You are carrying out an audit at an organisation seeking certification to ISO 9001 for the
first time. The organisation offers health and safety training to
customers.
You are interviewing the Quality Systems Manager (QSM).
You: "What risks and opportunities have the business identified?"
QSM: "I'1l show you. This was discussed with the Managing Director at the latest
management review."
Narrative: The QSM shows you the latest management review record and points to the
following table:
In the context of a third-party certification audit, it is very important to have effective communication. Which is not the responsibility of the audit team leader?
A. If audit objectives are unattainable, reporting the reasons to the accreditation body.
B. Planning formal communication arrangements, so an auditee can communicate with the auditor any time during the audit.
C. Confirming formal communication channels between the audit team and the auditee during the opening meeting.
D. Communicating the progress, any significant findings and any concerns to the auditee and audit client, as appropriate.
Explanation:
Responsibilities of the Audit Team Leader:ISO 19011:2018 (guidelines for auditing
management systems), which supports the principles in ISO 9001:2015, specifies the
responsibilities of an audit team leader. These responsibilities include:
Planning the audit and establishing effective communication between the audit
team and auditee.
Ensuring that formal communication channels are agreed upon and followed.
Reporting the audit progress, significant findings, and any concerns to the auditee
or audit client as necessary.
Managing the audit team and ensuring adherence to the defined objectives and
scope.
Analysis of Options:
A. Reporting unattainable audit objectives to the accreditation body:Incorrect. This
is not the responsibility of the audit team leader. The accreditation body oversees
the certification body and is not directly involved in specific audits. If objectives are
unattainable, the audit team leader would report them to the audit client (the
certification body), not the accreditation body.
B. Planning formal communication arrangements:Correct. This is one of the
responsibilities of the audit team leader. They ensure auditees can communicate
with auditors as needed during the audit process.
C. Confirming communication channels during the opening meeting:Correct.
During the opening meeting, the audit team leader must establish clear
communication protocols to ensure effective information exchange between the
audit team and auditee.
D. Communicating progress, findings, and concerns:Correct. Keeping the auditee
and audit client informed about progress and significant findings is a critical
responsibility of the audit team leader to maintain transparency and ensure the
audit objectives are met.
Why Option A is Correct:The audit team leader does not have any obligation to report
unattainable objectives to the accreditation body. Instead, they are responsible for
communicating issues to the audit client (typically the certification body). The accreditation
body operates at a higher level and is concerned with overseeing certification bodies, not
individual audits.
In the context of a third-party audit, match the activity with the party responsible in relation
to the audit process.
You, as auditor, are in dialogue with the quality lead and managing director of a small
business that supplies specialist laboratory equipment and furniture.
You: "I'd like to look at how you manage change in the organisation. What changes have
you made as a
business, say, over the last 12 months?"
Auditee: "We have made some strategic changes, the main one being that we no longer
manufacture our
own products in house."
You: "That sounds like quite a significant change. What has been the impact of that?"
Auditee: "We now mainly sell other manufacturers' products, under their brand names, and
have outsourced
manufacture of our own brand products to one of our suppliers. Unfortunately, we had to
make six members
of our staff redundant. This represents about 20% of our workforce, so this has been quite a challenging
time."
You: "I'm sure. What were the reasons for making the change?"
Auditee: "Our manufacturing section was a small operation, and we struggled to cope with
fluctuations in
demand. During busy periods, we found it hard to meet lead times, and in quiet periods we
had staff with
little to do. This was having an impact on customer satisfaction and meant we had to
charge premium prices
that made our product uncompetitive."
You: "How did you go about the change?"
The auditor asks to speak to the purchasing manager about the selection of the
subcontractor to manufacture the company's own brand products.
You: "How did you choose a supplier to manufacture your products?"
Auditee: "We have had a long-term relationship with a supplier ABC Ltd - we gave them
our design
drawings, got them to complete a supplier questionnaire and run a couple of trial batches
for us. We were
happy with the result and we have used them ever since."
ISO 9001:2015, clause 8.4.1 outlines situations when controls need to be applied to
externally provided processes, products and services. Which one of the following situations
is applicable to this scenario?
A. Products and services for which the customer(s) supplies materials
B. A process or part of a process is provided by an external provider as a result of a decision by the organisation.
C. Products and services are provided directly to the customer(s) by external providers on behalf of the organisation.
D. Raw materials from external providers are intended for incorporation into the organisation's own products.
Explanation:
According to the ISO 9001:2015 standard, clause 8.4.1 requires organizations to ensure
that externally provided processes, products and services conform to requirements.
Controls must be applied to externally provided processes, products and services when:
The products and services are intended for incorporation into the organization’s own
products and services.
They are provided directly to customers by the external provider on behalf of the
organization.
A process, or part of a process, is provided by an external provider as a result of a decision
by the organization.
In this scenario, the auditee has chosen a supplier to manufacture their own brand
products based on their design drawings, supplier questionnaire and trial batches. This
means that the supplier is providing a process (manufacturing) as a result of a decision by
the organization (the auditee). Therefore, clause 8.4.1 applies to this situation.
In the context of a third-party certification audit, how can the auditor demonstrate confidentiality? Select two.
A. Adhere to the CQI Professional Code of Conduct.
B. Confirm the confidentiality arrangements with the auditee regarding the use of mobile devices/cameras.
C. Discuss sensitive personal information with the guides appointed by the auditee.
D. Remove audit evidence without the permission of the auditee.
E. Share audit conclusions with competitor organisations.
Explanation:
In a third-party certification audit, auditors are responsible for maintaining confidentiality as
part of their professional duties. Here’s how they can demonstrate it:
A. Adhere to the CQI Professional Code of Conduct: The CQI (Chartered Quality Institute) Code of Conduct outlines ethical principles, including confidentiality.
Auditors must adhere to professional standards, ensuring sensitive information is
protected and not disclosed improperly.
B. Confirm the confidentiality arrangements with the auditee regarding the use of
mobile devices/cameras: Before using mobile devices or cameras, auditors must
seek explicit permission from the auditee and agree on confidentiality terms,
preventing unauthorized recording or sharing of sensitive information.
Options C, D, and E involve breaching confidentiality and are not acceptable practices in
an ISO 9001:2015 certification audit. Sharing sensitive information, removing evidence
without consent, or discussing it with unauthorized parties violates audit principles and the
standard's confidentiality requirements.
Which two of the following work documents are not required for audit planning by an auditor conducting a certification audit?
A. A career history of the quality manager
B. A checklist
C. A list of interested parties
D. An audit plan
E. An evidence sampling strategy
F. An organisation's financial statement
Noitol is an organisation specialising in the design and production of e-learning training
materials for the insurance market. During an ISO 9001 audit of the development
department, the auditor asks the Head of Development about the process used for
validation of the final course design. She states that they usually ask customers to validate
the product with volunteers. She says that the feedback received often leads to key
improvements.
The auditor samples the design records for a recently completed course for the 247
Insurance organisation. Design verification was carried out but there was no validation
report. The Head of Development advises that this customer required the product on an
urgent basis, so the validation stage was omitted. When asked, the Head estimates that
this occurs about 50% of the time. She confirms that they always ask for feedback and often make changes. There is no record of feedback in the design file for the course.
The auditor decides to review the training course design process in more depth.
Select three options that provide a meaningful audit trail for this process.
A. How are students advised about prior learning requirements?
B. How is customer feedback integrated into the course?
C. How is the cost of the course calculated?
D. What risks and opportunities have been notified to interested parties?
E. How is design documentation controlled and managed?
F. How is technical content of courses verified as correct?
G. How is the tutor trained to deliver the completed course?
H. What are the qualifications of the administrative staff?
Explanation:
According to clause 8.3 of ISO 9001:2015, the organization should establish, implement,
and maintain a design and development process that is appropriate to ensure the
subsequent provision of products and services. The design and development process
should include the following activities:
•Determining the requirements for the products and services to be designed and
developed, considering the intended use, the statutory and regulatory requirements, the
customer and other relevant interested parties’ needs and expectations, and the potential
risks and opportunities.
•Defining the design and development objectives, stages, responsibilities, and authorities,
and ensuring the availability of adequate resources and competence.
•Implementing design and development controls, such as reviews, verification, and
validation, to ensure that the design and development outputs meet the design and
development inputs, and to identify and resolve any problems or errors.
•Maintaining documented information on the design and development inputs, outputs,
reviews, verification, validation, and changes, and ensuring the traceability and conformity
of the products and services to the requirements.
•Managing the design and development changes, by identifying, reviewing, and controlling
them, and evaluating their effects on the products and services and the QMS.
In this case, the evidence statements that provide a meaningful audit trail for the design
and development process are B, E, and F, because they relate to the design and
development controls, the documented information, and the verification activities that are
required by the standard. These options can help the auditor to assess the effectiveness
and conformity of the design and development process, and to identify any nonconformities
or opportunities for improvement. The other options are not directly related to clause 8.3, although they may be relevant for other aspects of the QMS, such as clause 7.2 on
competence, clause 7.3 on awareness, clause 7.4 on communication, clause 8.2 on
requirements for products and services, clause 8.4 on externally provided processes,
products, and services, and clause 8.7 on control of nonconforming outputs.
According to ISO 19011, what two activities take place during the conduct of a audit followup?
A. Verify the effectiveness of the implemented corrective actions
B. Verify corrections taken to fix the reported non-conformities
C. Verify legal compliance
D. Plan the next audit
E. Determine feasibility of the audit
F. Assign roles and responsibilities of observers
ABC is a worldwide fast-food organisation. One of the branches, in downtown Cape Town,
decided to
implement an ISO 9001 quality management system and you are the audit team leader
(with two other
auditors) that will carry out the certification audits, Stage 2.
ABC receive the orders by phone or internet; some of the employees deliver the ordered
food to indicated
addresses. The normal menu includes 15 different types of hamburgers; however, in the
last two weeks,
due to a shortage of a special type of meat, they can only prepare six of the 15 varieties.
During the internal meeting of the audit team, you ask one of the auditors to describe what
she has
observed. She audited the reception of orders from customers (via phone or internet) and
the communication of the orders to the kitchen. She noticed that the menu offering food on the
website is still
the normal one, with 15 different hamburgers, and during a 30-minute period, she observed
many
customers reluctantly accepting something other than the hamburger they preferred.
You, as audit team leader, inform the Quality Manager of your concern about the major
nonconformity,
since you consider this a serious breach of the basic principles of quality that lasted two
weeks without
action being taken.
Right at the beginning of the Closing meeting, you discuss the nonconformity with the
General Manager.
She got quite upset and said she was going to make a complaint to the certification body
and left the
room; the Quality Manager was the only member of ABC left with the audit team. The
Quality Manager said the General Manager would not come back to the meeting.
What would you do? Choose the best from the following options:
A. Ask the Quality Manager for a break to discuss the issue with the members of the audit team.
B. Ask the Quality Manager to listen to the nonconformity the auditor will present and continue with the meeting until its closure.
C. Inform the Quality Manager that the certification process is put on hold and leave the room.
D. Inform the Quality Manager that you consider the meeting closed, and that you will report to the Certification Body for instructions.
A Health Trust has contracted with Servitup, a catering services organisation that has been
certified to ISO 9001 for one year. It provides services to
10 small rural hospitals in remote locations involving the purchase and storage of dry
goods and fresh produce, preparing meals, and loading heated
trolleys for Ward Service by hospital staff. You, as auditor, are conducting the first
surveillance audit at one site with the Deputy Catering Manager
(DCM).
DCM: "I apologise for the absence of the Catering Manager. He has called in sick today
and we are really short of staff."
You: "I see. It really shouldn't affect the QMS so the audit can progress as normal."
DCM: "The Catering Manager set up the system. I'm afraid I'm not as familiar with it as he
is."
You: "OK, let's start with the Quality Policy. What are the main issues for the QMS here?"
DCM: "Give me a minute. I need to look at the Quality Policy on the noticeboard in his
office."
As the audit progresses, it is clear that the DCM has a very low knowledge of the QMS. He
continually has to look up the answers to your questions
or ask staff members about their processes. You decide to raise a nonconformity.
Select one of the following options that best describes the nonconformity.
A. As a member of the management team, the Deputy Catering Manager is not sufficiently aware of the QMS.
B. The Deputy Catering Manager is not competent to manage the QMS.
C. The effectiveness of the QMS depends on the Catering Manager being present on site.
D. The Quality Policy only exists as a document in the Catering Manager's office.
You will lead a third-party audit next Monday on ABC, an organisation that provides
services for cleaning windows from the outside of tall buildings. They work on demand, and
usually have 4-5 orders per week. All documented information on these activities is kept at
the central office.
On Friday evening, before the audit, you are informed by mail that customers cancelled all
orders for the next week; therefore, the auditors will not have the chance to see them
working at the customer's premises, but the field supervisors will be available at the ABC offices.
You have prepared the audit plan and the checklist. Choose the best action you would
take:
A. Start the audit on Monday at ABC's as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week.
B. Ask the Certification Body you work for how to proceed with the audit.
C. Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer's premises they cleaned the week before.
D. Complete the audit but ask the quality manager to clean some windows at the ABC's office, simulating the process they carry out at customers' premises.
Explanation:
According to ISO 19011:2018, clause 6.3.3, the audit plan should be reviewed and revised
as necessary to address changes that occur during the audit planning. The audit plan
should be agreed upon, preferably in writing, by the audit team leader, the audit client and
the auditee1. Therefore, if there is a significant change in the auditee’s situation, such as
the cancellation of all orders for the next week, the audit plan should be reviewed and
revised accordingly, with the agreement of all parties involved.
According to ISO/IEC 17021-1:2015, clause 9.1.4, the certification body should have a
process to ensure that the audit team has the competence to achieve the audit objectives,
and that the audit methods are appropriate for the scope and complexity of the audit. The
certification body should also have a process to ensure that the audit is conducted under
reasonable conditions and within a reasonable time frame2. Therefore, if there is a risk that
the audit objectives cannot be achieved, or that the audit methods are not suitable, due to
the change in the auditee’s situation, the certification body should be consulted and
informed on how to proceed with the audit.
Therefore, the best action to take is B, ask the certification body you work for how to
proceed with the audit. This action will ensure that the audit plan is revised and agreed
upon by all parties, and that the audit team has the competence and the methods to
conduct the audit effectively and efficiently. The other options are not correct, as they may
compromise the quality and validity of the audit:
•A. Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly
work at the central office, and plan visits to ABC customers wherever they may be working
during the following week: This action may not be feasible or acceptable, as it may extend
the audit duration and cost beyond the agreed terms, and it may not provide sufficient and
appropriate audit evidence to verify the conformity and effectiveness of the auditee’s
processes. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.
•C. Start the audit on Monday as planned, interviewing the functions that regularly work at
the central office, and visit another customer’s premises they cleaned the week before:
This action may not be relevant or reliable, as it may not reflect the current performance
and condition of the auditee’s processes. The audit evidence collected from the previous
customer may not be valid or representative of the audit criteria, and it may not address the
risks and opportunities associated with the auditee’s context and objectives. Moreover, this
action may not be agreed upon by the audit client and the auditee, and it may not be
approved by the certification body.
•D. Complete the audit but ask the quality manager to clean some windows at the ABC’s
office, simulating the process they carry out at customers’ premises: This action may not be
objective or impartial, as it may introduce bias and influence in the audit process. The audit
evidence collected from the simulated process may not be accurate or authentic, and it
may not demonstrate the actual capability and effectiveness of the auditee’s processes.
Moreover, this action may not be ethical or professional, as it may compromise the integrity
and credibility of the audit and the certification.
Which one of the following options best describes the purpose of a Stage 1 third-party audit?
A. To determine the auditees understanding of ISO 9001.
B. To get to know the organisation's customers.
C. To learn about the organisation's procurement processes.
D. To introduce the audit team to the client.
Explanation:
The purpose of a Stage 1 third-party audit is to determine an organization’s readiness for
their Stage 2 Certification Audit. During the Stage 1, the auditor will review the
organization’s management system documented information, evaluate the site-specific
conditions, and have discussions with personnel. The objective is to assess the alignment of the organization’s design with ISO 9001 requirements and to identify any areas of
concern that could be classified as a nonconformance during the Stage 2 Audit. The
auditor will also use the Stage 1 Audit to complete Stage 2 Audit planning, including a
review of the allocation of resources and details for the next phase of the audit. Therefore,
the option that best describes the purpose of a Stage 1 third-party audit is A, to determine
the auditees understanding of ISO 9001. The other options are not correct, as they are not
the main focus of a Stage 1 audit:
•B. To get to know the organization’s customers: This is not the purpose of a Stage 1 audit,
as the auditor is not interested in the specific details of the organization’s customers, but
rather in the organization’s ability to meet customer and applicable statutory and regulatory
requirements.
•C. To learn about the organization’s procurement processes: This is not the purpose of a
Stage 1 audit, as the auditor is not interested in the specific details of the organization’s
procurement processes, but rather in the organization’s ability to control externally provided
processes, products and services.
•D. To introduce the audit team to the client: This is not the purpose of a Stage 1 audit, as
the auditor is not there to make introductions, but rather to conduct a preliminary
examination of the organization’s compliance with ISO 9001 standards.
| Page 7 out of 18 Pages |
| 456789 |
| ISO-9001-Lead-Auditor Practice Test Home |
Real-World Scenario Mastery: Our ISO-9001-Lead-Auditor practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before QMS ISO 9001:2015 Lead Auditor Exam exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive ISO-9001-Lead-Auditor practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved