ISO-9001-Lead-Auditor Sample Questions Answers

According to the ISO 9001:2015 document, the key expected results of a quality management system that conforms to the requirements of ISO 9001:2015 are:

•the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements;

•the enhancement of customer satisfaction.

These results are derived from the quality management principles of customer focus and process approach, which are the basis of the ISO 9000 family of standards1. Customer focus means understanding and meeting customer needs and expectations, as well as exceeding them when possible1. Process approach means managing activities as interrelated processes that function as a coherent system, which leads to consistent and predictable results1.

Therefore, the correct answer is C and F.

References: 2: ISO 9001:2015 - Quality management systems — Requirements 1: ISO - Quality management principles

The quality system failed to control the laundry services provided for customers in five shops. The equipment used was not capable of consistently producing the required service.

Quality management principles:

Customer focus = Increased revenue and market share

Engagement of people = Enhanced trust and collaboration throughout the organisation

Improvement = Enhanced drive for innovation

Evidence-based decision-making = Increased ability to demonstrate effectiveness of past actions

According to the Quality management principles document published by ISO, each quality management principle has a statement, a rationale, key benefits, and actions you can take to apply it. Based on these descriptions, the potential benefits can be matched to the corresponding principles as follows:

• Customer focus: The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. The key benefits of this principle include increased customer value, customer satisfaction, customer loyalty, repeat business, reputation, customer base, revenue and market share.
• Engagement of people: Competent, empowered and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value. The key benefits of this principle include improved understanding of the organization’s objectives and values, increased involvement in improvement activities, enhanced personal development, increased motivation and empowerment, enhanced trust and collaboration, and increased recognition and rewards.
• Improvement: Successful organizations have an ongoing focus on improvement. The key benefits of this principle include improved organizational capabilities, alignment of improvement activities at all levels, increased ability to anticipate and react to opportunities and threats, enhanced drive for innovation, and increased levels of satisfaction.
• Evidence-based decision-making: Decisions based on the analysis and evaluation of data and information are more likely to produce desired results. The key benefits of this principle include improved decision-making processes, increased ability to demonstrate the effectiveness of past decisions, increased ability to review, challenge and change opinions and decisions, and increased ability to improve performance.

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, correction is defined as “action to eliminate a detected nonconformity”. A nonconformity is defined as “non-fulfilment of a requirement”. Therefore, the process of modifying a non-conforming product to bring it within acceptance criteria is a correction, as it eliminates the non-fulfilment of the product specification. The other options are not correct, as they have different definitions and purposes:

•Concession: permission to release or use a nonconforming product, service or process

•Corrective action: action to eliminate the cause of a nonconformity and to prevent recurrence

•Preventive action: action to eliminate the cause of a potential nonconformity or other undesirable potential situation

References: ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, ISO 9001 nonconforming product: How to understand dispositions - Advisera

Table

Statement

First-party audits

Second-party audits

Third-party audits

The audit scope is typically determined by the organisation being audited.

Yes

No

No

The outcome of the audit is typically certification to a recognised standard.

No

No

Yes

The audit scope is typically confined to service/product provision capability.

No

Yes

No

Here is a brief explanation of each statement:

• The audit scope is typically determined by the organisation being audited: This statement applies to first-party audits, also known as internal audits, where the organisation audits its own processes and activities to ensure conformity and improvement1. The organisation can decide the scope of the audit based on its own needs and objectives2. This statement does not apply to second-party audits, where the customer audits the supplier, or third-party audits, where an independent body audits the organisation. In these cases, the audit scope is determined by the customer or the certification body, respectively34.
• The outcome of the audit is typically certification to a recognised standard: This statement applies to third-party audits, where an independent body audits the organisation to verify that it meets the requirements of a specific standard, such as ISO 9001, and issues a certificate of conformity if the audit is successful34. This statement does not apply to first-party audits or second-party audits, where the outcome of the audit is not certification, but rather self-improvement or supplier qualification13.
• The audit scope is typically confined to service/product provision capability: This statement applies to second-party audits, where the customer audits the supplier to ensure that they are meeting the requirements specified in the contract, such as service or product quality, delivery, or performance34. The audit scope is usually focused on the specific aspects of the service or product that are of interest to the customer3. This statement does not apply to first-party audits or third-party audits, where the audit scope is broader and covers the entire quality management system or the relevant clauses of the standard14.

According to the ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities1, an improvement opportunity is a suggestion made by the auditor for the auditee to consider that, if implemented, may enhance the performance of the QMS. Improvement opportunities are not mandatory, but they should be based on objective evidence and aligned with the audit criteria and objectives. Improvement opportunities should also be realistic, feasible, and beneficial for the auditee. In this case, the evidence statements that represent acceptable improvement opportunities in the report are A, C, and E, because they address the potential causes and effects of the spelling errors in the print run, and propose possible actions that may improve the quality of the products and services, and the effectiveness of the QMS. These options are consistent with the requirements and principles of ISO 9001, such as clause 6.1 on actions to address risks and opportunities, clause 8.1 on operational planning and control, clause 8.5.1 on control of production and service provision, and clause 10.2 on nonconformity and corrective action. The other options are not appropriate improvement opportunities, because they are either irrelevant, unrealistic, or unhelpful for the auditee. For example, option B may contradict the audit objective and scope, option D may imply a lack of auditor competence or impartiality, option F may not address the root cause of the problem, option G may not be applicable or effective, and option H may not be feasible or justified. References: ISO 9001 Auditing Practices Group Guidance on Improvement Opportunities, ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Audit Evidence

A screenshot of a computer Description automatically generated

Evaluate the effectiveness of the management system: This objective involves verifying that the quality management system meets the requirements of a specific standard, such as ISO 9001:2015, and that it achieves the intended results and outcomes. The audit team will collect and analyse audit evidence to determine the degree of conformity and performance of the quality management system23.

•Evaluate the capability of the management system to establish and achieve objectives: This objective involves verifying that the quality management system supports the strategic direction and policies of the organization, and that it addresses the needs and expectations of the interested parties. The audit team will assess the suitability, adequacy, and alignment of the quality management system objectives, and the effectiveness of the planning and implementation processes to achieve them23.

The other options are not the most relevant objectives of a third-party audit, according to the web search results from my internal tool. They may be related to other aspects or types of audits, but they are not the focus of a third-party audit.

Therefore, the correct answer is B and D.

References: 1: Safeguarding Your Business: The Power of Third-Party Security Audits 2: ISO 19011:2018 - Guidelines for auditing management systems 3: Third Party Audit – QMSGurus.com

According to ISO 9001:2015, clause 4.3, the organization is required to determine the scope of its quality management system (QMS) by considering the external and internal issues referred to in clause 4.1. Clause 4.1 requires the organization to determine the external and internal issues that are relevant to its purpose and strategic direction, and that affect its ability to achieve the intended results of its QMS. These issues can include positive and negative factors or conditions for consideration, such as legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local. The organization is also required to monitor and review these issues.

Therefore, the correct answer is C, as external issues of the organization’s context are one of the factors that must be considered when determining the scope of the QMS. The other options are either not directly related to the scope of the QMS, or are not explicitly mentioned in clause 4.3.

References:

• ISO 9001:2015(en), Quality management systems — Requirements, clause 4.1 and 4.3
• ISO 9001:2015 – How to determine the scope of your QMS - Advisera, section “Considerations for determining the scope of the QMS in ISO 9001”
• ISO 9001 Lead Auditor Training Course | IRCA Certified | BSI, section “Learning objectives”
• ISO 9001 Lead Auditor Course Material | 3FOLD Education Centre, module 4

Comprehensive and Detailed Explanation: = According to the web search results from my internal tool, a witness audit is a technique used during an accreditation audit, where the accreditation body observes the performance and competence of the certification body auditors in conducting an audit12. A witness audit can also be used by a certification body to monitor and evaluate its own auditors3. During a witness audit, the following roles can be defined:

•An auditor: This is the person who is being witnessed by the accreditation body or the certification body. The auditor is responsible for conducting the audit according to the audit plan, criteria, and standards, and for providing audit evidence and findings123.

•An assessor for the accreditation body: This is the person who witnesses the auditor on behalf of the accreditation body. The assessor is responsible for evaluating the auditor’s performance and competence, and for providing feedback and recommendations to the accreditation body123.

The other options are not defined as witnesses during a witness audit, according to the web search results from my internal tool. They are:

•Someone with a qualification from the certification body: This is not a specific role in a witness audit, as anyone who is involved in the audit process should have a qualification from the certification body. Moreover, having a qualification does not necessarily mean that the person is a witness or an auditor4.

•An existing member of the audit team: This is not a specific role in a witness audit, as the audit team consists of the auditors who are conducting the audit, not the ones who are witnessing it. The witness audit is a separate activity from the audit itself, and the witness should not interfere with the audit process or influence the audit outcome123.

Therefore, the correct answer is B and D.

References: 1: DQS Inc. | Witness Audits | Auditor Training 2: Have you ever been involved with a witness audit? - IFSQN 3: Certac - Witness Audit of Certification Bodies 4: ISO 19011:2018 - Guidelines for auditing management systems

According to ISO 19011:2018, clause 3.2, audit criteria are a set of policies, procedures or requirements used as a reference against which objective evidence is compared. Audit criteria are usually selected by the audit client or by agreement between the audit client and the auditee, and they should be appropriate for the audit scope and objectives1. Audit criteria may include, but are not limited to, the following sources2:

•ISO management system standards, such as ISO 9001, ISO 14001, ISO 45001, etc.

•Verbal statements by the general manager or other top management, as long as they are consistent with the documented policies and objectives of the organisation

•Verbal agreements with interested parties, such as customers, suppliers, regulators, etc., as long as they are documented and approved by the relevant authorities

•Health and safety notices, such as posters, signs, labels, etc., that communicate the organisation’s legal obligations, policies, or procedures

•Written agreements with interested parties, such as contracts, orders, specifications, etc., that define the requirements and expectations of the parties involved

•Organisation’s documented information, such as policies, procedures, manuals, records, etc., that describe the organisation’s management system and its processes

•Commitment to follow principles issued by an NGO, such as the United Nations Global Compact, the International Labour Organization, etc., as long as they are relevant to the organisation’s context and objectives

•Environmental aspects register, such as a list of the environmental impacts and risks associated with the organisation’s activities, products, and services

Therefore, the two options that are not potential audit criteria are F and H, as they are not reliable or verifiable sources of information, and they may not reflect the actual performance or conformity of the organisation’s management system. Commercial advertisements and claims made on the organisation’s website are forms of marketing communication that may be exaggerated, misleading, or inaccurate, and they are not subject to the same level of scrutiny or approval as the other sources of audit criteria.

References: ISO 19011:2018(en), Guidelines for auditing management systems, What are audit criteria? - ISO Update

According to the ISO 9001:2015 document, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system1. However, among the six options given, only effectiveness is directly mentioned as an aspect of the quality management system that must be continually improved. Therefore, C is one of the correct answers.

Efficiency, on the other hand, is not explicitly stated as an aspect of the quality management system that must be continually improved, but it is implied by the quality management principle of improvement, which states that successful organisations have an ongoing focus on improvement2. One of the key benefits of applying this principle is improving operational effectiveness and efficiency2. Therefore, E is another correct answer.

Suitability, adaptability, responsiveness, and applicability are not aspects of the quality management system that must be continually improved, according to the ISO 9001:2015 document. They may be related to the quality management system, but they are not the focus of continual improvement.

Therefore, the correct answer is C and E.

References: 1: ISO 9001:2015 - Quality management systems — Requirements 2: ISO - Quality management principles

According to the definition in ISO 9000, a nonconformity is “non-fulfillment of a requirement”. There are three parts to a well-documented nonconformity: the audit evidence to support auditor findings; a record of the requirement against which the nonconformity is detected; and the statement of nonconformity1. In this case, the audit evidence is the dispatch records that show the same batch number of the product being delivered by two different trucks at different times. The requirement is the procedure P-02 Rev.3 that says that trucks should carry a complete batch. The statement of nonconformity is that the batch 33555 was delivered split in two different trucks (011 and 025), which does not conform to the procedure. Therefore, option C best describes the identified nonconformity, as it includes all three parts of a well-documented nonconformity. Option A is not correct, as it does not state the audit evidence or the requirement. Option B is not correct, as it does not specify the audit evidence or the statement of nonconformity. Option D is not correct, as it does not match the audit evidence or the requirement. References: 1: ISO 9001 Auditing Practices Group Guidance on Nonconformity - Documenting.

Match the process descriptions below to the process names:

The process by which the accuracy of test equipment is checked against a known standard. = Calibration

The process by which a product or service is visually examined to determine conformity to requirements. = Evaluation

The process by which data is examined in detail to reach a specific answer or answers. = Analysis

The process by which a parameter of a product or service is examined to determine a specific value. = Measurement

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, the definitions of the process names are as follows:

• Calibration: operation that, under specified conditions, in a first step, establishes a relation between the quantity values with measurement uncertainties provided by measurement standards and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication.
• Evaluation: determination of the suitability, adequacy or effectiveness of an object to achieve established objectives.
• Analysis: detailed examination of the elements or structure of something.
• Measurement: process to experimentally obtain one or more quantity values that can reasonably be attributed to a quantity.

Therefore, the process descriptions can be matched to the process names based on these definitions.

References:

ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary

According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements. To do so, the organization should:

•Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently.

•Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed.

•Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved.

•Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely.

•Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed.

In this case, the evidence statements that demonstrate a nonconformity with clause 8.4 are A and C, because they show that the organization did not retain documented information of the selection and evaluation of the external provider, and the monitoring of the external provider’s performance. These are requirements of the standard and essential for ensuring the quality of the externally provided processes, products, and services. The other options are not directly related to clause 8.4, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option B may relate to clause 7.1.3 on contingency planning, option D may relate to clause 8.2.3 on review of requirements, option E may relate to clause 8.6 on release of products and services, and option F may relate to clause 5.1.1 on leadership and commitment. References: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Scope], Mastering the Scope of ISO 9001 Quality Management Systems