Total marks = 14 + 20 + 30 + 50

Internal auditor test – ISO 9001:2015

Section 1 - Each question worth 1 mark

1. Quality systems are used to evaluate

a. the measurements being taken on a product
b. degree to which formal quality system conforms to established requirements
c. that inspections are performed by qualified personnel
d. all of the above
e. none of the above

Ans: b. degree to which formal quality system conforms to established requirements

2. All activities that determine the quality policy, objectives and implement them by means
such as quality planning, control, assurance and improvement within quality system is
a. management review
b. quality management
c. total quality management
d. all of the above
e. none of the above

Ans: b. quality management

3. The non-fulfillment of a specified requirement is called

a. concession
b. non conformance
c. corrective action
d. all of the above
e. none of the above

Ans: b. non conformance

4. The completion of agreed corrective action can be verified by auditor's organization by

a. Acceptance of written response
b. Evaluation of submitted evidence
c. Verification of corrective action at audit location
d. All of the above
e. None of the above

Ans: d. All of the above

5. Scheduled audits should be supplemented when

a. significant changes are made in quality system, such as major organization or procedure
b. it is suspected that the quality of an item is in jeopardy due to quality system deficiencies
c. a systematic independent assessment of quality system effectiveness is necessary
d. all of the above
e. none of the above

Ans: c. a systematic independent assessment of quality system effectiveness is


6. Who has the full responsibility for developing the audit programme, providing audit
liaison and directing team efforts in audit preparation?
a. audit team escort
b. lead auditor
c. quality manager
d. all of the above
e. none of the above

Ans: b. lead auditor

7. A requirement in selecting audit team is

a. select auditors who are independent to audited activities
b. select only auditors who are certified on national register
c. to ensure that one of them is in management position
d. all of the above
e. none of the above

Ans: a. select auditors who are independent to audited activities

8. Quality system audits may be used to

a. Assist selection of suppliers and subcontractors
b. verify compliance with contractual requirements
c. assess the effectiveness of quality management systems
d. all of the above
e. none of the above

Ans: c. assess the effectiveness of quality management systems

9. The auditor observed at least 6 inspection test instruments overdue for calibration. The
auditor should now
a. draw a conclusion and prepare a CAR
b. intensify the search for more overdue instruments
c. tell the organization that something should be done about these instrument
d. all of the above
e. none of the above

Ans: a. draw a conclusion and prepare a CAR

10. Which of the following is the responsibility of lead auditor on a third party auditee
a. review CARs prepared by other auditors in the team
b. conduct opening meeting
c. conduct closing meeting
d. all of the above
e. none of the above

Ans: d. all of the above

11. Clause 9.2 of the standard requires

a. all internal audits to be performed by registered auditors
b. internal audit group to report to management level higher than quality manager
c. internal audits to be scheduled based on the importance of the activity
d. all of the above
e. none of the above

Ans: e. none of the above

12. Which of the following is a requirement of the standard

a. quality manager
b. procedure for quality costing
c. documented quality policy
d. all of the above
e. none of the above

Ans: c. documented quality policy

13. In order to meet the requirements of the standard, which of the following must be
a. procedure for evaluation of nonconforming product
b. procedure for auditing of subcontractors
c. definition of urgent order
d. all of the above
e. none of the above

Ans: a. procedure for evaluation of nonconforming product

14. Measurement and monitoring of customer satisfaction can be done through

a. Customer and user surveys
b. Feedback on product aspects
c. Market study
d. All of the above
e. None of the above

Ans: d. All of the above

Section 2 - Each question is worth 5 marks

1. Explain the features of the three types of quality system audits.

Internal Audit (First-Party Audit) - The internal audit is conducted to help the
management. The weakness of the management is disclosed. The external audit is conducted
to help the shareholder. The rights of owners are protected. The appointment of internal
audit is made by the management. The appointment in external audit is made by the
shareholders. Internal audit is the part of internal control.

External Audit (Second-Party Audit) - External audit is the not the part of internal
control. The internal audit can suggest improvement in internal check system. The external
audit can not suggest improvement in internal check system. The internal audit can perform
his duties under the terms of appointment. The management can limit the scope of work at
any time. The external auditor can perform his work to terms of appointment and other
prescribed law. The scope is very wide. Internal audit is an employee of the company. He is
not an independent person. External auditor is not an employee of the company.

Third-Party Audit - A third-party audit occurs when a company has decided that they want
to create a quality management system that conforms to a standard set of requirements, such
as ISO 9001, and hire an independent company to perform an audit to verify that the
company has succeeded in this endeavor. These independent companies are called
certification bodies or registrars, and they are in the business of conducting audits to
compare and verify that the QMS meets all the requirements of the chosen standard

2. Explain what is meant by process approach and give 4 clauses that support this

All organizations use processes to achieve their objectives.

--> Process is a set of interrelated or interacting activities that use inputs to deliver an intended Or
focussed result
Inputs & outputs maybe tangible (Ex. materials, components or equipment) or intangible (Ex. data,
information or knowledge)
Risk‐based thinking, PDCA and the process approach
Plan – Planning is one of the biggest parts of the QMS and starts with understanding the context of
the organization and the needs of parties interested in the QMS
Do – Planning is useless unless the plan is carried out. Controls need to be identified for the QMS
operations, product or service requirements need to be identified
Check – There are several requirements in the standard to check the processes of the Quality
Management system to ensure they are functioning properly as they have been planned.
There is a need to monitor, measure, analyze, evaluate the products or services to ensure they
meet requirements, the processes used are adequate, effective, and customer satisfaction is being
Act – Action in this case involves the actions needed to address any issues found in the check step,

Clauses – 4 to 10 support Process approach

– Mainly (4.1- 4.4), (5.1 – 5.3) , (6.1 - 6.3), (7.1 – 7.5), (8.2 – 8.7), (9.1 – 9.3), (10.1-10.3)

3. The auditee is called away by senior manager during the audit and do not return
after 5 minutes. What should the auditor do? What should the auditor not do?

If the auditee is called away by senior manager, then it can be tolerated only for limited
time. As everyone should be aware that auditing will happen. So prior arrangement should
have been done that auditee were not disturbed during the audit. The auditor should
continue the audit with other members and start continuing once the auditee returns after
meeting Manager

4. To confirm if a non-conformity is present, what are the important aspects that an

auditor should consider?

1. Factual Records with proof, if the requirements and guidelines are not met

i. Include the requirement

ii. Include what was wrong
iii. Include audit evidence

Section 3 – Each question is worth 10 marks

1. What are the 2 risks that are likely to occur in the following processes?
a. Recruitment b. Training c. Billing d. Sales e. Testing

a. Recruitment
i. Letting recruiters interview candidates without proper orientation or training
ii. Focusing too much on the resume & single approach to reaching out to candidates by
limited rounds of interview

b. Training
i. Including a staff with poor knowledge (or not interested in training) as trainer
causing lack of engagement
ii. Different learning habit - Training is bound to be less effective if all new employees
are assumed to be equally tech-savvy or to have the same knowledge levels and learning
c. Billing
i. Duplicate or wrong billing
ii. Process of taking information while billing, with lack of records

d. Sales
i. Lack of information about the service/product (unanswered questions)
ii. Failing to learn about the competitor Or failing to learn new strategies

e. Testing
i. Late delivery of the test items to the test team or availability issues with the test
ii. Problems with getting professional system administration support for the test

2. What are the 2 best suitable performance indicators for the following roles?
a. ISA b. HR c. CRE d. QA e. PM

i. Bugs – How much time they spend on issues (Easy, difficult issue basis)
ii. Chat – Responsiveness, How quickly they solve issues & feedback from Admin

HR :
i. HR metrics like Cost per Hire, Employee Turnover (Employee Satisfaction)
ii. Number of employees hired, no. of employees resigned ratio. Analysis of performance of
hired trainee.

i. Chat Handling - First Response Time, Communication rating
ii. Average chat & calls handled, Feedback from the customers/clients, Customer

QA :
i. Number of bugs verified for the techs effectively
ii. Reduction in the repeated errors caused techs by educating them

PM :
i. Number of projects done and delivered on time, within the allotted budget
ii. Feedback from client regarding the weekly/monthly meeting and responsiveness of PM

3. Identify 2 improvement opportunities in the following functional areas

a. Marketing b. Infrastructure management c. Customer relations d. Quality
assurance e. Operations

a. Marketing
i. Social media marketing (Digital marketing) - Create profiles on social networks
such as Facebook, Instagram, Twitter, and become active in them, Create interesting and
useful content, do SEO and marketing
ii. Use online automation softwares (CRM) like Zoho, Salesforce, Hubspot to run
Campaigns for tracking, marketing

b. Infrastructure management
i. With the help of qualified developers, Devops to create tools for security, eventlog
analyzing, patches for windows & linux servers...etc
ii. Using a Cloud type tool where we can manage tickets, problems, changes, and
assets from a single console to ensure availability and keep the business running

c. Customer relations
i. Recruit a Customer Success Manager, a professional having some years of exp. to
handle the team
ii. Educating the CREs to undergo various online training and workshops to improve
customer relations

d. Quality assurance
i. QAs should note down the common issues, find valid solutions and update in blogs
thus to ensure the techs that same errors should not happen in future
ii. For dev. teams automate QA for testing products

e. Operations
i. Invest in New Technology - Outdated technology can slow down the work process
and gives team members less flexibility to handle any given situation
ii. Setting up Service catalogs [The service catalog provides a comprehensive, user-
friendly menu of services for employees]

Section 4 - Examine each incident and take one of the 2 actions given. Each incident
worth 10 marks.

Action 1. If you think there is sufficient objective evidence of non-conformance, complete

and CAR and categorize it as major or minor.

Action 2. If not, write an observation statement and state your reasons why it is not a non-

The Non conformity Report format should be as given.

Company under audit:
Non conformity number:
Area under review:
ISO clause number:
Incident 1 :

During the audit of MRM, auditor notices that the meetings are not attended by any of the
top management team as per the records. When the auditor queries this, MR explains that
the management review has evolved into a two tier process, as it was difficult for all the
department and top managers to be available at the same time. The process is now that the
department managers conduct the first tier of management review. The MR prepares a
summary report including actions and recommendations. This is passed round each of the
top management for comment and MD finally agrees the action plan.

Company under audit: Poornam Info Vision
Non conformity number: 1
Area under review:MRM
ISO clause number: 5.2.2
Category: major
Nonconformity: The difficulties to attend the meeting was not communicated,understood
and solved within the organization.

Auditor: Rahul

Incident 2 :

In the purchasing dept the auditor asked how new supplier for item TMX101 was selected.
The clerk explains that the regular supplier could not meet the delivery date and the order
was placed with a supplier that they had never used before, only because the price quoted as
very low and that not other evaluation was done.

Company under audit: Poornam Info Vision
Non conformity number: 2
Area under review:Sales
ISO clause number: 6.1.1
Category: major
Nonconformity: There was no attempt to perform the risk that can occur or the desirable
effects that cause due to new supplier.

Auditor: Rahul

Incident 3 :

Auditor is shown internal audit reports from last audit. These include a nonconformity
report stating that 3 people in purchase had not been trained in the use of approved supplier
list. The CA was to train the 3 staff. The audit report has been closed. The MR tells you that
no further investigation was made. The internal auditor had checked the training records of
the 3 staff before closing the reports.

Company under audit: Poornam Info Vision
Non conformity number: 3
Area under review:Audit
ISO clause number: 10.2.2
Category: major
Nonconformity: There were no records of the corrective action taken which was to train 3

Auditor: Rahul

Incident 4 :

In the special projects work room, auditor notes that contrary to the organization's work
instruction CRP 10 Issue 1, which is clearly displayed at the entrance, 3/10 people in work
room are not wearing the company issued white nylon protective head gear.

Company under audit: Poornam Info Vision
Non conformity number: 4
Area under review:Audit
ISO clause number: 7.3
Category: major
Nonconformity: The organization didn’t ensure that the worker’s are aware if quality

Auditor: Rahul

Incident 5 :

In the QM's office, auditor asks for the internal audit schedule. This shows that 10 depts are
audited every 6 months, The auditor asks the QM how the audit frequency was decided.
Manager says that when the system was setup 3 years ago, 6 month intervals were specified
in the quality manual. The organization follows that ever since. The auditor asks to see the
file containing CARs. It lists 100 CARs all relating to the most recent round of audits. Of
these, 75 CARs are in the sales dept and the rest are spread over other 5 depts and 2 dept
received no CARs. The sales dept deals with all contract review activities.

Company under audit: Poornam Info Vision
Non conformity number: 5
Area under review: Audit
ISO clause number: 10.3
Category: major
Nonconformity: The continual improvement for the QM system was no maintained.

Auditor: Rahul

