ISO-9001-Lead-Auditor Exam Dumps - PECB ISO 9001 Questions and Answers

Comprehensive and Detailed In-Depth Explanation:

Audit risks are categorized into different types based on where failures may occur in the QMS audit process.

Clause References:

ISO 19011:2018, Clause 6.3 – Managing Audit Risk: Defines different audit risks, including control risk.

Why is the Correct Answer A?

Control risk occurs when internal controls fail to prevent or detect nonconformities.

Even if controls exist, the risk remains if the QMS fails to identify or correct defects.

Why are the Other Options Incorrect?

B (Inherent risk) → This refers to risks naturally present in processes, even before controls are applied.

C (Detection risk) → This is the risk that an auditor fails to detect nonconformities.

D (Operational risk) → This refers to risks related to day-to-day business operations, not QMS audits.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires specific roles and responsibilities for audit leaders and certification bodies.

Clause References:

ISO 19011:2018, Clause 5.5 – Conducting the Audit: Defines audit team leader responsibilities.

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning: Defines certification body responsibilities, including the certification agreement.

Why is the Correct Answer D?

The certification agreement is signed between the certification body and the auditee (TD Advertising).

Anne (audit team leader) does NOT have authority to sign the agreement—that is the responsibility of the certification body’s management.

Why are the Other Options Incorrect?

A (Establishing audit criteria and objectives) → Correct responsibility of the audit leader as per ISO 19011.

B (Determining audit feasibility) → Audit leaders assess feasibility but do not sign agreements.

C (Assigning responsibilities for the audit team) → This is part of the audit leader’s role in planning audits.

A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited1. The purpose of a first-party audit is to assess the conformity of the organization’s quality management system to the requirements of ISO 9001 and to identify opportunities for improvement2. Therefore, the two auditors who would not participate in a first-party audit are:

•A. An auditor employed by an external consultancy organization: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit (if the external consultancy organization is a customer or supplier of the organization being audited) or a third-party audit (if the external consultancy organization is a certification body or registrar).

•F. An auditor from a customer: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit, as a customer is an interested party that has specific requirements for the organization being audited.

The other options are not correct, as they could participate in a first-party audit, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited:

•B. An auditor from an interested party: This auditor could be a first-party auditor, as long as the interested party is within the organization being audited. For example, an auditor from the finance department could audit the production department, as long as they are not involved in the production process or affected by its outcomes.

•C. An auditor trained in-house: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The source of the auditor’s training is not relevant for determining the type of audit, as long as the auditor is competent and qualified to perform the audit.

•D. An auditor trained in the IRCA scheme: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The IRCA scheme is a professional certification scheme for auditors of management systems, which provides recognition of the auditor’s competence and credibility3. However, being trained in the IRCA scheme does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.

•E. An auditor certified by IRCA: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. Being certified by IRCA means that the auditor has met the requirements of the IRCA scheme and has demonstrated their competence and credibility as an auditor of management systems3. However, being certified by IRCA does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.

According to ISO 19011:2018, clause 6.3.3, the audit plan should be reviewed and revised as necessary to address changes that occur during the audit planning. The audit plan should be agreed upon, preferably in writing, by the audit team leader, the audit client and the auditee1. Therefore, if there is a significant change in the auditee’s situation, such as the cancellation of all orders for the next week, the audit plan should be reviewed and revised accordingly, with the agreement of all parties involved.

According to ISO/IEC 17021-1:2015, clause 9.1.4, the certification body should have a process to ensure that the audit team has the competence to achieve the audit objectives, and that the audit methods are appropriate for the scope and complexity of the audit. The certification body should also have a process to ensure that the audit is conducted under reasonable conditions and within a reasonable time frame2. Therefore, if there is a risk that the audit objectives cannot be achieved, or that the audit methods are not suitable, due to the change in the auditee’s situation, the certification body should be consulted and informed on how to proceed with the audit.

Therefore, the best action to take is B, ask the certification body you work for how to proceed with the audit. This action will ensure that the audit plan is revised and agreed upon by all parties, and that the audit team has the competence and the methods to conduct the audit effectively and efficiently. The other options are not correct, as they may compromise the quality and validity of the audit:

•A. Start the audit on Monday at ABC’s as planned, interviewing the functions that regularly work at the central office, and plan visits to ABC customers wherever they may be working during the following week: This action may not be feasible or acceptable, as it may extend the audit duration and cost beyond the agreed terms, and it may not provide sufficient and appropriate audit evidence to verify the conformity and effectiveness of the auditee’s processes. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•C. Start the audit on Monday as planned, interviewing the functions that regularly work at the central office, and visit another customer’s premises they cleaned the week before: This action may not be relevant or reliable, as it may not reflect the current performance and condition of the auditee’s processes. The audit evidence collected from the previous customer may not be valid or representative of the audit criteria, and it may not address the risks and opportunities associated with the auditee’s context and objectives. Moreover, this action may not be agreed upon by the audit client and the auditee, and it may not be approved by the certification body.

•D. Complete the audit but ask the quality manager to clean some windows at the ABC’s office, simulating the process they carry out at customers’ premises: This action may not be objective or impartial, as it may introduce bias and influence in the audit process. The audit evidence collected from the simulated process may not be accurate or authentic, and it may not demonstrate the actual capability and effectiveness of the auditee’s processes. Moreover, this action may not be ethical or professional, as it may compromise the integrity and credibility of the audit and the certification.

The activities that are specifically required by ISO 17021-1 as part of third-party (Certification Body) surveillance audit processes are:

•Option A: Audit use of certification marks on marketing materials. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to audit the client’s use of marks and/or any other reference to certification, as applicable, to ensure conformity with the certification requirements.

•Option B: Review changes to the QMS since last visit. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review any changes affecting the client’s quality management system and its ability to continue to fulfil the requirements of the standard used for certification.

•Option C: Confirm effectiveness of internal audit and management review. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to confirm the continuing effectiveness of the client’s quality management system, including the effectiveness of the internal audit and management review processes.

•Option F: Review the status of previously raised findings and audit effectiveness of any outstanding findings. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review the status of findings and any corrective actions taken by the client in response to previous audits, and to verify the effectiveness of the implemented corrective actions.

•Option H: Verify legal compliance. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to verify the client’s compliance with applicable statutory and regulatory requirements related to the scope of certification.

•Option I: Handling of customer complaints since last visit. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review the client’s handling of customer complaints related to the certified activities since the last audit.

The following options are not correct:

•Option D: Complete a full document review of the quality management system. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to complete a full document review of the quality management system during surveillance audits. A full document review is only required during the initial certification audit or when there are significant changes to the quality management system or the certification requirements.

•Option E: Failing to meet financial responsibilities. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to audit the client’s financial responsibilities during surveillance audits. The certification body may have contractual arrangements with the client regarding the payment of fees, but this is not part of the surveillance audit process.

•Option G: Review the calibration status of the instrumentation. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to review the calibration status of the instrumentation during surveillance audits. The certification body may audit the client’s monitoring and measuring resources as part of the quality management system requirements, but this is not a specific activity required by ISO 17021-1.

•Option J: Conduct a minimum number of annual surveillance audits during the certification period. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to conduct a minimum number of annual surveillance audits during the certification period. The certification body may determine the frequency and duration of surveillance audits based on the risk and performance of the client, but this is not a specific activity required by ISO 17021-1.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.8 (Audit Reporting):

The audit report must be submitted to the certification body regardless of corrective actions.

Corrective actions are reviewed after the audit, but the audit process should not be delayed.

Certification decisions should be made based on the audit findings and evidence, not pending corrective actions.

Thus, delaying audit activities until corrective actions are submitted is not acceptable.

A Stage 1 audit is a preliminary assessment to evaluate the readiness of the organisation for the Stage 2 certification audit. The audit scope is defined by the audit client and the certification body based on the application and the contract. If the organisation wants to include a new work area that was not part of the original scope, the auditor should advise the Quality Manager that an extension of the scope is possible but will have to go through established procedures, such as submitting a formal request, providing relevant information, and paying additional fees. The auditor should also suggest that the Quality Manager will advise the programme manager, who is responsible for managing the audit programme, that the audit scope should be revised to include the new work area. The programme manager will then decide whether to approve or reject the request, and communicate the decision to the auditor and the Quality Manager. The auditor should not proceed with the audit of the new work area without the approval of the programme manager and the confirmation of the audit scope. 1234 References:

1: ISO 19011:2018 - Guidelines for auditing management systems

2: ISO 9001 Certification Audits | Stage 1 and Stage 2 - 9001. Simplified

3: What is the difference between Stage 1 and Stage 2 Audits? - ISO Update

4: Getting Certified to ISO 9001 - the Stage 1 Audit

•

Reviews the client’s management system documented information: This activity involves checking the documentation of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team also evaluates the client’s understanding and implementation of the standard, and identifies any gaps or nonconformities that need to be addressed before the Stage 2 audit123.

•Reviews the processes with high level of risk: This activity involves assessing the processes that have a significant impact on the quality of the products or services, or that pose a high risk of nonconformity or customer dissatisfaction123. The audit team also verifies the client’s risk management approach, and evaluates the effectiveness of the controls and actions taken to mitigate the risks123.

The other options are not statements that are true for the Stage 1 audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.

Therefore, the correct answer is D and G.

Comprehensive and Detailed In-Depth Explanation:

Clause References:

ISO 19011:2018 (Guidelines for Auditing Management Systems), Clause 5.3 – Establishing the Audit Objectives

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning

Why is the Correct Answer C?

Audit objectives must be clearly defined in the audit offer to ensure that the scope, criteria, and purpose are agreed upon in advance.

ISO/IEC 17021-1:2015 (which governs certification bodies) requires that audit objectives be established before the audit begins to ensure transparency and effectiveness.

Sending audit objectives after an agreement has been reached could lead to misalignment between the auditee’s expectations and the audit’s purpose.

Why are the Other Options Incorrect?

A (Audit objectives should be known only after agreement) → Incorrect because objectives must be pre-defined in the audit offer.

B (Only the auditee should know the objectives) → Incorrect because both the auditor and auditee must align on objectives.

D (Approval from the lead auditor is sufficient) → Incorrect because audit planning follows formal procedures defined by ISO/IEC 17021-1.