Cheat sheet

CQI IRCA QMS Lead Auditor Cheat Sheet

Concepts & Principles

15%of exam

Audit Concepts & Responsibilities

15%of exam

ISO 19011 PrinciplesAudit TerminologyAudit TypesAuditor BehavioursCertification Cycle

Planning the Audit

15%of exam

Conducting the Audit

35%of exam

Reporting & Closing Out

20%of exam

Finding CategoriesNC Statement PartsClosing & Follow-UpNC Grading Criteria

Quick Facts

Exam
CQI IRCA QMS LA
Standard
ISO 9001:2015
Questions
40, open-book
Time
1h 45m online
Platform
SARAS (remote proctor)
Pass rule
50% overall + 40%/section
Course
PR328, 40 hours
Cert validity
5 years

7 QM Principles

Customer, Leadership, People, Process, Improve, Evidence, Relationships

Customer focusLeadershipEngagement of peopleProcess approachImprovementEvidence-based decisionsRelationship management

Maintained vs Retained Info

Maintained

  • Procedures, policies, plans
  • Kept current, updated

Retained

  • Records, results, evidence
  • Fixed point-in-time proof

Kept current vs fixed

Which ISO 9001 Clause?

  1. Context, interested parties, scopeClause 4(Context of org)
  2. Top mgmt commitment, policyClause 5(Leadership)
  3. Risks, objectives, planned changesClause 6(Planning)
  4. People, infra, competence, docsClause 7(Support)
  5. Design, purchasing, productionClause 8(Operation)
  6. Monitoring, internal audit, reviewClause 9(Performance evaluation)
  7. Nonconformity, corrective actionClause 10(Improvement)

7 Quality Management Principles

Customer focus
Meet & exceed needs
Leadership
Unity of purpose
Engagement of people
Competent, empowered staff
Process approach
Manage as processes
Improvement
Continual improvement focus
Evidence-based decision making
Decisions from data
Relationship management
Manage interested parties

PDCA Clause Map

Plan clauses 4-6, Do 7-8, Check 9, Act 10

Plan = clauses 4-6Do = clauses 7-8Check = clause 9Act = clause 10

Verification vs Validation

Verification

  • Checks output vs input
  • Confirms specified requirements met

Validation

  • Checks product vs use
  • Confirms it works in use

Spec check vs use check

ISO Standards Family

ISO 9000
Vocabulary & fundamentals
ISO 9001
QMS requirements, audit criteria
ISO 9004
Guidance, never audit criteria
ISO 19011
How to audit
ISO/IEC 17021-1
Certification body rules

PDCA to Clause Map

Plan
Clauses 4-6
Do
Clauses 7-8
Check
Clause 9
Act
Clause 10

Risk-Based Thinking Anchors

Replaces
2008 preventive action clause
Requires
Proportionate action only
Not required
Formal risk register
Found in
Clauses 4.4, 5.1.2, 6.1, 9.3
HLS
Annex SL, 10-clause skeleton

ISO 19011 Principles

Integrity, Fairness, Care, Confidentiality, Independence, Evidence, Risk

IntegrityFair presentationDue professional careConfidentialityIndependenceEvidence-based approachRisk-based approach

Combined vs Joint Audit

Combined

  • Two or more standards
  • One audit team
  • One site visit

Joint

  • Two or more CBs
  • Cooperate on one audit
  • Shared client, one visit

Standards combined vs bodies joined

Which Audit Type?

  1. Auditing your own organizationFirst-party(Internal audit)
  2. Customer audits your QMSSecond-party(Contractual audit)
  3. Independent body issues certThird-party(Certification audit)
  4. One site, two standardsCombined audit(Same team)
  5. Two CBs, one visitJoint audit(Shared audit)

ISO 19011 Seven Principles

Integrity
Foundation of professionalism
Fair presentation
Report truthfully, accurately
Due professional care
Diligence and judgment
Confidentiality
Protect information security
Independence
Objective, no conflicts
Evidence-based approach
Rational, reliable conclusions
Risk-based approach
Newest principle, added 2018

First-Party vs Third-Party Audit

First-Party

  • Internal, self-conducted audit
  • Own staff, own QMS
  • No certification outcome

Third-Party

  • Independent certification body
  • Issues the certificate
  • Accredited under 17021-1

Internal check vs certification

Core Audit Terminology

Audit criteria
Requirements used as reference
Audit evidence
Verifiable records, facts, info
Audit finding
Evidence evaluated against criteria
Audit conclusion
Outcome after considering findings
Objective evidence
Verifiable, not opinion

Audit Types

First-party
Internal self-audit
Second-party
Customer audits supplier
Third-party
Independent certification body
Combined audit
Two+ standards, one team
Joint audit
Two+ bodies, one visit

Auditor Personal Behaviours

Ethical
Fair, truthful, honest
Open-minded
Considers alternative ideas
Diplomatic
Tactful in dealings
Observant
Notices physical surroundings
Perceptive
Understands situations intuitively
Culturally sensitive
Respects norms, customs

ISO/IEC 17021-1 Certification Cycle

CB
Certifies against ISO 9001
Accreditation
UKAS, ANAB accredit CBs
Stage 1
Readiness, document review
Stage 2
On-site implementation audit
Surveillance
At least annual
Recertification
Before 3-year cycle ends

Establishing an Audit Programme

Step 1
Set programme objectives
Step 2
Determine risks, opportunities
Step 3
Establish extent, resources
Step 4
Establish supporting procedures

Audit Plan Contents

Objectives
What audit will achieve
Scope
Boundaries of the audit
Criteria
Standard used as reference
Logistics
Locations, dates, duration
Methods
Sampling extent included
Roles
Team responsibilities assigned
Resources
Allocated to critical areas

Audit Team Roles

Team leader
Overall control, responsibility
Auditor
Conducts the audit
Technical expert
Specific knowledge, no auditing
Observer
Accompanies, does not audit
Auditor-in-training
Learns, does not audit
Audit client
Requests, commissions the audit

Initiating the Audit

Establish contact
Confirm scope, dates
Feasibility
Info, cooperation, resources adequate
Document review
Check system vs criteria
Stage 1
Formal readiness review (3rd-party)

Opening Meeting Agenda

Objectives
Confirm scope, criteria
Comms channels
Confirm reporting lines
Resources
Confirm access, facilities
Confidentiality
Reconfirm information handling
Safety
Site rules confirmed
Reporting method
Grading, rating explained
Termination
Conditions for stopping audit
Complaints
Handling process explained

Audit Evidence Sources

Interviews
Open questions, corroborate
Observation
Watch activities, conditions
Documented info
Procedures, policies, plans
Records
Retained proof of results
Data/KPIs
Performance indicators reviewed

Sampling & Audit Trail

Audit trail
Follow forward, backward
Forward trail
Raw material to output
Backward trail
Output to raw material
Sampling
Reasonable, not absolute assurance
Audit risk
Managed, never eliminated

Interview Technique

Open questions
Avoid leading answers
Corroborate
Verify against second source
Guides
Facilitate access, not answer
Observers
Accompany team, no auditing
Verified info only
Counts as evidence

3-Part NC Statement

Requirement plus evidence plus nonconformity statement

Requirement: clause citedEvidence: facts and refsStatement: links the two

Correction vs Corrective Action

Correction

  • Fixes the symptom
  • Immediate action taken
  • Does not address cause

Corrective Action

  • Fixes root cause
  • Prevents recurrence
  • Requires root-cause analysis

Symptom vs root cause

Major vs Minor Nonconformity

  1. Process totally missingMajor NC(Total breakdown)
  2. Likely product/service failureMajor NC(High risk)
  3. Many minors, same requirementMajor NC(Systemic pattern)
  4. Single isolated slipMinor NC(Not systemic)
  5. Contained, one-off eventMinor NC(Low risk)
  6. Requirement fully metConformity(No NC written)
  7. Good idea, no requirementOFI(Suggestion only)

Audit Finding Categories

Conformity
Meets requirement fully
Nonconformity
Requirement not met
OFI
Opportunity, not mandated fix
Evaluation basis
Evidence compared to criteria

Nonconformity Statement Parts

Requirement
Specific clause cited
Objective evidence
Facts, refs, dates, sample
Nonconformity statement
Links evidence to requirement
Never named
No individuals, no opinions

Closing & Follow-Up

Audit conclusion
Agreed before closing meeting
Closing meeting
Presents findings, no surprises
Audit report
Scope, criteria, team, findings
Follow-up
Verify action was effective

NC Grading Criteria

Total process breakdown
Major NC
Likely product/service failure
Major NC
Accumulated minors, one requirement
Major NC
Single isolated lapse
Minor NC
Grading scheme
Set by CB, not ISO

Common Traps

Correction vs Corrective Action

Correction fixes the symptom Corrective action fixes the cause

Maintained vs Retained Docs

Maintained stays current Retained is a fixed record

Verification vs Validation

Verification checks against input Validation checks against use

Principle vs Clause in NCs

Principles are not auditable NC must cite a clause

Major vs Minor Grading

ISO does not define grades The CB sets the scheme

Guide vs Auditor Role

Guides only facilitate access Auditors gather and judge evidence

Sampling vs Certainty

Audits give reasonable assurance Never absolute certainty

Last Minute

  1. 1.40 questions, 1h45m, open-book online
  2. 2.Need 50% overall and 40%/section
  3. 3.Conducting = 14/40 questions, 35%
  4. 4.PDCA maps to clauses 4-10
  5. 5.Principles explain intent, not clauses
  6. 6.NC = requirement plus evidence plus NC
  7. 7.Major = systemic; Minor = isolated
  8. 8.Correction = symptom; corrective action = cause
  9. 9.Cert valid 5yr; 1 resit only
  10. 10.ISO 9004 = guidance, not criteria
  11. 11.Guides facilitate; auditors gather the evidence
  12. 12.Audits give reasonable, not absolute assurance
Same family resources

Explore More CQI and IRCA Auditor Training Exams

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.