The QMS ISO 9001:2015 Lead Auditor Exam (ISO-9001-Lead-Auditor)

In this scenario, the organization has set a quality objective of achieving a 90% minimum exam pass rate for all courses. The auditor’s task is to assess whether this objective is being monitored effectively and if appropriate actions are taken when the objective is not met.

B. You would determine how the exam pass rate figures were analysed: ISO 9001:2015, particularly Clause 9.1 (Monitoring, measurement, analysis, and evaluation), requires organizations to evaluate performance data. The auditor should verify how the organization analyses the pass rate data to ensure trends are identified, and corrective actions are planned based on this analysis.

D. You would determine what corrective action was being taken to address the low pass rates: When performance falls short of the objective, as seen with Course 4 (where the pass rate is below 90% in all months), Clause 10.2 (Nonconformity and corrective action) requires organizations to take corrective actions to address issues. The auditor would need to check if corrective actions have been initiated to address consistently low pass rates.

Statements A, C, E, and F do not directly address the monitoring and corrective action required under ISO 9001:2015 in this context​​.

Comprehensive and Detailed In-Depth Explanation:

Understanding Audit Stages Based on ISO/IEC 17021-1:2015

ISO certification audits consist of two main stages:

Stage 1 Audit (Readiness Review)

The organization’s documented information is reviewed to assess readiness for Stage 2.

This ensures that the QMS is developed, implemented, and prepared for full assessment.

Stage 2 Audit (On-Site Evaluation)

Auditors assess process implementation and effectiveness through interviews, observations, and evidence collection.

The audit team verifies if the organization meets ISO 9001 requirements in practice.

Why is the Correct Answer B?

The audit team reviewed ME’s documents, which is a Stage 1 activity.

The audit team performed interviews, sampling, and on-site verification, which is a Stage 2 activity.

There was no mention of an audit follow-up or a surveillance audit, which occur post-certification.

Why are the Other Options Incorrect?

A (Audit follow-up and Stage 1 Audit) → Follow-up audits occur after certification, which was not the case here.

C (Stage 2 Audit and Surveillance Audit) → Surveillance audits are post-certification audits and were not conducted yet.

A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited1. The purpose of a first-party audit is to assess the conformity of the organization’s quality management system to the requirements of ISO 9001 and to identify opportunities for improvement2. Therefore, the two auditors who would not participate in a first-party audit are:

•A. An auditor employed by an external consultancy organization: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit (if the external consultancy organization is a customer or supplier of the organization being audited) or a third-party audit (if the external consultancy organization is a certification body or registrar).

•F. An auditor from a customer: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit, as a customer is an interested party that has specific requirements for the organization being audited.

The other options are not correct, as they could participate in a first-party audit, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited:

•B. An auditor from an interested party: This auditor could be a first-party auditor, as long as the interested party is within the organization being audited. For example, an auditor from the finance department could audit the production department, as long as they are not involved in the production process or affected by its outcomes.

•C. An auditor trained in-house: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The source of the auditor’s training is not relevant for determining the type of audit, as long as the auditor is competent and qualified to perform the audit.

•D. An auditor trained in the IRCA scheme: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The IRCA scheme is a professional certification scheme for auditors of management systems, which provides recognition of the auditor’s competence and credibility3. However, being trained in the IRCA scheme does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.

•E. An auditor certified by IRCA: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. Being certified by IRCA means that the auditor has met the requirements of the IRCA scheme and has demonstrated their competence and credibility as an auditor of management systems3. However, being certified by IRCA does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.

According to ISO 19011:2018, clause 3.2, audit criteria are a set of policies, procedures or requirements used as a reference against which objective evidence is compared. Audit criteria are usually selected by the audit client or by agreement between the audit client and the auditee, and they should be appropriate for the audit scope and objectives1. Audit criteria may include, but are not limited to, the following sources2:

•ISO management system standards, such as ISO 9001, ISO 14001, ISO 45001, etc.

•Verbal statements by the general manager or other top management, as long as they are consistent with the documented policies and objectives of the organisation

•Verbal agreements with interested parties, such as customers, suppliers, regulators, etc., as long as they are documented and approved by the relevant authorities

•Health and safety notices, such as posters, signs, labels, etc., that communicate the organisation’s legal obligations, policies, or procedures

•Written agreements with interested parties, such as contracts, orders, specifications, etc., that define the requirements and expectations of the parties involved

•Organisation’s documented information, such as policies, procedures, manuals, records, etc., that describe the organisation’s management system and its processes

•Commitment to follow principles issued by an NGO, such as the United Nations Global Compact, the International Labour Organization, etc., as long as they are relevant to the organisation’s context and objectives

•Environmental aspects register, such as a list of the environmental impacts and risks associated with the organisation’s activities, products, and services

Therefore, the two options that are not potential audit criteria are F and H, as they are not reliable or verifiable sources of information, and they may not reflect the actual performance or conformity of the organisation’s management system. Commercial advertisements and claims made on the organisation’s website are forms of marketing communication that may be exaggerated, misleading, or inaccurate, and they are not subject to the same level of scrutiny or approval as the other sources of audit criteria.

According to the ISO 9001:2015 document, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system1. However, among the six options given, only effectiveness is directly mentioned as an aspect of the quality management system that must be continually improved. Therefore, C is one of the correct answers.

Efficiency, on the other hand, is not explicitly stated as an aspect of the quality management system that must be continually improved, but it is implied by the quality management principle of improvement, which states that successful organisations have an ongoing focus on improvement2. One of the key benefits of applying this principle is improving operational effectiveness and efficiency2. Therefore, E is another correct answer.

Suitability, adaptability, responsiveness, and applicability are not aspects of the quality management system that must be continually improved, according to the ISO 9001:2015 document. They may be related to the quality management system, but they are not the focus of continual improvement.

Therefore, the correct answer is C and E.

According to clause 8.3 of ISO 9001:2015, the organization should establish, implement, and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services. The design and development process should include the following activities:

•Determining the requirements for the products and services to be designed and developed, considering the intended use, the statutory and regulatory requirements, the customer and other relevant interested parties’ needs and expectations, and the potential risks and opportunities.

•Defining the design and development objectives, stages, responsibilities, and authorities, and ensuring the availability of adequate resources and competence.

•Implementing design and development controls, such as reviews, verification, and validation, to ensure that the design and development outputs meet the design and development inputs, and to identify and resolve any problems or errors.

•Maintaining documented information on the design and development inputs, outputs, reviews, verification, validation, and changes, and ensuring the traceability and conformity of the products and services to the requirements.

•Managing the design and development changes, by identifying, reviewing, and controlling them, and evaluating their effects on the products and services and the QMS.

In this case, the evidence statements that provide a meaningful audit trail for the design and development process are B, E, and F, because they relate to the design and development controls, the documented information, and the verification activities that are required by the standard. These options can help the auditor to assess the effectiveness and conformity of the design and development process, and to identify any nonconformities or opportunities for improvement. The other options are not directly related to clause 8.3, although they may be relevant for other aspects of the QMS, such as clause 7.2 on competence, clause 7.3 on awareness, clause 7.4 on communication, clause 8.2 on requirements for products and services, clause 8.4 on externally provided processes, products, and services, and clause 8.7 on control of nonconforming outputs. References: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Design and Development, ISO 9001 Clause 8.3 Design and development of products and services

In this scenario, the time allocated by the audit team leader for the Human Resources audit is fixed, and as an auditor, you must work within that constraint. Although the sampling criteria suggests reviewing 25 personnel files, it is acceptable to adjust the sample size based on time and resource limitations. ISO 9001:2015 emphasizes risk-based thinking and practical resource management (Clause 7.1), so it is reasonable to review a smaller sample if the time is insufficient.

Option B is a pragmatic approach, allowing you to focus on quality over quantity by reviewing as many cases as time allows without compromising the audit schedule.

Options like extending the audit (A, C, D) are impractical in a structured audit environment, especially for second-party audits where maintaining the agreed schedule is important​​.