ISO-9001-Lead-Auditor Sample Questions Answers

Comprehensive and Detailed In-Depth Explanation:

Auditors must report findings truthfully and accurately to ensure an unbiased assessment of the QMS.

Clause References:

ISO 19011:2018, Clause 4 – Principles of Auditing:

Fair Presentation → Requires auditors to report truthfully and accurately, without bias or omission.

Integrity → Ensures auditors adhere to ethical conduct.

Why is the Correct Answer A?

The audit team reported findings truthfully, based on collected evidence.

Fair presentation ensures that both positive and negative findings are included in the audit report.

Objective evidence was gathered through interviews, document reviews, and observations.

Why are the Other Options Incorrect?

B (Integrity) → Related to ethics and professional conduct, but not specifically about presenting findings.

C (Confidentiality) → Important, but does not apply to the principle of reporting findings accurately.

D (Objectivity) → Ensures impartiality, but "fair presentation" directly addresses accurate reporting of findings.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 emphasizes continual improvement as a fundamental requirement of an effective Quality Management System (QMS).

Clause Reference:

Clause 4.4.1 (Quality Management System and Its Processes) states that organizations must:

Determine processes needed for the QMS

Establish criteria and methods for process effectiveness

Ensure continual improvement of the system

Why is the Correct Answer C?

Continual improvement is a core principle of ISO 9001.

Organizations must regularly assess and enhance their QMS to adapt to new challenges and maintain effectiveness.

Why are the Other Options Incorrect?

A (To change the QMS quarterly) → ISO 9001 does not mandate a specific frequency for system changes.

B (To review the QMS annually) → QMS reviews must be conducted as needed, not strictly annually.

D (To conduct a QMS gap analysis every two years) → Gap analysis is useful but is not a mandatory requirement under Clause 4.4.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9001:2015, Clause 9.2 (Internal Audit):

Internal audits are conducted by employees of the company who are trained as auditors.

External auditors are not mandatory unless required by the organization.

Thus, A is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9001:2015, Clause 9.2 (Internal Audit):

Internal audits can be conducted on an ongoing basis as part of continual improvement.

Audits consider both conformity and effectiveness (A is incorrect).

Thus, C is the correct answer.

ISO/IEC 17021-1 is the standard that specifies requirements for bodies providing audit and certification of management systems. It includes provisions for determining audit time for third-party certification audits, ensuring that the audits are conducted in a consistent, comparable, and reliable manner, which can be applied to a variety of management systems, including ISO 9001.

According to ISO 19011:2018, clause 6.7, the audit follow-up is the process of verifying the completion and effectiveness of corrective actions taken by the auditee as a result of an audit. The audit follow-up can include two main activities:

Verifying the effectiveness of the implemented corrective actions: this means checking whether the actions taken by the auditee have addressed the root causes of the nonconformities and prevented their recurrence or occurrence in other areas. The verification can be done by reviewing documents, records, data, or other evidence provided by the auditee, or by conducting a follow-up audit on site or remotely.

Verifying corrections taken to fix the reported non-conformities: this means checking whether the auditee has corrected the nonconformities identified during the audit and eliminated their immediate effects. The verification can be done by reviewing documents, records, data, or other evidence provided by the auditee, or by conducting a follow-up audit on site or remotely.

The audit follow-up can be conducted as a separate audit or as part of a subsequent audit, depending on the audit programme, the audit objectives, the audit criteria, the audit scope, the audit risks, and the audit findings. The audit follow-up should be planned and conducted in accordance with the same principles and processes as the initial audit, and the results should be documented and reported accordingly. References:

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.7

ISO 19011 Management Systems Audit Checklist | Process Street, task 6.7.1 and 6.7.2

Conducting the Audit Follow-Up: When to Verify - The Auditor, section “Conducting the audit follow-up”

Here is the correct matching of the activities with the responsible parties in the context of a second-party audit:

Define the audit scope: Customer

Develop the audit plan: Audit team leader

Respond to the audit findings: External provider

Conduct the audit: Audit team

This reflects the typical division of responsibilities in a second-party audit, where the customer (the party commissioning the audit) sets the scope, the audit team leader manages the planning, the external provider responds to findings, and the audit team carries out the audit.

Comprehensive and Detailed In-Depth Explanation:

A technical expert is someone with specialized knowledge that helps the audit team understand specific technical aspects of the auditee’s processes.

Clause References:

ISO 19011:2018, Clause 7.3.4 – Use of Technical Experts:

Technical experts support the audit team with specialized knowledge but do not perform the audit themselves.

Why is the Correct Answer B?

A technical expert is needed when auditors lack deep expertise in specific areas, such as engineering, software, or medical devices.

They assist in interpreting complex technical requirements but do not act as auditors.

Why are the Other Options Incorrect?

A (Observer) → Observers do not contribute expertise; they only watch the audit (e.g., trainees).

C (Guide) → Guides help with logistics but do not provide technical expertise.

 Clause: 8.5.4

 Nature of Problem: Cleaning and sanitising records are not available for every batch.

 Unfulfilled Requirement: "The organization shall implement production provision under controlled conditions."

Non-Conformity Report:

ISO 9001 Clause Number

Nature of Problem

ISO 9001 Requirement That Has Not Been Fulfilled

6.1.1

Several risks and opportunities have not been determined.

"The organization shall consider the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed."

6.1.2 (a)

Actions to address risks and opportunities not planned.

"The organization shall plan actions to address risks and opportunities."

Step-by-Step Reasoning:

Clause 6.1.1 - Determining Risks and Opportunities:

Requirement: The organization must determine risks and opportunities that are relevant to its Quality Management System (QMS). This ensures that the QMS achieves intended results and prevents undesired effects.

Problem Identified: While some risks and opportunities were discussed, the organization did not perform a systematic evaluation of all risks (e.g., health and safety legislation changes, retiring trainers).

Clause 6.1.2 (a) - Planning Actions for Risks and Opportunities:

Requirement: The organization must plan actions to address identified risks and opportunities. These actions should be integrated into the QMS processes to ensure continuous improvement.

Problem Identified: The Quality Systems Manager confirmed that no plans were made to address the risks and opportunities because the Managing Director deemed it unnecessary. This violates the requirement to plan actions.

Correct Options Selected:

Clause 6.1.1 with the nature of the problem as: "Several risks and opportunities have not been determined."

Clause 6.1.2 (a) with the nature of the problem as: "Actions to address risks and opportunities not planned."

ISO 9001 Requirements Not Fulfilled:

For 6.1.1:"The organization shall consider the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed."

For 6.1.2 (a):"The organization shall plan actions to address risks and opportunities."

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.8 (Audit Reporting):

The certification body retains ownership of the audit report as it is responsible for the certification decision.

The auditee may receive a copy, but it does not own the report.

The audit team leader compiles the report but does not own it.

Thus, C is the correct answer.

As the audit team leader, it is crucial to manage differing opinions constructively and ensure that the correct clause is selected for the nonconformity based on solid evidence. Here’s how the situation should be handled:

E. Invite you and the second auditor to fully explain your point of view and then decide which clause to select: This promotes collaboration and transparency, allowing both auditors to present their rationale for choosing the specific clause.

F. Review the evidence with you and the second auditor, and then decide which clause of ISO 9001 would best apply: Reviewing the evidence in relation to the specific requirements of ISO 9001 is essential for determining which clause is most appropriate.

H. Try to obtain a consensus between you and the second auditor after a discussion of the different opinions: Consensus-building is a crucial skill for an audit team leader. Achieving agreement ensures the nonconformity is addressed accurately and with full team support.

Options such as overruling immediately (D) or deferring the decision without full discussion (B) could undermine team dynamics and the audit process. Consulting the quality manager (A) or selecting an entirely different clause (G) is unnecessary, as the team should resolve the issue internally​​.

•

Reviews the client’s management system documented information: This activity involves checking the documentation of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team also evaluates the client’s understanding and implementation of the standard, and identifies any gaps or nonconformities that need to be addressed before the Stage 2 audit123.

•Reviews the processes with high level of risk: This activity involves assessing the processes that have a significant impact on the quality of the products or services, or that pose a high risk of nonconformity or customer dissatisfaction123. The audit team also verifies the client’s risk management approach, and evaluates the effectiveness of the controls and actions taken to mitigate the risks123.

The other options are not statements that are true for the Stage 1 audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.

Therefore, the correct answer is D and G.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.8 (Audit Reporting):

The audit report must be submitted to the certification body regardless of corrective actions.

Corrective actions are reviewed after the audit, but the audit process should not be delayed.

Certification decisions should be made based on the audit findings and evidence, not pending corrective actions.

Thus, delaying audit activities until corrective actions are submitted is not acceptable.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.6.2 (Surveillance Activities):

The certification body is responsible for planning and conducting surveillance audits to ensure continued compliance.

The auditee’s top management (A) does not develop surveillance activities, but they must participate.

The audit team leader (C) conducts the surveillance audit, but they do not develop the program.

Thus, B is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.11 (Closing Meeting):

The audit team must proceed with the audit report, even if the auditee disagrees with findings.

Disagreements do not invalidate audit results.

The auditee has the right to file a complaint or appeal, but this is handled after the audit report is submitted.

Thus, the audit team acted correctly by proceeding with the audit report despite top management’s disagreement.

Comprehensive and Detailed In-Depth Explanation:

One of the seven quality management principles in ISO 9001:2015 is Improvement, which emphasizes continual enhancement of processes, products, and services.

Clause 10.3 (Continual Improvement) states that organizations must continuously assess risks, consequences, and impacts to improve their QMS.

Risk-based thinking (Clause 0.3.3) supports improvement by identifying and mitigating risks before they affect performance.

Clause 6.1 (Actions to Address Risks and Opportunities) requires organizations to take a proactive approach, ensuring long-term success.

Other options do not fully align with the question:

Process approach (A) focuses on managing interrelated activities.

Leadership (B) ensures commitment but does not directly address risk assessment.

Relationship management (D) deals with interested parties, not risk mitigation.

The individual(s) managing the audit programme and the auditee are both roles that contribute to the audit outcomes. The individual(s) managing the audit programme are responsible for planning, conducting, and reporting on the audit activities, as well as ensuring that they are aligned with the organization’s quality objectives and risk management processes1. The auditee is the person or entity that is subject to an audit, and their participation, cooperation, and feedback are essential for achieving a successful audit outcome2. References:

ISO 9001 Lead Auditor Reference Materials

ISO 9001 Lead Auditor Candidate Handbook

ISO 9001 Lead Auditor Course Material

ISO 9001 Lead Auditor Training Course IRCA Certified

In the context of a third-party audit, the activities and the parties responsible can be matched as follows:

Review the organization’s processes: This is typically the responsibility of the audit team. They examine the processes to ensure they comply with the specified standards1.

Review the audit results: The audit team leader usually reviews the audit findings to ensure accuracy and completeness before they are finalized1.

Issue the certificate: The certification body is responsible for issuing the certificate if the audit is successful and the organization meets the required standards1.

Select the audit team: The individual(s) managing the audit programme are responsible for selecting the audit team. This ensures that the team has the appropriate skills and knowledge for the audit1.

These roles are essential to maintain the integrity and effectiveness of the audit process. The audit team conducts the actual audit, the team leader oversees the audit process, the certification body grants the certification, and the management of the audit program ensures that the right team is in place to conduct the audit1.

Based on the description of the image you’ve provided, here’s how the activities match with the responsible parties in the context of a third-party audit:

Review the organization’s processes: This activity is typically the responsibility of the Audit Team. They are tasked with examining the processes to ensure they meet the requirements of the standard being audited.

Review the audit results: The Audit Team Leader is usually responsible for this activity. They oversee the audit process and are in charge of reviewing the findings and ensuring that the audit objectives are met.

Issue the certificate: The Certification Body is responsible for issuing the certificate if the organization’s management system is found to be in compliance with the standard.

Select the audit team: The Individual(s) managing the audit programme are responsible for selecting the audit team. They ensure that the team has the appropriate competence and resources to effectively conduct the audit.

These roles are defined within the framework of ISO 9001:2015 and are essential for the proper conduct of a third-party audit. The audit team and its leader play a critical role in the operational aspects of the audit, while the certification body and those managing the audit programme have overarching responsibilities for the audit’s governance and integrity.

Comprehensive and Detailed In-Depth Explanation:

ISO 19011:2018, Clause 5.4 (Audit Records Management) states that the audit schedule must be maintained as a key record.

Thus, C is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 5.5 (Determining Audit Team Competence), technical experts:

Provide specialized knowledge in an audit.

Must operate under the supervision of an auditor to ensure compliance with audit protocols.

Cannot work independently or under the auditee’s supervision, as they are not responsible for the audit's findings.

The audit team leader has overall responsibility, but technical experts are supervised by an auditor during the audit process.

According to ISO 9001:2015, clause 8.4, an organization is required to control the processes, products and services provided by external providers, including those that affect the quality of the organization’s own products and services. This includes determining the controls to be applied to the external provision of processes, products and services, as well as the information to be communicated to the external providers. The organization is also required to monitor, measure, and evaluate the performance of the external providers and retain documented information of these activities.

Therefore, in the scenario given, ABC Ltd is responsible for controlling the processes, products and services provided by Teak Ltd, as they affect the quality of ABC Ltd’s own products and services. This means that ABC Ltd should have established criteria and methods for evaluating the performance of Teak Ltd, as well as documented information of the results of such evaluation. ABC Ltd should also have defined the supply arrangements with Teak Ltd, including the specifications, requirements, and verification activities related to the products and services provided by Teak Ltd.

Hence, the best options to describe how to plan the audit of the interrelationship with Teak Ltd during the Stage 2 audit at ABC Ltd are A and D, as they are aligned with the requirements of ISO 9001:2015, clause 8.4. The other options are either irrelevant or beyond the scope of the audit, as they do not pertain to the control of external provision by ABC Ltd.

Questions no: 1 Verified Answer: = C, D, E Comprehensive But Short Explanation: = Potential threats to impartiality in an audit context include familiarity (having a close relationship with the auditee), intimidation (being coerced or feeling pressured), and self-audit (auditing one’s own work). These factors can compromise the auditor’s objectivity and the audit’s integrity. References: = The information is based on the ISO 9001 Auditing Practices Group documents which discuss threats to auditor impartiality and how they may compromise an auditor’s objectivity123.

A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited1. The purpose of a first-party audit is to assess the conformity of the organization’s quality management system to the requirements of ISO 9001 and to identify opportunities for improvement2. Therefore, the two auditors who would not participate in a first-party audit are:

•A. An auditor employed by an external consultancy organization: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit (if the external consultancy organization is a customer or supplier of the organization being audited) or a third-party audit (if the external consultancy organization is a certification body or registrar).

•F. An auditor from a customer: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit, as a customer is an interested party that has specific requirements for the organization being audited.

The other options are not correct, as they could participate in a first-party audit, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited:

•B. An auditor from an interested party: This auditor could be a first-party auditor, as long as the interested party is within the organization being audited. For example, an auditor from the finance department could audit the production department, as long as they are not involved in the production process or affected by its outcomes.

•C. An auditor trained in-house: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The source of the auditor’s training is not relevant for determining the type of audit, as long as the auditor is competent and qualified to perform the audit.

•D. An auditor trained in the IRCA scheme: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The IRCA scheme is a professional certification scheme for auditors of management systems, which provides recognition of the auditor’s competence and credibility3. However, being trained in the IRCA scheme does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.

•E. An auditor certified by IRCA: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. Being certified by IRCA means that the auditor has met the requirements of the IRCA scheme and has demonstrated their competence and credibility as an auditor of management systems3. However, being certified by IRCA does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.

Based on the scenario provided, there is evidence of nonconformity with the requirements defined in:

C. Clause 7.5.1 Documented information - General: The scenario indicates that there is no formal process for informing users about updates to the SWIFT database, which suggests a lack of control over documented information. This could lead to users being unaware of important changes and not using the latest version of the software, which is required by the quality management system1.

E. Clause 7.5.3 Control of documented information: The Operations Director’s approach to updating the SWIFT database and the lack of communication to users about these updates indicate that the documented information is not adequately controlled. Allowing users to revert to earlier versions of the software at their discretion further suggests that the organization does not have a proper mechanism in place to ensure the integrity and suitability of documented information2.

These clauses are part of the ISO 9001:2015 standard, which requires organizations to have a systematic approach to controlling and managing documented information as part of their quality management system. The scenario described shows a casual approach to managing critical software updates, which could affect the organization’s ability to consistently meet customer and regulatory requirements.

Comprehensive and Detailed In-Depth Explanation:

A combined audit is when multiple management systems (e.g., ISO 9001 for Quality, ISO 14001 for Environmental Management, and ISO 45001 for Occupational Health & Safety) are audited together in a single organization.

Clause References:

ISO 19011:2018, Clause 5.4 – Combined Audits:

A combined audit is performed when two or more management systems are assessed simultaneously at the same auditee.

Why is the Correct Answer A?

A combined audit reduces duplication of effort by auditing multiple standards together at a single organization.

Example: A company certified to both ISO 9001 and ISO 14001 can have one audit covering both standards.

Why are the Other Options Incorrect?

B (Two or more auditing organizations cooperating on a single auditee) → This is a joint audit, not a combined audit.

C (Two or more management systems audited at multiple auditees) → This is a multiple-site audit, not a combined audit.

In ISO 9001:2015, the responsibility for managing the audit program lies with those overseeing the entire audit process rather than the Audit Team Leader. During the planning stage, before involving the Audit Team Leader, key actions for managing the audit program include:

1. Providing the Resources Needed: According to clause 7.1 (Resources), the audit program manager must ensure that the necessary resources are in place to conduct the audit effectively. This encompasses logistical support, personnel, and other required resources for the audit to proceed smoothly.

2. Reviewing Reports of Previous Audits: As per clause 9.2.2 (Internal Audit), it is essential to consider the results of previous audits to plan effectively for the upcoming audit. This helps identify areas that require particular attention, ensuring continuity and focusing on recurring issues or improvements since the last audit.

These actions ensure that the audit is thoroughly prepared and that there is continuity and focus on any areas that might need closer inspection. The other options, such as preparing the audit plan, assigning responsibilities, preparing checklists, and selecting the audit team members, generally fall under the duties of the Audit Team Leader once they are appointed and engaged in the planning process.

The purpose of conducting a document review is to determine the conformity of the system, as far as documented, with audit criteria and to gather information to support the audit activities. A document review is a systematic and objective examination of the documented information that is relevant to the audit objectives and scope. It can help the auditor to verify if the documented information is complete, accurate, consistent, and up-to-date. It can also help the auditor to identify any gaps, errors, or nonconformities in the documented information that may affect the audit findings or conclusions.

The other options are not correct because they do not reflect the true purpose of a document review. Option A describes the purpose of an audit report, which is to communicate the audit results and recommendations to the management and other interested parties. Option B describes the purpose of an audit plan, which is to define the scope, objectives, criteria, methods, resources, and schedule of an audit. Option C describes the purpose of an audit evidence report, which is to provide evidence of nonconformities or opportunities for improvement identified during an audit. Option D describes the purpose of an audit decision report, which is to justify or explain why certain decisions were made during an audit.

I hope this answer helps you understand why option F is correct and why options A-C-D are incorrect. If you want to learn more about ISO 9001 Lead Auditor exam questions and answers, you can check out some of these resources:

ISO 9001 Lead Auditor Sample Exam Questions and Answers: This article provides some sample questions and answers for each section of the ISO 9001 Lead Auditor exam.

ISO 9001 (QMS) Lead Auditor Quiz Questions and Answers: This article provides some quiz questions and answers on various topics related to ISO 9001 QMS.

ISO 9001 Lead Auditor - Exam Practice Tests: This course offers practice tests with explanations for each question.

Irca Lead Auditor Exam Questions And Answers Pdf: This document contains some exam questions and answers in PDF format.

Comprehensive and Detailed In-Depth Explanation:

Stage 1 Audit (ISO 9001:2015, Clause 9.2.2) is a documentation review to assess the readiness for a Stage 2 Audit. The auditor must document:

Observations that could lead to nonconformities, ensuring they are addressed before Stage 2.

Areas needing improvement, such as missing documented information or unclear process definitions.

While understanding the auditee’s main processes is important, documenting interviews is not a requirement at Stage 1.

Comprehensive and Detailed In-Depth Explanation:

Discussing audit findings before the closing meeting ensures that:

The audit objectives have been met (ISO 19011:2018, Clause 6.4.10).

The auditee has an opportunity to clarify misunderstandings or provide additional evidence.

The audit team and the auditee agree on the accuracy of findings before finalizing the report.

While encouraging corrective actions (B) is beneficial, the primary purpose of discussing findings is to ensure that the audit was conducted effectively and aligned with objectives. Identifying responsible persons (C) is not the auditor’s role.

Comprehensive and Detailed In-Depth Explanation:

Toning down (or de-escalation) is a conflict resolution technique where:

Common agreements are emphasized to reduce tension.

Disagreements are addressed with a rational and constructive approach.

Option A describes compromise, and Option B describes authoritative resolution, which are different conflict resolution techniques.

Comprehensive and Detailed In-Depth Explanation:

An audit’s feasibility must be assessed using multiple factors, not just resource availability.

Clause References:

ISO 19011:2018, Clause 5.3 – Establishing the Audit Program: Requires consideration of logistical, technical, and cooperation factors when assessing audit feasibility.

ISO/IEC 17021-1:2015, Clause 9.1.3 – Determining Feasibility of the Audit: Requires evaluating more than just resources to ensure a successful audit.

Why is the Correct Answer B?

Audit feasibility should consider:

Availability of information (documents, records).

Cooperation from the auditee.

Operational conditions that might affect the audit.

Scope and complexity of the QMS being audited.

Resource availability alone is not enough to determine feasibility.

Why are the Other Options Incorrect?

A (Top management determines feasibility) → Incorrect because feasibility is determined by the certification body, not the auditee.

C (Resources alone are sufficient) → Incorrect because other key factors must be evaluated.

D (Final authority lies with the audit leader) → Incorrect because ISO requires multiple factors to be considered, not just an auditor’s decision.

The table below shows the possible matching of the ISO 9001 Clause 8 extract to the audit evidence.

Table

Audit evidence

ISO 9001 Clause 8 extract

Four of the 10 pallets of stock sampled in the warehouse were not labelled.

“8.5.2 … shall use suitable means to identify outputs …”

A damaged pallet of stock seen in the quarantine area was leaking liquid onto the floor.

“8.7.1 … shall ensure that outputs that do not conform to their requirements are identified and controlled …”

One of the fork-lift truck drivers had no fork-lift truck driving licence.

“8.5.1 e … shall include, as applicable … the appointment of competent persons …”

There was no pest control provision in the warehouse.

“8.5.4 … shall preserve the outputs during production and service provision …”

Two pallets of temperature-sensitive stock items were being stored at ambient as the chilled storage facility was full.

“8.1 … shall plan, implement and control the processes …”

Comprehensive and Detailed In-Depth Explanation:

A horizontal audit examines one process across multiple departments to assess consistency.

Thus, A is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

Once a Stage 2 certification audit has commenced, certain logistical or planning-related elements may still be adjusted, while others are fixed by prior agreement and cannot be changed.

✅ C. Audit Plan:

The audit plan is a document that outlines the scope, objectives, criteria, and logistics of the audit. According to ISO/IEC 17021-1:2015 (the standard for bodies providing audit and certification of management systems), clause 9.2.3.3 allows for modification of the audit plan based on real-time conditions during the audit — such as availability of auditees or changes in process access.

✅ F. Increase of Audit Duration:

Audit duration is generally determined during audit planning based on factors like employee count, risk, complexity, etc. However, if during Stage 2 it is found that more time is needed (e.g., due to additional processes, scope not fully covered, or significant findings), auditors are permitted to extend the audit. This ensures full coverage of all required areas as per ISO/IEC 17021-1 clause 9.1.4 and IAF MD 5.

❌ A. Agreed Language of the Audit:

This is determined and agreed upon in the contract and audit planning stages. Changing it during Stage 2 would create communication and documentation issues, especially in multi-site or multi-national audits.

❌ B. Audit Scope:

The audit scope is defined in the contract and certification agreement based on clause 4.3 of ISO 9001:2015. Changing it mid-audit would invalidate planning, required competencies, and potentially even the certification basis.

❌ D. Agreed Standard for the Audit Criteria:

Changing the standard (e.g., from ISO 9001 to ISO 13485) is fundamentally altering the purpose and contractual basis of the audit and is not permissible once Stage 2 has started.

❌ E. Audit Checklist:

The checklist is a tool prepared by the auditor as part of audit preparation and is based on the audit plan and standard requirements. While it may be adapted during the audit (e.g., if new risks arise), it does not constitute a formal change like duration or scope.

Relevant References:

ISO/IEC 17021-1:2015 Clause 9.2.3.3 (Audit Plan Modification)

IAF MD 5:2019 (Duration of QMS Audits)

ISO 9001:2015 Clause 4.3 (Scope of the QMS)

ISO/IEC 17021-1:2015 Clause 9.1.4 (Audit Duration)

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015, Clause 4.3 (Determining the Scope of the Quality Management System) states that when determining the QMS scope, an organization must consider:

External and internal issues (Clause 4.1)

The needs and expectations of interested parties (Clause 4.2)

The products and services provided by the organization

In the scenario, Bell only considered top management's input, which fails to address Clause 4.2 (interested parties' expectations)—such as customers, suppliers, and regulatory authorities.

Based on the scenario and the concept of an ‘audit trail’ within the context of ISO 9001, the three statements that apply would likely be:

A. Decisions on improvement action timescales not involving departmental managers. This indicates a lack of involvement and communication with those responsible for implementing the improvements, which is a key part of an effective audit trail1.

B. Evaluation of the results of the improvement action not always documented by the Quality Manager. Proper documentation is essential for an audit trail, as it provides evidence that actions have been evaluated and are effective1.

C. Limited knowledge of the content of Quality Improvement Requests by departmental staff. An audit trail should ensure that all relevant parties are aware of and understand the actions being taken, which is not the case here1.

These points suggest issues with the communication, documentation, and involvement of relevant personnel in the quality management system processes, which are crucial for maintaining an effective audit trail and, by extension, a robust quality management system.

Identifying the source of information

Sampling available data

Gathering audit evidence

Verifying objective evidence

Evaluating evidence against the audit criteria

Making audit conclusions

Evaluating against the audit criteria

According to ISO 19011:2018, clause 6.4, the process of collecting and verifying information during an audit involves the following steps1:

Identifying the source of information: The audit team should identify the sources of information that are relevant to the audit objectives, scope and criteria. These sources may include documents, records, personnel, processes, activities, facilities, equipment, etc. The audit team should also determine the methods and tools for accessing and collecting the information, such as interviews, observations, document review, sampling, etc.

Sampling available data: The audit team should select a representative sample of the available data to verify the conformity and effectiveness of the management system. The sample size and selection method should be based on the audit objectives, scope and criteria, as well as the level of confidence and risk. The audit team should also consider the validity, reliability, relevance and sufficiency of the data.

Gathering audit evidence: The audit team should use the methods and tools identified in the previous step to collect audit evidence, which is the records, statements of fact or other information that are relevant to the audit criteria and verifiable. The audit team should record the audit evidence in a clear, concise and objective manner, using notes, checklists, photographs, audio or video recordings, etc.

Verifying objective evidence: The audit team should verify the accuracy, completeness and authenticity of the audit evidence collected. This may involve cross-checking different sources of information, confirming the identity and authority of the persons providing the information, examining the original documents or records, etc. The audit team should also identify any discrepancies, inconsistencies or gaps in the audit evidence.

Evaluating evidence against the audit criteria: The audit team should compare the audit evidence with the audit criteria to determine the extent of conformity and nonconformity. The audit team should also identify any opportunities for improvement, best practices, positive aspects or potential risks. The audit team should use professional judgement and apply the principles of auditing when evaluating the audit evidence.

Making audit conclusions: The audit team should consolidate the audit findings and evaluate the overall performance and effectiveness of the management system. The audit team should also consider the audit objectives, scope and criteria, as well as the context and expectations of the auditee and other interested parties. The audit team should provide a clear, concise and objective statement of the audit conclusions, which may include the degree of conformity, the achievement of the intended outcomes, the need for corrective actions, the suitability for certification, etc.

Evaluating against the audit criteria: The audit team should review the audit conclusions and ensure that they are consistent with the audit criteria and supported by sufficient and appropriate audit evidence. The audit team should also ensure that the audit conclusions are communicated to the auditee and other relevant parties in a timely and effective manner, using the agreed audit report format and distribution method.

To certify an organization's ISO 9001:2015-based Quality Management System (QMS) for the first time, the correct sequence of activities would be:

Establish the management system (already in place).

Supplier audit

Internal audit

Management review

Initial certification audit – stage 1

Initial certification audit – stage 2 (already in place).

This sequence follows the typical path for preparing and ensuring that a QMS is functioning as required, leading up to certification.

The key expected results of a quality management system that conforms to the requirements of ISO 9001:2015 are stated in clause 0.1 of the standard, which says: “The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives. The potential benefits to an organization of implementing a quality management system based on this International Standard are: a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements; b) facilitating opportunities to enhance customer satisfaction; c) addressing risks and opportunities associated with its context and objectives; d) the ability to demonstrate conformity to specified quality management system requirements.” Therefore, the two options that best match these benefits are A and E, as they directly relate to providing products and services that meet customer requirements and enhancing customer satisfaction. The other options are not explicitly mentioned as key expected results, although they may be possible outcomes of implementing a quality management system. References: ISO 9001:2015 - Quality management systems — Requirements, Key Elements of an ISO 9001:2015 Quality Management System, What is ISO 9001 2015 as a Quality Management Systems?

Comprehensive and Detailed In-Depth Explanation:

ISO 19011:2018, Clause 5.1 (Impartiality) states that:

Internal auditors must be independent of the processes they audit to ensure objectivity.

Auditing one’s own department introduces bias and is not permitted.

Thus, Sean must not allow the auditor to audit their own department.

Comprehensive and Detailed In-Depth Explanation:

Stratified sampling is the best method when the population consists of different groups or categories. In this case:

ME has two areas of operations (electrical and mechanical services).

Complaints were collected separately for each area.

By choosing representative samples from each category (electrical & mechanical complaints), Li Na ensured a balanced approach.

Systematic sampling selects samples at fixed intervals, which does not ensure proportional representation of both groups.

Block selection sampling is used when focusing on a specific time period or section, which does not apply here.

Thus, stratified sampling (B) is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

As per ISO 9001:2015, Clause 10.2 (Nonconformity and Corrective Action), all identified nonconformities, including minor ones, must be documented and communicated to the auditee.

Minor nonconformities can lead to major issues if left unaddressed. The auditor must inform the organization before moving to the next audit phase so that corrective actions can be taken. Clause 9.2.2 (Internal Audit) states that audit findings should be reported without undue delay.

Since Li Na did not report the minor nonconformities immediately, her decision was incorrect. Minor nonconformities should always be documented and communicated before proceeding to the next phase.

Clause 8.3.4.d of ISO 9001:2015 requires that design and development validation be performed to ensure that the resulting products or services meet the requirements for their specified application or intended use. Validation is critical to confirm that the product works as intended in real-world conditions.

In this case, Noitol omitted the design validation step approximately 50% of the time, which is a direct violation of Clause 8.3.4.d. Although they collect feedback after the fact, this is not a substitute for formal validation before the product is released. The nonconformity arises because the process of validation was neglected, not the recording of improvements or feedback.

Other options, such as documenting improvements (A) or issues with planning verification (B), are important but do not directly address the primary concern: the lack of consistent design validation before product release. Option D (8.6) concerns product release, but this nonconformity focuses on the validation stage, not just approval for release​.

The tasks that are expected to be completed at the audit team meeting of a third-party audit team leader and his audit team in preparation for a Closing meeting for a four-day initial certification audit are:

•Option C: Final audit team meeting to agree findings and categories including clarification of any uncertainties. This option is correct because the audit team meeting is an opportunity for the audit team leader and the audit team members to review and consolidate the audit findings, to ensure that they are clear, accurate, objective, and supported by sufficient audit evidence. The audit team should also agree on the categories of the findings, such as nonconformity, observation, or opportunity for improvement, and resolve any uncertainties or disagreements among the audit team members.

•Option D: Agree the roles of each audit team member for the closing meeting. This option is correct because the audit team meeting is an opportunity for the audit team leader to assign the roles and responsibilities of each audit team member for the closing meeting, such as presenting the audit findings, answering questions, or taking notes. The audit team leader should also ensure that the audit team members are prepared and confident to perform their roles and to communicate effectively with the auditee.

•Option E: Audit team review any points raised by the auditee nominated representative. This option is correct because the audit team meeting is an opportunity for the audit team to review any points raised by the auditee nominated representative during the audit, such as requests for clarification, feedback, or complaints. The audit team should consider the validity and relevance of the points raised and decide how to address them in the closing meeting or in the audit report.

•Option F: Audit team agree final audit outcome recommendation. This option is correct because the audit team meeting is an opportunity for the audit team to agree on the final audit outcome recommendation, based on the audit findings and the audit criteria. The audit team should also consider the implications and consequences of the audit outcome recommendation for the auditee and the certification body, and ensure that the recommendation is consistent and justified.

•Option H: Audit team complete final version of their individual findings. This option is correct because the audit team meeting is an opportunity for the audit team to complete the final version of their individual findings, based on the agreement and feedback from the audit team meeting. The audit team should ensure that their individual findings are written in a clear, concise, and factual manner, and that they include the audit criteria, the audit evidence, and the audit conclusion. The audit team should also submit their individual findings to the audit team leader for review and approval.

•Option I: Re-audit corrective actions taken to correct findings found during the audit. This option is correct because the audit team meeting is an opportunity for the audit team to re-audit the corrective actions taken by the auditee to correct the findings found during the audit, if applicable and feasible. The audit team should verify the effectiveness and adequacy of the corrective actions and update the audit findings accordingly. The audit team should also document the results of the re-audit and communicate them to the auditee.

The following options are not correct:

•Option A: Audit team leader informs the individual(s) managing the audit programme that the closing meeting is ready to be held. This option is not correct because this task is not part of the audit team meeting, but part of the communication between the audit team leader and the individual(s) managing the audit programme. The audit team leader should inform the individual(s) managing the audit programme that the closing meeting is ready to be held after the audit team meeting, when the audit team has completed all the tasks and is ready to present the audit results to the auditee.

•Option B: Hold daily audit team meeting to review any timetable issues and potential findings and their impact on the audit for other team members. This option is not correct because this task is not part of the final audit team meeting, but part of the daily audit team meetings that are held during the audit. The daily audit team meetings are opportunities for the audit team to review the progress and performance of the audit, to identify and resolve any issues or problems, and to coordinate and adjust the audit plan and activities as needed.

•Option G: Audit team leader completes final report, including individual findings and certification recommendation. This option is not correct because this task is not part of the audit team meeting, but part of the audit reporting process. The audit team leader should complete the final report, including the individual findings and the certification recommendation, after the closing meeting, when the audit team has received and considered the feedback and comments from the auditee. The audit team leader should also ensure that the final report is reviewed and approved by the appropriate authorities before issuing it to the auditee and the certification body.

•Option J: Write the audit finding report out when detected and obtain signature of the auditee. This option is not correct because this task is not part of the audit team meeting, but part of the audit evidence collection and documentation process. The audit team should write the audit finding report out when detected and obtain the signature of the auditee during the audit, when the audit team has observed and verified the audit evidence and has communicated the audit finding to the auditee. The signature of the auditee does not indicate acceptance or agreement with the audit finding, but only acknowledgement of receipt.

Understanding the Purpose of a Quality Management System (QMS):The primary objective of ISO 9001:2015 is to improve the overall performance of the organization by:

Ensuring consistent delivery of products and services that meet customer and regulatory requirements.

Focusing on enhancing customer satisfaction.

Promoting continual improvement of the organization’s processes and practices.

Questions no: 16 Verified Answer: = C. 7.4 Communication Comprehensive But Short Explanation: = Clause 7.4 of ISO 9001:2015 requires the organization to determine the internal and external communications relevant to the quality management system, including what will be communicated, when, with whom, and how. The scenario indicates a potential gap in communication with subcontractors regarding the Quality Policy, objectives, and plans to address risks and opportunities, which is a requirement even if the subcontractors have their own ISO 9001 certified systems123. References: = This response is based on the general requirements of ISO 9001:2015 related to communication with external parties, such as subcontractors, as outlined in various resources discussing Clause 7.4123.

According to ISO 9001:2015, clause 4.1, the organisation must determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended results of its quality management system. The organisation must also monitor and review the information about these issues. SWOT analysis is a tool that can help the organisation to identify its strengths, weaknesses, opportunities, and threats. However, the SWOT analysis alone is not sufficient to comply with the requirement, as the organisation also needs to review the information periodically and update it as necessary. Therefore, one audit trail would be to establish how the organisation reviews information about external and internal issues, such as how often, by whom, using what criteria, and with what results. 123

According to ISO 9001:2015, clause 10.3, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system. The organisation must also consider the results of analysis and evaluation, and the outputs from management review, to determine if there are any needs or opportunities for improvement. SWOT analysis can help the organisation to identify the areas where improvement is needed or possible, such as addressing the weaknesses and threats, or exploiting the strengths and opportunities. However, the SWOT analysis alone is not sufficient to comply with the requirement, as the organisation also needs to take actions to implement the improvement, such as setting objectives, allocating resources, assigning responsibilities, and evaluating the effectiveness. Therefore, another audit trail would be to establish what actions were taken to improve the QMS, such as what, when, by whom, how, and with what results. 124 References:

1: ISO 9001:2015 - Quality management systems — Requirements

2: Advisera, “Context of the organization in ISO 9001:2015 explained”, https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

3: ISO Templates, “ISO 9001 - Clause 4: Context of the organisation explained”, https://resources.iso-templates.com/blog/iso-9001-clause-4-context-of-the-organisation-explained

4: Advisera, “How to implement continual improvement in ISO 9001”, https://advisera.com/9001academy/knowledgebase/how-to-implement-continual-improvement-in-iso-9001/

According to the ISO 19011:2018 standard, which provides guidelines for auditing management systems, the team leader of an audit team should be an auditor who has demonstrated the competence to manage an audit of the relevant management system scheme. This means that the team leader should have the appropriate knowledge, skills, and experience to plan, conduct, report, and follow-up an audit of the specific management system, such as ISO 9001 for quality management systems. The other options are false because: B. An audit team can include non-qualified auditors, but only as observers or trainees who do not contribute to the audit findings or conclusions. C. A technical expert can assist a qualified auditor on an audit team, but cannot replace them, as a technical expert does not have the competence to perform audits. D. Audits leading to auditor qualification are not undertaken annually, but rather as part of a certification process that involves meeting certain criteria, such as education, work experience, audit experience, and examination. References: ISO 19011:2018, PECB Certified ISO 9001 Lead Auditor Exam Preparation Guide, ISO 9001:2015 Quality Management Systems Lead Auditor Training Course

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 promotes the process approach, which allows organizations to structure their activities into interrelated processes. This approach helps ensure that processes effectively achieve intended results.

Clause 0.3.1 (Process Approach) states that "The application of the process approach in a quality management system enables understanding and consistency in meeting requirements, considering processes in terms of added value, and achieving effective process performance."

This aligns directly with option C, making it the correct answer. The other options are either partially correct or do not fully capture the purpose of the process approach:

Option A (Improvement based on interested parties) is a benefit but does not define the main goal.

Option B (Financial value) is not the primary focus of the process approach.

Option D (Reduction of resource consumption) may be an indirect benefit but is not a core objective.

Comprehensive and Detailed In-Depth Explanation:

The audit schedule provides a structured timeline of activities to be conducted during the audit.

Clause References:

ISO 19011:2018, Clause 6.4.2 – Preparing the Audit Plan:

Requires the development of an audit schedule, including the sequence and timing of activities.

ISO/IEC 17021-1:2015, Clause 9.1.3 – Audit Program:

Certification bodies must establish a schedule for conducting audits.

Why is the Correct Answer C?

The audit schedule ensures systematic execution of the audit by defining activities, responsible auditors, and timeframes.

A well-planned schedule improves efficiency and helps auditors cover all necessary areas within the given time.

Why are the Other Options Incorrect?

A (Audit objectives) → Define why the audit is conducted, not the schedule.

B (Audit criteria) → Define the standards and requirements to be evaluated, not the timeline.

D (Audit offer) → Refers to the initial proposal sent to the auditee, not the activity timeline.

According to the ISO 9001:2015 standard, clause 6.2.1 requires organizations to establish quality objectives at relevant functions, levels, and processes needed for the quality management system. The quality objectives must be consistent with the quality policy and the strategic direction of the organization. The quality objectives must also be measurable, monitored, communicated, and updated as appropriate.

In this scenario, the Quality Manager of XYZ Corporation has set quality objectives for every employee in the organization except top management. This has created a lot of resistance to the QMS, and the Chief Executive is asking questions about the cost and the method of setting objectives. The Quality Manager asks for your opinion as an auditor on whether this is the correct method of setting objectives.

As an auditor, you cannot provide advice to the organization on how it should operate its QMS. Your role is to assess the conformity and effectiveness of the QMS against the requirements of the standard and the organization’s own policies and objectives. Therefore, you should respond with the following options:

B. Advise the Quality Manager to read the ISO 9001 standard and interpret in relation to the organization’s requirements: You can suggest that the Quality Manager should familiarize himself with the requirements of clause 6.2.1 and understand how they apply to his organization. He should also consider the context and the needs and expectations of interested parties when setting quality objectives. He should ensure that the quality objectives are aligned with the quality policy and the strategic direction of the organization.

C. Advise the Quality Manager that you will raise an opportunity for improvement if the quality objectives are not addressed properly: You can inform the Quality Manager that you will evaluate the quality objectives during the audit and check whether they meet the requirements of clause 6.2.1. If you find any gaps or weaknesses in the quality objectives, you will raise an opportunity for improvement to help the organization improve its QMS. You will also verify whether the quality objectives are monitored, communicated, and updated as appropriate.

D. Inform the Quality Manager that you will comment on the subject in your audit report: You can inform the Quality Manager that you will document your findings and observations on the quality objectives in your audit report. You will also provide a summary of the audit results and any recommendations for improvement. You will also indicate the level of conformity and effectiveness of the QMS.

These three options would help you to maintain your impartiality and professionalism as an auditor and to provide constructive feedback to the organization

Sequence:

Stage 1 Audit

Stage 2 Opening Meeting

Interviews

Stage 2 Closing Meeting

Close-out of Stage 2 Audit Findings

Issue Certificate

Surveillance Audit

Follow-up Audit

To complete the sequence, you can drag and drop the options to the appropriate blank section.

Here is a brief explanation of each step:

Stage 1 Audit: This is the initial audit that aims to assess the readiness of the organization for the stage 2 audit. It involves reviewing the documentation of the quality management system, evaluating the scope and objectives of the audit, and identifying any major gaps or nonconformities34.

Stage 2 Opening Meeting: This is the meeting that marks the start of the stage 2 audit. It involves confirming the audit plan, the audit criteria, the audit scope, and the audit team. It also provides an opportunity for the auditee to ask any questions or raise any concerns34.

Interviews: This is the main activity of the stage 2 audit, where the audit team collects evidence by interviewing the personnel involved in the quality management system, observing the processes and activities, and examining the records and documents. The audit team uses various techniques, such as sampling, measurement, analysis, and evaluation, to verify the conformity and effectiveness of the quality management system345.

Stage 2 Closing Meeting: This is the meeting that marks the end of the stage 2 audit. It involves presenting the audit findings, the audit conclusions, and the audit report to the auditee. It also provides an opportunity for the auditee to provide feedback, ask questions, or dispute any findings34.

Close-out of Stage 2 Audit Findings: This is the process of verifying that the auditee has taken appropriate corrective actions to address any nonconformities or opportunities for improvement identified during the stage 2 audit. The audit team may request evidence or conduct a follow-up visit to confirm the effectiveness of the corrective actions34.

Issue Certificate: This is the process of issuing a certificate of conformity to the auditee, if the audit team is satisfied that the quality management system meets the requirements of the standard and that there are no major nonconformities or unresolved issues. The certificate is valid for a specified period, usually three years, and is subject to periodic surveillance audits34.

Surveillance Audit: This is the process of conducting periodic audits, usually once a year, to monitor the continued conformity and effectiveness of the quality management system. It involves reviewing the changes, improvements, and performance of the quality management system, and identifying any new nonconformities or opportunities for improvement34.

Follow-up Audit: This is the process of conducting an additional audit, usually in response to a significant change, a complaint, or a major nonconformity, to verify the impact and the corrective actions taken by the auditee. It may result in the suspension, withdrawal, or renewal of the certificate, depending on the outcome of the audit34.

According to ISO 19011:2018, clause 6.3, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the information listed in my previous response, such as the audit objectives, scope, criteria, schedule, team, methods, report, etc. The audit plan should be prepared and completed prior to the on-site audit, and should be communicated to the audit team and the auditee1.

According to ISO 19011:2018, clause 6.4.3, the checklist / prompts are documents that list the questions or topics that need to be covered during an audit. The checklist / prompts can help the auditor to collect and verify information relevant to the audit criteria, and to ensure the consistency and completeness of the audit. The checklist / prompts should be prepared and completed prior to the on-site audit, and should be based on the audit plan and the audit scope and objectives1.

Therefore, the two documents that an auditor needs to prepare and complete prior to the on-site audit are B and D, as they are essential for planning and conducting the audit. The other options are not correct, as they are either prepared or completed after the on-site audit, or not required by the standard:

•A. Audit Report: The audit report is a document that provides a complete, accurate, concise, and clear record of the audit. The audit report should include the information listed in my previous response, such as the audit objectives, scope, criteria, findings, conclusions, etc. The audit report should be prepared and completed after the on-site audit, and should be distributed to the audit client and the auditee1.

•C. Procedures: Procedures are documents that specify the way activities are to be performed. Procedures may be part of the audit criteria, if they are part of the organization’s management system, or part of the audit programme, if they are part of the certification body’s or registrar’s requirements. Procedures are not prepared or completed by the auditor prior to the on-site audit, but rather reviewed or followed by the auditor during the audit1.

•E. Risk Matrices: Risk matrices are tools that help to assess and prioritize the risks and opportunities associated with the audit programme or the audit. Risk matrices may be part of the audit programme management, if they are used to determine and evaluate the audit programme risks and opportunities, or part of the audit preparation, if they are used to determine and evaluate the audit risks and opportunities. Risk matrices are not prepared or completed by the auditor prior to the on-site audit, but rather used or updated by the auditor during the audit programme management or the audit preparation1.

•F. Findings: Findings are the results of the evaluation of the collected audit evidence against the audit criteria. Findings can indicate either conformity or nonconformity, as well as positive aspects or opportunities for improvement. Findings are not prepared or completed by the auditor prior to the on-site audit, but rather generated and recorded by the auditor during the audit activities1.