of all new products launched in the past 12 months were late. The NPD Manager explains he has not got enough people on his team to cope with the demand for new products.

“8.3.2 e) … internal … resource needs for the design and development of products …”

The NPD Manager explains many changes are made to cosmetic formulations during product development owing to retailer feedback. Only when confirmed by the retailer is the agreed formulation documented on SWIFT.

“8.3.5 … retain documented information …”

The NPD Manager explains that the customer confirms their approval to proceed with a new formulation by email. These emails are kept on SWIFT.

“8.3.6 … retain documented information …”

The NPD Manager shows you evidence of consumer trials that are carried out for some new products prior to full-scale launch.

“8.3.4 d) … conducted to ensure that the resulting products and services meet the requirements …”

The NPD Manager explains that an approved external laboratory is used to perform shelf-life stability trials on some formulations during product development.

“8.3.2 e) … external … resource needs for the design and development of products …”

In this scenario, the organisation A has two plants, A1 and A2, but the production in A2 was discontinued due to the COVID-19 pandemic and the plant was rented to another organisation B. There are no A employees working in A2, and the organisation A expects to reassume production in A2 as soon as possible. Therefore, the appropriate action to plan the internal audit of A’s quality management system is:

•Interview the A2 plant manager, now working in Plant A1: This action involves interviewing the person who is responsible for the management and operation of the plant A2, and who is currently working in the plant A1. The interview should aim to gather information about the status and condition of the plant A2, the impact of the COVID-19 pandemic on the quality management system, the arrangements and agreements with the organisation B, and the plans and actions to resume production in the plant A25 . This action is relevant and necessary for the internal audit, as it can help to assess the readiness and effectiveness of the quality management system, and to identify any gaps or nonconformities that need to be addressed.

The other options are not appropriate actions to plan the internal audit of A’s quality management system, according to the web search results from my internal tool. They are:

•Visit Plant A2 to interview personnel of company B: This action involves visiting the plant A2 and interviewing the personnel of the organisation B, who are not related to the organisation A and who are not part of the quality management system. This action is irrelevant and unnecessary for the internal audit, as it can not provide any evidence or information about the conformity and improvement of the quality management system of the organisation A5 .

•Visit Plant A2 to interview B’s quality manager: This action involves visiting the plant A2 and interviewing the quality manager of the organisation B, who is not related to the organisation A and who is not part of the quality management system. This action is irrelevant and unnecessary for the internal audit, as it can not provide any evidence or information about the conformity and improvement of the quality management system of the organisation A5 .

•Visit Plant A2 to interview A’s security personnel and B’s maintenance department: This action involves visiting the plant A2 and interviewing the security personnel of the organisation A and the maintenance department of the organisation B, who are not directly involved in the quality management system. This action is irrelevant and unnecessary for the internal audit, as it can not provide any evidence or information about the conformity and improvement of the quality management system of the organisation A5 .

Therefore, the correct answer is D.

Comprehensive and Detailed In-Depth Explanation:

Stage 1 Audit (ISO 9001:2015, Clause 9.2.2) is a documentation review to assess the readiness for a Stage 2 Audit. The auditor must document:

Observations that could lead to nonconformities, ensuring they are addressed before Stage 2.

Areas needing improvement, such as missing documented information or unclear process definitions.

While understanding the auditee’s main processes is important, documenting interviews is not a requirement at Stage 1.

Nonconformity report

ISO 9001 Clause Number: 8.5.4 Nature of problem: Cleaning and sanitising records are not available for every batch. ISO 9001 requirement that has not been fulfilled: ISO 9001 - “The organization shall implement planned arrangements, at appropriate stages, to verify that the product requirements have been met.” Evidence: 40 cleaning records are available for 63 batches.

Comprehensive and Detailed In-Depth Explanation:

Auditors must report findings truthfully and accurately to ensure an unbiased assessment of the QMS.

Clause References:

ISO 19011:2018, Clause 4 – Principles of Auditing:

Fair Presentation → Requires auditors to report truthfully and accurately, without bias or omission.

Integrity → Ensures auditors adhere to ethical conduct.

Why is the Correct Answer A?

The audit team reported findings truthfully, based on collected evidence.

Fair presentation ensures that both positive and negative findings are included in the audit report.

Objective evidence was gathered through interviews, document reviews, and observations.

Why are the Other Options Incorrect?

B (Integrity) → Related to ethics and professional conduct, but not specifically about presenting findings.

C (Confidentiality) → Important, but does not apply to the principle of reporting findings accurately.

D (Objectivity) → Ensures impartiality, but "fair presentation" directly addresses accurate reporting of findings.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.6 (Conducting Interviews), group interviews should be conducted with at least two auditors to ensure objectivity and accuracy.

This prevents bias or misinterpretation of responses.

It allows for cross-validation of information.

It ensures that the audit results remain objective and impartial.

Since Li Na conducted the group interviews alone, she did not follow audit best practices. The correct approach would have been to have another auditor present during the interviews.

According to the ISO 9001:2015 standard, clause 10.2 requires organizations to review nonconformities, including any arising from customer complaints, and to take appropriate actions to determine the cause, implement corrections and preventive actions, and verify their effectiveness. The organization must also monitor the effectiveness of the actions taken and make changes if necessary.

In this scenario, the auditee is facing a legal dispute with a customer over damage to an expensive cashmere coat. This is a nonconformity that arises from customer complaint and has a significant impact on customer satisfaction and reputation. Therefore, clause 10.2 applies to this situation.

The best option for how this should be handled by the Quality Management System is B.

B means that the organization should report the situation to the customer with suggested remedial action. This option follows the principle of transparency and accountability, as well as respecting the customer’s rights and expectations. The organization should also investigate the root cause of the damage and prevent it from happening again in other shops or products.

The other options are not appropriate because:

A means that the organization should settle the court case by negotiation with the customer. This option may not be feasible or satisfactory for both parties, especially if there is a large amount of compensation involved or if there are legal implications for other customers.

C means that the organization should make an offer to replace the coat with a new one. This option may not be sufficient or acceptable for both parties, especially if there is evidence of negligence or poor quality on behalf of the organization.

D means that the organization should give an explanation to the customer of what went wrong. This option may not be enough or convincing for both parties, especially if there is no evidence of negligence or poor quality on behalf of the organization.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9001:2015, Clause 9.2 (Internal Audit):

Internal audits are conducted by employees of the company who are trained as auditors.

External auditors are not mandatory unless required by the organization.

Thus, A is the correct answer.

In this scenario, the audit team leader must balance maintaining the integrity of the audit plan while considering the auditee’s request. The two best responses allow for flexibility without compromising the audit's rigor:

A. I could audit the other laboratories virtually at the end of this audit: Virtual audits can be a valid option, especially in multi-site audits. ISO 9001:2015 does not prohibit virtual audits, and in certain situations, they are practical for reviewing documentation or observing operations remotely.

C. I could try to revise the audit programme to see if I can audit all laboratories: Revising the audit programme to accommodate additional site visits is a reasonable compromise. ISO 9001:2015 audits are based on risk and sampling, but the audit team leader has the flexibility to adjust the audit scope if it fits within the audit duration and resources.

The other options, such as extending the audit duration (B, F) or strictly adhering to the original plan (D, E), may not be practical or necessary. Revising the plan to audit all laboratories or using virtual auditing ensures that the audit remains efficient while addressing the organization's concerns​.