Concepts & Principles
15%of exam
Audit Concepts & Responsibilities
15%of exam
Planning the Audit
15%of exam
Conducting the Audit
35%of exam
Reporting & Closing Out
20%of exam
Quick Facts
- Exam
- CQI IRCA QMS LA
- Standard
- ISO 9001:2015
- Questions
- 40, open-book
- Time
- 1h 45m online
- Platform
- SARAS (remote proctor)
- Pass rule
- 50% overall + 40%/section
- Course
- PR328, 40 hours
- Cert validity
- 5 years
7 QM Principles
Customer, Leadership, People, Process, Improve, Evidence, Relationships
Maintained vs Retained Info
Maintained
- Procedures, policies, plans
- Kept current, updated
Retained
- Records, results, evidence
- Fixed point-in-time proof
Kept current vs fixed
Which ISO 9001 Clause?
- Context, interested parties, scope→Clause 4(Context of org)
- Top mgmt commitment, policy→Clause 5(Leadership)
- Risks, objectives, planned changes→Clause 6(Planning)
- People, infra, competence, docs→Clause 7(Support)
- Design, purchasing, production→Clause 8(Operation)
- Monitoring, internal audit, review→Clause 9(Performance evaluation)
- Nonconformity, corrective action→Clause 10(Improvement)
7 Quality Management Principles
- Customer focus
- Meet & exceed needs
- Leadership
- Unity of purpose
- Engagement of people
- Competent, empowered staff
- Process approach
- Manage as processes
- Improvement
- Continual improvement focus
- Evidence-based decision making
- Decisions from data
- Relationship management
- Manage interested parties
PDCA Clause Map
Plan clauses 4-6, Do 7-8, Check 9, Act 10
Verification vs Validation
Verification
- Checks output vs input
- Confirms specified requirements met
Validation
- Checks product vs use
- Confirms it works in use
Spec check vs use check
ISO Standards Family
- ISO 9000
- Vocabulary & fundamentals
- ISO 9001
- QMS requirements, audit criteria
- ISO 9004
- Guidance, never audit criteria
- ISO 19011
- How to audit
- ISO/IEC 17021-1
- Certification body rules
PDCA to Clause Map
- Plan
- Clauses 4-6
- Do
- Clauses 7-8
- Check
- Clause 9
- Act
- Clause 10
Risk-Based Thinking Anchors
- Replaces
- 2008 preventive action clause
- Requires
- Proportionate action only
- Not required
- Formal risk register
- Found in
- Clauses 4.4, 5.1.2, 6.1, 9.3
- HLS
- Annex SL, 10-clause skeleton
ISO 19011 Principles
Integrity, Fairness, Care, Confidentiality, Independence, Evidence, Risk
Combined vs Joint Audit
Combined
- Two or more standards
- One audit team
- One site visit
Joint
- Two or more CBs
- Cooperate on one audit
- Shared client, one visit
Standards combined vs bodies joined
Which Audit Type?
- Auditing your own organization→First-party(Internal audit)
- Customer audits your QMS→Second-party(Contractual audit)
- Independent body issues cert→Third-party(Certification audit)
- One site, two standards→Combined audit(Same team)
- Two CBs, one visit→Joint audit(Shared audit)
ISO 19011 Seven Principles
- Integrity
- Foundation of professionalism
- Fair presentation
- Report truthfully, accurately
- Due professional care
- Diligence and judgment
- Confidentiality
- Protect information security
- Independence
- Objective, no conflicts
- Evidence-based approach
- Rational, reliable conclusions
- Risk-based approach
- Newest principle, added 2018
First-Party vs Third-Party Audit
First-Party
- Internal, self-conducted audit
- Own staff, own QMS
- No certification outcome
Third-Party
- Independent certification body
- Issues the certificate
- Accredited under 17021-1
Internal check vs certification
Core Audit Terminology
- Audit criteria
- Requirements used as reference
- Audit evidence
- Verifiable records, facts, info
- Audit finding
- Evidence evaluated against criteria
- Audit conclusion
- Outcome after considering findings
- Objective evidence
- Verifiable, not opinion
Audit Types
- First-party
- Internal self-audit
- Second-party
- Customer audits supplier
- Third-party
- Independent certification body
- Combined audit
- Two+ standards, one team
- Joint audit
- Two+ bodies, one visit
Auditor Personal Behaviours
- Ethical
- Fair, truthful, honest
- Open-minded
- Considers alternative ideas
- Diplomatic
- Tactful in dealings
- Observant
- Notices physical surroundings
- Perceptive
- Understands situations intuitively
- Culturally sensitive
- Respects norms, customs
ISO/IEC 17021-1 Certification Cycle
- CB
- Certifies against ISO 9001
- Accreditation
- UKAS, ANAB accredit CBs
- Stage 1
- Readiness, document review
- Stage 2
- On-site implementation audit
- Surveillance
- At least annual
- Recertification
- Before 3-year cycle ends
Establishing an Audit Programme
- Step 1
- Set programme objectives
- Step 2
- Determine risks, opportunities
- Step 3
- Establish extent, resources
- Step 4
- Establish supporting procedures
Audit Plan Contents
- Objectives
- What audit will achieve
- Scope
- Boundaries of the audit
- Criteria
- Standard used as reference
- Logistics
- Locations, dates, duration
- Methods
- Sampling extent included
- Roles
- Team responsibilities assigned
- Resources
- Allocated to critical areas
Audit Team Roles
- Team leader
- Overall control, responsibility
- Auditor
- Conducts the audit
- Technical expert
- Specific knowledge, no auditing
- Observer
- Accompanies, does not audit
- Auditor-in-training
- Learns, does not audit
- Audit client
- Requests, commissions the audit
Initiating the Audit
- Establish contact
- Confirm scope, dates
- Feasibility
- Info, cooperation, resources adequate
- Document review
- Check system vs criteria
- Stage 1
- Formal readiness review (3rd-party)
Opening Meeting Agenda
- Objectives
- Confirm scope, criteria
- Comms channels
- Confirm reporting lines
- Resources
- Confirm access, facilities
- Confidentiality
- Reconfirm information handling
- Safety
- Site rules confirmed
- Reporting method
- Grading, rating explained
- Termination
- Conditions for stopping audit
- Complaints
- Handling process explained
Audit Evidence Sources
- Interviews
- Open questions, corroborate
- Observation
- Watch activities, conditions
- Documented info
- Procedures, policies, plans
- Records
- Retained proof of results
- Data/KPIs
- Performance indicators reviewed
Sampling & Audit Trail
- Audit trail
- Follow forward, backward
- Forward trail
- Raw material to output
- Backward trail
- Output to raw material
- Sampling
- Reasonable, not absolute assurance
- Audit risk
- Managed, never eliminated
Interview Technique
- Open questions
- Avoid leading answers
- Corroborate
- Verify against second source
- Guides
- Facilitate access, not answer
- Observers
- Accompany team, no auditing
- Verified info only
- Counts as evidence
3-Part NC Statement
Requirement plus evidence plus nonconformity statement
Correction vs Corrective Action
Correction
- Fixes the symptom
- Immediate action taken
- Does not address cause
Corrective Action
- Fixes root cause
- Prevents recurrence
- Requires root-cause analysis
Symptom vs root cause
Major vs Minor Nonconformity
- Process totally missing→Major NC(Total breakdown)
- Likely product/service failure→Major NC(High risk)
- Many minors, same requirement→Major NC(Systemic pattern)
- Single isolated slip→Minor NC(Not systemic)
- Contained, one-off event→Minor NC(Low risk)
- Requirement fully met→Conformity(No NC written)
- Good idea, no requirement→OFI(Suggestion only)
Audit Finding Categories
- Conformity
- Meets requirement fully
- Nonconformity
- Requirement not met
- OFI
- Opportunity, not mandated fix
- Evaluation basis
- Evidence compared to criteria
Nonconformity Statement Parts
- Requirement
- Specific clause cited
- Objective evidence
- Facts, refs, dates, sample
- Nonconformity statement
- Links evidence to requirement
- Never named
- No individuals, no opinions
Closing & Follow-Up
- Audit conclusion
- Agreed before closing meeting
- Closing meeting
- Presents findings, no surprises
- Audit report
- Scope, criteria, team, findings
- Follow-up
- Verify action was effective
NC Grading Criteria
- Total process breakdown
- Major NC
- Likely product/service failure
- Major NC
- Accumulated minors, one requirement
- Major NC
- Single isolated lapse
- Minor NC
- Grading scheme
- Set by CB, not ISO
Common Traps
Correction vs Corrective Action
Correction fixes the symptom ≠ Corrective action fixes the cause
Maintained vs Retained Docs
Maintained stays current ≠ Retained is a fixed record
Verification vs Validation
Verification checks against input ≠ Validation checks against use
Principle vs Clause in NCs
Principles are not auditable ≠ NC must cite a clause
Major vs Minor Grading
ISO does not define grades ≠ The CB sets the scheme
Guide vs Auditor Role
Guides only facilitate access ≠ Auditors gather and judge evidence
Sampling vs Certainty
Audits give reasonable assurance ≠ Never absolute certainty
Last Minute
- 1.40 questions, 1h45m, open-book online
- 2.Need 50% overall and 40%/section
- 3.Conducting = 14/40 questions, 35%
- 4.PDCA maps to clauses 4-10
- 5.Principles explain intent, not clauses
- 6.NC = requirement plus evidence plus NC
- 7.Major = systemic; Minor = isolated
- 8.Correction = symptom; corrective action = cause
- 9.Cert valid 5yr; 1 resit only
- 10.ISO 9004 = guidance, not criteria
- 11.Guides facilitate; auditors gather the evidence
- 12.Audits give reasonable, not absolute assurance
Explore More CQI and IRCA Auditor Training Exams
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.