PECB ISO-9001-Lead-Auditor - QMS ISO 9001:2015 Lead Auditor Exam

In this scenario, the audit team leader must balance maintaining the integrity of the audit plan while considering the auditee’s request. The two best responses allow for flexibility without compromising the audit's rigor:

A. I could audit the other laboratories virtually at the end of this audit: Virtual audits can be a valid option, especially in multi-site audits. ISO 9001:2015 does not prohibit virtual audits, and in certain situations, they are practical for reviewing documentation or observing operations remotely.

C. I could try to revise the audit programme to see if I can audit all laboratories: Revising the audit programme to accommodate additional site visits is a reasonable compromise. ISO 9001:2015 audits are based on risk and sampling, but the audit team leader has the flexibility to adjust the audit scope if it fits within the audit duration and resources.

The other options, such as extending the audit duration (B, F) or strictly adhering to the original plan (D, E), may not be practical or necessary. Revising the plan to audit all laboratories or using virtual auditing ensures that the audit remains efficient while addressing the organization's concerns​.

Comprehensive and Detailed In-Depth Explanation:

Before accepting an audit, the certification body must assess the integrity of the auditee and the nature of its operations to ensure compliance feasibility.

Clause References:

ISO/IEC 17021-1:2015, Clause 9.1.2 – Audit Planning:

The certification body must review the auditee’s background, reputation, and operational complexity before accepting the audit.

Why is the Correct Answer C?

The auditee’s integrity and reputation impact the credibility of certification.

The nature of operations determines audit complexity and resource allocation.

Why are the Other Options Incorrect?

A (Integrity and reputation only) → Correct but incomplete; nature of operations is equally important.

B (Nature of operations only) → Integrity is also a factor, not just operations.

D (No previous major nonconformities required) → Auditees with past major nonconformities can still be audited if corrective actions are taken.

Establishing the audit programme objectives

Determining and evaluating the audit programme risks and opportunities

Establishing the audit programme

Initiating the audit

Preparing all audit activity

Conducting the audit activities

According to ISO 19011:2018, clause 5, the audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose. The audit programme includes all activities necessary to plan, organize, and conduct the audits. The audit programme management involves the following steps1:

Establishing the audit programme objectives: The audit programme objectives define the intended outcomes of the audit programme, such as verifying conformity, evaluating performance, identifying improvement opportunities, etc. The audit programme objectives should be aligned with the strategic direction and policies of the organization and the needs and expectations of the interested parties.

Determining and evaluating the audit programme risks and opportunities: The audit programme risks and opportunities are the factors that can affect the achievement of the audit programme objectives, such as changes in the internal or external context, availability of resources, competence of auditors, etc. The audit programme risks and opportunities should be identified, analyzed, and evaluated to determine the appropriate actions to address them.

Establishing the audit programme: The audit programme is established by defining the audit programme scope, criteria, methods, and resources. The audit programme scope defines the extent and boundaries of the audit programme, such as the processes, functions, sites, activities, etc. that will be audited. The audit programme criteria are the set of policies, procedures, or requirements used as a reference for the audits. The audit programme methods are the techniques used to conduct the audits, such as interviews, observations, document review, sampling, etc. The audit programme resources are the human, technical, and financial resources needed to implement the audit programme.

Initiating the audit: The audit initiation is the process of formally establishing the arrangements for an individual audit within the audit programme. The audit initiation involves contacting the auditee and the audit client, confirming the audit objectives, scope, and criteria, and obtaining the necessary information and access for the audit.

Preparing all audit activity: The audit preparation is the process of developing the audit plan and the audit work documents for an individual audit. The audit plan is a document that provides the basis for agreement regarding the conduct of the audit, such as the audit schedule, the audit team, the audit methods, the audit language, the audit report, etc. The audit work documents are the records that provide evidence of the audit activities, such as the audit checklist, the audit notes, the audit findings, etc.

Conducting the audit activities: The audit activities are the processes of collecting and verifying audit evidence and evaluating it against the audit criteria to make the audit conclusions. The audit activities include the opening meeting, the communication during the audit, the roles and responsibilities of the audit team and the auditee, the audit evidence collection and verification, the audit findings generation and recording, the closing meeting, and the audit report preparation and distribution.

According to clause 8.3 of ISO 9001:2015, the organization should establish, implement, and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services. The design and development process should include the following activities:

•Determining the requirements for the products and services to be designed and developed, considering the intended use, the statutory and regulatory requirements, the customer and other relevant interested parties’ needs and expectations, and the potential risks and opportunities.

•Defining the design and development objectives, stages, responsibilities, and authorities, and ensuring the availability of adequate resources and competence.

•Implementing design and development controls, such as reviews, verification, and validation, to ensure that the design and development outputs meet the design and development inputs, and to identify and resolve any problems or errors.

•Maintaining documented information on the design and development inputs, outputs, reviews, verification, validation, and changes, and ensuring the traceability and conformity of the products and services to the requirements.

•Managing the design and development changes, by identifying, reviewing, and controlling them, and evaluating their effects on the products and services and the QMS.

In this case, the evidence statements that provide a meaningful audit trail for the design and development process are B, E, and F, because they relate to the design and development controls, the documented information, and the verification activities that are required by the standard. These options can help the auditor to assess the effectiveness and conformity of the design and development process, and to identify any nonconformities or opportunities for improvement. The other options are not directly related to clause 8.3, although they may be relevant for other aspects of the QMS, such as clause 7.2 on competence, clause 7.3 on awareness, clause 7.4 on communication, clause 8.2 on requirements for products and services, clause 8.4 on externally provided processes, products, and services, and clause 8.7 on control of nonconforming outputs. References: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Design and Development, ISO 9001 Clause 8.3 Design and development of products and services

Comprehensive and Detailed In-Depth Explanation:

Group interviews allow auditors to gather more information in less time by:

Obtaining input from multiple participants simultaneously.

Encouraging discussions that might highlight inconsistencies.

Reducing the number of individual interviews needed.

While auditors strive for fairness, equal time for each interviewee is not guaranteed, and paying attention to each individual is more difficult in a group setting.

Reduced incoming inspection → A. Quality

Improved communication with suppliers → B. Procurement

Purchased materials received on time → C. Logistics

Reduced variability within processes → D. Production

According to ISO 9001:2015, Clause 8.4 - Control of externally provided processes, products and services, organisations are required to ensure that externally provided products and services conform to specified requirements. When an organisation sources from ISO 9001 certified suppliers, there is greater assurance of consistency in quality, delivery, and communication. This enhances internal operations across various functions:

Reduced incoming inspection (Quality): ISO 9001 certified suppliers have robust quality controls (Clause 8.4.2), reducing the need for repeated inspections upon receipt. This aligns with Quality’s responsibility for incoming inspection and verification.

Improved communication with suppliers (Procurement): Clause 8.4.3 emphasizes the communication of detailed requirements to external providers. Procurement plays a key role in ensuring these requirements are understood and met.

Purchased materials received on time (Logistics): Timely deliveries are often a result of structured supplier evaluation and selection (Clause 8.4.1). Logistics benefits through fewer delays and better scheduling of internal processes.

Reduced variability within processes (Production): Consistency of supplied materials supports stable and predictable production processes, which is a key aspect of Clause 8.5 – Production and service provision.

Match the process descriptions below to the process names:

The process by which the accuracy of test equipment is checked against a known standard. = Calibration

The process by which a product or service is visually examined to determine conformity to requirements. = Evaluation

The process by which data is examined in detail to reach a specific answer or answers. = Analysis

The process by which a parameter of a product or service is examined to determine a specific value. = Measurement

According to the ISO 9000:2015 - Quality management systems — Fundamentals and vocabulary, the definitions of the process names are as follows:

Calibration: operation that, under specified conditions, in a first step, establishes a relation between the quantity values with measurement uncertainties provided by measurement standards and corresponding indications with associated measurement uncertainties and, in a second step, uses this information to establish a relation for obtaining a measurement result from an indication.

Evaluation: determination of the suitability, adequacy or effectiveness of an object to achieve established objectives.

Analysis: detailed examination of the elements or structure of something.

Measurement: process to experimentally obtain one or more quantity values that can reasonably be attributed to a quantity.

Therefore, the process descriptions can be matched to the process names based on these definitions.

The ISO 9001 Lead Auditor exam requires the auditor to have a thorough understanding of the ISO 9001:2015 standard and its requirements, as well as the organization’s context, processes, risks, opportunities, and performance. Therefore, the auditor needs to ask for additional information that can help them verify these aspects during the audit planning stage. Some of the information that can be useful are:

A description of responsibilities and authorities of the key roles of XYZ: This can help the auditor to identify who is accountable for what in the organization and how they communicate with each other.

The number of personnel involved in activities related to the quality management system: This can help the auditor to assess if there are enough resources and competencies to support the QMS implementation and operation.

Information to understand XYZ’s operations: This can help the auditor to understand how XYZ produces or delivers its products or services and what are its main processes and inputs.

The results of XYZ’s last internal audit: This can help the auditor to evaluate if XYZ has implemented corrective actions based on previous audit findings and if it has maintained its QMS effectiveness.

The results of the last two management reviews: This can help the auditor to determine if XYZ has monitored its QMS performance against its objectives and if it has identified any significant changes or opportunities for improvement.

The quality manual (B) is not a required document for ISO 9001 certification, but it may be useful for internal reference or training purposes. It is not necessary for audit planning.