(1).

The Plan phase includes activities such as understanding the context of the organization, defining
the scope, and defining the quality policy:

1. True – Correct!

2. False – Incorrect! The Plan phase includes the following activities: understanding the context of the
organization, defining the scope, defining the quality policy, addressing risks and opportunities, setting
quality objectives, and establishing operational controls.

(2). The following roles are common in the QMS implementation process:

1. Project team – Correct! They are the persons who, under coordination of the project manager, will be
included in documenting and implementing the control of processes, will help organize other people,
give advice, lead the change, etc.

2. Project accountant – Incorrect! Such role is not critical for the QMS implementation process.

3. Top management – Correct! The top management must support the process by showing commitment,
setting objectives, making decisions, and most importantly – providing relevant resources such as
assigning the right people to dedicate enough time for the implementation process, dedicating a budget,
etc.

4. Project manager – Correct! This is the person who will coordinate the implementation process.

5. Project evaluator – Incorrect! Such role is not critical for the QMS implementation process.

(3). Improvement of customer satisfaction is one of the main benefits of implementing ISO 9001:

1. True – Correct!

2. False – Incorrect! ISO 9001 provides a framework that helps companies monitor, measure, and
improve customer satisfaction.

(4). Which of these documents are mandatory according to ISO 9001?

1. Scope of the QMS – Correct!

2. Internal audit plan – Incorrect! The internal audit plan is not a mandatory document, although it is
very common.

3. Internal audit program – Correct!

(5). The QMS consists of which of the following elements?

1. Policies – Correct!

2. Procedures – Correct!
3. Laws and regulations – Incorrect! The organization must be compliant with legal requirements, but
they are not part of the QMS.

4. Preventive actions – Incorrect! This requirement is excluded from the current 2015 revision of the
standard.

5. Corrective actions controls – Correct!

(6). ISO 9001 requires the identification of interested parties significant for the Quality Management
System, and for such parties to be documented.

1. True – Incorrect! The standard requires these analyses to be conducted; however, it does not require
them to be documented.

2. False – Correct!

(7). In order to define the QMS scope, the company should consider:

1. Requirements of the interested parties – Correct!

2. External and internal issues – Correct!

3. Activities that are carried out by your organization and the activities performed by other
organizations, such as partners, associates, or an outsourcing company; how those activities are related,
and how they depend upon each other – Correct!

4. Quality objectives – Incorrect! The quality objectives are established after the scope is set, taking
into consideration the defined scope.

5. The number of employees in the company – Incorrect! The number of employees doesn’t influence
the QMS scope.

(8). When defining the quality objectives, the following aspects should be taken into consideration:

1. They should be aligned with the Quality Policy – Correct!

2. They should be documented together with the process documentation – Incorrect! There is no such
requirement in ISO 9001; objectives and process documentation are separate documents.

3. They should be measurable – Correct!

4. They should be updated in order to reflect the current situation of the company and its QMS –
Correct!

5. They should be communicated to all interested parties – Correct!

6. They should be defined for a period of one year – Incorrect! The timeframe for completion of
objectives can be set by the company itself; it is not defined by the standard.
(9). Regarding competences, ISO 9001 requires the company to:

1. Define the necessary competence of employees who are related to the Quality Management System –
Correct!

2. Regularly test the employees to check their competences – Incorrect! This is not a requirement from
the standard.

3. Send employees to training every month – Incorrect! This is not a requirement from the standard.

4. Make sure that employees have the appropriate training and experience – Correct!

5. Keep documented evidence that the employees really have the required competences – Correct!

(10). What is the purpose of addressing risks and opportunities?

1. To eliminate all risks regarding the QMS – Incorrect! The purpose of addressing risks is primarily to
ensure that the QMS will provide the intended results, to prevent and reduce undesired effects, and to
achieve improvement.

2. To ensure that the QMS will provide the intended results, and to prevent and reduce undesired effects
– Correct!

3. To avoid any nonconformities emerging from the processes – Incorrect! The purpose of addressing
risks is primarily to ensure that the QMS will provide the intended results, to prevent and reduce
undesired effects, and to achieve improvement.

4. To achieve improvement – Correct!

(11). The purpose of implementing process controls is to:

1. Decrease the cost of execution of the processes – Incorrect! This can be the result of the controls, but
their primary purpose is to ensure delivery of the products and services that meet initial requirements
and to address risks and opportunities.

2. Deliver products and services that meet initial requirements – Correct!

3. Evaluate the performance of employees working in the process – Incorrect! The process controls are
not meant to evaluate the performance of the employees; their primary purpose is to ensure delivery of
the products and services that meet initial requirements, and to address risks and opportunities.

4. Implement actions to address risks and opportunities – Correct!

(12). Defining criteria for processes means prescribing how the processes are executed.

1. True – Correct!
2. False – Incorrect! Prescribing how activities within the process are conducted, and even the values of
some parameters in the process, are criteria to determine whether the process is executed as intended or
not.

(13). All the requirements regarding the product and service must be confirmed by the customer before
the organization accepts the order or contract.

1. True – Incorrect! The requirements regarding the products and services must be accepted by the
organization, not the customer. Customer requirements are only part of the requirements regarding the
products and service that the organization must be able to meet in order to accept the contract or order.

2. False – Correct!

(14). Controlled conditions for production and service provision include:

1. Availability of documented information – Correct!

2. Availability of monitoring and measuring resources – Correct!

3. Regular inspections from governmental authorities – Incorrect! Controlled conditions are established
by the organization itself and not by government authorities.

4. Appointment of competent persons – Correct!

5. Constant monitoring by the top management – Incorrect! Controlled conditions do not include top
management monitoring every process in the organization.

6. Validation and verification of activities – Correct!

7. Monitoring and measuring of every activity in the process – Incorrect! Monitoring and measuring
should be established, but they are not required for every activity.

8. Implementation of release, delivery, and post-delivery activities – Correct!

(15). After production, the organization must determine post-delivery activities, and the following must
be considered:

1. Statutory and regulatory requirements – Correct!

2. Way of handling customer complaints – Incorrect! This is not a part of requirements regarding post-
delivery activities.

3. Potential undesired consequences associated with the product or service – Correct!

4. Expenses of post-delivery activities – Incorrect! This is not a part of ISO 9001 requirements
regarding post-delivery activities.

5. Nature, use, and intended lifetime of products and services – Correct!

6. Customer requirements and feedback – Correct!

(16). As part of the process for evaluating the quality, performance, and effectiveness of the QMS, ISO
9001 requires companies to:

1. Monitor and measure the production process – Correct!

2. Determine the methods for monitoring – Correct!

3. Document a procedure for evaluation of QMS effectiveness – Incorrect! ISO 9001 doesn’t require
for such procedure to be documented.

4. Define the frequency and timing of the monitoring and measuring – Correct!

5. Nominate the responsible persons for conducting monitoring and measurements – Correct!

6. Define what needs to be monitored and measured – Correct!

(17). The internal audit clause from ISO 9001 defines the activities that companies should perform as
part of the internal audit, such as:

1. Defining audit criteria – Correct!

2. Documenting the audit program – Correct!

3. Defining the QMS scope – Incorrect! The internal audit clause requires for the internal audit scope to
be documented, but not the QMS scope.

4. Documenting the audit results – Correct!

5. Documenting the internal audit procedure – Incorrect! ISO 9001 doesn’t require such procedure to
be documented.

(18). ISO 9001 requires the top management to conduct management review meetings for reviewing
the QMS of the company.

1. True – Incorrect! ISO 9001 doesn’t specify that a meeting should be conducted in order for top
management to review the QMS. The standard simply requires for top management to review the QMS
of the company at planned intervals.

2. False – Correct!

(19). In order for top management to review the suitability, adequacy, and effectiveness of the QMS of
the company, the following information should be taken into account:

1. The status of the corrective actions – Correct!

2. Opportunities for improvement – Correct!

3. Feedback from employees regarding the new cafeteria – Incorrect! This kind of feedback is not in
the focus of the management review.

4. The audit results – Correct!

5. Overview of the configuration parameters of the new technology introduced – Incorrect! This is a
technical matter regarding the processes, and is not relevant for the management review.

6. Fulfillment of quality objectives – Correct!

7. The results from the monitoring of customer satisfaction – Correct!

8. The financial status of the company – Incorrect! The financial performance of the company is not the
focus of the quality management review.

9. Feedback from partners regarding the QMS – Correct!

(20). ISO 9001 requires companies to keep documented information related to corrective actions so that
companies can provide evidence of:

1. The nature of the nonconformity – Correct!

2. The actions that were taken – Correct!

3. The existence of a corrective action procedure – Incorrect! Having a documented procedure for
corrective actions is not a requirement of the standard; it is only a good practice for effective
management of corrective actions.

4. The results of the implemented corrective actions – Correct!

(21). The following outcomes represent audit findings:

1. Issue – Incorrect! Audit findings are nonconformities and observations. Issue does not exist as a
concept in ISO 9001.

2. Major nonconformity – Correct!

3. Observation – Correct!

4. Incident – Incorrect! Audit findings are nonconformities and observations. Incident does not exist as
a concept in ISO 9001.

5. Problem – Incorrect! Audit findings are nonconformities and observations. Problem does not exist as
a concept in ISO 9001.

6. Minor nonconformity – Correct!

(22). A nonconformity is considered to be a major one if it satisfies at least one of the following
criteria:

1. A requirement hasn’t been fulfilled at all – Correct!

2. A requirement has only partially been fulfilled – Incorrect! This is a case of a minor nonconformity.

3. A QMS process has completely broken down – Correct!

4. A minor nonconformity has not been resolved within the deadline – Correct!

5. There are several minor nonconformities related to the same QMS element – Correct!

6. There are several observations related to the same QMS element – Incorrect! Observations cannot
lead to a major nonconformity.

(23). The audit program should contain the following items:

For which period the audits are planned – Correct!

When the individual audits will be performed – Correct!

Scope of each audit – Correct!

Audit criteria – Correct!

Auditing methods – Correct!

Who will be performing the audit – Correct!

Criteria for selecting the internal auditor – Incorrect! This is usually included in the Internal audit
procedure.

Mandatory steps when performing the internal audit – Incorrect! This is usually included in the Internal
audit procedure.

Contact persons for each audit – Incorrect! This is usually included in the Audit plan.

(24). The information to be included in the internal audit checklist should be the following:

1. Description of the requirement and clause/number of the document where this requirement was
mentioned – Correct! During the audit, the internal auditor will need to know what he/she needs to
check.

2. Record of whether the company is compliant with a requirement or not – Correct! This information
is entered during the audit.

3. Notes – Correct! During the audit, the internal auditor will need a place to write detailed notes.
4. Name of the process to be audited – Incorrect! This information is usually entered in the internal
audit plan.

(25). The internal audit report must contain the following information:

1. Nonconformities found during the internal audit – Correct!

2. Observations of the internal auditor – Correct!

3. Part of the company that was audited – Correct!

4. The audit plan – Incorrect! This is a separate document from the Internal audit report.

5. The audit program – Incorrect! This is a separate document from the Internal audit report.

(26). The main purpose of the corrective action follow up is to check whether the corrective action
forms are filled in properly.

1. True – Incorrect! The main purpose is to check whether the corrective action has been done properly,
and whether the root cause of the nonconformity has been resolved.

2. False – Correct!

(27). What is the appropriate approach when doing the interviews with employees?

1. Speak to a couple of people from the same process to examine whether they all perform the process
in the same way – Correct!

2. Speak to all people from the same process to examine whether they all perform the process in the
same way – Incorrect! In some cases, there are several hundred people in the same process, so it would
not be feasible to speak to all of them.

3. Speak to a couple of people from the same process, and a couple of people outside of the process to
examine whether the process is carried out correctly – Incorrect! The best way to verify whether the
process is done in the specified way is by talking to the people who are performing it.

4. Speak to the people who have designed the process and have written the procedure – Incorrect! This
won’t be very helpful to find out how the process is being performed.

(28). Who should be choosing the record samples?

1. The auditor – Correct! This is the only way to choose the most representative records.

2. The employee in charge of the particular element of the QMS – Incorrect!

3. The management representative – Incorrect!

4. The consultant – Incorrect!

(29). Certification against an ISO management system standard is available to any organization;
however, accreditation to ISO 17021-1 is only required for certification bodies that want to issue
certificates.

1. True – correct.

2. False – incorrect. Any organization can apply for certification to an ISO management system
standard, but only certification bodies follow ISO 17021-1.

(30). All the competency requirements for a lead auditor are contained in the ISO 17021-1 document.

1. True – incorrect. Additional technical competency requirements are contained in other ISO 17021
documents, for example ISO 17021-3 for lead auditors in Quality Management Systems.

2. False – correct.

(31). Auditors should apply the principles of auditing at all times during audits.

1. True – correct.

2. False – incorrect. It is essential for the validity and meaningfulness of certification audits that
auditors demonstrate the right personal characteristics and principles.

(32). If there is only one auditor carrying out the audit, this auditor will perform the duties of the lead
auditor and auditor.

1. True – correct. For solo audits, the one person is the lead auditor and must be competent as a lead
auditor, and will also conduct the auditor role.

2. False – incorrect.

(33). It is the lead auditor who makes the final decision about whether or not to issue a certificate to an
audit client.

1. True – incorrect.

2. False – correct. It is the certification reviewer who makes the final decision, using evidence provided
by the lead auditor. The lead auditor makes a recommendation.

(34). Management do not need to be involved in the audit if they are too busy.

1. True – incorrect.

2. False – correct. Although it may not be necessary for all managers to be involved, it is essential that
the necessary managers are involved in the audit, in order to engage with the auditor. This is, after all, a
management systems audit!
(35). What three aspects of the audit need to be defined before you can plan the audit?

1. Cost, scope, and criteria – incorrect. Cost is not essential to plan the audit!

2. Scope, criteria, and objectives – correct.

3. Audit team, dates, and logistics – incorrect. These things need to be planned, but based on the scope,
criteria, and objectives.

4. Number of audit days, dates, and audit risks – incorrect. These also need to be planned, but based on
the scope criteria and objectives of the audit.

(36). Sampling just a limited few records to audit is lazy and should not be encouraged.

1. True – incorrect.

2. False – correct. Sampling of records during an audit is appropriate, ideally using a predefined
sampling protocol, or you agree that the auditor can decide how many records are appropriate to audit.

(37). In a well-planned audit, the lead auditor makes contact with the audit team and the audit client to
discuss the audit plans.

1. True – correct. It is better to discuss the audit with both the audit team and audit client in advance of
the audit, to make sure everything is well planned before you arrive on site.

2. False – incorrect.

(38). Opening and closing meetings are an important part of the audit activities. Ideally, the
management team should be invited to attend both meetings, but for shorter-duration audits, they
should at least be invited to the closing meeting.

1. True – correct. You want the management team to hear the audit conclusions that you will present at
the closing meeting.

2. False – incorrect.

(39). The debriefing sessions should be used to discuss the audit progress with the audit client, and not
to discuss audit findings between auditors.

1. True – correct. The debrief is held with the audit client to share information, and to check progress
against the audit plan. It is not the time for auditors to discuss their audit findings with each other. This
should be done during audit team meetings.

2. False – incorrect.

(40). Conflicts between auditor and auditee should:

1. Be left to the auditor to sort out – incorrect. It is the lead auditor who takes responsibility for the
behaviour of the audit team.

2. Be left to happen because they are part of a normal audit – incorrect. Although debate and challenge
are healthy interactions for any audit, conflicts and arguments will negatively impact the audit.

3. Result in the auditor being dismissed from the audit team – incorrect. This action would be
inappropriate unless the auditor behaved exceptionally badly (for example, becomes violent or
abusive). In most cases, if the Lead Auditor takes actions, the conflicts can be resolved.

4. Be handled by the Lead Auditor with action taken to resolve the argument, or if agreement cannot be
reached, to note the disagreement correctly – correct. This is the most appropriate action for the Lead
Auditor to take.

(41). Who is responsible for writing the audit plan?

1. Lead Auditor – correct. This is the key responsibility for the Lead Auditor, even if the audit client has
firm ideas about when you should go, who you should meet, etc. The audit plan should be written so
that you can best audit the organization to meet the audit objectives.

2. Audit client – incorrect.

3. Certification body – incorrect.

(42). If one member of your audit team falls ill during the audit and is unable to participate in any more
work, you should:

1. Cancel the audit immediately – incorrect. This may be the action you take after all, but not until
looking at other options.

2. Carry on as planned, but just without the work done by this auditor – incorrect. Again, this might be
the action you take, but not before looking at other options.

3. See if you can make changes to the audit plan in agreement with the audit client, and if not, contact
the certification body – correct. There may be possible options to work around the situation first,
without affecting the audit objectives, scope, or criteria, by making changes to the audit plan. If not,
then you must inform the certification body of the situation to agree with them and the audit client
regarding what action should be taken.

4. Contact the certification body and delay the audit until a new auditor can be sent as a replacement –
incorrect. This may be the action you agree on eventually, after looking at other options.

(43). Photographic copies of documents are not official audit documents and cannot be used to replace
hard paper copies.

1. True – incorrect.
2. False – correct. Photographs and photographic copies of documents are good ways to manage audit
records, and can be a useful way to help retain copies of documents.

(44). You’re a good Lead Auditor when:

1. The audit team worked well together, working to each auditor’s strengths – incorrect.

2. The audit process was kept on track effectively, but responded to changes when necessary –
incorrect.

3. There was positive interaction with the audit client, with a fair, balanced, and honest audit conclusion
– incorrect.

4. All of the above – correct. All of the above are examples of what a good lead auditor should be
seeking to achieve.

(45). The difference between a major non-conformity and a minor non-conformity is the severity of the
consequences to the business, for example compliance implications or cost.

1. True – incorrect.

2. False – correct. The significance is based on whether the process is achieving the intended outcomes,
not on the severity of any potential consequences to the business.

(46). The audit report should include recommendations on how to fix the non-conformities, so that the
organization knows how to fix the issue.

1. True – incorrect.

2. False – correct. The auditor should not make recommendations. The audit client needs to identify
root causes for any non-conformities and identify their own corrections and corrective actions.

(47). The closing meeting can be skipped if the audit has run out of time.

1. True – incorrect.

2. False – correct. The closing meeting is a mandatory part of a certification audit, and all the required
content must be covered.