Comprehensive and Detailed In-Depth Explanation:

A horizontal audit examines one process across multiple departments to assess consistency.

Thus, A is the correct answer.

When conducting a third-party audit to ISO 9001, especially in the context of training and corrective actions taken due to customer complaints, the most appropriate audit trails to follow would be:

A. Ask if customer complaints had ceased since the multi-skilled training finished. This audit trail is relevant because it directly relates to the effectiveness of the corrective action taken. If customer complaints have decreased or ceased, it could indicate that the additional training was effective1.

F. Review records to assess if all planned training has been completed. This trail is important to ensure that the training plan has been fully implemented and to verify that all staff members have received the necessary training. It also helps in assessing the adequacy of the training in terms of content, frequency, and outcomes1.

These two trails, A and F, are closely linked to the issue of customer complaints and the organization’s response to them. They provide insight into whether the actions taken were suitable and whether they have led to improvements in staff performance and customer satisfaction1. The other options, while potentially useful, do not directly address the immediate concern of the effectiveness of the corrective actions taken in response to the customer complaints1.

In this scenario, the organization has set a quality objective of achieving a 90% minimum exam pass rate for all courses. The auditor’s task is to assess whether this objective is being monitored effectively and if appropriate actions are taken when the objective is not met.

B. You would determine how the exam pass rate figures were analysed: ISO 9001:2015, particularly Clause 9.1 (Monitoring, measurement, analysis, and evaluation), requires organizations to evaluate performance data. The auditor should verify how the organization analyses the pass rate data to ensure trends are identified, and corrective actions are planned based on this analysis.

D. You would determine what corrective action was being taken to address the low pass rates: When performance falls short of the objective, as seen with Course 4 (where the pass rate is below 90% in all months), Clause 10.2 (Nonconformity and corrective action) requires organizations to take corrective actions to address issues. The auditor would need to check if corrective actions have been initiated to address consistently low pass rates.

Statements A, C, E, and F do not directly address the monitoring and corrective action required under ISO 9001:2015 in this context​​.

In a third-party certification audit, auditors are responsible for maintaining confidentiality as part of their professional duties. Here’s how they can demonstrate it:

A. Adhere to the CQI Professional Code of Conduct: The CQI (Chartered Quality Institute) Code of Conduct outlines ethical principles, including confidentiality. Auditors must adhere to professional standards, ensuring sensitive information is protected and not disclosed improperly.

B. Confirm the confidentiality arrangements with the auditee regarding the use of mobile devices/cameras: Before using mobile devices or cameras, auditors must seek explicit permission from the auditee and agree on confidentiality terms, preventing unauthorized recording or sharing of sensitive information.

Options C, D, and E involve breaching confidentiality and are not acceptable practices in an ISO 9001:2015 certification audit. Sharing sensitive information, removing evidence without consent, or discussing it with unauthorized parties violates audit principles and the standard's confidentiality requirements​.

According to ISO 9001:2015, clause 8.4, an organization is required to control the processes, products and services provided by external providers, including those that affect the quality of the organization’s own products and services. This includes determining the controls to be applied to the external provision of processes, products and services, as well as the information to be communicated to the external providers. The organization is also required to monitor, measure, and evaluate the performance of the external providers and retain documented information of these activities.

Therefore, in the scenario given, ABC Ltd is responsible for controlling the processes, products and services provided by Teak Ltd, as they affect the quality of ABC Ltd’s own products and services. This means that ABC Ltd should have established criteria and methods for evaluating the performance of Teak Ltd, as well as documented information of the results of such evaluation. ABC Ltd should also have defined the supply arrangements with Teak Ltd, including the specifications, requirements, and verification activities related to the products and services provided by Teak Ltd.

Hence, the best options to describe how to plan the audit of the interrelationship with Teak Ltd during the Stage 2 audit at ABC Ltd are A and D, as they are aligned with the requirements of ISO 9001:2015, clause 8.4. The other options are either irrelevant or beyond the scope of the audit, as they do not pertain to the control of external provision by ABC Ltd.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.10 (Corrective Actions for Major Nonconformities):

If a major nonconformity is not corrected within six months, the certification body must reject the certification request.

Another Stage 2 audit (C) is not required unless the organization reapplies for certification.

Restarting all audit activities (B) is unnecessary; instead, certification is denied.

Thus, A is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

During communication with top management, the auditor should discuss:

The quality policy (ISO 9001:2015, Clause 5.2.1), ensuring that it is established, communicated, and understood.

Internal audits (ISO 9001:2015, Clause 9.2), verifying that they are planned and effectively implemented.

These discussions help assess leadership commitment and the effectiveness of the QMS.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.4.6 (Conducting Interviews), group interviews should be conducted with at least two auditors to ensure objectivity and accuracy.

This prevents bias or misinterpretation of responses.

It allows for cross-validation of information.

It ensures that the audit results remain objective and impartial.

Since Li Na conducted the group interviews alone, she did not follow audit best practices. The correct approach would have been to have another auditor present during the interviews.

According to ISO 9001:2015, clause 4.1, the organisation must determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended results of its quality management system. The organisation must also monitor and review the information about these issues. SWOT analysis is a tool that can help the organisation to identify its strengths, weaknesses, opportunities, and threats. However, the SWOT analysis alone is not sufficient to comply with the requirement, as the organisation also needs to review the information periodically and update it as necessary. Therefore, one audit trail would be to establish how the organisation reviews information about external and internal issues, such as how often, by whom, using what criteria, and with what results. 123

According to ISO 9001:2015, clause 10.3, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system. The organisation must also consider the results of analysis and evaluation, and the outputs from management review, to determine if there are any needs or opportunities for improvement. SWOT analysis can help the organisation to identify the areas where improvement is needed or possible, such as addressing the weaknesses and threats, or exploiting the strengths and opportunities. However, the SWOT analysis alone is not sufficient to comply with the requirement, as the organisation also needs to take actions to implement the improvement, such as setting objectives, allocating resources, assigning responsibilities, and evaluating the effectiveness. Therefore, another audit trail would be to establish what actions were taken to improve the QMS, such as what, when, by whom, how, and with what results. 124 References:

1: ISO 9001:2015 - Quality management systems — Requirements

2: Advisera, “Context of the organization in ISO 9001:2015 explained”, https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

3: ISO Templates, “ISO 9001 - Clause 4: Context of the organisation explained”, https://resources.iso-templates.com/blog/iso-9001-clause-4-context-of-the-organisation-explained

4: Advisera, “How to implement continual improvement in ISO 9001”, https://advisera.com/9001academy/knowledgebase/how-to-implement-continual-improvement-in-iso-9001/

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.2.2 (Audit Planning):

The audit team leader is responsible for planning the audit and assigning roles.

Top management (A) does not plan the audit, but they provide resources.

While team members may provide input, the leader has the final authority.

Thus, B is the correct answer.

According to ISO 19011:2018, clause 6.3, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the information listed in my previous response, such as the audit objectives, scope, criteria, schedule, team, methods, report, etc. The audit plan should be prepared and completed prior to the on-site audit, and should be communicated to the audit team and the auditee1.

According to ISO 19011:2018, clause 6.4.3, the checklist / prompts are documents that list the questions or topics that need to be covered during an audit. The checklist / prompts can help the auditor to collect and verify information relevant to the audit criteria, and to ensure the consistency and completeness of the audit. The checklist / prompts should be prepared and completed prior to the on-site audit, and should be based on the audit plan and the audit scope and objectives1.

Therefore, the two documents that an auditor needs to prepare and complete prior to the on-site audit are B and D, as they are essential for planning and conducting the audit. The other options are not correct, as they are either prepared or completed after the on-site audit, or not required by the standard:

•A. Audit Report: The audit report is a document that provides a complete, accurate, concise, and clear record of the audit. The audit report should include the information listed in my previous response, such as the audit objectives, scope, criteria, findings, conclusions, etc. The audit report should be prepared and completed after the on-site audit, and should be distributed to the audit client and the auditee1.

•C. Procedures: Procedures are documents that specify the way activities are to be performed. Procedures may be part of the audit criteria, if they are part of the organization’s management system, or part of the audit programme, if they are part of the certification body’s or registrar’s requirements. Procedures are not prepared or completed by the auditor prior to the on-site audit, but rather reviewed or followed by the auditor during the audit1.

•E. Risk Matrices: Risk matrices are tools that help to assess and prioritize the risks and opportunities associated with the audit programme or the audit. Risk matrices may be part of the audit programme management, if they are used to determine and evaluate the audit programme risks and opportunities, or part of the audit preparation, if they are used to determine and evaluate the audit risks and opportunities. Risk matrices are not prepared or completed by the auditor prior to the on-site audit, but rather used or updated by the auditor during the audit programme management or the audit preparation1.

•F. Findings: Findings are the results of the evaluation of the collected audit evidence against the audit criteria. Findings can indicate either conformity or nonconformity, as well as positive aspects or opportunities for improvement. Findings are not prepared or completed by the auditor prior to the on-site audit, but rather generated and recorded by the auditor during the audit activities1.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires specific roles and responsibilities for audit leaders and certification bodies.

Clause References:

ISO 19011:2018, Clause 5.5 – Conducting the Audit: Defines audit team leader responsibilities.

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning: Defines certification body responsibilities, including the certification agreement.

Why is the Correct Answer D?

The certification agreement is signed between the certification body and the auditee (TD Advertising).

Anne (audit team leader) does NOT have authority to sign the agreement—that is the responsibility of the certification body’s management.

Why are the Other Options Incorrect?

A (Establishing audit criteria and objectives) → Correct responsibility of the audit leader as per ISO 19011.

B (Determining audit feasibility) → Audit leaders assess feasibility but do not sign agreements.

C (Assigning responsibilities for the audit team) → This is part of the audit leader’s role in planning audits.

To demonstrate top management’s leadership and commitment with respect to the quality management system, the following four actions would be indicative:

B. Briefing staff on the development of an improvement culture: This shows that top management is actively involved in promoting a culture of continuous improvement, which is a key aspect of the quality management system1.

C. Chairing management review meetings: By leading these meetings, top management demonstrates their involvement in the quality management system’s ongoing performance and commitment to its continual improvement1.

E. Investing time and money in corrective actions arising from nonconformities: This indicates that top management is committed to addressing issues and ensuring that the quality management system is effective and continually improving1.

G. Promoting the importance of following procedures: When top management emphasizes the importance of adherence to procedures, it reinforces the significance of the quality management system and its processes1.

These actions align with the requirements of ISO 9001:2015, which emphasizes the need for top management to take accountability for the effectiveness of the quality management system and to promote a focus on continual improvement and customer satisfaction123. Approving company car budgets, conducting disciplinary meetings, and not attending the audit closing meeting do not directly demonstrate leadership and commitment to the quality management system1.

According to the ISO 9001:2015 standard, clause 10.2 requires organizations to review nonconformities, including any arising from customer complaints, and to take appropriate actions to determine the cause, implement corrections and preventive actions, and verify their effectiveness. The organization must also monitor the effectiveness of the actions taken and make changes if necessary.

In this scenario, the auditee is facing a legal dispute with a customer over damage to an expensive cashmere coat. This is a nonconformity that arises from customer complaint and has a significant impact on customer satisfaction and reputation. Therefore, clause 10.2 applies to this situation.

The best option for how this should be handled by the Quality Management System is B.

B means that the organization should report the situation to the customer with suggested remedial action. This option follows the principle of transparency and accountability, as well as respecting the customer’s rights and expectations. The organization should also investigate the root cause of the damage and prevent it from happening again in other shops or products.

The other options are not appropriate because:

A means that the organization should settle the court case by negotiation with the customer. This option may not be feasible or satisfactory for both parties, especially if there is a large amount of compensation involved or if there are legal implications for other customers.

C means that the organization should make an offer to replace the coat with a new one. This option may not be sufficient or acceptable for both parties, especially if there is evidence of negligence or poor quality on behalf of the organization.

D means that the organization should give an explanation to the customer of what went wrong. This option may not be enough or convincing for both parties, especially if there is no evidence of negligence or poor quality on behalf of the organization.

Non-Conformity Report:

ISO 9001 Clause Number

Nature of Problem

ISO 9001 Requirement That Has Not Been Fulfilled

6.1.1

Several risks and opportunities have not been determined.

"The organization shall consider the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed."

6.1.2 (a)

Actions to address risks and opportunities not planned.

"The organization shall plan actions to address risks and opportunities."

Step-by-Step Reasoning:

Clause 6.1.1 - Determining Risks and Opportunities:

Requirement: The organization must determine risks and opportunities that are relevant to its Quality Management System (QMS). This ensures that the QMS achieves intended results and prevents undesired effects.

Problem Identified: While some risks and opportunities were discussed, the organization did not perform a systematic evaluation of all risks (e.g., health and safety legislation changes, retiring trainers).

Clause 6.1.2 (a) - Planning Actions for Risks and Opportunities:

Requirement: The organization must plan actions to address identified risks and opportunities. These actions should be integrated into the QMS processes to ensure continuous improvement.

Problem Identified: The Quality Systems Manager confirmed that no plans were made to address the risks and opportunities because the Managing Director deemed it unnecessary. This violates the requirement to plan actions.

Correct Options Selected:

Clause 6.1.1 with the nature of the problem as: "Several risks and opportunities have not been determined."

Clause 6.1.2 (a) with the nature of the problem as: "Actions to address risks and opportunities not planned."

ISO 9001 Requirements Not Fulfilled:

For 6.1.1:"The organization shall consider the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed."

For 6.1.2 (a):"The organization shall plan actions to address risks and opportunities."

According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements. To do so, the organization should:

•Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently.

•Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed.

•Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved.

•Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely.

•Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed.

In this case, the evidence statements that demonstrate a nonconformity with clause 8.4 are A and C, because they show that the organization did not retain documented information of the selection and evaluation of the external provider, and the monitoring of the external provider’s performance. These are requirements of the standard and essential for ensuring the quality of the externally provided processes, products, and services. The other options are not directly related to clause 8.4, although they may indicate other nonconformities or weaknesses in the organization’s QMS. For example, option B may relate to clause 7.1.3 on contingency planning, option D may relate to clause 8.2.3 on review of requirements, option E may relate to clause 8.6 on release of products and services, and option F may relate to clause 5.1.1 on leadership and commitment. References: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Scope], Mastering the Scope of ISO 9001 Quality Management Systems

•

Reviews the client’s management system documented information: This activity involves checking the documentation of the quality management system, such as the quality policy, the quality objectives, the scope, the processes, and the procedures, to ensure that they meet the requirements of ISO 9001:2015123. The audit team also evaluates the client’s understanding and implementation of the standard, and identifies any gaps or nonconformities that need to be addressed before the Stage 2 audit123.

•Reviews the processes with high level of risk: This activity involves assessing the processes that have a significant impact on the quality of the products or services, or that pose a high risk of nonconformity or customer dissatisfaction123. The audit team also verifies the client’s risk management approach, and evaluates the effectiveness of the controls and actions taken to mitigate the risks123.

The other options are not statements that are true for the Stage 1 audit, according to the web search results from my internal tool. They may be related to other stages or types of audits, but they are not the focus of the Stage 1 audit.

Therefore, the correct answer is D and G.

Comprehensive and Detailed In-Depth Explanation:

Auditors must have competence in risk-based auditing to effectively assess an organization’s QMS performance and compliance.

Clause References:

ISO 19011:2018, Clause 7.2.3 – Determining Auditor Competence:

Auditors must have knowledge of risk-based thinking to assess risk impact on processes.

ISO 9001:2015, Clause 0.3.3 – Risk-Based Thinking:

The standard emphasizes proactive risk management, which auditors must understand.

Why is the Correct Answer B?

Risk-based auditing ensures audits focus on high-risk areas, improving audit effectiveness.

Auditors must assess how organizations apply risk-based thinking in decision-making, process control, and improvement.

Why are the Other Options Incorrect?

A (Industry knowledge) → While helpful, it is not mandatory for all auditors.

C (Expertise in all domains) → Auditors are not required to be experts in all areas, just in audit methodology.

D (Formal degree in quality management) → ISO does not require a formal degree, just competence in audit principles and methods.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 5.5 (Determining Audit Team Competence), technical experts:

Provide specialized knowledge in an audit.

Must operate under the supervision of an auditor to ensure compliance with audit protocols.

Cannot work independently or under the auditee’s supervision, as they are not responsible for the audit's findings.

The audit team leader has overall responsibility, but technical experts are supervised by an auditor during the audit process.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 5.1 (Impartiality):

Internal auditors must not audit areas where they have direct responsibilities to avoid conflicts of interest.

Outsourcing (C) is not required, as long as impartiality is maintained internally.

Thus, B is the correct answer.

In the context of ISO 9001:2015 audits, it is the audit team leader who holds the responsibility for assigning work to the audit team. According to ISO 19011:2018 (Guidelines for auditing management systems, which complements ISO 9001:2015), the audit team leader is responsible for the organization and direction of the audit, including assigning specific roles and responsibilities to audit team members. This includes preparation of the audit plan, leading the audit, and ensuring that each team member understands their tasks.

Here is the correct matching of ISO 9001:2015 clauses to the steps mentioned in the change management process:

We identified risks and opportunities and fed these into our risk management processes.

Clause 6.1 (Actions to address risks and opportunities)

We found a suitable supplier.

Clause 8.4 (Control of externally provided processes, products, and services)

We monitored customer feedback and noticed an increase in negative feedback about lead times.

Clause 9.1.2 (Customer satisfaction)

We put together a plan for implementation.

Clause 6.2.2 (Planning to achieve quality objectives)

We monitored the performance of the new supplier.

Clause 8.4.2 (Type and extent of control of external providers)

We noticed that productivity targets were being missed.

Clause 9.1.1 (Monitoring, measurement, analysis, and evaluation)

We communicated the plan internally.

Clause 7.4 (Communication)

We looked at the data at the management review and decided we needed to do something different.

Clause 9.3.2 (Management review inputs)

We reorganised the staffing and implemented redundancies.

Clause 7.1.2 (People)

We set an objective to effectively implement the transition and outsource manufacturing.

Clause 6.2.1 (Quality objectives and planning to achieve them)

This aligns the steps of the change process with relevant ISO 9001:2015 clauses related to risk, planning, communication, and monitoring.

When an organization wishes to extend the scope of their current certification to include new services or activities, such as the printing and compilation of computer documentation packages, it requires an extension to the scope of the audit. This involves a formal application process with the certification body to ensure that the new activities are included in the audit plan and that the organization’s quality management system encompasses these new processes12. References: = The answer is based on the ISO 9001 Auditing Practices Group guidance on scope and applicability, which outlines the need for a formal application process when there is a change in the scope of the quality management system that affects the certification1. Additionally, the UKAS guide on the extension to scope (ETS) process provides information on how changes to the scope, including the addition of new services, require a formal application2.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.9 (Corrective Actions):

Minor nonconformities do not require a follow-up audit but must be corrected before the next surveillance audit.

Follow-up audits are required only for major nonconformities.

The audit team should recommend corrective actions, not enforce immediate follow-ups for minor nonconformities.

Thus, A is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 requires organizations to measure and monitor customer perceptions to determine whether customer requirements are being met.

Clause Reference:

Clause 9.1.2 – Customer Satisfaction states that organizations must monitor customer perceptions using relevant methods such as customer surveys, feedback forms, and complaint analysis.

One of the most effective ways to do this is gap analysis, which identifies differences between customer expectations and actual service or product performance.

Why is the Correct Answer C?

Gap analysis helps determine discrepancies between current performance and customer expectations, allowing organizations to improve quality.

It is a standard quality improvement tool used to assess customer satisfaction.

Why are the Other Options Incorrect?

A (PEST analysis) → Focuses on external macroeconomic factors (Political, Economic, Social, Technological) rather than customer satisfaction.

B (Market-share analysis) → Examines business performance relative to competitors, not customer perceptions.

D (Competitive benchmarking) → Involves comparing processes with competitors but does not directly monitor customer perceptions.

According to ISO 9001:2015, clause 7.2, an auditor shall have the competence to:

Understand the requirements of ISO 9001 and how they relate to the audit

Understand the organization’s quality management system and its processes

Understand the applicable legal, regulatory, contractual and other requirements that affect the audit

Understand the needs and expectations of interested parties other than customers

Plan and conduct audits in accordance with ISO 19011

Evaluate audit evidence and draw appropriate conclusions

Communicate audit findings effectively1

Therefore, knowledge of ISO 9001 requirements and ISO 19011 audit principles are essential for every member of an audit team auditing an ISO 9001 quality management system.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 does not require an organization to hire external consultants for the implementation of a Quality Management System (QMS). Clause 7.2 (Competence) states that an organization must ensure that personnel are competent based on education, training, or experience. However, it does not mandate hiring an external consultant. The organization can choose to develop internal competency or seek external assistance at its discretion.

Additionally, Clause 5.1.1 (Leadership and Commitment) specifies that top management is accountable for the effectiveness of the QMS, including ensuring sufficient resources and competent personnel. Hiring an external consultant is an option, not a requirement.

Comprehensive and Detailed In-Depth Explanation:

The audit team selected 4 out of 45 customer complaints for electrical services, which is too low based on standard statistical sampling methods. According to ISO 19011:2018 (Guidelines for Auditing Management Systems), for a population size between 13 and 52, a minimum sample size should be 5 to achieve a reasonable level of confidence.

This means the selected sample (4 complaints) was insufficient and did not align with standard sampling procedures. Therefore, the correct answer is A.

Questions no: 16 Verified Answer: = C. 7.4 Communication Comprehensive But Short Explanation: = Clause 7.4 of ISO 9001:2015 requires the organization to determine the internal and external communications relevant to the quality management system, including what will be communicated, when, with whom, and how. The scenario indicates a potential gap in communication with subcontractors regarding the Quality Policy, objectives, and plans to address risks and opportunities, which is a requirement even if the subcontractors have their own ISO 9001 certified systems123. References: = This response is based on the general requirements of ISO 9001:2015 related to communication with external parties, such as subcontractors, as outlined in various resources discussing Clause 7.4123.

Comprehensive and Detailed In-Depth Explanation:

As per ISO 9001:2015, Clause 10.2 (Nonconformity and Corrective Action), all identified nonconformities, including minor ones, must be documented and communicated to the auditee.

Minor nonconformities can lead to major issues if left unaddressed. The auditor must inform the organization before moving to the next audit phase so that corrective actions can be taken. Clause 9.2.2 (Internal Audit) states that audit findings should be reported without undue delay.

Since Li Na did not report the minor nonconformities immediately, her decision was incorrect. Minor nonconformities should always be documented and communicated before proceeding to the next phase.

According to ISO 19011:2018, clause 6.3.2, an audit plan should include the following information:

The audit objectives, scope, and criteria

The audit team members and their roles and responsibilities

The audit schedule, including the sequence and timings of audit activities, such as opening meeting, document review, interviews, observations, closing meeting, etc.

The expected time and duration of each audit activity and location

The name and contact details of the auditee’s representative and other relevant parties

The allocation of appropriate resources to support the audit activities

The audit methods and techniques to be used, such as interviews, observations, sampling, etc.

The audit documents and records to be prepared and retained

The audit language and communication methods

The audit risks and opportunities and how to address them

The audit follow-up arrangements, if applicable

Therefore, the correct answer is D and F, as they are essential elements of an audit plan. The other options are either irrelevant or optional for an audit plan. References:

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.2

ISO 19011: Guidelines for Auditing Management Systems | ASQ, section “Making audit arrangements”

ISO 19011 Management Systems Audit Checklist | Process Street, task 6.3.2

Comprehensive and Detailed In-Depth Explanation:

According to ISO 17021-1:2015, Clause 9.4.8 (Audit Reporting):

The certification body retains ownership of the audit report as it is responsible for the certification decision.

The auditee may receive a copy, but it does not own the report.

The audit team leader compiles the report but does not own it.

Thus, C is the correct answer.

The purpose of a Stage 1 third-party audit is to determine an organization’s readiness for their Stage 2 Certification Audit. During the Stage 1, the auditor will review the organization’s management system documented information, evaluate the site-specific conditions, and have discussions with personnel. The objective is to assess the alignment of the organization’s design with ISO 9001 requirements and to identify any areas of concern that could be classified as a nonconformance during the Stage 2 Audit. The auditor will also use the Stage 1 Audit to complete Stage 2 Audit planning, including a review of the allocation of resources and details for the next phase of the audit. Therefore, the option that best describes the purpose of a Stage 1 third-party audit is A, to determine the auditees understanding of ISO 9001. The other options are not correct, as they are not the main focus of a Stage 1 audit:

•B. To get to know the organization’s customers: This is not the purpose of a Stage 1 audit, as the auditor is not interested in the specific details of the organization’s customers, but rather in the organization’s ability to meet customer and applicable statutory and regulatory requirements.

•C. To learn about the organization’s procurement processes: This is not the purpose of a Stage 1 audit, as the auditor is not interested in the specific details of the organization’s procurement processes, but rather in the organization’s ability to control externally provided processes, products and services.

•D. To introduce the audit team to the client: This is not the purpose of a Stage 1 audit, as the auditor is not there to make introductions, but rather to conduct a preliminary examination of the organization’s compliance with ISO 9001 standards.

Comprehensive and Detailed In-Depth Explanation:

Reliability in service quality refers to the consistent and dependable delivery of promised services.

ISO 9001:2015 emphasizes reliability through:

Clause 8.2.1 (Customer Communication) – Ensuring clarity in service commitments.

Clause 8.5.1 (Control of Service Provision) – Ensuring processes meet requirements consistently.

Other options do not fully define reliability:

Option A (Safe services) relates to safety, not reliability.

Option B (Readiness and goodwill) relates to responsiveness, not reliability.

Option D (Low cost) focuses on pricing, not quality.

According to clause 8.3 of ISO 9001:2015, the organization should establish, implement, and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services. The design and development process should include the following activities:

•Determining the requirements for the products and services to be designed and developed, considering the intended use, the statutory and regulatory requirements, the customer and other relevant interested parties’ needs and expectations, and the potential risks and opportunities.

•Defining the design and development objectives, stages, responsibilities, and authorities, and ensuring the availability of adequate resources and competence.

•Implementing design and development controls, such as reviews, verification, and validation, to ensure that the design and development outputs meet the design and development inputs, and to identify and resolve any problems or errors.

•Maintaining documented information on the design and development inputs, outputs, reviews, verification, validation, and changes, and ensuring the traceability and conformity of the products and services to the requirements.

•Managing the design and development changes, by identifying, reviewing, and controlling them, and evaluating their effects on the products and services and the QMS.

In this case, the evidence statements that provide a meaningful audit trail for the design and development process are B, E, and F, because they relate to the design and development controls, the documented information, and the verification activities that are required by the standard. These options can help the auditor to assess the effectiveness and conformity of the design and development process, and to identify any nonconformities or opportunities for improvement. The other options are not directly related to clause 8.3, although they may be relevant for other aspects of the QMS, such as clause 7.2 on competence, clause 7.3 on awareness, clause 7.4 on communication, clause 8.2 on requirements for products and services, clause 8.4 on externally provided processes, products, and services, and clause 8.7 on control of nonconforming outputs. References: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Design and Development, ISO 9001 Clause 8.3 Design and development of products and services

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015 Clause 5.1.1 (Leadership and Commitment) states that top management must demonstrate leadership and commitment to the QMS by actively participating in QMS implementation, integration, and effectiveness.

In scenario 2, top management refused to be directly involved in the QMS implementation team, which violates Clause 5.1.1 because leadership involvement is essential for the system’s success.

Other options do not indicate nonconformance:

Option A (Middle managers in the QMS team) is acceptable.

Option C (Leslie assigning roles) is valid if competence is ensured (Clause 5.3 – Organizational Roles, Responsibilities, and Authorities).

Option D (Team reviewing the policy before approval) aligns with best practices.

The key expected results of a quality management system that conforms to the requirements of ISO 9001:2015 are stated in clause 0.1 of the standard, which says: “The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives. The potential benefits to an organization of implementing a quality management system based on this International Standard are: a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements; b) facilitating opportunities to enhance customer satisfaction; c) addressing risks and opportunities associated with its context and objectives; d) the ability to demonstrate conformity to specified quality management system requirements.” Therefore, the two options that best match these benefits are A and E, as they directly relate to providing products and services that meet customer requirements and enhancing customer satisfaction. The other options are not explicitly mentioned as key expected results, although they may be possible outcomes of implementing a quality management system. References: ISO 9001:2015 - Quality management systems — Requirements, Key Elements of an ISO 9001:2015 Quality Management System, What is ISO 9001 2015 as a Quality Management Systems?

Comprehensive and Detailed In-Depth Explanation:

Completeness ensures that all necessary audit evidence, observations, and findings are properly documented, which is critical for traceability and accountability in an audit.

While transparency and fair presentation are principles of auditing, completeness is specifically related to maintaining audit work documents, as required in ISO 19011:2018, Clause 6.5.4 (Preparing Audit Work Documents).

The activities that are specifically required by ISO 17021-1 as part of third-party (Certification Body) surveillance audit processes are:

•Option A: Audit use of certification marks on marketing materials. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to audit the client’s use of marks and/or any other reference to certification, as applicable, to ensure conformity with the certification requirements.

•Option B: Review changes to the QMS since last visit. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review any changes affecting the client’s quality management system and its ability to continue to fulfil the requirements of the standard used for certification.

•Option C: Confirm effectiveness of internal audit and management review. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to confirm the continuing effectiveness of the client’s quality management system, including the effectiveness of the internal audit and management review processes.

•Option F: Review the status of previously raised findings and audit effectiveness of any outstanding findings. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review the status of findings and any corrective actions taken by the client in response to previous audits, and to verify the effectiveness of the implemented corrective actions.

•Option H: Verify legal compliance. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to verify the client’s compliance with applicable statutory and regulatory requirements related to the scope of certification.

•Option I: Handling of customer complaints since last visit. This option is correct because ISO 17021-1:2015 clause 9.6.2.2 requires the certification body to review the client’s handling of customer complaints related to the certified activities since the last audit.

The following options are not correct:

•Option D: Complete a full document review of the quality management system. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to complete a full document review of the quality management system during surveillance audits. A full document review is only required during the initial certification audit or when there are significant changes to the quality management system or the certification requirements.

•Option E: Failing to meet financial responsibilities. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to audit the client’s financial responsibilities during surveillance audits. The certification body may have contractual arrangements with the client regarding the payment of fees, but this is not part of the surveillance audit process.

•Option G: Review the calibration status of the instrumentation. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to review the calibration status of the instrumentation during surveillance audits. The certification body may audit the client’s monitoring and measuring resources as part of the quality management system requirements, but this is not a specific activity required by ISO 17021-1.

•Option J: Conduct a minimum number of annual surveillance audits during the certification period. This option is not correct because ISO 17021-1:2015 clause 9.6.2.2 does not require the certification body to conduct a minimum number of annual surveillance audits during the certification period. The certification body may determine the frequency and duration of surveillance audits based on the risk and performance of the client, but this is not a specific activity required by ISO 17021-1.

Comprehensive and Detailed In-Depth Explanation:

Stratified sampling is the best method when the population consists of different groups or categories. In this case:

ME has two areas of operations (electrical and mechanical services).

Complaints were collected separately for each area.

By choosing representative samples from each category (electrical & mechanical complaints), Li Na ensured a balanced approach.

Systematic sampling selects samples at fixed intervals, which does not ensure proportional representation of both groups.

Block selection sampling is used when focusing on a specific time period or section, which does not apply here.

Thus, stratified sampling (B) is the correct answer.

According to the ISO - Management system standards page, the key benefits of an effective management system include improved operational effectiveness and efficiency, improved risk management and protection of people and the environment, and enhanced drive for innovation. The Integrated Use of Management System Standards (IUMSS) handbook also states that the purpose and objectives of management system standards are to help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives.

Therefore, the complete sentence is:

“The purpose of a management system standard is to improve the performance of an organisation.”

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 5.2 (Audit Program Management):

The audit committee is responsible for establishing the internal audit program.

The audit schedule (A) is determined within the program, but it is not the main role of the committee.

Thus, C is the correct answer.

As the audit team leader, it is crucial to manage differing opinions constructively and ensure that the correct clause is selected for the nonconformity based on solid evidence. Here’s how the situation should be handled:

E. Invite you and the second auditor to fully explain your point of view and then decide which clause to select: This promotes collaboration and transparency, allowing both auditors to present their rationale for choosing the specific clause.

F. Review the evidence with you and the second auditor, and then decide which clause of ISO 9001 would best apply: Reviewing the evidence in relation to the specific requirements of ISO 9001 is essential for determining which clause is most appropriate.

H. Try to obtain a consensus between you and the second auditor after a discussion of the different opinions: Consensus-building is a crucial skill for an audit team leader. Achieving agreement ensures the nonconformity is addressed accurately and with full team support.

Options such as overruling immediately (D) or deferring the decision without full discussion (B) could undermine team dynamics and the audit process. Consulting the quality manager (A) or selecting an entirely different clause (G) is unnecessary, as the team should resolve the issue internally​​.

Establishing the audit programme objectives

Determining and evaluating the audit programme risks and opportunities

Establishing the audit programme

Initiating the audit

Preparing all audit activity

Conducting the audit activities

According to ISO 19011:2018, clause 5, the audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose. The audit programme includes all activities necessary to plan, organize, and conduct the audits. The audit programme management involves the following steps1:

Establishing the audit programme objectives: The audit programme objectives define the intended outcomes of the audit programme, such as verifying conformity, evaluating performance, identifying improvement opportunities, etc. The audit programme objectives should be aligned with the strategic direction and policies of the organization and the needs and expectations of the interested parties.

Determining and evaluating the audit programme risks and opportunities: The audit programme risks and opportunities are the factors that can affect the achievement of the audit programme objectives, such as changes in the internal or external context, availability of resources, competence of auditors, etc. The audit programme risks and opportunities should be identified, analyzed, and evaluated to determine the appropriate actions to address them.

Establishing the audit programme: The audit programme is established by defining the audit programme scope, criteria, methods, and resources. The audit programme scope defines the extent and boundaries of the audit programme, such as the processes, functions, sites, activities, etc. that will be audited. The audit programme criteria are the set of policies, procedures, or requirements used as a reference for the audits. The audit programme methods are the techniques used to conduct the audits, such as interviews, observations, document review, sampling, etc. The audit programme resources are the human, technical, and financial resources needed to implement the audit programme.

Initiating the audit: The audit initiation is the process of formally establishing the arrangements for an individual audit within the audit programme. The audit initiation involves contacting the auditee and the audit client, confirming the audit objectives, scope, and criteria, and obtaining the necessary information and access for the audit.

Preparing all audit activity: The audit preparation is the process of developing the audit plan and the audit work documents for an individual audit. The audit plan is a document that provides the basis for agreement regarding the conduct of the audit, such as the audit schedule, the audit team, the audit methods, the audit language, the audit report, etc. The audit work documents are the records that provide evidence of the audit activities, such as the audit checklist, the audit notes, the audit findings, etc.

Conducting the audit activities: The audit activities are the processes of collecting and verifying audit evidence and evaluating it against the audit criteria to make the audit conclusions. The audit activities include the opening meeting, the communication during the audit, the roles and responsibilities of the audit team and the auditee, the audit evidence collection and verification, the audit findings generation and recording, the closing meeting, and the audit report preparation and distribution.

B. Applicable procedure: SP-701

D. Identification number of the washing machine

H. The concentration of the cleaning liquid used vs the concentration fixed in SP-701

I. The planned duration of the process vs the minimum time required in SP-701

J. Weight of linen being washed vs the maximum weight required in SP-701

C. Competence record of the machine operator

A white background with black text Description automatically generated

According to the ISO 19011:2018 standard, which provides guidelines for auditing management systems, the team leader of an audit team should be an auditor who has demonstrated the competence to manage an audit of the relevant management system scheme. This means that the team leader should have the appropriate knowledge, skills, and experience to plan, conduct, report, and follow-up an audit of the specific management system, such as ISO 9001 for quality management systems. The other options are false because: B. An audit team can include non-qualified auditors, but only as observers or trainees who do not contribute to the audit findings or conclusions. C. A technical expert can assist a qualified auditor on an audit team, but cannot replace them, as a technical expert does not have the competence to perform audits. D. Audits leading to auditor qualification are not undertaken annually, but rather as part of a certification process that involves meeting certain criteria, such as education, work experience, audit experience, and examination. References: ISO 19011:2018, PECB Certified ISO 9001 Lead Auditor Exam Preparation Guide, ISO 9001:2015 Quality Management Systems Lead Auditor Training Course

According to ISO 9001:2015, clause 9.2.2.e, the organization is required to retain documented information as evidence of the implementation of the audit programme and the audit results. This includes the records of the nonconformities identified during the internal audits and the corrective actions taken to address them. The organization is also required to verify the effectiveness of the corrective actions, as per clause 10.2.2.

Therefore, in the scenario given, the Quality Manager’s decision to automatically close any nonconformance over 3 years old without obtaining any confirmation from the relevant departments or verifying the effectiveness of the corrective actions is a clear violation of the requirements of clause 9.2.2.e. This indicates a lack of control and follow-up of the internal audit process, as well as a potential risk of recurrence or occurrence of the nonconformities in other areas. This also undermines the credibility and value of the internal audit programme, as well as the risk-based approach claimed by the Quality Manager.

Hence, the best course of action to take is D, to raise a nonconformance report against clause 9.2.2.e of ISO 9001, and to communicate the audit findings to the relevant management. The other options are either insufficient or irrelevant to address the issue, as they do not directly relate to the noncompliance with clause 9.2.2.e.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015, Clause 5.1.2 (Customer Focus) states that top management must ensure customer satisfaction by monitoring customer perceptions.

In scenario 2, top management initiated customer surveys, demonstrating their commitment to customer focus as required by Clause 5.1.2.

Comprehensive and Detailed Explanation From Exact Extract:

According to ISO 19011:2018 – Guidelines for Auditing Management Systems, which is referenced in ISO 9001 Lead Auditor training and practice, auditor competence is defined by a combination of knowledge, skills, and personal attributes. Here's how each selected option aligns:

D. Determining what evidence to gather: This activity is rooted in knowledge of audit principles, criteria, and risk-based thinking. It requires an understanding of which types of evidence (documents, records, interviews, observations) are necessary to evaluate conformity to the audit criteria (Clause 7.2.3 of ISO 19011:2018).

E. Evaluate proposals of corrective actions: This task involves applying knowledge of ISO 9001 requirements, root cause analysis methods, and risk controls to assess whether proposed actions are suitable to prevent recurrence. It demands comprehension of quality management principles and corrective action methodologies, linking it firmly to knowledge.

Other options such as A (Communicate with auditee) and B (Conduct audit meetings) are predominantly skills-based, requiring interpersonal and communication abilities, not theoretical or regulatory knowledge.

C (Determine how to seek evidence) and F (Identify findings) involve both knowledge and skill but are more action-oriented and tied to situational judgment and auditor behavior.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 9001:2015, Clause 9.2 (Internal Audit):

Internal audits can be conducted on an ongoing basis as part of continual improvement.

Audits consider both conformity and effectiveness (A is incorrect).

Thus, C is the correct answer.

Comprehensive and Detailed In-Depth Explanation:

Before accepting an audit, the certification body must assess the integrity of the auditee and the nature of its operations to ensure compliance feasibility.

Clause References:

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning:

The certification body must review the auditee’s background, reputation, and operational complexity before accepting the audit.

Why is the Correct Answer C?

The auditee’s integrity and reputation impact the credibility of certification.

The nature of operations determines audit complexity and resource allocation.

Why are the Other Options Incorrect?

A (Integrity and reputation only) → Correct but incomplete; nature of operations is equally important.

B (Nature of operations only) → Integrity is also a factor, not just operations.

D (No previous major nonconformities required) → Auditees with past major nonconformities can still be audited if corrective actions are taken.

Comprehensive and Detailed In-Depth Explanation:

Once a Stage 2 certification audit has commenced, certain logistical or planning-related elements may still be adjusted, while others are fixed by prior agreement and cannot be changed.

✅ C. Audit Plan:

The audit plan is a document that outlines the scope, objectives, criteria, and logistics of the audit. According to ISO/IEC 17021-1:2015 (the standard for bodies providing audit and certification of management systems), clause 9.2.3.3 allows for modification of the audit plan based on real-time conditions during the audit — such as availability of auditees or changes in process access.

✅ F. Increase of Audit Duration:

Audit duration is generally determined during audit planning based on factors like employee count, risk, complexity, etc. However, if during Stage 2 it is found that more time is needed (e.g., due to additional processes, scope not fully covered, or significant findings), auditors are permitted to extend the audit. This ensures full coverage of all required areas as per ISO/IEC 17021-1 clause 9.1.4 and IAF MD 5.

❌ A. Agreed Language of the Audit:

This is determined and agreed upon in the contract and audit planning stages. Changing it during Stage 2 would create communication and documentation issues, especially in multi-site or multi-national audits.

❌ B. Audit Scope:

The audit scope is defined in the contract and certification agreement based on clause 4.3 of ISO 9001:2015. Changing it mid-audit would invalidate planning, required competencies, and potentially even the certification basis.

❌ D. Agreed Standard for the Audit Criteria:

Changing the standard (e.g., from ISO 9001 to ISO 13485) is fundamentally altering the purpose and contractual basis of the audit and is not permissible once Stage 2 has started.

❌ E. Audit Checklist:

The checklist is a tool prepared by the auditor as part of audit preparation and is based on the audit plan and standard requirements. While it may be adapted during the audit (e.g., if new risks arise), it does not constitute a formal change like duration or scope.

Relevant References:

ISO/IEC 17021-1:2015 Clause 9.2.3.3 (Audit Plan Modification)

IAF MD 5:2019 (Duration of QMS Audits)

ISO 9001:2015 Clause 4.3 (Scope of the QMS)

ISO/IEC 17021-1:2015 Clause 9.1.4 (Audit Duration)

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015, Clause 5.2.1 (Establishing the Quality Policy) states that top management must establish, implement, and maintain a quality policy.

In the scenario, the quality manager (Leslie) created the policy, but top management did not establish it themselves, which violates Clause 5.2.1. While the policy can be drafted by a team, top management must take full ownership of its development and approval.

Comprehensive and Detailed In-Depth Explanation:

According to ISO 19011:2018, Clause 6.6 (Audit Follow-Up):

The primary focus of an audit follow-up is verifying that corrective actions were effectively implemented.

Internal audits and management reviews (B) are part of routine QMS operations, not the main objective of follow-ups.

Site conditions (C) are relevant but secondary to verifying corrective action effectiveness.

Thus, A is the correct answer.