Question Bank ISO 9001:2015

1. Below are four of the seven principles on which ISO 9000 series are based. Match each a related potential benefit
to each of quality management principles (QMP).

Quality management principles:

 Customer focus: Increased revenue and market share

 Engagement of people: Enhanced trust and collaboration throughout the organisation
 Improvement: Enhanced drive for innovation
 Evidence-based decision-making: Improved operational effectiveness and efficiency

2. Match the process descriptions below to the process names:

 The process by which the accuracy of test equipment is checked against a known standard.: Calibration
 The process by which a product or service is visually examined to determine conformity to requirements.:
Monitoring
 The process by which data is examined in detail to reach a specific answer or answers.: Analysis
 The process by which a parameter of a product or service is examined to determine a specific value.:
Measurement

3. ISO 9001 is based on quality management principles. Match each of the following quality management principle to
the related activity.

Related activities:

 Communicate client needs and expectations throughout the organisation: Customer focus
 Encourage an organisation-wide commitment to quality: Leadership
 Empower staff to determine constraints to performance and to take initiatives without fear: Engagement of
people
 Establish authority, responsibility, and accountability for managing processes: Process approach
 Continuously educate and train people at all levels on how to apply basic tools and methodologies to achieve
objectives: Improvement
 Determine, measure, and monitor key indicators to demonstrate the organisation's performance: Evidence-
based decision making
 Determine relevant interested parties (such as providers, partners, customers, investors, employees, or society
as a whole) and their connection with the organisation: Relationship management

4. An organisation decides to purchase products and services only from ISO 9001 certified suppliers.
Match the four organisational functions to a potential benefit.
Potential benefit:
 Reduced incoming inspection: Quality
 Improved communication with suppliers: Procurement
 Purchased materials received on time: Logistics
 Reduced variability within processes: Production
5. A purpose of retaining documented information in a QMS is to demonstrate proof of conformity.

6. Which one of the following options is the definition of the context of an organisation?
 Complexity of internal and external issues that can take an effect on an organisation's approach to developing
and achieving its purpose.
 Consideration of internal and external issues that can have a positive or negative effect on an organisation's
success.
 Combination of internal and external issues can have an effect on an organisation's approach to developing and
achieving its objectives.
 Control of internal and external issues that can have an effect on an organisation's desire to achieve its
objectives.

7. Which one of the following is not an ISO 9000:2015 quality management principle?

 Process approach
 Customer focus
 Risk-based approach
 Evidence-based decision-making
 Relationship management
 Leadership

8. "An accredited certification assures the reliability of the competence of the audit team.”

9. Which two of the following are the key expected results of a quality management system that conforms to the
requirements of ISO 9001:2015?
• Consistently provide products that meet customers' requirements
• Decreased number of warranty claims
• Decreased number of management system nonconformities
• Increased profits
• Decreased number of nonconforming products in all stages of the manufacturing cycle
• Enhanced customer satisfaction

10.Which three of the following aspects of a quality management system must the organisation continually improve?
 Adequacy
 Efficiency
 Suitability
 Effectiveness
 Applicability
 Responsiveness

11. Which three of the following auditors would not participate in a first-party audit?
 An auditor employed by an external consultancy organisation
 An auditor trained in the IRCA scheme
 An auditor certified by IRCA
 An audit team from an interested party
 An auditor trained in-house
 A certification body auditor
  An audit team from a customer

12. Read the following role descriptions. Select four that accurately describe the role of a person directly involved in
the audit process.
 A guide - a person who is appointed by the auditee to assist the audit team during the audit.
 An auditor-in-training - a person who accompanies the audit team leader or team members during the audit.
 A technical expert - a person who provides specific knowledge or expertise to the audit team but is not normally
an auditor.
 An interpreter – a person who witnesses the audit to assist the auditors with language issues.
 An audit team leader - a person responsible for managing an audit until the audit is completed.
 An observer - a person who sees the performance of the audit team leader, audit team members and/or
auditee.

13. Which two of the following roles do not contribute to the audit outcomes?
Answer Options:
 Guide
 Auditee
 Individual(s) managing the audit programme
 Observer
 Technical expert
 Consultant

14. Which one of the following options best describes the purpose of a Stage 1 third-party audit?
 To determine the auditees understanding of ISO 9001
 To check for legal compliance by the organisation.
 To learn about the organisation's procurement processes.
 To get to know the organisation's customer
 To prepare an independent audit report
 To introduce the audit team to the client.

15. You are the supervisor in Production of a medium size manufacturing organisation. You are qualified as internal
auditor. The Quality Manager asks you to lead the next internal audit to Production and includes two other
internal auditors.

*if practicable

 You should not: audit production

 You need not: send the audit report to the Quality Manager
 You must: change the audit team
 You must not: carry out a formal opening meeting
 You should: raise audit findings if necessary

16. According to ISO 19011, what four activities take place during the audit follow-up?
 Contact client to agree requirements for personal protection equipment (PPE)
 Report on status of the corrective actions to the person managing the audit programme
 Update the audit programme, if required
 Lead the opening meeting
 Prepare the audit plan
  Prepare and distribute the audit report
 Prepare audit work documents
 Assign roles and responsibilities of observers
 Determine feasibility of the audit
 Verify effectiveness of actions taken to fix the reported nonconformities
 Verify effectiveness of the implemented corrective actions

17. In the context of a third-party certification audit, match the roles with the following responsibilities:

Responsibilities:

 Conduct the audit to the assigned area : Auditors

 Assist the auditors in identifying personnel to participate in the audit. : Guide
 Assign each team member's responsibility for the audit. : Audit team leader
 Respond to questions and provide evidence to the auditor. : Auditee

18. Match each of the following statements into the table below to show whether they apply to first-party audits,
second-party audits or third-party audits:
 First-party audits: The audit scope is typically determined by the organisation being audited.
 Second-party audits: The audit scope is typically confined to service/product provision capability.
 Third-party audits: The outcome of the audit is typically certification to a recognised standard

19. In the context of third-party audit, the amount of detail provided in the audit plan should reflect the scope and
complexity of the audit, as well as the risk of not achieving the audit objectives.

20. Select the words that best complete the sentence:

"When auditing the scope of a quality management system, it is important to review the organisation's context
including interested parties.

21. Which two of the following are included in the objectives of the Stage 1 initial certification audit?
 To evaluate the performance of monitoring and reviewing activities.
 To make a decision on certification to ISO 9001:2015.
 To evaluate the preparedness of the organisation for a Stage 2 audit.
 To evaluate the internal audit and management review processes.

22. Which four of the following statements related to Stage 1 of an initial certification audit against ISO 9001:2015
are true?

During the Stage 1 audit, the audit team:

 Reviews the client's management system documented information

 Reviews the allocation of resources for Stage 2 audit
 Verifies the compliance with legal requirements
 Verifies the degrees of customer satisfaction
 Reviews the processes with high level of risk Reviews
 Evaluates the results of the last management review
 Verifies the planning of internal audits
 Evaluates the conditions of all sites
 Reviews the understanding of the requirements of ISO 9001 by the production manager
  Audits top management

23. Select the two statements that are true.

 The audit team leader shall only communicate any concerns to the auditee during the closing meeting.
 Inform the general manager if the auditor finds uncontrolled documents
 Where the available audit evidence indicates that the audit objectives are unattainable, the individual(s)
managing the audit programme shall be immediately informed.
 Changes to the audit scope, which become apparent during the audit, shall be approved with the auditee.
 An immediate and significant risk to the audit shall be informed to the auditee and if possible to the
certification body.
 During the audit, the audit team leader shall periodically assess audit progress.

24. Which three of the following may be changed once a Stage 2 certification audit has commenced?
 Audit plan
 Audit checklists
 Members of the audit team
 Audit scope

25. Audit criteria are a set of requirements used as a reference against which objective evidence is compared.

Which two of the following are not potential audit criteria?

 ISO management system standards

 Commitment to follow principles issued by an NGO
 Environmental aspects register
 Claims made on the organisation's website
 Commercial advertisements
 Health and safety notices
 Organisation's documented information
 Verbal statements by the general manager
 Verbal agreements with interested parties
 Written agreements with interested parties

26. Auditor competence is a combination of knowledge and skills. Which two of the following activities are
predominately related to “Knowledge”?
 Identify findings
 Audit planning
 Design checklist
 Follow an audit trail deviating from the prepared checklist
 Determine how to seek evidence from the auditee
 Determine what evidence to gather
 Present findings to top management
 Conduct audit meetings
 Evaluate proposals of corrective actions
 Communicate with the auditee
27. In a third-party audit, when a finding indicates conformity the organisation is not required to act.

28. Select the words that best complete the sentence

In the context of a third-party audit, the amount of detail provided in the audit plan should reflect the scope and
complexity of the audit, as well as the risk of not achieving the audit objectives.

29. Select the statements that are true.

 During the audit, the audit team shall periodically assess audit progress and exchange information.
 Where the available audit evidence indicates that the audit objectives are unattainable, the auditee shall be
immediately informed.
 An immediate and significant risk (e.g. safety) shall be informed to the auditee and if possible to the certification
body.
 Changes to the audit scope, which become apparent during the audit, shall be reviewed with the auditee.
 The audit team leader shall only communicate any concerns to the auditee during the closing meeting.

30. To complete the sequence dick on the blank section you want to complete so it is highlighted in red and then click
on the applicable text from the options below. Alternatively, you may drag and drop the options to the appropriate
blank section.

Put the following steps of a third-party audit into the correct sequence in which they happen.

1. Stage 1 Audit
2. Stage 2 Opening Meeting
3. Interviews
4. Stage 2 Closing Meeting
5. Follow-up Audit
6. Close-out of Stage 2 Audit Findings
7. Issue Certificate
8. Surveillance Audit

31. An organisation wants to certify their ISO 9001:2015-based QMS for the first time. Arrange the activities in the
correct sequence from 1 to 5.

1. Establish the management system

2. Supplier audit
3. Internal audit
4. Management Review
5. Initial certification audit - stage 1
6. Initial certification audit - stage 2

32. The Audit team leader is responsible for selecting the audit team and the Audit client is responsible for requesting
the audit to take place.

33. though past audits have highlighted a consistently large number of nonconformities within an organisation's design
team, the organisation has not varied the frequency or duration of audits on its audit plan.
 The decision for whether this situation is acceptable or not should be governed by which of the following?

Answer Options:
 The organisation's reasoning behind the lack of change to the audit plan
 A risk-based approach to the audit programme
 The authority of the audit team leader
 The availability of competent internal auditors

34. During a Stage 1 audit, the Quality Manager asks that the audit includes coverage of a new work area they have
expanded into since the application was made.

Which of the following two actions should the auditor take?

 Advise the Quality Manager that the audit scope has been set and the audit will proceed as planned.
 Suggest that the Quality Manager cancels the audit contract and reapplies for the new situation.
 Determine whether the Quality Management System covers the new work area and, if so, proceed with the
audit.
 Suggest that she will advise the programme manager that the audit scope should be revised to include the new
work area.
 Advise the Quality Manager that, within the existing scope, the new work area can be included without any
problem.
 Advise the Quality Manager that an extension of the scope is possible but will have to go through established
procedures.

35. On behalf of organisation 'ABC, you are preparing a second party audit to the quality management system of an
external provider 'XYZ?

'XYZ' has already sent to you a list with all documented procedures and work instructions related to the services
provided to 'ABC' (a quality manual is not included in the list).

To complete the audit planning which additional information would you ask to XYZ to submit?

 The number of personnel involved in activities related to the quality management system
 The list of risks and opportunities determined by XYZ
 A description of responsibilities and authorities of the key roles of XYZ
 The results of XYZ's last internal audit
 The quality manual
 Information to understand XYZ's operations
 XYZ's organisational structure
 The results of the last two management reviews

36. A customer decides to carry out a second-party audit of an external provider.

The scope of the audit is defined by the customer, the audit plan is defined by the audit team leader, and the
audit team is nominated by the customer.

37 When auditing the scope of a quality management system, it is important to review the organisation's context
including interested parties.

38 Which four of the following should be included in an audit plan?

 List of findings from the last audit
  Required resources for the audit
 Name of auditees and auditors
 Times of opening and closing meeting
 Signature of Certification Body Technical Reviewer
 Date of next audit
 Sequence and timings of audit activities

39 You are conducting a third-party Stage 1 audit at ABC Ltd, a single-site organisation that manufactures wooden
furniture. You interview the Technical Director to learn more about the organisation. The Technical Director
explains that they have had a successful year and that obtaining ISO 9001 certification will support further growth
of the business. You ask for an overview of the organisation's structure and its interrelationships with external
interested parties.

The Technical Director shows you a document detailing all business processes and interrelationships. You notice in
this document that another organisation called Teak Ltd manufactures wooden furniture on behalf of ABC Ltd. The
Technical Director confirms this capability has been accounted for in the scope of the quality management system.
You learn that the furniture manufactured by Teak Ltd has accounted for 40% of the sales revenue over the
previous 12 months.

Which two of the following options best describes how you would plan the audit of the interrelationship with
Teak Ltd during the Stage 2 audit at ABC Ltd?

 Verify the controls concerning customer property implemented by Teak Ltd

 Verify the quality management system at Teak Ltd by conducting an audit at their site
 Verity how ABC Ltd evaluates the performance of Teak Ltd
 Verify ABC Ltd internal audit programme to confirm that Teak Ltd has been included
 Verify Teak Ltd supply arrangements as described in the ABC Ltd quality management system

40 You are a member of the audit team of a second party audit to an organisation with n (= 625) employees. The audit
procedure recommends using as sampling criteria √n (= 25) when auditing personnel competence documented
information. The audit team leader developed an audit plan allocating one hour to audit the Human Resources
department (from 11.30am to 12.30pm). She told you that she could not allocate any additional time.

What would you do?

 Extend the audit until 1.00pm and ask for a quick lunch later.
 Plan to review as many as possible until 12.30pm and then review the rest during the lunch break.
 Plan to review less than 25 examples.
 Plan to review as many as possible and see if you can stay later during the first day of the audit to review the
rest.

41 You are a member of the audit team of a second-party audit of an organisation with 625 employees. The audit
procedure recommends using sampling criteria which requires the review of the documented competence for 25
personnel. The audit team leader developed an audit plan allocating one hour to audit the Human Resources
department (from 11:30 am to 12:30 pm). She told you that she could not allocate any additional time.
What would you do?

 Plan to miss lunch and review as many as possible.

 Plan to review less than 25 cases.
 Plan to review as many as possible and see if you can extend the audit duration by one day.
 Extend the audit until 1.00pm and ask for a quick lunch later
42 You work for organisation A. You are asked to lead an internal audit to A's quality management system. It has a
head office in Plant A1 and a second Plant A2 nearby. Due to the COVID-19 pandemic, production in A2 was
discontinued and it was rented to a logistics organisation B, not related to A. There are no A employees working in
A2 with the exception of a small group for security purposes. Company A expects to reassume production in A2 as
soon as the pandemic is over.

Which of the following actions you would consider appropriate when planning the internal audit to A's quality
management system?

 Interview the A2 plant manager, now working in Plant A1

 Visit Plant A2 to interview personnel of company B
 Visit Plant A2 to interview A's security personnel and B's maintenance department
 Visit Plant A2 to interview A's security personnel

43 Which of the following two documents does an auditor need to prepare and complete prior to the on-site audit?
 Checklist/Prompts
 Procedures
 Audit Plan
 Audit Report
 Findings
 Risk Matrices

44 Which three of the following work documents are not required for audit planning by an auditor conducting a
certification audit?

 A list of external providers

 An audit plan
 A checklist
 An organisation's financial statement
 A sample plan
 A career history of the quality manager

45 Who would be defined as a witness during a witness audit?

Choose two of the following options:

 An assessor for the accreditation body

 Someone with a qualification from the certification body
 An existing member of the audit team
 An auditor

46 You have been nominated audit team leader of a third-party audit. Which of the following could be the two most
relevant objectives of this audit?
 Identify opportunities for improvement
 Evaluate the effectiveness of the management system
 Identify the need of resources
 Evaluate the capability of the management system to establish and achieve objectives
 Evaluate the benefits obtained since the implementation of the management system
 Evaluate the compliance with legal requirements
 Evaluate the satisfaction interested parties
47 You are carrying out an audit to ISO 9001 at an organisation which offers regulatory consultancy services to
manufacturers of cosmetics.

You are interviewing the Technical Director (TD), who manages a team of regulatory experts responsible for
providing regulatory services to customers.

You: "How do you ensure your regulatory team's competence concerning regulatory requirements is maintained?"
TD: "The two Regulatory Experts we employ full-time have years of experience of working in the cosmetics
industry."
You: "How is their regulatory competence maintained?"
TD: "They are dedicated individuals with lots of contacts in the sector."
You: "How does the business enable them to maintain their understanding of current regulatory requirements?"
TD: "We leave that up to them."
You decide to raise a nonconformity.

Nonconformity Report

ISO 9001 Clause Number: 7.1.6

Nature of problem: The business has not maintained its organisational knowledge.

ISO 9001 requirement that has not been fulfilled: "The organization shall determine the knowledge necessary
for the operation of its processes and to achieve conformity products and services."

OR

ISO 9001 Clause Number: 7.2

Nature of problem: The organisation has not determined the necessary competence of the Regulatory Experts
with respect to relevant regulatory requirements

ISO 9001 requirement that has not been fulfilled: "The organization shall ensure that persons are competent
on the basis of appropriate education, training, or experience"

48 You are conducting an ISO 9001 audit of a Materials Recycling Facility (MRF). The company processes waste plastics
into raw material for plastic bottle manufacturers. You reach the manual picking line where operators are removing
contaminant materials from incoming products, such as plastic bags, plastic film and badly contaminated items that
would compromise the recycling process. You interview the line supervisor.

You: "Why are these plastic items being rejected at this stage?"
Auditee: "They do not meet our processing standards."
You: “What is the reason for that?”
Auditee: “These items are likely to damage the machinery down the line. They can also compromise our quality
standards. We need to protect our reputation for good quality output materials.”
You: "What happens to the rejected items?"
Auditee: "Some get melted down in another process later on and some are disposed as waste products that cannot
be recycled."
You: "What happens to the waste products?"
Auditee: "I'm not sure. I suppose they go to landfill."

Which of the following actions would you take to investigate further? Select three.

• Determine whether there are quality objectives for reducing rejected material.
 • Check the waste skip to determine what kind of materials are rejected.
• Check the process for handling nonconforming items.
• Ask about operator PPE (Personal Protective Equipment).
• Find out if operators have regular hearing tests.
• Ask to review operator training records.

49 You are conducting an ISO 9001 audit of a Materials Recycling Facility (MRF). The company processes waste plastics
into raw material for plastic bottle manufacturers. You reach the manual picking line where operators are removing
contaminant materials from incoming products, such as plastic bags, plastic film and badly contaminated items that
would compromise the recycling process. You interview the line supervisor.

You: "Why are these plastic items being rejected at this stage?"
Auditee: "They do not meet our processing standards."
You: "What is the reason for that?"
Auditee: "These items are likely to damage the machinery down the line. They can also compromise our quality
standards. We need to protect our reputation for good quality output materials."
You: "What happens to the rejected items?"
Auditee: "Some get melted down in another process later on and some are disposed as waste products that cannot
be recycled."
You: "What happens to the waste products?"
Auditee: "I'm not sure. I suppose they go to landfill."
After further auditing, you have gathered additional evidence.

There is no specification for incoming materials: 8.4.3a

The picking operators have been trained: 7.2b
The picked reject materials are not documented: 10.2.2
The rejected materials are segregated: 10.2.1
Management has set an objective for the level of rejects for incoming materials: 6.2

50 You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The
organisation manufactures cosmetics for major retailers.

You are interviewing the Manufacturing Manager (MM).

You: "I would like to begin by looking at the cleaning controls."

MM: "We record the cleaning of the equipment at the end of every batch. This document details the minimum
cleaning frequency and the procedures to follow for all areas and each item of equipment. The person who carries
out the cleaning puts their initial on the document and records the time and date alongside."
Narrative: You sample production records over 3-days and note down evidence of nonconformity as per the table
below.

Date Batches of product Production line to be Number of cleaning Cleaned by

made cleaned records
10/XX 10 Line 1 DS 6
14 Line 2 HM 8
11/XX 12 Line 1 WR 7
12 Line 2 DD 9
12/XX 15 Line 1 DS 10
 Nonconformity report

ISO 9001 Clause Number: 8.5.4

Nature of problem: Cleaning and sanitising not always completed.

ISO 9001 requirement that has not been fulfilled: "The organization shall preserve the outputs during production
provision to the extent necessary to ensure conformity to requirements.”

Evidence: 40 cleaning records available for 63 batches.

51 You are carrying out an audit at an organisation seeking certification to ISO 9001 for the first time. The organisation
offers health and safety training to customers.
You are interviewing the Quality Systems Manager (QSM).

You: "What risks and opportunities have the business identified?"

QSM: "I'll show you. This was discussed with the Managing Director at the latest management review."
Narrative: The QSM shows you the latest management review record and points to the following table:

Reference Risks and Opportunities

1 Nine of the 10 employed trainers are retiring within next 12 months
2 Changes to health and safety legislation imminent
3 Market Information indicates increasing preference for technology-driven, self-paced training
4 Customer feedback highlights need for multi-language health and safety training

You: "How is the business planning to address these risks and opportunities?"
QSM: "The MD said that they already knew about them so it was not necessary."

Nonconformity Report

ISO 9001 Clause Number: 6.1.2a

Nature of problem: Actions to address risks and opportunities not planned.

ISO 9001 requirement that has not been fulfilled: ISO 9001-"The organization shall plan actions to address risks
and opportunities."

52 Whistlekleen is a national dry cleaning and laundry company with 50 shops. You are conducting a surveillance audit
of Head Office and are sampling customer complaints. You find that 80% of complaints originate from five shops in
the same region. Most of these complaints relate to damage to customer laundry. The Quality Manager tells you
that these are the oldest shops in the company. The cleaning equipment needs replacing but the company cannot
afford it at the moment. You learn that the shop managers were told to dismiss most of the claims on the basis of
the poor quality of the laundered materials.

On raising the matter with senior management, you are told that there are plans to replace the equipment in these
shops over the next five years.

You raised a nonconformity against clause 8.5.1 of ISO 9001.

“The organisation failed to control the laundry operations provided for customers in five shops. The equipment
used was not capable of consistently producing the required service."

53 You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The
organisation manufactures cosmetics for major retailers and the name of the retailer supplied appears on the
product packaging. Sales turnover has increased significantly over the past five years.
 You are interviewing the new Product Development Manager. You note that a software application called SWIFT is
used to help control the product development process.

Audit evidence ISO 9001 Clause 8.3 extract

Half of all new products launched in the past 12 months were late. The “8.3.2e) …internal… resource needs
NPD Manager explains he has not got enough people in his team to for the design and development of
cope with the demand for new products. products..."
The NPD Manager explains many changes are made to cosmetic "8.3.6) ... retain documented
formulations during product development owing to retailer feedback. information..."
Only when confirmed by the retailer is the agreed formulation
documented on SWIFT.
The NPD Manager explains that the customer confirms their approval "8.3.5) ... retain documented
to proceed with a new formulation by email. These emails are kept on information...”
SWIFT.
The NPD Manager shows you evidence of consumer trials that are "8.3.2e) ... external... resource needs
carried out for some new products prior to full-scale launch. for the design and development of
products...”

The NPD Manager explains that an approved external laboratory is used “8.3.4d) … conducted to ensure that
to perform shelf-life stability trails on some formulations during the design and development outputs
product development. meet...”

54 You are carrying out an annual audit at an organisation that offers home security services. You are interviewing the
Quality Manager (QM)

You: "Would you tell me about your management review process?"

QM: "The senior management team plans to review the management system every six months. The review follows
a set agenda and records are maintained."
You: "May I see the records from the last two management reviews?"
Narrative: The Quality Manager gives you the latest record, which shows the last management review took place
nine months ago. The Quality Manager then gives you the previous management review record, which took place
one year before the latest review.
You: "Are there any other review reports in the last two years?
QM: "No, these are the only ones."

Nonconformity report

ISO 9001 Clause Number: 9.3.1

Nature of problem: Management review has not been conducted at the defined frequency.
ISO 9001 requirement that has not been fulfilled: Top management shall review the organization's quality
management system at planned intervals.

55 You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The
organisation offers warehousing and export services to customers. Customers are invoiced for the time stock items
are stored in the warehouse. Transport to and from the warehouse is controlled by the organisation and approved
 subcontract transport services are used. The organisation does not have its own transport vehicles. Stock items are
not purchased by the organisation.

Audit evidence ISO 9001 Clause 8 extract

Four of the 10 pallets of stock sampled in the warehouse were not 8.5.2...shall use suitable means to
labelled. identify outputs...

A damaged pallet of stock seen in the quarantine area was leaking 8.7.1...shall ensure that outputs that do
liquid onto the floor. not conform to their requirements are
identified and controlled..."

One of the fork-lift truck drivers had no fork-lift truck driving licence. 8.5.1 e...shall include, as applicable...the
appointment of competent persons.

There was no pest control provision in the warehouse. 8.1...shall plan, implement and control
the processes.

Two pallets of temperature sensitive stock items were being stored 8.5.4...shall preserve the outputs during
at ambient as the chilled storage facility was full. production and service provision..."

56 XYZ Corporation is an organisation that employs 100 people. As audit team leader, you are conducting a
certification audit at Stage 1. When reviewing the quality management system (QMS) documentation, you find that
quality objectives have been set for every employee in the organisation except top management. The Quality
Manager complains that this has created a lot of resistance to the QMS, and the Chief Executive is asking questions
about how much it will cost. He asks for your opinion on whether this is the correct method of setting objectives.

How would you respond from the following options? Select three.

 Inform the Quality Manager that your will comment on the subject in your audit report.
 Advise the Quality Manager to read the ISO 9001 standard and interpret in relation to the organisation's
requirements.
 Suggest asking the certification body for guidance on this matter
 Indicate that ISO 9001 requires a minimum of two quality objectives
 Suggest that all employees undertake a training course on ISO 9001.
 Suggest that the Quality Manager obtains external consultancy on the use of quality objectives.
 Advise the Quality Manager that, as an auditor, you cannot provide advice to the organisation on how it should
operate its QMS.
 Advise the Quality Manager that you will raise an opportunity for improvement if the quality objectives are not
addressed properly.

57 You are carrying out an annual audit at an organisation that has been certificated to ISO 9001 for two years. The
organisation offers home security services. The scope of the quality management system covers alarm installation,
alarm servicing, alarm monitoring and response. The business operates from a single office and employs
subcontract installers and service technicians across the country. You are interviewing the Control Centre Manager
(CCM), who is responsible for managing the alarm monitoring and response service.

You: "Would you give me an overview of the alarm monitoring and response service?"
 CCM: "Control Centre staff monitor the status of customers' alarm systems 24 hours each day, seven days each
week. If an alarm activates, the customer is contacted, and the police are called."
You: "What quality objectives are you required to fulfil?"
CCM: "We are required to respond to an alarm activation within four hours. If an alarm is activated because of a
fault, we are required to investigate the fault within 24 hours of the alarm activation."
You: How do you monitor these objectives?
The CCM shows you a record on his computer and you see the following:

This month, Number of Number of Number of Number of Verified by

day number alarm responses faulty alarms responses the CCM
activations within 4 hours within24 hours
1 6 4 0 Not necessary Yes
2 7 5 1 1 Yes
3 11 8 2 2 Yes
4 4 3 0 Not necessary Yes
5 5 4 1 1 Yes

Which two of the following actions would you take as an auditor?

• Raise a nonconformity as a requirement in clause 8.7 has not been fulfilled

• Raise a nonconformity as a requirement in clause 10.2 has not been fulfilled

• Raise an opportunity for improvement to calibrate accuracy of response times

• Determine how thoroughly data is being analysed with respect to achievement of the objectives

• Determine whether the customer is informed when the 24-hour response times not fulfilled

• Determine what action is being taken when the four-hour response time is not fulfilled

58 Takitup is a small fabrication organisation that manufactures steel fencing, stairs and platforms for the construction
sector. It has been certified to ISO 9001 for some time and has appointed a new Quality Manager. The audit plan
during a surveillance audit covers the organisation's improvement actions and the auditor asks to see the most
recent management review meeting minutes.

The auditor finds that the management review report records that none of the improvement actions set by the
previous review have been realised for a second time. A new Quality Manager has been brought in at middle
management level to rectify the situation as the organisation is concerned that it might lose its certification.

Select three options that would provide evidence of conformance with clause 10.3 of ISO 9001.

• A quality objective to achieve lower reject rates by quality control.

• An increase in the programme of internal audits.
• The certification body auditor reporting fewer nonconformities.
• An enhanced customer satisfaction survey score than in the previous year.
• Removing underperforming external providers from the database.
• Considering results from the analysis of the effectiveness of corrective actions to determine improvement
opportunities.

59 You are carrying out an audit at an organisation seeking certification to ISO 9001 for the first time. The organisation
offers health and safety training to customers. Training courses are offered either as open courses, delivered at a
 public venue, or online, or as courses that are tailored to meet specific requirements. The business operates from a
single office and those who deliver the training are either full-time employees or subcontractors.
You have just completed the opening meeting. You are interviewing the Managing Director (MD).

You: "Good morning. I would like to gain an understanding of your business and its strategic direction."

MD: "Of course. We are facing challenging times. The market is extremely competitive, and customers typically
look for the least expensive option when arranging health and safety training. Our annual sales revenue has
struggled to grow over the past two years. Most of our employed trainers are planning to retire over the next 12
months, and we are looking for more subcontract trainers. Achieving ISO 9001 certification will, I hope, give us the
capability to improve our operational performance. Also, many of our competitors do not have any form of
management system certification, so I hope it will give us that competitive edge needed to secure orders. We
intend to promote our ISO 9001 certification on our website and across all other customer-facing media."

Which three of the following audit trails would you take to explore the extent to which external and internal
issues have been determined and used to enable the business to achieve the intended results(s) of its quality
management system?

 Establish how the organisation determined the scope of its quality management system.
 Establish how the organisation determines employed trainer competence.
 Establish how the organisation reviews information about external and internal issues.
 Establish how the organisation documents it external and internal issues.
 Establish how the organisation determines its relevant interested parties.
 Establish how the organisation determines subcontractor trainer competence.

60 You are carrying out an audit at an organisation seeking certification to ISO 9001 for the first time. The organisation
offers health and safety training to customers. Training courses are offered either as open courses, delivered at a
public venue, or online, or as courses that e tailored to meet specific requirements. The business operates from a
single office and those who deliver the training are either full- time employees or subcontractors.

You are interviewing the Training Manager (TM).

You: "What quality objectives apply to the training process?"

TM: "One of the quality objectives we aim for is a 90% minimum exam pass rate for all open training courses."

You: "How do you measure this objective?

The Training Manager shows you a record on her computer and you see the following:

Month Exam pass rates (%)

Course 1 Course 2 Course 3 Course 4 Course 5 Course 6
1 92 87 89 78 95 97
2 93 86 88 77 94 98
3 94 87 87 79 93 97
4 92 89 86 80 95 96
5 93 88 88 79 96 95
6 95 87 89 77 96 97

Which two of the following statements are true?

 You would determine how the exam pass rate figures were analysed.
 You would determine what corrective action was being taken to address the low pass rates.
 You would raise a nonconformity as a requirement if cause 10.2 has not been fulfilled.
  You would determine the relative difficulty of each training course by reviewing them.
 You would raise a nonconformity as a requirement in clause 8.7 has not been fulfilled.

61 You are conducting a third-party audit to ISO 9001 and interviewing the Training Manager. She explains that
training is more important than ever because the organisation has had to reduce the number of staff employed.
Many of the remaining staff are now required to be 'multi-skilled. You ask to see plans for the multi-skilling training
and are shown plans that look comprehensive, and include both on the job training and internal and external
training courses.
The records indicate that several staff required parts of their training to be repeated one month after the first
training was provided. You ask why this was needed and are told that an investigation of customer complaints
identified that several staff members did not complete certain tasks in the correct manner. The extra training was
therefore recommended as a corrective action.
Based on this interview, which of the following audit trails would be the most appropriate to follow?
Select the two most appropriate audit trails from the following.
 Ask if customer complaints had ceased since the multi skilled training finished.
 Determine whether management has assessed the impact of staff reduction on the organisation’s ability to
meet its objectives.
 Determine whether customers were consulted about the risks associated with the multi skilling training.
 Review records, to assess if all planned training has been completed,
 Assess whether Quality objectives are being met.
 Ask the members of the staff whether they found the training received useful.

62 You, as auditor, are in dialogue with the quality lead and managing director of a small business that supplies
specialist laboratory equipment and furniture.
ISO 9001: 8.4.1 outlines situations when controls need to be applied to externally provided processes, products
and services. Which one of the following situations is applicable to this scenario?
 Products and services for which the customer(s) supplies materials
 Raw materials from external providers are intended for incorporation into the organisation's own products.
 A process or part of a process is provided by an external provider as a result of a decision by the
organisation.
 Products and services are provided directly to the customer(s) by external providers on behalf of the
organisation.

63 You, as auditor, are in dialogue with the quality lead and managing director of a small business that supplies
specialist laboratory equipment and furniture.

You: "I'd like to look at how you manage change in the organisation. What changes have you made as a business,
say, over the last 12 months?"

Auditee: "We have made some strategic changes, the main one being that we no longer manufacture our own
products in house."

You: "That sounds like quite a significant change. What has been the impact of that?"

Auditee: "We now mainly sell other manufacturers' products, under their brand names, and have outsourced
manufacture of our own brand products to one of our suppliers. Unfortunately, we had to make six members of
our staff redundant. This represents about 20% of our workforce, so this has been quite a challenging time"

This scenario presents a number of audit trails to different ISO 9001 requirements.

Which six of the following requirements would be relevant audit trails for this scenario?
  Control of externally provided processes, products, and services
 Documented information
 Measurement traceability
 Design and development of products and services
 Leadership and commitment
 Planning of change
 Organisation roles and responsibilities
 Preservation of product
 Property belonging to customers or external providers
 Resources

64 Noitol is an organisation specialising in the design and production of e-learning training materials for the insurance
market. During an ISO 9001 audit of the development department, the auditor asks the Head of Development
about the process used for validation of the final course design. She states that they usually ask customers to
validate the product with volunteers. She says that the feedback received often leads to key improvements.

The auditor samples the design records for a recently completed course for the 247 Insurance organisation. Design
verification was carried out but there was no validation report. The Head of Development advises that this
customer required the product on an urgent basis, so the validation stage was omitted. When asked, the Head
estimates that this occurs about 50% of the time. She confirms that they always ask for feedback and often make
changes. There is no record of feedback in the design file for the course.

The auditor decides to review the training course design process in more depth.

Select six options that provide a meaningful audit trail for this process.

• What risks and opportunities have been identified as significant?

• What input does a customer have in the course design process?
• What training does a tutor have in the completed course?
• How is design documentation controlled and managed?
• How are students advised about prior learning requirements?
• What are the qualifications of the development staff?
• How is technical content of courses verified as correct?
• How is the cost of the course calculated?
• How is customer feedback integrated into the course?

65 Noitol is an organisation specialising in the design and production of e-learning training materials for the insurance
market. During an ISO 9001 audit of the development department, the auditor asks the Head of Development
about the process used for validation of the final course design. She states that they usually ask customers to
validate the product with volunteers. She says that the feedback received often leads to key improvements.

The auditor samples the design records for a recently completed course for the 247 Insurance organisation. Design
verification was carried out but there was no validation report. The Head of Development advises that this
customer required the product on an urgent basis, so the validation stage was omitted. When asked, the Head
estimates that this occurs about 50% of the time. She confirms that they always ask for feedback and often make
changes. There is no record of feedback in the design file for the course.

The auditor raises a nonconformity against ISO 9001. Which of the following options is the basis for the
nonconformity?

• 8.3.4.d-Design validation is not conducted systematically. It is omitted about half of the time.
• 8.6 - Course materials are released without proper approval. A course for 247 Insurance was released on an
urgent basis.
 • 8.3.2.c - Design planning does not include design validation. Design verification is part of the planning process.
• 8.3.6 - Design changes are not systematically actioned. Changes may be made if customers request them.
• 8.3.3- Design inputs do not include customer priorities for course delivery.
• 8.3.5 - The improvements made to course designs are not documented. Feedback from customers is not always
actioned.

66 During the opening meeting of a third-party audit of a pharmaceutical organisation (CD9000) with seven COVID-19
testing laboratories in various terminals at a major international airport, you are asked if you could visit all
laboratories. As audit team leader you say that, based on sampling criteria, you had planned to audit only three of
them as CD9000 is a multisite organisation.

They tell you that they have worked so hard to get ready for the audit that the supervisors of those laboratories
that would not be visited would be quite disappointed.

The following are possible responses to the request, select the two best responses:

 I could decide to extend the audit for an extra day.

 We could stay every day for one hour longer to see those supervisors and their laboratories.
 I could try to revise the audit programme to see if I can audit all laboratories.
 The programme manager has selected the sample and we must follow it.
 could audit the other laboratories virtually at the end of this audit.
 Sorry, this is the plan, we cannot change it. However, they could attend the audit as observers.

67 During a third-party audit of a pharmaceutical organisation (CD9000) site of seven COVID-19 testing laboratories in
various terminals at a major international airport, you interview the CD 9000's General Manager (GM), who was
accompanied by Jack, the external consultant who assisted the implementation of ISO 9001. Jack is acting as the
guide in the absence of the Technical Manager due to him contracting COVID-19.

You: "What external and internal issues have been identified that could affect CD9000 and its quality management
system?"

GM. "Jack guided us on this. We identified issues like probable competition of another laboratory organisation in
the airport, legal requirements on COVID-19 continuously changing, the shortage of competent laboratory
analysists, the epidemic declining soon, shortage of chemicals for the analysis. It was quite a good experience.

You: "Did you document these issues?"

GM. "No. Jack said that ISO 9001 does not require us to document these issues."

You: "How did you determine the risks associated with the issues and did you plan actions to address them?"

GM:"I am not sure. The Technical Manager is responsible for this process. Jack may be able to answer this question
in his absence."

Select two options for how you would respond to the General Manager's suggestion:

• I would not accept the consultant answering the question.

• I would ask the consultant to leave the meeting since he is not an employee of the organisation.
• I would ask to get in contact with the Technical Manager by phone.
• I would look for evidence that the actions resulting from the risk assessment had been taken.

68 An audit team of three people is conducting a Stage 2 audit to ISO 9001 of an engineering company which
manufactures sacrificial anodes for the oil and gas industry in marine environments. These are aluminium products
designed to prevent corrosion of submerged steel structures. You, as one of the auditors, find that the company
has shipped anodes for Project DK in the Gulf of Mexico before the galvanic efficiency test results for the anodes
 have been fully analysed and reported as required by the customer. The Quality Manager explains that the
Managing Director authorised release of the anodes to avoid late delivery as penalties would be imposed. The
customer was not informed since the tests very rarely fall below the required efficiency. You raise a nonconformity
against clause 8.6 of ISO 9001.

During the audit team meeting in preparation for the Closing meeting, the second auditor disagrees with the clause
of ISO 9001 selected for the above nonconformity. He thinks it should be clause 9.1.1.

Choose three options for how the audit team leader might best respond to the situation:

 Immediately overrule the objection of the second auditor with no discussion of the clause
 Advise that he will think about the clause and announce his decision during the Closing meeting. Immediately
agree with the second auditor that clause 9.1.1 would be better.
 The audit team leader will refer to the quality manager to determine which clause they agree with.
 Suggest that neither clause is accurate and instead propose clause 9.1.3 as the best one for the nonconformity.
 Invite you and the second auditor to fully explain your point of view and then decide which clause to select.
 Try to obtain a consensus between you and the second auditor after a discussion of the different opinions.
 Review the evidence with you and the second auditor, and then decide which clause of ISO 9001 would best
apply.

69 You are an auditor from a construction organisation who is conducting a second party audit to ISO 9001 at a steel
rolling mill producing structural steelwork. When auditing the rolling process, you find that the operator unloading
the furnace does not use the adjacent infrared pyrometer to measure the appropriate product temperature in
readiness for the next production stage.

You: "How do you tell when the billet is ready for the rolling stage?"
Operator: "I've done this job for 20 years. I can tell by the bright red colour."
You: "What happens if the colour is wrong?"
Operator: "The billet goes back into the furnace."
You: "Is the pyrometer ever used?"
Operator: "Only in borderline cases.
You continue to interview the operator and find that around 25% of the billets are sent back to the furnace. This
includes 80% of the borderline cases.

You determine that the organisation does not have a process for calibrating the pyrometer purchased five years
before. The external provider recommends annual servicing. You raise a nonconformity against cause 7.1.5.2 of ISO
9001.

"Pyrometer PMD0121 was not periodically calibrated to known accuracy while being used as a measuring device.
There is no evidence of a document for calibrating the measuring”

70 You are an auditor from a construction organisation who is conducting a second party audit to ISO 9001 at a steel
rolling mill producing structural steelwork. When auditing the rolling process, you find that the operator unloading
the furnace does not use the adjacent infrared pyrometer to measure the appropriate product temperature in
readiness for the next production stage.

You: "How do you tell when the billet is ready for the rolling stage?"
Operator: "I've done this job for 20 years. I can tell by the bright red colour."
You: "What happens if the colour is wrong?"
Operator: "The billet goes back into the furnace."
You: "Is the pyrometer ever used?"
Operator: "Only in borderline cases.
You continue to interview the operator and find that around 25% of the billets are sent back to the furnace. This
includes 80% of the borderline cases.
 Select three options that would provide evidence of conformance with clause 9.1.1 of ISO 9001.

 An increase in the use of the pyrometer by operators.

 Maintenance plan for the furnace.
 Annual review records for furnace operators.
 Certification of conformance to national standards from the manufacture of the pyrometer.
 Periodic analysis of the results of temperature checks.
 A procedure that provides instruction in taking billet temperature.
 A quality objective to achieve lower recycle rates for billets.
 Planning for monitoring and measuring the billet temperature.

71 XYZ Corporation is an organisation that employs 100 people. As audit team leader, you are conducting a
certification audit at Stage 1. When reviewing the quality management system (QMS) documentation, you find that
quality objectives have been set for every employee in the organisation except top management. The Quality
Manager complains that this has created a lot of resistance to the QMS, and the Chief Executive is asking questions
about how much it will cost. He asks for your opinion on whether this is the correct method of setting objectives.

Three months after Stage 1, you return to XYZ Corporation to conduct a Stage 2 certification audit as Audit Team
Leader with one other auditor. You find that the Quality Manager has cancelled the previous quality objectives for
all employees and replaced them with a single objective for himself. This states that "The Quality Manager will
drive multiple improvements in the QMS in the next year". The Quality Manager indicates that this gives him the
authority to issue instructions to department managers when quality improvement is needed. He says that this
approach has the full backing of senior management. He shows you the latest Quality Improvement Request that
was included in the last management review.

Quality Improvement Request QI/12/20/HR-3

To: HR Manager QMS awareness training is to be included as part of the Date: 12/12/20XX
induction training for new employees. Action by: 31/03/20XX
Update by: 01/20XX Update by: 02/20XX Update by: 03/20XX Signed: (QM)
Notes: Use of external resources for this action must be approved by senior Action Completed:
management.
(Signature)

Date:

After further auditing, the issues below were found. Select three statements that apply to the term
'nonconformity.

• Top management claim not to be aware of the improvement request (QI/12/20/HR-3) initiated by the Quality
Manager.
• Quality improvements not aligning with the quality policy.
• Limited knowledge of the content of Quality Improvement Requests by departmental staff.
• The single quality objective set for the organisation by the Quality Manager.
• Decisions on improvement action timescales not involving departmental managers.
• Evaluation of the results of the improvement action not always documented by the Quality Manager.

72 XYZ Corporation is an organisation that employs 100 people. As audit team leader, you are conducting a
certification audit at Stage 1. When reviewing the quality management system (QMS) documentation, you find that
quality objectives have been set for every employee in the organisation except top management. The Quality
Manager complains that this has created a lot of resistance to the QMS, and the Chief Executive is asking questions
about how much it will cost. He asks for your opinion on whether this is the correct method of setting objectives.
 Three months after Stage 1, you return to XYZ Corporation to conduct a Stage 2 certification audit as Audit Team
Leader with one other auditor. You find that the Quality Manager has cancelled the previous quality objectives for
all employees and replaced them with a single objective for himself. This states that "The Quality Manager will
drive multiple improvements in the QMS in the next year". The Quality Manager indicates that this gives him the
authority to issue instructions to department managers when quality improvement is needed. He says that this
approach has the full backing of senior management. He shows you the latest Quality Improvement Request that
was included in the last management review.

Quality Improvement Request QI/12/20/HR-3

To: HR Manager QMS awareness training is to be included as part of the Date: 12/12/20XX
induction training for new employees. Action by: 31/03/20XX
Update by: 01/20XX Update by: 02/20XX Update by: 03/20XX Signed: (QM)
Notes: Use of external resources for this action must be approved by senior Action Completed:
management.
(Signature)

Date:

After further auditing, the issues below were found. Select three statements that apply to the term ‘Audit trail’.

• Top management claim not to be aware of the improvement request (QI/12/20/HR-3) initiated by the Quality
Manager.
• Quality improvements not aligning with the quality policy.
• Limited knowledge of the content of Quality Improvement Requests by departmental staff.
• The single quality objective set for the organisation by the Quality Manager.
• Decisions on improvement action timescales not involving departmental managers.
• Evaluation of the results of the improvement action not always documented by the Quality Manager.

73 Whistlekleen is a national dry cleaning and laundry organisation with 50 shops. You are conducting a surveillance
audit of Head Office and are sampling customer complaints. You find that 80% of complaints originate from five
shops in the same region. Most of these complaints relate to damage to customer laundry. The Quality Manager
tells you that these are the oldest shops in the organisation. The cleaning equipment needs replacing but the
organisation cannot afford it now. You learn that the shop managers were told to dismiss most of the claims based
on the poor quality of the laundered materials.

On raising the matter with senior management, you are told that there are plans to replace the equipment in these
shops over the next five years.

To complete the table, click on the blank section you want to complete so it is highlighted in red and then click on the
applicable clause of ISO 9001 below. Alternatively, you may drag and drop each of the following clause's ISO 9001 shown
to the appropriate statement:

 The organisation informing customers of the reason for the damage to their laundry: 8.5.3
 Management allocating sufficient resources to replace outdated equipment: 7.1.3 b
 Corrective action to deal with customer complaints: 10.2.1 b
 Top management addressing the risk of damage to customer property: 5.1.2 b
 Management setting a quality objective for the level of customer complaints: 6.2
74 Whistlekleen is a national dry cleaning and laundry organisation with 50 shops. You are conducting a surveillance
audit of Head Office and e sampling customer complaints. You find that 80% of complaints originate from five
shops in the same region. Most of these complaints related to damage to customer laundry. The Quality Manager
tells you that these are the oldest shops in the organisation. The cleaning equipment needs replacing but the
organisation cannot afford it at the moment. You learn that the shop managers were told to dismiss most of the
claims on the basis of the poor quality of the laundered materials.

On raising the matter with senior management, you are told that there are plans to replace the equipment in these
shops over the next five years.

Then reviewing the customer complaint file, you find that the organisation is facing a legal dispute with a customer
over damage to an expensive cashmere coat.

Select the best option for how this should be handled by the Quality Management System.

 Give an explanation to the customer of what went wrong.

 Make an offer to replace the coat with a new one.
 Report the situation to the customer with suggested remedial action.
 Settle the court case by negotiation with the customer.

75 An audit team leader arrives at a printing organisation to carry out a Stage 2 audit for a certification body. At a
meeting with the Quality Manager, she is told that they have won their biggest contract from a computer
manufacturer to print and compile computer documentation packages. They have leased the unit next door for
space reasons but have never worked in this sector before. The Quality Manager wants the ISO 9001 certificate to
cover the new contract.

Which one of the options is the correct response by the auditor?

 Would you like a separate certificate for the IT packages to show your new client?
 How can we audit this area when we do not have an IT specialist in the team?
 Do you realise that this involves an extension to the scope of the audit and will require an application process?
 Would you mind writing to my programme manager with this request?

76 An audit team leader arrives at a printing organisation to carry out a Stage 2 audit for a certification body. At a
meeting with the Quality Manager, she is told that they have won their biggest contract from a computer
manufacturer to print and compile computer documentation packages. They have leased the unit next door for
space reasons but have never worked in this sector before. The Quality Manager wants the ISO 9001 certificate to
cover the new contract.

During the audit, a team member finds that a number of print jobs have been rejected by several clients over a
number of months due to spelling errors in the print run. The Print Manager blames the new employees they had
to take on because of a big contract. The auditor raises a non-conformance against clause 10.2.1.b of ISO 9001.

Which one of the evidence statements would support this finding?

 There was no record that the organisation evaluated the effectiveness of the training given to new
employee
 The actions taken to deal with customer complaints did not prevent recurrence of the problem.
 The organisation did not provide the correct resources to prevent nonconformity.
 There was no evidence that a check of spelling took place before the release of printing to the client
 77 An audit team leader arrives at a printing organisation to carry out a Stage 2 audit for a certification body. At a
meeting with the Quality Manager, she is told that they have won their biggest contract from a computer
manufacturer to print and compile computer documentation packages. They have leased the unit next door for
space reasons but have never worked in this sector before. The Quality Manager wants the ISO 9001 certificate
to cover the new contract.
During the audit, a team member finds that a number of print jobs have been rejected by several clients over a
number of months due to spelling errors in the print run. The Print Manager blames the new employees they had
to take on because of a big contract.

The auditor finds that the responsibility for checking spelling errors is placed on the printer who sets up the print
run.

In line with the policy of the certification body, the audit team raise improvement opportunities in the audit
report. Which three of the following options would represent acceptable opportunities for improvement in the
report?

 The responsibility for checking printing needs to be independent of the operators.

 A business consultant can be recommended for advice on improving operations.
 A plan to determine why the errors occur and to prevent them.
 Operational planning activities may benefit from a clearer risk-based approach.
 An intensive training plan that involves all production personnel.
 The organisation needs to delay its certification to gain more experience of the QMS.
 More process time needs to be allocated to the new employees.
 The recruitment process to include spelling tests to filter out unsuitable candidates.

78 You are auditing an organisation that has been certificated to ISO 9001 for ten years. The organisation is a
privately- owned, multi-site car tyre fitting organisation. You are auditing one of the sites. You are auditing the car
tyre fitting service. You are interviewing the Site Manager (SM).
You: "Would you explain the car tyre fitting service?"
SM: "Of course. Customers typically call us by phone with their requirements. We ask them what they want. We
check whether we have the tyres they need in stock. If we don't have the tyres in stock, we contact our supplier to
confirm when they would be able to supply the tyres. We then determine the cost. We then check what availability
we have in our busy schedule to fit the new tyres. We then inform the customer with details of cost and when we
can fit the tyres. If the customer is happy to proceed with the booking, we update our Work Schedule. The same
process applies for customers who walk into our office and for online requests."
You: "What information do you retain should there be a defect reported by a manufacturer of tyres that you have
fitted?"
SM: "We maintain records of customer names, addresses and contact phone numbers. We maintain a record of the
type of tyre fitted and the tyre manufacturers batch information. We also maintain a record of the registration
numbers of the vehicles we have fitted tyres to. All records are in our Work Schedule."
Which two of the following options you would take to enable you to gather further audit evidence to validate
what the Site Manager has told you?
 Review the training record of the site manager.
 Interview a tyre fitter to determine the type and batch of each tyre fitted to a car.
 Review the Work Schedule dated three years ago and verify what information has been recorded.
 Interview a tyre fitter to determine how long they have worked for the organisation.
 Review the Work Schedule for the past three weeks and verify what information has been recorded.
 Interview a customer to determine how satisfied they are with the service.
79 The next item on your audit plan is “internal auditing” and below is the part of your interview with the quality
manager.

You: “Could you tell me what your policy and strategy is for undertaking internal audit?”

Quality Manager: "Our policy is to take a risk-based approach to planning and executing our audits. The programme
is based on an al assessment of the risks and opportunities to the business. We have a lot of high-profile clients and
undertake some very sensitive work. We have detailed criteria for applying a risk-based approach to the audit
programme and this means some departments be audited annually, some bi-annually and several every six months.
The programme is reviewed quarterly and it often changes. We two full-time auditors."

while looking at the current and previous year's programme, you note that not all audits have been undertaken to
schedule. Those audits that were not completed last year are not listed in the following year's programmes.

You ask to see audit records and are shown a filing cabinet containing audit records covering the previous five
years. When reviewing a sample of the older records, you find that many contain non-conformance reports for
which no actions have been taken. You record everything you have found and speak to the Quality Manager.

You: "I have noted that many of the older files contain non-conformances that have not had any corrective action
taken."

Quality Manager: "In many cases, it is the departmental managers who are slow to take action, no matter how
much we ask them. Because the business is always changing, they tell me that the non-conformances are no longer
applicable. I made a decision that non-conformance over three years old is automatically closed. I record that they
are closed for the management review meetings."

You: "Do you obtain any confirmation from the appropriate departments that the nonconformances are no longer
applicable."

Quality Manager: "Because they are so old. I consider that they are no longer appropriate. Please remember that
we take a risk- based approach, which means we audit where and when it is considered important to do so."

Select the most appropriate course of action from the following options:

 Review all non-conformance reports that were not actioned and assess whether there is a risk to the business.
 Review the risk-based criteria with the Quality Manager to assess whether it is being effectively and consistently
applied.
 Interview relevant departmental managers to assess whether the nonconformances are still valid.
 Review subsequent audit reports of departments where nonconformances were raised and no corrective action
was taken and justification for not taking any action was provided, to determine whether they were included in
the audit planning.
 Interview top management to determine whether they were aware of and agreed the actions of the Quality
Manager.
 Raise a non-conformance report.

80 The auditor examines the records that are available for the external provider to whom manufacturing has been
outsourced.
There is a detailed external provider questionnaire and there are inspection records from the trial manufacturing
batches. There is no documented evidence to confirm the appointment of the external provider, and no contract or
terms and conditions. Records of subsequent monitoring indicate that external provider performance is
satisfactory.
To complete the sentence, click on the blank section you want to complete so it is highlighted in red and then click on the
applicable text from the options below. Alternatively, you may drag and drop the options to the appropriate blank
Section.

a) This represents a failure to maintain documented evidence of the selection of the external provider.
b) The auditor should raise a/an major nonconformity in their audit report because this situation represents
systemic failure.

81 XYZ Corporation is an organisation that employs 100 people. As audit team leader, you are conducting a
certification audit at Stage 1. When reviewing the quality management system (QMS) documentation, you find that
quality objectives have been set for every employee in the organisation except top management. The Quality
Manager complains that this has created a lot of resistance to the QMS, and the Chief Executive is asking questions
about how much it will cost. He asks for your opinion on whether this is the correct method of setting objectives.

"Quality objectives are applicable to the boundaries, applicability and continuity of the quality management
system, including the types of products and services covered and provide a structure for the continual
improvement of the organisation”.

82 You are carrying out an audit at an organisation seeking certification to ISO 9001 for the first time. The organisation
offers health and safety training to customers. Training courses are offered either as open courses, delivered at a
public venue, or online, or as courses that are tailored to meet specific requirements. The business operates from a
single office and those who deliver the training are either full-time employees or subcontractors.

You have gathered audit evidence as outlined below. To complete the table, click on the blank section you want to
complete so it is highlighted in red and then click on the ISO 9001 clause 8 extracts listed below. Alternatively, you may
drag and drop each ISO 9001 Clause 8 extract listed with the audit evidence that applies.

Audit evidence ISO 9001 Clause 8 extract

Three subcontract trainers who had delivered training were not approved “8.4.1…shall apply criteria for ...
as defined in procedure SA1 Supplier Approval revision 3. external providers...”

A training programme for a customer was not documented as required in “8.3.5…shall retain documented
procedure TD 2 Training revision 2. information on design and
development outputs."

One trainer had not recorded the damage to a customer's training room "8.5.3...shall retain documented
wall caused by using sticky tape to hang training aids, as required in information on what has
procedure TD 2 Training revision 2. occurred."

Five sales orders had no record of having been reviewed to verify the “8.2.3.1 shall conduct a review
ability to provide these courses. before committing...”

83 You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The
organisation manufactures cosmetics for major retailers and the name of the retailer supplied appears on the
product packaging. Sales turnover has increased significantly over the past five years. The organisation uses a
software programme called SWIFT, which is used to record sales, plan production, purchase supplies, print
despatch notes, track new product development, perform traceability exercises, carry out mass balance checks,
raise invoices, create budgets, and support financial control.
 You are nearing the end of the audit and you are reviewing your audit notes. You notice a recurring trend
concerning the SWIFT database as shown below:

Your audit notes Status

Production Planner: SWIFT database version 202 Requires audit trail
Manufacturing Manager: SWIFT database version 169 Requires audit trail
Manufacturing Supervisor: SWIFT database version 169 Requires audit trail
Product Development Manager: SWIFT database version 169 Requires audit trail
Logistics Supervisor: SWIFT database version 182 Requires audit trail
Quality Manager: SWIFT database version 205 Requires audit trail

You ask the Quality Manager to explain how the SWIFT database is controlled. You learn that the Operations
Director is responsible for determining and progressing SWIFT software updates. You decide to meet the
Operations Director (OD).

You: "Good afternoon."

OD: "Good afternoon."
You: "What responsibility do you have concerning the SWIFT database?"
OD: "I maintain it. If anyone wishes to propose an update to the database, they send me an email with details of
their proposal. I then either process the database update myself, or I send the request to the consultant who
designed the database 20 years ago. The necessary software changes are made, and the amended software is
immediately released users."
You: "Would you explain how the software amendments are controlled?"
OD: "Of course. I personally update every computer myself."
You: "Do you inform the database users of the changes?"
OD: "No I don't. They find out for themselves by using the software, or they come to see me if they have any
questions You: "How do you ensure that the database users use the latest version?"
OD: "That's easy, I update every computer myself."
You: "During the audit, I noted there were several versions of SWIFT in use (you refer to your audit notes)."
OD: "I know. That's because some versions work better than others, and depending on user needs and experiences,
we allow users to revert to using an earlier version if they find it works better for them."
Based on the scenario, which two of the following statements are true? requirement defined in...

There is evidence of nonconformity with

 Clause 7.1.3 Infrastructure

 Clause 7.1.4 Environment for the operation of processes
 Clause 7.5.2 Document information- Creating and Updating
 Clause 7.5.1 Document Information-General
 Clause 7.5.3 Control of documented information

84 You are carrying out an annual audit at an organisation that has been certificated to ISO 9001 for two years. The
organisation offers home security services. The scope of the quality management system covers alarm installation,
alarm servicing, alarm monitoring and response. The business operates from a single office and employs
subcontract installers and service technicians across the country.

You have just completed the opening meeting. You are interviewing the Managing Director (MD).

You: "I would like to gain an understanding of how the quality management system has been supporting your
business and its strategic direction."
MD: "We are continuing to face difficult times. The market is extremely competitive, and customers typically look
for the least expensive option when choosing home security services. We have not yet seen any business benefit
from our quality management system."
 You: "Tell me how you determine external and internal issues."
MD: "We use SWOT analysis (Strengths Weaknesses, Opportunities, Threats)."
You: "How have the outputs from your SWOT been used?"
Select four of the following audit trails you would take to explore the extent to which the SWOT analysis and the
outputs from this have been used to enable the business to achieve the intended results(s) of its quality
management system according to ISO 9001?

 Establish how many interested parties need to be consulted

 Establish how the organisation reviews information about external and internal issues
 Establish how the organisation shares information with external interested parties
 Establish what actions were taken to improve the QMS
 Establish whether the SWOT analysis has been reviewed by the procurement manager
 Establish whether the SWOT analysis is focussed solely on the QMS

85 An internal auditor of a manufacturer of polystyrene packaging products for the electronics industry raised a
nonconformity against section 10.3 of ISO 9001 in Report IA202. The nonconformity (NC 3) stated:

“The reject rate of finished product of 9.7% needs improvement as it doesn't meet the stated objective of top
management of 5%."

As the third-party auditor reviewing the internal audit process, you come across the nonconformity. For corrective
action, the Quality Manager conducted an investigation into the reject rates. He reported that the collection
baskets for products ejecting from the moulding machines were not large enough. About 6% of products fell onto
the wet and dirty factory floor. Management stated that replacing the baskets was too costly and ordered the
Maintenance Manager to ensure that the floor was kept clean and dry to prevent rejects. The auditor later checked
the factory floor, which was wet and dirty in places.

From the following nonconformities, select three that the auditor could raise to ISO 9001.

 7.1.1 -The organisation failed to provide the required resources to prevent nonconforming products.
 7.1.4 -The factory environment did not contain the infrastructure for production operations.
 7.3 -staff were not aware that products were falling onto the factory floor.
 8.5.1 -production operations were not properly controlled to avoid reject products.
 8.5.4 -finished products were contaminated by poor handling.
 9.2.2 -Report 14202 contained a poorly worded nonconformity (NC 3).
 10.2.1 -Conduct of an investigation is not sufficient to satisfy the requirement for corrective action.
 10.3-The organisation did not continuously improve. Reject rates were unchanged.

86 An internal auditor of a manufacturer of polystyrene packaging products for the electronics industry raised a
nonconformity against section 10.3 of ISO 9001 in Report IA202. The nonconformity (NC 3) stated:
"The reject rate of 'finished' product of 9.7% needs improvement as it doesn't meet the stated objective of top
management of 5%."
Just before the Closing meeting of a third-party audit, the audit team leader is invited to a meeting with the Quality
Manager. He tells the audit team leader that a member of the audit team was seen taking photographs of the
factory on his phone during the day and wants him suspended from the Closing meeting with any nonconformities
raised by him rescinded. The issue of photographs was not discussed during the opening meeting.

Select the three options for how the audit team leader might deal with this situation.

 Delay the Closing meeting until the audit team leader has consulted his audit programme manager at Head
Office
  Insist that the nonconformities must stand since they have been agreed by the team from other evidence
gathered
 Advise the Quality Manager that the auditor will be reported to Head Office
 Apologise for the situation and ensure the Quality Manager that all photographs will be deleted during the
Closing meeting
 State that the auditor will take no further part in the audit and all his photographs will be deleted
 Advise the Quality Manager that he, as audit team leader, needs to speak to the auditor about the situation
and he will report back to the Quality Manager once this is done

87 ABC is a service organisation that cleans and irons bed and table linen for four large hospitals in the city centre. It
claims to meet ISO 9001:2015 requirements. During an internal audit, an auditor observes that machine No. 4 is
being operated with the three variables outside the limits established in the applicable documented procedure SP-
701. The auditor has decided to raise a nonconformity.

Which six elements should be included in the nonconformity report?

 Applicable procedure: SP-701

 Number of the production order
 Identification number of the washing machine
 Weight of linen being washed vs the maximum weight required in SP-701
 The planned duration of the process vs the minimum time required in SP-701
 Name of the Quality Manager
 Summary of the competence of the machine operator
 The concentration of the cleaning liquid used vs the concentration fixed in SP-701
 Manufacturer of the washing machine

88 You have been just hired as the Internal Lead Auditor of a large organisation, responsible for internal audits. Your
first job is to analyse the answers to nonconformities included in the report of a recent internal audit to Top
Management.
The report contained one nonconformity as follows:
There is no evidence of Top Management ensuring the availability of resources to operate the QMS, the
establishment of objectives, the promotion of continual improvement, and the promoting of the process approach.
Which four of the following Top Management actions can be considered 'corrections to the nonconformity"?
 Improvement action has been promoted
 Top Management appoints a senior manager to oversee the quality management system
 Process approach has been communicated to the personnel
 Objectives have been established
 Top Management completed a course on ISO 9001
 All these actions will be reviewed during the Top Management meetings
 Top Management review will be carried out every six months instead of annually
 Resources have been provided

89 Select six stages you would expect a third-party audit team leader and his audit team to complete in preparation
for a Closing meeting for a four-day initial certification audit.
• Write the audit finding report out when detected and obtain signature of the auditee.
• Final audit team meeting to agree findings and categories including clarification of any uncertainties.
• Re-audit corrective actions taken to correct findings found during the audit.
• Audit team complete final version of their individual findings.
• Audit team review any points raised by the auditee nominated representative.
 • Audit team leader sends out invitation for all auditee staff to attend the final meeting.
• Hold daily audit team meeting to review any timetable issues and potential findings and their impact on the
audit for other team members
• Audit team agree final audit outcome recommendation.
• Audit team leader completes final report, including individual findings and certification recommendation.

90 Select six of the activities that are specifically required by ISO 17021-1 as part third-party (Certification Body)
surveillance audit processes.
 Review changes to the QMS since last visit.
 Handling of customer complaints since last visit.
 Audit use of certification marks on marketing materials.
 Verify legal compliance.
 Complete a full document review of the quality management system.
 Confirm effectiveness of internal audit and management review.
 Conduct a minimum number of annual surveillance audits during the certification period.
 Failing to meet financial responsibilities.
 Review the status of previously raised findings and audit effectiveness of any outstanding findings.
 Review the calibration status of the instrumentation.

91 For each of the following scenarios, select four that are corrective actions.
 Call out roadside assistance to a broken-down car
 The government increases payments to dentists for dental checks for children
 The organisation uses fertilizers to prevent plants dying in a section of a garden centre
 The government enforces a lockdown against a virulent virus
 The government develops a vaccine against a virulent virus
 After the loss of an important football match 4-0, the manager is sacked
 A complaint about cold food was resolved by reheating food in the restaurant kitchen
 The organisation improves product identification to prevent customer complaints

92 During an internal audit of the Quality Control Lab of an organisation, you determine that the calibration of a
spectrometer XX-12, used daily to release batches of production, expired 15 days earlier. You raise a non-
conformance under 7.1.5.2 of ISO 9001:2015.
Previously, the calibration of the spectrometer had been conducted by X-TECH, who had offices locally. When the
Quality Control Manager tried to contact them before the expiry of the calibration, he was informed that X-TECH
had left the country six months earlier and had moved its offices to the US.
The basic cause of the nonconformity was that the organisation had not considered the possibility of this
happening.
Which of the following corrective actions would you have accepted as the best one?
 We will have the results on one out of ten of our routine production samples double-checked by an
external local laboratory.
 We will add this to our external issue register, assess its associated risk, and plan action to address that risk
 We will look for a local company to provide this service.
 We will select one sample, which we will send to an external laboratory and will use it as our internal
standard.

93 During a second-party audit to a dairy farm (by a potential customer) complying with ISO 9001:2015, the auditor
verifies that there is large variability in the daily production of the milking yard. The current agreement with their
only customer is to provide 2,000 litres per day. However, in the last two years, they have noticed an increasing
variability in the daily production.
 If they produce less than 2,000 litres, they are penalised with a fine of 1.5 pesos for every litre that they do not
provide. If they produce more than 2,000 litres, they use the extra milk to feed the pigs.

This process has been in operation for decades. The dairy farm was founded by the grandfather of the current
owners, who did not want to alter the established practices.

The auditor raises a nonconformity on the basis that the process is not under control (Clause 8.1).

If you had been the auditor, which one of the following actions would you have accepted?

• Modify the contract with the current customer to provide them with only 1,500 litres of milk per day and make
an agreement with a second customer.
• Analyse the daily dispatch of milk for 30 days to determine its variability.
• Apply the existing process of addressing the risks and opportunities of milk production.
• Retain the current contract and try to sell the occasional surplus milk to a second customer.

94 A Health Trust has contracted with Servitup, a catering services company that has been certified to ISO 9001 for
one year. It provides services to 10 small rural hospitals in remote locations involving purchase and storage of dry
goods and fresh produce, preparing meals and loading heated trolleys for ward service by hospital staff. You, as
auditor, are conducting the first surveillance audit at one site with the Deputy Catering Manager (DCM).

DCM: "I apologise for the absence of the Catering Manager. He has called in sick today and we are really short of
staff."
You: "I see. It really shouldn't affect the QMS so the audit can progress as normal."
DCM: "The Catering Manager set up the system. I'm afraid I'm not as familiar with it as he is."
You: "OK, let's start with the Quality Policy. What are the main issues for the QMS here?"
DCM: Give me a minute. I need to look at the Quality Policy on the noticeboard in his office.
You find that two internal audits have been carried out in the first year by the Catering Manager. One of them
indicates that complaints from patients are increasing in number, mainly due to food being served too cold. The
DCM comments that the trolley thermometer is often unreliable.

Which two of the following actions would be "correction" in dealing with the complaints?

• Purchase a new thermometer to replace the unreliable one used for the ward trolleys.
• Keep a spare thermometer in case of a thermometer malfunction.
• Plug trolleys into ward electricity sockets to heat food to the correct temperature during food service as per
procedures.
• Request ward staff to test the temperature of the food on the plates before serving to patients.
• Monitor and record the temperature of food on the trolleys against defined standards before release to the
wards.
• Calibrate thermometers more frequently to ensure accuracy of readings for food temperature on the trolleys.

95 A Health Trust has contracted with Servitup, a catering services company that has been certified to ISO 9001 for
one year. It provides services to 10 small rural hospitals in remote locations involving purchase and storage of dry
goods and fresh produce, preparing meals and loading heated trolleys for ward service by hospital staff. You, as
auditor, are conducting the first surveillance audit at one site with the Deputy Catering Manager (DCM).

DCM: "I apologise for the absence of the Catering Manager. He has called in sick today and we are really short of
staff."
You: "I see. It really shouldn't affect the QMS so the audit can progress as normal."
DCM: "The Catering Manager set up the system. I'm afraid I'm not as familiar with it as he is."
You: "OK, let's start with the Quality Policy. What are the main issues for the QMS here?"
DCM: Give me a minute. I need to look at the Quality Policy on the noticeboard in his office.
The Closing meeting attended solely by the DCM, you inform him that you have found numerous gaps in the QMS
processes, which lead you to consider recommending suspension of the organisation's certification. You are
 particularly concerned that patient health may be aced at risk from food products stored beyond its safe
consumption date, poor kitchen hygiene and undercooked meals. The DCM says that he cannot make any decisions
about these issues in the absence of the Catering Manager but will write everything down and report to him.

Which two actions you should take in the context of the audit?

 Append a note to the audit report that the DCM should be given urgent in-depth training in the QMS.
 Close the meeting and advise the DCM that you will issue your audit report to your superiors and let them
decide what the next steps should be.
 Conclude the meeting and advise that it will be rescheduled once the Catering Manager has returned to work.
 Call the individual(s) managing the audit program to explain the situation and recommend immediate
suspension of certificate to protect patients.
 Suggest to the individual(s) managing the audit program that the multi-site audit programme might need to be
revised to add more sites.

96 A Health Trust has contracted with Servitup, a catering services organisation that has been certified to ISO 9001 for
one year. It provides services to 10 small rural hospitals in remote locations involving the purchase and storage of
dry goods and fresh produce, preparing meals, and loading heated trolleys for Ward Service by hospital staff. You,
as auditor are conducting the first surveillance audit at one site with the Deputy Catering Manager (DCM).
DCM: "I apologise for the absence of the Catering Manager He has called in sick today and we are really short of
stall
You: "I see. It really shouldn't affect the QMS so the audit can progress as normal."
DCM: "The Catering Manager set up the system. I'm afraid I'm not as familiar with it as he is."
You: "OK, let's start with the Quality Policy. What are the main issues for the QMS here?"
DCM: "Give me a minute. I need to look at the Quality Policy on the noticeboard in his office."
As the audit progresses, it is dear that the DOM has a very low knowledge of the QMS. He continually has to look
up the answers to your questions or ask staff members about their processes. You decide to raise a nonconformity.
Select one of the following options that best describes the nonconformity.
 As a member of the management team, the Deputy Catering Manager is not sufficiently aware of the QMS.
 The Quality Policy only exists as a document in the Catering Manager's office.
 The Deputy Catering Manager is not competent to manage the QMS.
 The effectiveness of the QMS depends on the Catering Manager being present on site.

97 ABC is a worldwide fast-food organisation. One of the branches, in downtown Cape Town, decided to implement an
ISO 9001 quality management system and you are the audit team leader (with two other auditors) that will carry
out the certification audits, Stage 2.

ABC receive the orders by phone or internet; some of the employees deliver the ordered food to indicated
addresses. The normal menu includes 15 different types of hamburgers; however, in the last two weeks, due to a
shortage of a special type of meat, they can only prepare six of the 15 varieties.

During the internal meeting of the audit team, you ask one of the auditors to describe what she has observed. She
audited the reception of orders from customers (via phone or internet) and the communication of the orders to the
kitchen. She noticed that the menu offering food on the website is still the normal one, with 15 different
hamburgers, and during a 30-minute period, she observed many customers reluctantly accepting something other
than the hamburger they preferred.

You, as audit team leader, inform the Quality Manager of your concern about the major nonconformity, since you
consider this is a serious breach to the basic principles of quality that lasted two weeks without action being taken.

Right at the beginning of the Closing meeting, you discuss the nonconformity with the General Manager. She got
quite upset and said she was going to make a complaint to the certification body and left the room; the Quality
 Manager was the only member of ABC left with the audit team. The Quality Manager said the General Manager
would not come back to the meeting.

What would you do? Choose the best from the following options:

 Inform the Quality Manager that you consider the meeting closed, and that you will report to the Certification
Body
 Inform the Quality Manager that the certification process is put on hold and leave the room.
 Ask the Quality Manager to listen to the nonconformity the auditor will present and continue with the meeting
until its closed
 Ask the Quality Manager for a break to discuss the issue with the members of the audit team.

98 ABC is a fast food shop that receives orders by phone or the internet. The normal menu includes 15 different types
of hamburgers; however, in the last two days, due to a shortage of a special type of meat, they can only prepare six
of the 15 varieties.
You are performing a third-party audit of ABC; you observed that the menu offering food on the website is still the
normal one, with 15 different hamburgers. During a 30-minute period, you observed several customers reluctantly
accepting other than the hamburger they preferred. You decided to raise the following nonconformity as follows:
"There is evidence that ABC has not reviewed the ability to provide customers the offered products".
The restaurant manager does not accept the nonconformity. She says that ABC had an extensive training
programme for all personnel, which you have already seen when auditing Human Resources. This shortage of some
hamburgers cannot be considered a management system failure.

Which one would be your answer from the following options?

 I will raise it as a major nonconformity and, therefore, cannot recommend certification of the quality
management system.
 I will raise it as a minor nonconformity; you have the option to appeal to our Certification Body.
 You are right, it is not a system failure. I will change the nonconformity to a recommendation, but it will be
audited carefully next time.
 I will maintain it open, and I will see what the Certification Body thinks about it.

99 You are conducting a third-party audit to ISO 9001 and the next item on your audit plan is 'Internal auditing'.
When reviewing a sample of audit records up to 5 years previously, you find that many contain non- conformance
reports and no actions have been taken. You interview the Quality Manager.
You: "I have noted that many of the older files contain non-conformances that have not had any corrective action
taken."
Quality Manager: "Because the business is always changing, the departmental managers tell me that the non-
conformances are no longer applicable. I made a decision that any non-conformance over 3 years old is
automatically closed"
You: "Do you obtain any confirmation beforehand from the appropriate departments that the non- conformances
are no longer applicable."
Quality Manager: "No, because they are so old I consider that they are no longer appropriate. Please remember
that we take a risk-based approach which means we audit where and when it is considered important to do so.
Select one course of action you would now take from the options.
 Interview relevant Departmental managers to assess whether the older non-conformances are still valid.
 Interview Top management to determine whether they were aware of and agreed the actions of the
Quality Manager
 Raise a non-conformance report against clause 9.2.2.e of ISO 9001
 Review all non-conformances reports related to clause 9.2 of ISO 9001
100 At the end of a second-party audit, the audit team enters the meeting room to hold the closing meeting; only two
people are present and waiting for them; the Health and Safety supervisor and the administrative officer. Neither
has participated in the audit. However, the team had previously agreed with the auditee Quality Manager on two
nonconformities identified during the audit (NC1 and NC2).
They said:
Health and Safety supervisor says: "Good evening. We are sorry to inform you that the general manager was
involved in a serious car accident, and the other two managers have had to leave urgently to attend to the
emergency."
The Administration supervisor: "Concerning 'nonconformity 2, the general manager left a message asking us to tell
you that he does not accept it and requests you not to include it in the audit report. Here is a note in which he
explains why."
Which one of the following would be your preferred answer (as team leader) to the warehouse supervisor's
request?
 OK, I will get in contact with my company to ask for instructions on what to do with this nonconformity.
Please, leave us alone, and we will call you as soon as we have an answer.
 Please tell him that I will phone him in two days and will discuss the issue. Could you please give me his
mobile phone number?
 Please tell him that this nonconformity has been previously accepted by the quality manager during the
audit. I will include it in the report, referring to his concern about it.
 OK. Please, let me review the message. I will try to see if I can change the text of the nonconformity if
necessary. Let's take a 10-minute break, as I would like to discuss this issue with the audit team.

101 Services organisation is about to start work on a hospital cleaning contract for the local Health Trust. You, as
auditor conducting a Stage 2 audit to ISO 9001 and review the contact with the Service Manage. The contract
requires that a cleaning

You: “Is the cleaning plan for the contact developed?”

Manager: "We have a basic template that covers the materials, labour requirements and cleaning methods to be
employed. As specified by the customer.”
You: “Is the plan deal with locations like the intensive care wards and the operation theatres, which are included in
the contract?”
Manager: “The basic plan covers general wards, but we will do more frequent cleaning in those areas if the hospital
requests
You: “are you aware of the regulatory requirements for cleaning standards in hospitals?”
Manager: "No. We depend on the hospital to look after that side of things in the contract."

You decide to raise a nonconformity and section 8.2.2.a.1 of ISO 9001.

You decide to raise another nonconformity against section 8.2.4 of ISO 9001 when founding that the cleaning plan
was amended without the agreement of the Heath Trust. A different clearing chemical was substituted to that
specified in the contract. At the follow-up audit, the corrective action proposed was to "obtain a concession from
the Health Trust for use of the new chemical”

Which of the following options is the reason why you did not accept this action taken?

 The action assumes that the Health Trust will agree to the change.
 Staff have not been trained in the use of the new chemical.
 The substitute chemical may not be as effective as the original.
 The substitute chemical has not been used before in the Health Trust.
 The process for making changes to the contract has not been addressed.
102 You work for an organisation, 'A', which provides packaged food to the public. You are asked to lead a team (you as
the leader and two other auditors) to audit a supplier, 'B', which provides packaging materials to your organisation.
It is 4pm and the audit is close to an end; you are having the internal meeting with the team to decide what will be
presented to the auditee during the Closing meeting. The Closing meeting was scheduled at 5pm.

'B' has two manufacturing lines: M1 is a clean room for primary packaging materials (i.e. which will be in direct
contact with the food) and M2 is for secondary materials (ie. will not be in direct contact with food).

You, as audit team leader, audited top management, laboratory, and the storage of raw materials.

Neither Auditor 1 nor Auditor 2 identified any nonconformities.

You explain to the auditors that you identified two nonconformities:

a) There is no documented information on Top Management Reviews, as required in clause 9.3 of ISO 9001:2015.

b) There is no evidence of Top Management Commitment as required in clause 5.1 of ISO 9001:2015. (e.g., not
ensuring the availability of resources to operate the QMS, not ensuring the establishment of objectives, no
promotion of improvement, no promotion of the process approach).

All agreed to present these two nonconformities. They go to meet the Top Management of 'B' and noticed that the
General Manager and three other managers (Production, Human Resources, Sales) were present in the meeting
room.

Considering the seriousness of the two nonconformities to Top Management, as audit team leader, from the
following best options:

 Present and discuss the nonconformities to the whole group and inform that you will ask your company to
remove them for the approved suppliers list.
 Present and discuss the nonconformities to the whole group, inform them that the report will be sent within 10
days and leave the site.
 Present and discuss the nonconformities to the whole group and discuss with them how to solve the problem.
 Present and discuss the nonconformities to the whole group and inform that they have 30 days to take
adequate corrective actions.
 Ask the General Manager to have a private conversation in which you present the nonconformities only to him.

103 An audit team of three people is conducting a stage-2 audit to ISO9001 of an engineering organisation that
manufactures sacrificial anodes for the oil and gas industry in marine environments. These are aluminium products
designed to prevent corrosion submerged steel structures. You, as one of the auditor, find that the organisation has
shipped anodes for Project DK in the Gulf of Mexico before the galvanic efficiency test results for the anodes have
been fully analysed and reported as requested by the customer. The Quality Manager explains that the Managing
Director authorised release of the anodes to avoid late delivery as penalties would be imposed. The customer was
not informed since the tests very rarely falls below the required efficiency. You raise a non-conformity against
clause 8.5 of ISO 9001.
Which of the following options for the issues description of the non-conformity?

• Release of the product without acceptable test results has been accepted by the customer for Project DC.
• The untested product was not recalled and the galvanic efficiency of the anodes was verified
• Nonconforming products for a project may have been released to the customer without verification being
completed
• A respective concession was not sought from the customer once the test results had been approved by the
Quality Manager.
• Products for Project DC have been released before product approval through the quality control process
104 TIX provides services to the informatic equipment of large organisations. They operate an ISO 9001:2015 QMS that
is being audited by an important customer (second-party audit). During the audit, the audit team has identified two
nonconformities. When preparing the Closing meeting, the audit team discussed and agreed both nonconformities
with TIX's quality manager. The Closing meeting was planned for 6pm with the general manager, quality manager
and service manager at the meeting room.

At 6pm, when the audit team enters the meeting room, only two people are present and waiting for them: The
Health and Safety supervisor and the warehouse supervisor. Neither have participated in the audit.

The dialogue among them is as follows:

Audit team leader: "Good evening, could you please inform the three managers that we are ready to start with the
Closing meeting?"

Health and Safety supervisor: "Good evening. We are sorry to inform you that the general manager was involved in
a serious car accident, and the other two managers have had to leave urgently to attend the emergency."

Warehouse supervisor: "They have asked us to listen to what you need to say and to sign whatever we need to
sign. We also have a message from them about the two nonconformities. They wanted us to ask you if you could
contact them in a couple of days to determine how to proceed."

Which of the following options would be your preferred response to the final comment made by the warehouse
manager?

• We will hear what you were asked to tell us and will leave copies of the nonconformity reports that have been
agreed with the quality manager. Please tell the managers that we will consider this as the Closing meeting and
that the individual(s) managing the audit programme will send the full report in five days.
• We will hear what you were asked to tell us and will then leave. Please ask the managers to contact us as soon
as the emergency is over to agree on a new date to carry out the Closing meeting.
• We will hear what you were asked to tell us and will ask you to sign the nonconformity reports as evidence that
you have accepted them. Please ask the managers to contact us as soon as the emergency is over to agree on a
new date to complete the Closing meeting.
• Sorry, but we cannot proceed with the Closing meeting. So, we are leaving now, and please tell the quality
manager that I will phone him tomorrow early in the morning.