Which of the following two documents does an auditor need to prepare and complete prior to the on-site audit?
According to ISO 19011:2018, clause 6.3, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the information listed in my previous response, such as the audit objectives, scope, criteria, schedule, team, methods, report, etc. The audit plan should be prepared and completed prior to the on-site audit, and should be communicated to the audit team and the auditee1.
According to ISO 19011:2018, clause 6.4.3, the checklist / prompts are documents that list the questions or topics that need to be covered during an audit. The checklist / prompts can help the auditor to collect and verify information relevant to the audit criteria, and to ensure the consistency and completeness of the audit. The checklist / prompts should be prepared and completed prior to the on-site audit, and should be based on the audit plan and the audit scope and objectives1.
Therefore, the two documents that an auditor needs to prepare and complete prior to the on-site audit are B and D, as they are essential for planning and conducting the audit. The other options are not correct, as they are either prepared or completed after the on-site audit, or not required by the standard:
* A. Audit Report: The audit report is a document that provides a complete, accurate, concise, and clear record of the audit. The audit report should include the information listed in my previous response, such as the audit objectives, scope, criteria, findings, conclusions, etc. The audit report should be prepared and completed after the on-site audit, and should be distributed to the audit client and the auditee1.
* C. Procedures: Procedures are documents that specify the way activities are to be performed. Procedures may be part of the audit criteria, if they are part of the organization's management system, or part of the audit programme, if they are part of the certification body's or registrar's requirements. Procedures are not prepared or completed by the auditor prior to the on-site audit, but rather reviewed or followed by the auditor during the audit1.
* E. Risk Matrices: Risk matrices are tools that help to assess and prioritize the risks and opportunities associated with the audit programme or the audit. Risk matrices may be part of the audit programme management, if they are used to determine and evaluate the audit programme risks and opportunities, or part of the audit preparation, if they are used to determine and evaluate the audit risks and opportunities. Risk matrices are not prepared or completed by the auditor prior to the on-site audit, but rather used or updated by the auditor during the audit programme management or the audit preparation1.
* F. Findings: Findings are the results of the evaluation of the collected audit evidence against the audit criteria. Findings can indicate either conformity or nonconformity, as well as positive aspects or opportunities for improvement. Findings are not prepared or completed by the auditor prior to the on-site audit, but rather generated and recorded by the auditor during the audit activities1.
In the context of a third-party audit, select the issue which is not expected to be included in the audit plan.
According to ISO 19011:2018, clause 6.3.2, the audit plan is a document that provides the basis for agreement regarding the conduct of the audit. The audit plan should include the following information1:
* the audit objectives, scope and criteria
* the audit team members and their roles and responsibilities
* the audit schedule, including the date, time and location of each audit activity
* the expected time and duration of meetings and interviews
* the allocation of appropriate resources to critical areas of the audit
* the identification of the audit client and the auditee
* the identification of the guides and observers, if any
* the documents and records to be reviewed before and during the audit
* the audit methods and tools to be used
* the audit language and terminology
* the audit report content, format, distribution and expected completion date
* the risk to achieving audit objectives and the contingency plan, if any
Therefore, the issue which is not expected to be included in the audit plan is C, expectations of the organisation's management. This issue is not relevant to the conduct of the audit, as the audit is based on the audit criteria, not on the management's expectations. The management's expectations may be considered during the audit initiation or the audit programme management, but they are not part of the audit plan.
ABC is a worldwide fast-food organisation. One of the branches, in downtown Cape Town, decided to
implement an ISO 9001 quality management system and you are the audit team leader (with two other
auditors) that will carry out the certification audits, Stage 2.
ABC receive the orders by phone or internet; some of the employees deliver the ordered food to indicated
addresses. The normal menu includes 15 different types of hamburgers; however, in the last two weeks,
due to a shortage of a special type of meat, they can only prepare six of the 15 varieties.
During the internal meeting of the audit team, you ask one of the auditors to describe what she has
observed. She audited the reception of orders from customers (via phone or internet) and the
communication of the orders to the kitchen. She noticed that the menu offering food on the website is still
the normal one, with 15 different hamburgers, and during a 30-minute period, she observed many
customers reluctantly accepting something other than the hamburger they preferred.
You, as audit team leader, inform the Quality Manager of your concern about the major nonconformity,
since you consider this a serious breach of the basic principles of quality that lasted two weeks without
action being taken.
Right at the beginning of the Closing meeting, you discuss the nonconformity with the General Manager.
She got quite upset and said she was going to make a complaint to the certification body and left the
room; the Quality Manager was the only member of ABC left with the audit team. The Quality Manager said the General Manager would not come back to the meeting.
What would you do? Choose the best from the following options:
You are auditing an organisation that has been certificated to ISO 9001 for ten years. The organisation is a privately-owned, multi-site car tyre fitting
organisation. You are auditing one of the sites. You are auditing the car tyre fitting service. You are interviewing the Site Manager (SM).
You: "Would you explain the car tyre fitting service?"
SM: "Of course. Customers typically call us by phone with their requirements. We ask them what they want. We check whether we have the tyres
they need in stock. If we don't have the tyres in stock, we contact our supplier to confirm when they would be able to supply the tyres. We then
determine the cost. We then check what availability we have in our busy schedule to fit the new tyres. We then inform the customer with details of
cost and when we can fit the tyres. If the customer is happy to proceed with the booking, we update our Work Schedule. The same process applies
for customers who walk into our office and for online requests."
You: "What information do you retain should there be a defect reported by a manufacturer of tyres that you have fitted?"
SM: "We maintain records of customer names, addresses and contact phone numbers. We maintain a record of the type of tyre fitted and the tyre
manufacturers batch information. We also maintain a record of the registration numbers of the vehicles we have fitted tyres to. All records are in our
Work Schedule."
Which two of the following options you would take to enable you to gather further audit evidence to validate what the Site Manager
has told you?
Which two of the following auditors would not participate in a first-party audit?
A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited1. The purpose of a first-party audit is to assess the conformity of the organization's quality management system to the requirements of ISO 9001 and to identify opportunities for improvement2. Therefore, the two auditors who would not participate in a first-party audit are:
* A. An auditor employed by an external consultancy organization: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit (if the external consultancy organization is a customer or supplier of the organization being audited) or a third-party audit (if the external consultancy organization is a certification body or registrar).
* F. An auditor from a customer: This auditor is not employed by the organization being audited, and therefore does not qualify as a first-party auditor. This auditor may be hired to conduct a second-party audit, as a customer is an interested party that has specific requirements for the organization being audited.
The other options are not correct, as they could participate in a first-party audit, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited:
* B. An auditor from an interested party: This auditor could be a first-party auditor, as long as the interested party is within the organization being audited. For example, an auditor from the finance department could audit the production department, as long as they are not involved in the production process or affected by its outcomes.
* C. An auditor trained in-house: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The source of the auditor's training is not relevant for determining the type of audit, as long as the auditor is competent and qualified to perform the audit.
* D. An auditor trained in the IRCA scheme: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. The IRCA scheme is a professional certification scheme for auditors of management systems, which provides recognition of the auditor's competence and credibility3. However, being trained in the IRCA scheme does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.
* E. An auditor certified by IRCA: This auditor could be a first-party auditor, as long as they are employed by the organization being audited and have no vested interest in the audit results of the area being audited. Being certified by IRCA means that the auditor has met the requirements of the IRCA scheme and has demonstrated their competence and credibility as an auditor of management systems3. However, being certified by IRCA does not determine the type of audit, as long as the auditor is competent and qualified to perform the audit.
