Sequence:

• Stage 1 Audit
• Stage 2 Opening Meeting
• Interviews
• Stage 2 Closing Meeting
• Close-out of Stage 2 Audit Findings
• Issue Certificate
• Surveillance Audit
• Follow-up Audit

To complete the sequence, you can drag and drop the options to the appropriate blank section.

Here is a brief explanation of each step:

• Stage 1 Audit: This is the initial audit that aims to assess the readiness of the organization for the stage 2 audit. It involves reviewing the documentation of the quality management system, evaluating the scope and objectives of the audit, and identifying any major gaps or nonconformities34.
• Stage 2 Opening Meeting: This is the meeting that marks the start of the stage 2 audit. It involves confirming the audit plan, the audit criteria, the audit scope, and the audit team. It also provides an opportunity for the auditee to ask any questions or raise any concerns34.
• Interviews: This is the main activity of the stage 2 audit, where the audit team collects evidence by interviewing the personnel involved in the quality management system, observing the processes and activities, and examining the records and documents. The audit team uses various techniques, such as sampling, measurement, analysis, and evaluation, to verify the conformity and effectiveness of the quality management system345.
• Stage 2 Closing Meeting: This is the meeting that marks the end of the stage 2 audit. It involves presenting the audit findings, the audit conclusions, and the audit report to the auditee. It also provides an opportunity for the auditee to provide feedback, ask questions, or dispute any findings34.
• Close-out of Stage 2 Audit Findings: This is the process of verifying that the auditee has taken appropriate corrective actions to address any nonconformities or opportunities for improvement identified during the stage 2 audit. The audit team may request evidence or conduct a follow-up visit to confirm the effectiveness of the corrective actions34.
• Issue Certificate: This is the process of issuing a certificate of conformity to the auditee, if the audit team is satisfied that the quality management system meets the requirements of the standard and that there are no major nonconformities or unresolved issues. The certificate is valid for a specified period, usually three years, and is subject to periodic surveillance audits34.
• Surveillance Audit: This is the process of conducting periodic audits, usually once a year, to monitor the continued conformity and effectiveness of the quality management system. It involves reviewing the changes, improvements, and performance of the quality management system, and identifying any new nonconformities or opportunities for improvement34.
• Follow-up Audit: This is the process of conducting an additional audit, usually in response to a significant change, a complaint, or a major nonconformity, to verify the impact and the corrective actions taken by the auditee. It may result in the suspension, withdrawal, or renewal of the certificate, depending on the outcome of the audit34.

Nonconformity report

ISO 9001 Clause Number: 9.3.1 Nature of problem: Management review has not been conducted at the defined frequency. ISO 9001 requirement that has not been fulfilled: ISO 9001 - “Top management shall review the organization’s quality management system at planned intervals.” Evidence: The last management review took place nine months ago, and the previous one took place one year before the latest review. The planned interval is six months.

Documented information is a means by which an organization demonstrates compliance. It communicates what we do and how we do things, it communicates what happened and what results were achieved. It is, essentially, a tool for communication. ISO 9001:2015 allows an organization flexibility in the way it chooses to document its quality management system (QMS). This enables each individual organization to determine the correct amount of documented information needed in order to demonstrate the effective planning, operation and control of its processes and the implementation and continual improvement of the effectiveness of its QMS. The standard states that the organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned. Therefore, the purpose of retaining documented information is to support the operation of the processes of the QMS, not to facilitate auditing, provide confidence or safeguard integrity, which are secondary benefits of documented information. References: Guidance on the requirements for Documented Information of ISO 9001:2015, ISO 9001:2015 documented information | CQI | IRCA, Documented Information Required by ISO 9001:2015 - 9000 Store

According to ISO 19011:2018, clause 6.3.2, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the following information1:

•the audit objectives, scope and criteria

•the audit team members and their roles and responsibilities

•the audit schedule, including the date, time and location of each audit activity

•the expected time and duration of meetings and interviews

•the allocation of appropriate resources to critical areas of the audit

•the identification of the audit client and the auditee

•the identification of the guides and observers, if any

•the documents and records to be reviewed before and during the audit

•the audit methods and tools to be used

•the audit language and terminology

•the audit report content, format, distribution and expected completion date

•the risk to achieving audit objectives and the contingency plan, if any

Therefore, the issue which is not expected to be included in the audit plan is C, expectations of the organisation’s management. This issue is not relevant to the conduct of the audit, as the audit is based on the audit criteria, not on the management’s expectations. The management’s expectations may be considered during the audit initiation or the audit programme management, but they are not part of the audit plan.

References: ISO 19011:2018(en), Guidelines for auditing management systems, How to create an ISO 9001 internal audit plan - Advisera

• Establishing the audit programme objectives
• Determining and evaluating the audit programme risks and opportunities
• Establishing the audit programme
• Initiating the audit
• Preparing all audit activity
• Conducting the audit activities

According to ISO 19011:2018, clause 5, the audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose. The audit programme includes all activities necessary to plan, organize, and conduct the audits. The audit programme management involves the following steps1:

• Establishing the audit programme objectives: The audit programme objectives define the intended outcomes of the audit programme, such as verifying conformity, evaluating performance, identifying improvement opportunities, etc. The audit programme objectives should be aligned with the strategic direction and policies of the organization and the needs and expectations of the interested parties.
• Determining and evaluating the audit programme risks and opportunities: The audit programme risks and opportunities are the factors that can affect the achievement of the audit programme objectives, such as changes in the internal or external context, availability of resources, competence of auditors, etc. The audit programme risks and opportunities should be identified, analyzed, and evaluated to determine the appropriate actions to address them.
• Establishing the audit programme: The audit programme is established by defining the audit programme scope, criteria, methods, and resources. The audit programme scope defines the extent and boundaries of the audit programme, such as the processes, functions, sites, activities, etc. that will be audited. The audit programme criteria are the set of policies, procedures, or requirements used as a reference for the audits. The audit programme methods are the techniques used to conduct the audits, such as interviews, observations, document review, sampling, etc. The audit programme resources are the human, technical, and financial resources needed to implement the audit programme.
• Initiating the audit: The audit initiation is the process of formally establishing the arrangements for an individual audit within the audit programme. The audit initiation involves contacting the auditee and the audit client, confirming the audit objectives, scope, and criteria, and obtaining the necessary information and access for the audit.
• Preparing all audit activity: The audit preparation is the process of developing the audit plan and the audit work documents for an individual audit. The audit plan is a document that provides the basis for agreement regarding the conduct of the audit, such as the audit schedule, the audit team, the audit methods, the audit language, the audit report, etc. The audit work documents are the records that provide evidence of the audit activities, such as the audit checklist, the audit notes, the audit findings, etc.
• Conducting the audit activities: The audit activities are the processes of collecting and verifying audit evidence and evaluating it against the audit criteria to make the audit conclusions. The audit activities include the opening meeting, the communication during the audit, the roles and responsibilities of the audit team and the auditee, the audit evidence collection and verification, the audit findings generation and recording, the closing meeting, and the audit report preparation and distribution.

References: ISO 19011:2018(en), Guidelines for auditing management systems

•To evaluate the preparedness of the organisation for a Stage 2 audit: This objective involves assessing the readiness of the organisation to undergo the Stage 2 audit, where the conformity and effectiveness of the quality management system will be verified123. The audit team will check the level of implementation and understanding of the quality management system, identify any major gaps or nonconformities, and confirm the audit scope, criteria, and plan123.

•To review the quality manual: This objective involves reviewing the documented information of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team will also evaluate the organisation’s understanding and application of the standard, and identify any areas of improvement or concern123.

The other options are not included in the objectives of the Stage 1 initial certification audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.

Therefore, the correct answer is B and D.

References: 1: ISO 9001 Certification Audits | Stage 1 and Stage 2 - 9001. Simplified 2: Stage 1 of your Audit | NQA Blog 3: Getting Certified to ISO 9001 - the Stage 1 Audit

The action that the auditor would have accepted is:

•Option B: Apply the existing process of addressing the risks and opportunities of milk production. This option is correct because ISO 9001:2015 clause 8.1 requires the organization to plan, implement and control the processes needed to meet the requirements for the provision of products and services, and to implement actions determined in clause 6.1, which refers to the actions to address risks and opportunities. The organization should apply the existing process of addressing the risks and opportunities of milk production, which may include identifying the sources of variability, assessing the potential impacts and consequences, determining and implementing appropriate actions to reduce or eliminate the variability, monitoring and measuring the effectiveness of the actions, and reviewing and updating the actions as necessary.

The following options are not correct:

•Option A: Modify the contract with the current customer to provide them with only 1,500 litres of milk per day and make an agreement with a second customer. This option is not correct because it does not address the root cause of the variability in the daily production of the milking yard, which may affect the quality and consistency of the products and services provided by the organization. It also does not demonstrate the organization’s commitment to meet the customer and applicable statutory and regulatory requirements, as required by ISO 9001:2015 clause 8.2.2.

•Option C: Retain the current contract and try to sell the occasional surplus milk to a second customer. This option is not correct because it does not address the root cause of the variability in the daily production of the milking yard, which may affect the quality and consistency of the products and services provided by the organization. It also does not demonstrate the organization’s commitment to meet the customer and applicable statutory and regulatory requirements, as required by ISO 9001:2015 clause 8.2.2.

•Option D: Analyse the daily dispatch of milk for 7 days to determine its variability. This option is not correct because it does not address the root cause of the variability in the daily production of the milking yard, which may affect the quality and consistency of the products and services provided by the organization. It also does not demonstrate the organization’s commitment to implement actions to address risks and opportunities, as required by ISO 9001:2015 clause 8.1.

References:

•ISO 9001:2015 Quality management systems - Requirements, Clause 8: Operation, Subclause 8.1: Operational planning and control, Subclause 8.2: Requirements for products and services

•ISO 9001 Lead Auditor Course Material, Module 4: ISO 9001:2015 Requirements, Slide 23: Clause 8 - Operation

•ISO 9001 Lead Auditor Training Course - IRCA Certified, Section 4.2: ISO 9001:2015 Requirements, Subsection 4.2.8: Clause 8 - Operation

•Lead Auditor Exam Preparation Guide (EPG) Template - PECB, Section 3.2: Exam Content Outline, Subsection 3.2.1: Section 1 - Audit Fundamentals, Subsection 3.2.2: Section 2 - Audit Principles, Subsection 3.2.3: Section 3 - Audit Process, Subsection 3.2.4: Section 4 - Audit Competencies

The quality system failed to control the laundry services provided for customers in five shops. The equipment used was not capable of consistently producing the required service.

A screenshot of a computer Description automatically generated

According to ISO 9001:2015, clause 8.4, an organization is required to control the processes, products and services provided by external providers, including those that affect the quality of the organization’s own products and services. This includes determining the controls to be applied to the external provision of processes, products and services, as well as the information to be communicated to the external providers. The organization is also required to monitor, measure, and evaluate the performance of the external providers and retain documented information of these activities.

Therefore, in the scenario given, ABC Ltd is responsible for controlling the processes, products and services provided by Teak Ltd, as they affect the quality of ABC Ltd’s own products and services. This means that ABC Ltd should have established criteria and methods for evaluating the performance of Teak Ltd, as well as documented information of the results of such evaluation. ABC Ltd should also have defined the supply arrangements with Teak Ltd, including the specifications, requirements, and verification activities related to the products and services provided by Teak Ltd.

Hence, the best options to describe how to plan the audit of the interrelationship with Teak Ltd during the Stage 2 audit at ABC Ltd are A and D, as they are aligned with the requirements of ISO 9001:2015, clause 8.4. The other options are either irrelevant or beyond the scope of the audit, as they do not pertain to the control of external provision by ABC Ltd.

References:

• ISO 9001:2015(en), Quality management systems — Requirements, clause 8.4
• ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.1 and 6.4.2
• ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”
• ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 5 and 6

According to the ISO 9001:2015 document, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system1. However, among the six options given, only effectiveness is directly mentioned as an aspect of the quality management system that must be continually improved. Therefore, C is one of the correct answers.

Efficiency, on the other hand, is not explicitly stated as an aspect of the quality management system that must be continually improved, but it is implied by the quality management principle of improvement, which states that successful organisations have an ongoing focus on improvement2. One of the key benefits of applying this principle is improving operational effectiveness and efficiency2. Therefore, E is another correct answer.

Suitability, adaptability, responsiveness, and applicability are not aspects of the quality management system that must be continually improved, according to the ISO 9001:2015 document. They may be related to the quality management system, but they are not the focus of continual improvement.

Therefore, the correct answer is C and E.

References: 1: ISO 9001:2015 - Quality management systems — Requirements 2: ISO - Quality management principles

Evaluate the effectiveness of the management system: This objective involves verifying that the quality management system meets the requirements of a specific standard, such as ISO 9001:2015, and that it achieves the intended results and outcomes. The audit team will collect and analyse audit evidence to determine the degree of conformity and performance of the quality management system23.

•Evaluate the capability of the management system to establish and achieve objectives: This objective involves verifying that the quality management system supports the strategic direction and policies of the organization, and that it addresses the needs and expectations of the interested parties. The audit team will assess the suitability, adequacy, and alignment of the quality management system objectives, and the effectiveness of the planning and implementation processes to achieve them23.

The other options are not the most relevant objectives of a third-party audit, according to the web search results from my internal tool. They may be related to other aspects or types of audits, but they are not the focus of a third-party audit.

Therefore, the correct answer is B and D.

References: 1: Safeguarding Your Business: The Power of Third-Party Security Audits 2: ISO 19011:2018 - Guidelines for auditing management systems 3: Third Party Audit – QMSGurus.com

A white background with black text Description automatically generated

•

Reviews the client’s management system documented information: This activity involves checking the documentation of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team also evaluates the client’s understanding and implementation of the standard, and identifies any gaps or nonconformities that need to be addressed before the Stage 2 audit123.

•Reviews the processes with high level of risk: This activity involves assessing the processes that have a significant impact on the quality of the products or services, or that pose a high risk of nonconformity or customer dissatisfaction123. The audit team also verifies the client’s risk management approach, and evaluates the effectiveness of the controls and actions taken to mitigate the risks123.

The other options are not statements that are true for the Stage 1 audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.

Therefore, the correct answer is D and G.

References: 1: ISO 9001 Certification Audits | Stage 1 and Stage 2 - 9001. Simplified 2: Stage 1 of your Audit | NQA Blog 3: Getting Certified to ISO 9001 - the Stage 1 Audit

The tasks that are expected to be completed at the audit team meeting of a third-party audit team leader and his audit team in preparation for a Closing meeting for a four-day initial certification audit are:

•Option C: Final audit team meeting to agree findings and categories including clarification of any uncertainties. This option is correct because the audit team meeting is an opportunity for the audit team leader and the audit team members to review and consolidate the audit findings, to ensure that they are clear, accurate, objective, and supported by sufficient audit evidence. The audit team should also agree on the categories of the findings, such as nonconformity, observation, or opportunity for improvement, and resolve any uncertainties or disagreements among the audit team members.

•Option D: Agree the roles of each audit team member for the closing meeting. This option is correct because the audit team meeting is an opportunity for the audit team leader to assign the roles and responsibilities of each audit team member for the closing meeting, such as presenting the audit findings, answering questions, or taking notes. The audit team leader should also ensure that the audit team members are prepared and confident to perform their roles and to communicate effectively with the auditee.

•Option E: Audit team review any points raised by the auditee nominated representative. This option is correct because the audit team meeting is an opportunity for the audit team to review any points raised by the auditee nominated representative during the audit, such as requests for clarification, feedback, or complaints. The audit team should consider the validity and relevance of the points raised and decide how to address them in the closing meeting or in the audit report.

•Option F: Audit team agree final audit outcome recommendation. This option is correct because the audit team meeting is an opportunity for the audit team to agree on the final audit outcome recommendation, based on the audit findings and the audit criteria. The audit team should also consider the implications and consequences of the audit outcome recommendation for the auditee and the certification body, and ensure that the recommendation is consistent and justified.

•Option H: Audit team complete final version of their individual findings. This option is correct because the audit team meeting is an opportunity for the audit team to complete the final version of their individual findings, based on the agreement and feedback from the audit team meeting. The audit team should ensure that their individual findings are written in a clear, concise, and factual manner, and that they include the audit criteria, the audit evidence, and the audit conclusion. The audit team should also submit their individual findings to the audit team leader for review and approval.

•Option I: Re-audit corrective actions taken to correct findings found during the audit. This option is correct because the audit team meeting is an opportunity for the audit team to re-audit the corrective actions taken by the auditee to correct the findings found during the audit, if applicable and feasible. The audit team should verify the effectiveness and adequacy of the corrective actions and update the audit findings accordingly. The audit team should also document the results of the re-audit and communicate them to the auditee.

The following options are not correct:

•Option A: Audit team leader informs the individual(s) managing the audit programme that the closing meeting is ready to be held. This option is not correct because this task is not part of the audit team meeting, but part of the communication between the audit team leader and the individual(s) managing the audit programme. The audit team leader should inform the individual(s) managing the audit programme that the closing meeting is ready to be held after the audit team meeting, when the audit team has completed all the tasks and is ready to present the audit results to the auditee.

•Option B: Hold daily audit team meeting to review any timetable issues and potential findings and their impact on the audit for other team members. This option is not correct because this task is not part of the final audit team meeting, but part of the daily audit team meetings that are held during the audit. The daily audit team meetings are opportunities for the audit team to review the progress and performance of the audit, to identify and resolve any issues or problems, and to coordinate and adjust the audit plan and activities as needed.

•Option G: Audit team leader completes final report, including individual findings and certification recommendation. This option is not correct because this task is not part of the audit team meeting, but part of the audit reporting process. The audit team leader should complete the final report, including the individual findings and the certification recommendation, after the closing meeting, when the audit team has received and considered the feedback and comments from the auditee. The audit team leader should also ensure that the final report is reviewed and approved by the appropriate authorities before issuing it to the auditee and the certification body.

•Option J: Write the audit finding report out when detected and obtain signature of the auditee. This option is not correct because this task is not part of the audit team meeting, but part of the audit evidence collection and documentation process. The audit team should write the audit finding report out when detected and obtain the signature of the auditee during the audit, when the audit team has observed and verified the audit evidence and has communicated the audit finding to the auditee. The signature of the auditee does not indicate acceptance or agreement with the audit finding, but only acknowledgement of receipt.

References:

•ISO 19011:2018 Guidelines for auditing management systems, Clause 6.4.2: Conducting audit activities, Subclause i) and j)

•ISO 9001 Lead Auditor Course Material, Module 5: Conducting an Audit, Slide 19: Audit Team Meeting

•ISO 9001 Lead Auditor Training Course - IRCA Certified, Section 5.4: Audit Team Meeting

•Lead Auditor Exam Preparation Guide (EPG) Template - PECB, Section 3.2: Exam Content Outline, Subsection 3.2.1: Section 1 - Audit Fundamentals, Subsection 3.2.2: Section 2 - Audit Principles, Subsection 3.2.3: Section 3 - Audit Process, Subsection 3.2.4: Section 4 - Audit Competencies