ISO 9001 ISO-9001-Lead-Auditor Book

According to ISO 9001:2015, clause 9.2.2.e, the organization is required to retain documented information as evidence of the implementation of the audit programme and the audit results. This includes the records of the nonconformities identified during the internal audits and the corrective actions taken to address them. The organization is also required to verify the effectiveness of the corrective actions, as per clause 10.2.2.

Therefore, in the scenario given, the Quality Manager’s decision to automatically close any nonconformance over 3 years old without obtaining any confirmation from the relevant departments or verifying the effectiveness of the corrective actions is a clear violation of the requirements of clause 9.2.2.e. This indicates a lack of control and follow-up of the internal audit process, as well as a potential risk of recurrence or occurrence of the nonconformities in other areas. This also undermines the credibility and value of the internal audit programme, as well as the risk-based approach claimed by the Quality Manager.

Hence, the best course of action to take is D, to raise a nonconformance report against clause 9.2.2.e of ISO 9001, and to communicate the audit findings to the relevant management. The other options are either insufficient or irrelevant to address the issue, as they do not directly relate to the noncompliance with clause 9.2.2.e.

Comprehensive and Detailed In-Depth Explanation:

ISO 9000:2015 defines quality as "the degree to which a set of inherent characteristics of an object fulfills requirements."

Clause 3.6.2 (Quality) confirms this definition.

Quality is determined by how well an object (product, service, or process) meets defined requirements (customer, regulatory, or internal).

The other options do not align with the official ISO definition:

Option A refers to performance capability but does not define quality.

Option C describes work conditions, not quality.

Option D focuses on efficiency rather than fulfilling requirements.

According to ISO 19011:2018, clause 6.3.2, an audit plan should include the following information:

The audit objectives, scope, and criteria

The audit team members and their roles and responsibilities

The audit schedule, including the sequence and timings of audit activities, such as opening meeting, document review, interviews, observations, closing meeting, etc.

The expected time and duration of each audit activity and location

The name and contact details of the auditee’s representative and other relevant parties

The allocation of appropriate resources to support the audit activities

The audit methods and techniques to be used, such as interviews, observations, sampling, etc.

The audit documents and records to be prepared and retained

The audit language and communication methods

The audit risks and opportunities and how to address them

The audit follow-up arrangements, if applicable

Therefore, the correct answer is D and F, as they are essential elements of an audit plan. The other options are either irrelevant or optional for an audit plan. References:

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.2

ISO 19011: Guidelines for Auditing Management Systems | ASQ, section “Making audit arrangements”

ISO 19011 Management Systems Audit Checklist | Process Street, task 6.3.2

Related Activity

Correct Quality Management Principle

Communicate client needs and expectations throughout the organisation.

Customer focus

Encourage an organisation-wide commitment to quality.

Leadership

Empower staff to determine constraints to performance and to take the initiative without fear.

Engagement of people

Establish authority, responsibility, and accountability for managing processes.

Process approach

Continuously educate and train people at all levels on how to apply basic tools and methodologies to achieve objectives.

Improvement

Determine, measure, and monitor key indicators to demonstrate the organisation’s performance.

Evidence-based decision making

Determine relevant interested parties (such as providers, partners, customers, investors, employees, or society as a whole) and their connection with the organisation.

Relationship management

1. Customer focus

ISO 9001 states that organizations must understand and consistently meet customer needs and expectations.

➡ Communicating client needs throughout the organization ensures alignment and customer satisfaction.