EXERCISES WORKBOOK

Name of delegate: Prajyakti Bakre

ISO 9001:2015 Lead Auditor

(Quality Management System)

Training Course

DELEGATES TO NOTE:

Exercises carried out by each delegate is to be

submitted latest by end of the day, so that the Tutor
can review the exercises, and provide feedback next
training day

Pl include YOUR NAME in each exercise you share

with MSME

Delayed submission of exercises will impact the

Internal/Continual Assessment related to the delegate

Delegates to submit, to MSME, a ‘consolidated

Exercises booklet’ (a single document) consisting of all
the exercises carried out by them on last day of the
training

QMSVILT V1ISO 9001:2015 Lead Auditor Training course

 IMPORTANT
INSTRUCTION

All Exercises should refer to the Apex Manual of model company, unless otherwise stated.

Exercises Format: Individual Exercise

Exercises that are marked ‘Individual exercises’ to be performed individually by each
delegate.

Exercises Format: Group Exercise

Exercises that are marked ‘Group exercises’ should be performed by the following method.

1. Tutor will divide the total number of delegates in the session into requisite
groups. Depending on the number of delegates in a session, some group
might not have the same number of delegates as other groups
2. Once the group is formed on Day-1, the same group will continue to
collaborate on all the Exercises throughout the training course
3. Some exercises require ‘Group Leader’ role. In such cases, group
members can follow rotation method wherein, so that each delegate will
get an opportunity to act as a ‘Group Leader’ in different Exercises
4. For auditing exercises, ‘Tutor’ will act as the ‘Auditee’

QMSVILT V1ISO 9001:2015 Lead Auditor Training course

 TABLE OF CONTENTS

Sr. No. Title of Exercise

Exercise - 1 Mapping Terms and Definitions of ISO 9001:2015

Exercise - 2 Understanding Context of organization

Exercise - 3 Auditing QMS Policy and QMS objectives

Exercise - 4 Auditing “Clause 6.1 Actions to address risks and opportunities”

Exercise – Mapping of ‘Terms & Definitions’ of ISO 19011:2018

5

Exercise - 6 Responsibilities of Audit Teams (Auditor and Auditee)

Exercise - 7 Understanding of Audit Criteria, Audit Objective and Audit

Scope

Exercise - 8 Preparation of Audit Plan for Stage-1Audit

Exercise - 9 Preparation of Audit Checklist: Stage-1 audit

Exercise - Auditor’s competence requirements

10

Exercise - Preparation of Audit Checklist to audit Top Management

11

Exercise - Preparation of Audit Plan for Stage-2 audit

12

Exercise - Preparation of Agenda for Opening Meeting

13

Exercise - Conducting Stage-2 audit (Simulated Role-Play)

14

Exercise - Generation of NCR, Nonconformity Report

15

Exercise - Preparation of Agenda for Closing meeting

16

Exercise - Corrective action review, and Audit Follow-up

17
Exercise - Documented Information (Maintained and Retained)
18
 Exercise No. 1

Title Mapping Terms and Definitions of ISO 9001:2015

Learning To achieve clear understanding of various ‘Terms and Definitions’

under Clause 3 of ISO 9001:2015
Outcome

Duration 45 Minutes (Delegate 30 Minutes | Review 15 Minutes)

Method Individual Exercise

Exercis ISO 9001:2018 Standard

e
Material
Delegates to review the ISO 9001 > Clause 3 > Terms and
Delegate definitions. Delegates to present their findings as directed by the
course tutor.
Instruction
# TERM MAPPING # DEFINITION
e Category or rank given to different
1 Requirement a Quality requirements for products,
processes or systems having the same
functional use
2 Risk h b Determining the status of a system, a
process or an activity
3 Continual i c Overall intentions and direction of an
Improvement organization related to Quality as
formally expressed by top management
a Extent to which planned activities are
4 Grade d realized and planned results achieved

5 Monitoring b Need or expectation that is stated,

e generally implied or obligatory
6 Objective g f Measurable result

7 Performance f g Result to be achieved

Competence j
8 h Effect of Uncertainty
9 Effectiveness d i Recurring activity to enhance
performance
c j Demonstrated ability to apply
10 Quality Policy knowledge and skills or Ability to apply
knowledge and skills to achieve
intended results
 Exercise No. 2

Title Understanding Context of the organization

Learning To achieve understanding of the Clause 4- Context of organization

of ISO 9001:2015
Outcome

Duration 30 Minutes

Method Individual Exercise

Exercis ● ISO 9001:2015 Standard

● Company Profile/Apex Manual
e
Material
Delegates to review sub clauses of Clause 4 allocated to you by

the tutor and brief the requirement of the clause; the objective

and the evidence of conformity that the delegate would expect to

Delegate
Instruction witness in an audit. Delegates to present their findings as

directed by the course tutor.

1. Read through the ISO 9001:2015 standard clause 4

2. Explain the meaning and intent of clauses

3. Explain what evidence to look for in relation to each query

4. Present findings for discussion

 Tutor to provide one sub clause to each delegate.

Tutor Each delegate is required to use about 10 minutes to review the

Instruction clause/s in the Standard, and start preparing their findings.

At the end of the Presentations by all delegates, Tutor will

highlight any key points.

Tutor will explain the concept and hand-hold the delegates by

demonstrating the exercise for Clause 4.1.

The same pattern is to be used by the delegates to understand

all other clauses in the entire standard.

Clause Title of
No. clauses
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of workers and
other interested parties

4.3 Determining the Scope of the OHS management system

4.4 OHS management system

Typical solution:

4.1 Understanding the organisation and its context

Intent of clause 4.1:

Step-1: Read Clause 4.1 in ISO 9001:2015

Prime focus is on ‘determination of external and internal factors/issues that may

affect the organization and vice-versa.
Organization to determine the external and internal issues relevant to OHS management
system.
Internal and external issues can be positive or negative and include conditions,
characteristics or changing circumstances that can affect its OHS management system.
a) Examples of external issues:
1) the cultural, social, political, legal, financial, technological, economic and natural
surroundings and market competition, whether international, national, regional or local
2) introduction of new competitors, contractors, subcontractors, suppliers, partners and
providers, new technologies, new laws and the emergence of new occupations
3) new knowledge on products and their effect on health and safety
4) key drivers and trends relevant to the industry or sector having impact on the organization
 5) relationships with, as well as perceptions and values of, its external interested parties
changes in relation to any of the above
b) Examples of internal issues:
1) governance, organizational structure, roles and accountabilities
2) policies, objectives and the strategies that are in place to achieve them
3) the capabilities, understood in terms of resources, knowledge and competence (e.g.
capital, time, human resources, processes, systems and technologies)
4) information systems, information flows and decision-making processes (both formal and
informal)
5) introduction of new products, materials, services, tools, software, premises and equipment
6) relationships with, as well as perceptions and values of, workers
7) the culture in the organization

Evidence (Examples of Documented information to look for)

● List of external and internal issues determined, and duly approved or communicated
or reviewed or considered in Risk Assessment

4.2 Understanding the needs and expectations of interested parties

Intent of clause 4.2:

To determine
a) Interested parties
b) needs and expectation of interested parties
Examples of Interested parties: Employees, Customers, Suppliers, Local, regional,
state national or international or municipality legal and regulatory authorities,
contractors and subcontractors, Board of directors, Investors, Insurer,
stakeholders, visitors, community, and competitors.

Evidence (Documents and Records to look for): Matrix including a) determined

interested parties b) requirements of each interested party and c) monitoring and
reviewing information about determined interested parties and their requirements
 4.3 Scope of the Quality management system

Meaning and intent of clause:

Meaning and intent of clause: Organisation needs to determine the “core processes
(extent), and locations/plants/sites (boundaries)” for its management system.
An organization may have more than 8 offices and 4 sites; However, it decided to go for
certification of ISO 9001:2015 for Chennai plant only. So, the boundary is ‘Chennai plant’

Evidence (Documents and Records to look for): Has the documented information
on “Scope” of auditee organization has considered
(a) The external and internal issues referred to in Clause 4.1?
(b) Requirement referred to in Clause 4.2?

4.4 Quality management system

Intent of clause: The organization must establish, implement, maintain and
continually improve a management system, including processes needed and
their interactions. Organization integrates requirements of the management system
into various business processes such as design and development, procurement,
human resources, sales and marketing, etc.

Evidence (Documents and Records to look for)

 Processes and their inter-relation and integration

*****END OF EXERCISE*****
 Exercise No. 3

Title Auditing QMS Policy and QMS Objectives

● To gain an understanding of QMS Policy and QMS Objectives

as per ISO 9001:2015 clause requirements
Learning
● Prepare the list of requirements to be verified or reviewed for
Objective QMS Policy and its QMS Objectives

Duration Total 35 Minutes

Method Individual Exercise

Exercis
ISO 9001:2015 Standard
e
Apex Manual
Material

Delegates to review the requirements of 5.2 and 6.2.1 Quality

Policy, objectives, and Programme requirements and identify
what will be required to be reviewed.

Delegate Delegate’s Task:

Instruction 1. Review Clauses 5.2 and 6.2.1
2. Identify the requirements to be reviewed during the audit
3. Present your understanding on EACH clause
Typical Solution:

Points to be reviewed in documentation 5.2 Quality Policy

Sr
To look for
.
No
.
1. Has the organization established, implemented and maintained Quality Policy?
2. Appropriate to the purpose and context of the organization and supports its
strategic direction?
3. Includes the commitment to comply with legal and applicable requirements?
4. Provide the framework for setting up of objectives?
5 Includes a commitment to continual improvement of QMS?
6. Documented, implemented, and maintained?
7. Communicated, understood, and applied within the organization?
8. Available to relevant interested parties

Evidence (Documents and Records to be verified)

● Duly approved Policy meeting the requirements of Clause 5.2.1
● Policy-related awareness sessions/training records
● Communication in the form of emails, meetings, stand-up meetings, Toolbox
talks, Notice boards, etc.,
● Made available to interested parties? If yes, evidence of communication
Points to be reviewed in documentation, 6.2. Quality Objectives
Sr S.M.A.R.T.
What to check / ask / look for
.
No
.
1. Has the organization established Quality objectives at relevant functions
and levels in order to maintain and continually improve the Quality
management system and Quality performance?
2. What are different objectives established?
Are the objectives in line with QMS Policy? (Policy sets the direction, Objectives
3.
enforce the Policy)
Are the objectives measurable? Can they be monitored? Are the QMS Objectives
4. updated as appropriate??
Whether the objectives cover/address legal/statutory/regulatory/other
5. requirements
Whether the results of assessment of risks and opportunities have been taken
6. into account while establishing and reviewing the objectives?
Are QMS Objectives relevant to conformity of products and services and to
7. enhancement of customer satisfaction?

Evidence (Processes, Documents and Records to look for)

List of objectives at various functions and levels maintained as ‘documented
information’ While planning to achieve the Q. Objectives, Whether the
organization has determined

1. What will be done to achieve the objectives (Approach, methodology)?

2. What resources will be required? (Men, material, money, methods etc.,)?

3. Who will be responsible? (One person per objective, NOT a Team)?

4. When it will be completed? (And periodic milestones for review)?

5. How the results will be evaluated, including indicators for monitoring

(Mechanism, frequency for evaluation)?

6. How the actions to achieve objectives will be integrated into the organization’s
business processes?

*****END OF EXERCISE*****
 Exercise No. 4

Clause 6: Planning
Exercise Name
6.1 Actions to address risks and opportunities
● To gain a clear understanding of ‘6.1 Actions to address risks
and opportunities of risks and opportunities
Learning
Objective ● Review the list of ‘requirements’ (of ISO 9001), and to ensure
that whether all such ‘requirements’ have been considered
while taking actions to address risks and opportunities
● Furnish related evidence an auditor to look for towards
conformity of Clause 6.1

Duration Total 45 Minutes

Method Individual Exercise

Exercis ● ISO 9001:2015 Standard

e
Material
1. Review Clause 6.1
2. LIST the requirements of Clause 6.1.1 and 6.1.2, and
Delegate
3. LIST probable queries & evidence that you, as an Auditor,
Instruction
would look for to decide conformity or otherwise
 6.1 Actions to address risks and opportunities
# Requirements as per ISO 9001
6.1.1 When planning for the
1 quality management system, the
organization shall
1. consider the issues
2 referred to in Clause 4.1
2. consider the issues
3 referred to in Clause 4.2
Organization shall determine the
4 risks and opportunities that need to
be addressed to:
a) give assurance that the quality
5 management system can achieve
its intended result(s)
6 b) enhance desirable effects
c) prevent, or reduce, undesired
7 effects
Probable queries and evidences
an auditor to look for
6.1.1. Does the organization have a Plan
for QMS? Evidence:
_________________
6.1.1. When planning for QMS, are the
issues referred in Clause 4.1 (External
and internal issues) considered?
(What are issues referred in Clause 6.2?)
Evidence: __________________
6.1.1. When planning for QMS, are the
issues referred in Clause 4.2 (Interested
parties) considered?
(What are issues referred in Clause 6.2?)
Evidence: QMS Plan refers to
‘determined requirements of
Clause__________________
Has the organization determined the
risks and opportunities
(covering/addressing)?
Evidence: Risk Assessment Records,
Risk Register duly reviewed
(Delegates to read 4) and 5) together
in adjacent column):
Has the organization determined the
risks and opportunities to give
assurance that the QMS can achieve its
intended results? Evidence:
_______________________
Is enhancement of desirable effects
addressed while determining risks &
opportunities?
Evidence: ________________
Is the determination of risks and
opportunities address prevention,
 reduction of undesired effects?
Evidence: _______________________
Is achievement of improved addressed
d) achieve improvement while addressing risks & opportunities?
8 Evidence:
________________________
9 6.1.2: The organization shall plan

6.1.2. a) To achieve QMS Objectives,

a) actions to address these risks Has the organization planned actions to
10 and opportunities address determined risks &
opportunities?
Evidence: ______________________

b) how to:
1) integrate and implement the
11 actions into its quality
management system processes
(see 4.4)

2) evaluate the effectiveness of these

12 actions

Actions taken to address risks and

opportunities shall be proportionate to
13 the potential impact on the conformity
of products and services
 Exercise No. 5

Title ISO 19011:2018: MAPPING TERMS & DEFINITIONS

To gain clear understanding on

Learning ● Terms and related definitions for auditing management
Objective systems

Duration Total 30 Minutes

Method Individual Exercise
Exercise
Material ● ISO 19011 standard
● Course Presentation

Delegates to map the Definitions with Terms

Delegate
Instruction

Page 13 of 64
Sl.No. Terms Matched Serial. Definition
No. of Definition

(A) (B) (C)

b b) Set of requirements used as a reference

1 Audit criteria against which objective evidence is
compared.
e e) Extent and boundaries of an audit; the audit
2 Audit scope scope generally includes a description of the
physical and virtual-locations, functions,
organizational units, activities and processes,
as well as the time period covered.
a a) Audit carried out together at a single
auditee on two or more management
3 Combined audit systems

4 Audit f f) Systematic, independent and documented

process for obtaining objective evidence and
evaluating it objectively to determine the
extent to which the audit criteria are fulfilled

j j) Arrangements for a set of one or more

audits planned for a specific time frame
5 Audit programme and directed towards a specific purpose

g g) Description of the activities and

Audit plan arrangements for an audit
6
7 Audit findings c c) Results of the evaluation of the collected audit
evidence against audit criteria
Audit findings can lead to the identification of
risks, opportunities for improvement or
recording of good practices

d d) Outcome of an audit, after consideration of

Audit conclusion the audit objectives and all audit findings
8
9 Management system h h)Set of interrelated or interacting elements of
an organization to establish policies and
objectives, and processes to achieve those
objectives

i i)One or more persons conducting an

10 Audit team audit, supported if needed by the
technical expert

Page 14 of 64
 Exercise No. 6

Title RESPONSIBILITIES OF AUDIT TEAMS (AUDITOR AND

AUDITEE)
To gain clear understanding on
Learning ● The roles and responsibilities of audit team players such as
Objective auditee client, auditors, lead auditors, auditee, guides and
observers

Duration Total 30 Minutes

Method Individual Exercise
Exercise
Material ● ISO 19011 standard
● Course Presentation

Delegates to LIST responsibilities of the Lead Auditor, the audit

Delegate team members, auditee management and auditee, as indicated by
Instruction the Tutor

Page 15 of 64
Typical Solution:
Responsibilities of Audit Team Leader
1. Obtain background information of Auditee Organization
2. Conduct documentation Review
3. Select and assign audit team members
4. Determine the audit Scope and Objective
5. Prepare the plan including data and duration
6. Chairs Opening Meeting and Closing Meeting
7. Representing the team at all stages including opening and closing meetings
8. Resolution of any problem arising
9. Evaluation of evidence and results reporting
10. Prepare and present the report,makes recommendations, and follows up, reports
and recommends actions.

Auditor Organization (Certification body or Manager, Internal Audit)

1. Determines Audit scope and objectives
2. Select the audit team leader
3. Provides Audit Team resources
4. Ensure competence of Audit Team
5. Proper Planning and conduct of audit
6. Ownership of audit report
7. Manages follow up action

Responsibilities – Auditor
1. Prepare Audit Plan and Audit checklists
2. Competent to conduct the audit
3. Conduct audits according to audit plan
4. Communicate with auditee
5. Record and report Findings clearly
6. Carry out Follow-up/Review on previous Audit Findings
7. Support Audit Team Leader
8. Restrict audit within the agreed scope
9. Collect and evaluate objective evidence with audit criteria
10. Maintain ethics, confidentiality and integrity
11. Support Audit team Leader

Auditee Management
1. Inform workers about the audit scope and objectives of the audit
2. Provide resources, facilities, and guides
3. Finalize/approve Audit scope, Audit Criteria and Audit Objective
4. . Make themselves available for audit
5. Ensure corrective action taken on NCRs

Page 16 of 64
 6. Provide resources, logistics, and guide/s
7. . Provide access to all areas 6. Ensure auditees’ cooperation
8. Attend opening and closing meetings

Responsibility – Auditee
1. Assist auditors by supplying information and documents as requested
2. Responding to audit queries
3. Making themselves available during audit
4. Providing support as agreed
5. Ensure his/her Reportees are available for audit

Page 17 of 64
 Exercise No. 7

Title Understanding Audit Criteria, Audit Objective and Audit

Scope

Learning • EXPLAIN Scope of audit, audit Criteria and audit Objective with
example
Objective

Duration Total 30 Minutes

Method Individual Exercise

• ISO 19011 Standard

Exercis • ISO 9001:2015
e • Case study/Apex Manual
Material

Each delegate to go through ISO 19011 standard > Clause 3,

and define the scope of the audit, audit criteria and audit
objective for the given case study/Apex Manual.

Delegate
Instruction Delegates to
a) Understand, Define, and briefly explain Audit Scope, Audit
criteria and Audit Objective in their own words

b) To provide atleast ONE EXAMPLE for Audit Scope, Audit

Criteria, and Audit Objective

Page 18 of 64
Typical Solution:

Audit scope

Definition: Extent and boundaries of an audit

Meaning: Core processes, not all the processes + location/s for audit
Examples of core Processes:
a) Manufacture, Supply and Servicing of Air conditioners
b) Construction, Installation and commissioning of Petrochemical complex
Scope of the Quality Management system as per ISO 9001:2015 is:
“Design, development, production and Sales of precision engineering components of
ABC Corporation, Mumbai and Riyadh”

Audit criteria

Definition: “Set of requirements used as a reference against which objective evidence

is compared” i.e., the base or foundation for an audi
Meaning:

Example of audit criteria: Examples: ISO 9001:2015, ISO 14001:2015,

Contractual/customer requirements Any request received from top management

Audit objective

Audit objective:

Example:
●
●
●
●
●
●

*****END OF EXERCISE*****

Page 19 of 64
e

Exercise No. 8

Title Preparation of Audit Plan for ‘Stage-1 Audit’

1. To prepare for planning for Stage-1audit
2. To enhance the understanding of process and system
approach to management auditing
Learning 3. To develop the ability to determine the audit scope and
Objective determine resource requirements including determination
of ‘number of audit days/duration’ according to IAF MD:5-
2019
Time Allocation Total 45 Minutes
Format Individual Exercise
● ISO 9001:2015 standard > Clause # 6.3.2
Exercis ● Case study/Apex Manual
e ● IAF MD:5-2019
Material

Task:
Delegate a) To refer the Apex Manual, and LIST the process areas for
Instruction
which documentation audit is required to be carried out
b) Prepare the audit plan for the Stage-1 audit using the
Template given below covering the documentation audit of
‘listed process areas’

Page 20 of 64
 AUDIT PLAN-Stage-1

Auditee
Organization:
Date(s): Location
Team Leader: Ms. - Auditor 1
Team Members: Mr. – Auditor 2

Audit Criteria:

Audit Scope:
Note: Based on the man-day calculation the Stage-1 audit of 1 day (Ref: IAF MD:5-2019)

HOURS AUDITOR 1 HOURS AUDITOR 2

09.30 to
Opening Meeting
10.30
Audit of details provided in the
application, (Including scope, Brief site-visit: To understand
10.30 to 10.30 processes and technology used
processes, work-culture)
11.30 to
11.30

11.30 to Documented information review 11.30

13.00 for the adequacy, Context of to
organisation, Leadership 13.00
commitment

13.00 to
Lunch
13.30

13.30 to 13.30
14.30 to
14.30

14.30 to 14.30 to
13.45 16.30

13.45 to
Auditor Team Meeting (to finalize Audit Findings, and decide Audit Conclusion)
16.15
16.15 to
Debriefing to Auditee Management
16.30
16.30 to
Closing Meeting
17.00

Page 21 of 64
 Exercise No. 9

Title Preparation of Audit Checklist: Stage-1 audit

• To understand and prepare ‘Audit checklist for Stage-1
Learning audit’ related to adequacy audit/documentation audit
Objective
• To understand the concept of ‘Audit Checkpoint/Audit
Trail/Audit Investigation point’
Duration Total 45 Minutes

Method Individual Exercise

Exercise
● ISO 9001:2015 standard
Reference
● Apex Manual

Tutor will allocate requisite clause number/sub-clause number to

Delegate
each delegate to address in Audit Checklist.
Instruction

Delegates to create audit Checklist for Stage-1 audit’, limiting to

documentation audit.

Page 22 of 64
.

Page 23 of 64
 TYPICAL SOLUTION:

Claus What to What to look for (as

Requirements evidence)
e# query?
Context
4
of
organisation
Understanding the Are the External and List of external and internal
4.1 organisation and its internal issues issues (Approved note, e-
context determined? mail, Part of Management
review?)

Understanding the needs

4.2 and expectation of
workers and other
interested parties
Determining the scope of
4.3 the Quality management
system
Quality
4.4
management system

Leadership
5
Leadership
5.1
and commitment
Customer Focus
5.1.2

5.2 Quality Policy

Organizational roles,
5.3 responsibilities and
authorities
6 Planning
Action to address risk and
6.1 opportunities
6.1.1 General
Quality Objectives
6.2 objectives and planning
to achieve them
Planning of changes
6.3

7 Support
7.1 Resources
7.2 Competence

Page 24 of 64
7.3 Awareness
7.4 Communication
Documente
7.5 d
information
7.5.1 General
7.5.2 Creating and updating
Control of documented
7.5.3 information
8 Operation
8.1 Operation planning and
control
Requirements for products
8.2 and services
8.3 Design and development
of products and services
8.4 Control of externally
provided processes,
products and services
8.5 Production and service
provision
8.6 Release of products and
services
8.7 Control of nonconforming
outputs
9 Performance evaluation
Monitoring, measurement,
9.1 analysis, and performance
evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 General
10.2 Nonconformity and
corrective action
10.3 Continual improvement

Page 25 of 64
 Exercise No. 10

Title Understanding Auditor’s competence requirements

Learnin ● Lead auditor is responsible for evaluation and selection

of auditors
g
Objecti ● Make delegates aware of the knowledge and skills
required for developing competence as a management
ve
system auditor
Time Total 30 Minutes
Allocation
Format Individual Exercise

Exerci
● ISO 19011 Standard > Clause 7.2
se
● Training Presentation
Materi
al

Delegates to review guidelines of ISO 19011 carefully

and to identify the competence needs for an auditor as
follows:
Delegate
ISO 19011 > 7.2 Determining auditor competence
Instructi
7.2.1 General
on
7.2.2 Personal behavior
7.2.3 Knowledge and skills
7.2.4 Achieving auditor competence
7.2.5 Achieving audit team leader competence

Page 26 of 64
 Typical Solution:

#
Competence requirements
Personal behaviour;
● ethical, i.e., fair, truthful, sincere, honest and discreet
● open-minded, i.e., willing to consider alternative ideas or points of view
●
●
●
●
●
●
1 ●
●
●
●
●
●

2 Generic knowledge and skills of the management system

3 Sector-specific knowledge and skills of management system auditors
4 Generic knowledge and skills of an audit team leader
Knowledge and skills for auditing management systems addressing multiple disciplines
5
Formal education/training and experience that contribute to the development of knowledge
6 and skills in the management system discipline and sector the auditor intends to audit

7 Training programmes that cover generic auditor knowledge and skills

Experience in a relevant technical, managerial or professional position involving the
8 exercise of judgement, decision making, problem solving and communication with
managers, professionals, peers, customers and other interested parties

Page 27 of 64
 Exercise No. 11

Title Preparation of Audit Checklist to audit Top

Management
To gain clear understanding about
● The approach to audit the Top Management
Learning ● Skills required to audit the top management.
Objective
Time Total 30 Minutes (Delegate 60 Mts | Feedback 30 Mts)
Allocation
Format Individual Exercise
Exercise
● ISO 9001:2015 standard
Material ● Apex Manual/Case study

Delegates to prepare an Audit checklist covering Clauses

in ISO 9001:2015 related to Top Management which are
a) 5.1
b) 5.2
c) 5.3, and
d) 9.3

Delegate NOTE: Clause 6.2 Objectives can also be added since

Instruction Top Management need to ensure objectives are
established, communicated, and maintained

Page 28 of 64
 Delegates to generate atleast 3 audit queries per sub-clause given below:

Description of What to query What to look for? (as

Claus clause Objective evidence)
e#
1.

5.1 Leadership 2.
and 3.
commitment
1.

2.
5.2 Quality Policy
3.

1.
Organizational
5.3 2.
roles,
responsibilities 3.
and authorities
1.

2.
6.2.1 Quality
objectives 3.

1.
Planning to
6.2.2 2.
achieve Quality
objectives 3.

1.

2.
9.3 Management
review 3.

Page 29 of 64
 Exercise No. 12

Title Preparation of Audit Plan for Stage-2 audit

To enable delegates to prepare Audit Plan for Stage-2 audit

Learning
Objective
Duration Total 30 Minutes

Method Individual Exercise

● ISO 9001:2015 standard and case study

Exercis
● IAF-MD5:2019
e
Material
Delegates to

a) Review the Apex Manual, and LIST the process areas

Delegate b) Utilize the ‘Template for Audit Plan’ used in a previous exercise
Instruction
c) Include the Process areas in appropriate time slots to complete

the Audit Plan for Stage-2 audit which is otherwise known as

Conformity audit or Implementation audit or Certification audit

Page 30 of 64
 AUDIT PLAN– Stage 2 audit
Auditee ABC Corporation
Organization
Date(s) DD–MM–YYYY Location Mumbai
Group Leader Mr. Thomas Roger (LA) –Auditor 1
Group Members Mr. Bright Carpenter –Auditor 2
ISO 9001:2015 Quality Management System – Requirements with
Audit Criteria:
guidance for use
Audit Scope: “Design, development, production and Sales of precision engineering
components of ABC Corporation, Mumbai and Riyadh”

HOURS AUDITOR 1 HOURS AUDITOR 2

09.30 to
Opening Meeting
10.30
10.30 to Top Management 10.30 Review of action status of audit
11.00 to findings of previous audit/s
11.00
Construction site/ Production
(Includes risk assessment, legal
11.00 to 11.00 requirements, objectives and
Supply Chain Management
13.00 to programmes, operation controls
13.00 and evaluation of compliance)

13.00 to
Lunch
13.30

13.30 to Documented information, 13.30 to Support, Internal audit

15.30 Design and Development 15.30

15.30 to Performance Evaluation, and 15.30 to Customer Focus, and Customer

17.00 continual Improvement 17.00 Satisfaction
17.00 to Auditors Team meeting
17.15
17.15 to Debriefing Top Management
17.30
17.30 to Closing Meeting
18.00

Page 31 of 64
 Exercise No. 13

Title OPENING MEETING: Preparation of Agenda

● Understand the process of Opening Meeting

Learning
● Preparing the Agenda for Opening meeting
Objective

Duration Total 45 Minutes

Method Individual Exercise

Exercise
● ISO 19011 standard > Clause 6.4.3
Material
Delegates to

a) Review the guidelines in ISO 19011 > Clause 6.4.3

Tutor b) Prepare an Agenda for conducting an Opening Meeting

Instruction
c) Agenda to consist of atleast 10 points

Page 32 of 64
 Agenda for Opening Meeting
.
1. Formal business Introductions, initiated by Audit Team Leader

2. Thank the auditee management (Responsibility: Audit Team leader)

3. Auditors and Auditee Management to introduce themselves

4. Record of participation (Responsibility: Audit Team leader)

5. Confirm Audit Scope, Audit Criteria, and Audit Objective (Responsibility: Audit Team
Leader)

6. Confirm the audit plan (Responsibility: Audit Team Leader)

7. Explain the method of conduct of the audit, including the method to resolve
issues/disputes

8. Confirm auditee cooperation (Responding, providing documentation to auditor)

9. Establish lines of communications

10. Promote auditee's participation in audit

11. Confirm current status of controlled documentation

12. Confirm the Lunch arrangements

13. Confirm any resources required

14. Reporting Procedure and Closing

15. Role of Guides, Technical Experts, Observers, Translators, as applicable

16. Termination and Appeals

17. Assure confidentiality and security of data and information

18. Health and Safety Issues and Access to facilities

19. Process of ‘End of day briefings’ if required

20. Private Room for Group Discussions

Page 33 of 64
*****END OF EXERCISE*****

Page 34 of 64
 Exercise No. 14

Title Simulated Role-play: Conducting Stage- 2 audit’

A) Demonstrate the ‘skills’ to implement the audit plan

B) Make use of Audit checklist, and other documents, and to
follow audit trails

Learning C) Demonstrate the ability to build rapport with the auditee

during the audit
Objective
D) Demonstrate the ‘skills’ to manage audit interviews
effectively, including the ability to formulate effective audit
queries
E) Demonstrate the ability to collect and verify appropriate audit
evidence, including appropriate sampling
Duration Total 60 Minutes

Method Team Exercise

Exercis 1. ISO 9001:2015 standard

e 2. Prepared checklist from previous Exercise/s

Material 3. Case study/Apex Manual

4. Site visit visuals (to be shared by the Tutor during the
Exercise)

A. Delegates to
1) Be ready with the Audit Checklist that the delegate prepared
2) Decide who will play the role of Audit Team Leader/Lead
Auditor
Delegate 3) Discuss within the team
Instruction a) who will lead,
b) how to carry out Introduction of audit team members,
c) who will start the audit, sequence of audit
d) sequence of asking queries,
e) how the queries will be split between the auditors
f) who will intervene in case of disputes during the audit
g) ‘What-if’ the auditee is not providing information
intentionally or auditee not understanding the query of
auditor,
h) ‘How-to-manage’ if the auditee engages delay-tactics
Page 35 of 64
4) Note down the details of evidences obtained
5) Decide conformity or otherwise
6) Communicate with the auditee in case of nonconformity
7) Obtain acknowledgement/acceptance of NCR
8) Ready to generate NCR, Nonconformity Report (Delegates
will carry out another exercise to create NCRs)
9) Note down ‘Learnings’ out of this exercise

B. Non-participating Delegates:

1. To observe the course and sequence of audit, bottlenecks,

auditor-auditee communication levels and patterns

2. To identify good practices by the auditor/auditee

3. To identify the scope for improvement in audit process

4. To highlight on ‘auditor conduct’

C. NOTE TO ALL DELEGATES:

1. Audit queries to avoid terms such as ‘you, your, we, I, me,

yours’ as matter of personification; ISO 9001:2015, as a
Standard, does NOT contain such terminologies.

2. Point # 1 above might be practiced, if the auditor is familiar

with auditee by interactions prior to a particular audit

3. In case an auditor identifies a nonconformity, please note an

Objective Evidence is a MUST to declare the process as
Nonconformity

4. In case a nonconformity is identified initially, but no evidence is

available, auditor need to investigate further to a reasonable
extent to decide conformity or otherwise; Not to deep-dive or
focus to ‘go behind’ in making a nonconformity
Page 36 of 64
 Typical nonconformities identified during Role-play:

Audit finding–1
Pulley-guard found not available on the rotating part in the plant

Audit finding–2
Welder not wearing/using appropriate PPE

*****END OF EXERCISE*****

Page 37 of 64
 Exercise No. 15

Title Generation of NCR, Nonconformity Report

To optimize the
a) skill related to evaluate nonconformity based on the audit
Learning findings
Objective b) Preparation of nonconformity report based on the audit findings
with all relevant information

Duration Total 30 Minutes (Delegate 30 Mts | Feedback 15 Mts)

Method Individual Exercise

Exercis ISO 9001:2015 standard

e Findings as identified during the Stage 2 audit in previous exercise

Material
Delegates to
1. Review the findings against the specific requirements and will

Delegate conclude whether the scenario is conformity or otherwise

Instruction
2. If nonconformity evidenced appropriately, Prepare non–
conformity report in the given template

Page 38 of 64
 NONCONFORMITY REPORT

Auditee Organization: ABC Corporation Date: ddmmyyyy

Location: Mumbai Audit Plan No.:
Auditor Name: Mr. Charles G NCR No.
Auditee Dept: Production Shop -MX1 NCR Category: Minor
1. Description of Nonconformity: Organization failed to implement risk mitigation
measures and related impact/s

2. Related evidence: One of the Pulley Guards was not in place on rotating belts
and pulleys, which could be a cause for a hazard (Asset ID # 1234, Location of
Pulley: Machine Shop: AP-1)

3. Audit Criteria: ISO 9001:2015 Clause No. 6.1. Action to address risks and
opportunities

Auditor Sign: Auditee Sign:

Date:

*****END OF EXERCISE*****

Page 39 of 64
 Exercise No. 16

Title CLOSING MEETING: Preparation of Agenda

Demonstrate the ability to

1. Review all the audit findings of an audit,
Learning 2. Prepare audit conclusions, including the extent of conformity
Objective of the management system
3. Identification of audit findings in addition to nonconformity,
and identification of potential risks and opportunities for
improvement
4. Grade nonconformity reports
5. Present audit conclusions and recommendations clearly to
the auditee at a closing meeting
Time Allocation Total 30 Minutes

Format Individual Exercise

Exercis ● ISO 19011 standard > Clause 6.4.10

e ● Audit Findings including Nonconformity reports

Material

The purpose of the closing Meeting is to present the audit

Delegate conclusion and audit findngs, and make suitable
recommendation/s.
Instruction
Delegate to
a) Refer ISO 19011 > Clause 6.4.10

b) Prepare an Agenda for closing Meeting

Page 40 of 64
 Agenda for Closing Meeting

1. Audit Team Leader to chair the Closing Meeting

2. Welcome the teams, and thank the Auditee Management
3. Record presence of participants

4. Re–state the scope, criteria, including exclusions and objectives

5. Convey recommendations as to certification or continuation of certification

as applicable

6. Explain Audit conclusion, and a Summary of Audit Findings

7. Explain nonconformities defining major and minor as required

8. Return any documents/samples used by the auditor team

9. Invite questions on audit findings

10. Make Disclaimer Statement

11. Explain the procedures for complaint and appeal, if relevant

12. . Invite auditee to ensure corrective action plans on time

13. Highlight consequences of not addressing corrective action

14. Explain reporting, timelines, and follow up procedures

15. Confidentiality of data and information

16. Thank the auditee management, auditees, and the auditors

17. Close

*****END OF EXERCISE*****

Page 41 of 64
 Exercise No. 17

CORRECTIVE ACTION REVIEW AND AUDIT

Title FOLLOW UP

● Evaluation of proposed corrective action

Learning
● Evaluation of the evidences provided for the closure of the
Objective
non-conformities

Time Allocation Total 45 Minutes (Delegate 30 Mts | Feedback 15 Mts)

Format Individual Exercise

Exercise
ISO 9001:2015 standard > Clause 10.2 (Read the clause to
Material comprehend the requirements of corrective action and audit
follow-up)

Delegates to
1. Review the evidence of the corrective actions presented by the
Delegate
auditee
Instruction
2. Review whether the requirement is in conformity with ISO
9001:2015 standard towards closing out the NCR
3. Decide whether the corrective actions are implemented, and
effectiveness of corrective action has been checked by the
auditee.

Page 42 of 64
 NC 1 – NONCONFORMITY REPORT FORM
PART-1: NONCONFORMITY REPORT
Auditee Organization: Date of audit: ddmmyy
Location: NCR No. 67
Auditor Name: NCR Grade: Major/Minor
Auditee Dept:
1) Description of Nonconformity: Organization failed to implement risk mitigation
measures and related impact/s

2) Related evidence: One of the Pulley Guards was not in place on rotating belts and
pulleys, which could be a cause for a hazard (Asset ID # 1234, Location of Pulley:
Machine Shop: AP-1)

3) Audit Criteria: ISO 9001:2015 Clause No. 6.1. Action to address risks and
opportunities

Auditor Auditee Signature: Date

Signature: :
PART-2: CORRECTIVE ACTION PLAN, and IMPLEMENTATION:

A. Correction: Company-wide mail and verbal instructions have been given to follow
strictly the machinery safety measures
B. Root Cause/s for NCR (identified by auditee): Since QMS is being implemented in
the organization in recent days; awareness on machinery safety was not fully carried
out due to oversight.
C. Corrective action Plan (by auditee):
● Awareness on machinery safety shall be conducted starting 3 rd week Dec yyyy.
● Training will also be conducted for Special PPEs, by 1 st Week of Jan yyyy
● Monitoring of effectiveness of machinery safety in same/similar workplaces shall be
monitored by Dept Heads starting 15 JAN yyyy
● Conformity to machinery safety will be reported by QMS Manager every fortnight
starting 15 JAN yyyy
● Schedule for completion of Corrective Action Plan: 29 JAN yyyy

D. CAP reviewed by Auditor & Approved: (Auditor Signature):

Date: ddmmyyyy
E. Corrective action Implemented by auditee on: 10 JAN yyyy
F. Effectiveness of implemented corrective action checked by Management Appointee on:
15 JAN yyyy
G. Based on corrective action, ‘Change’ in procedures of a) PPEs and b) Risk
management initiated: yyyyy

Page 43 of 64
 H. Corrective action Completion Date: 27JAN yyyy

I. Objective evidence (available, to be produced by the auditee):

a) Photos of Awareness programs
b) Photos of covered/protected machineries
c) Photos of Signages for PPE
d) Record of effectiveness of Training
J) Auditor informed by mail by the auditee on completion of Corrective action: 27JANyyyy

PART-3: AUDIT FOLLOWUP

Audit Follow-up (by auditor):

1) Corrective Action for NCR # 67 reviewed along with related Corrective Action Plan, and
the corrective action implemented
2) Reviewed related objective evidences
3) In conformity with Clause 6.1
4) NCR closed
5) Auditee to share the details of updates to Approved documented information w.r.t
Clause 4.4 and 6.1 by 27FEByyyy

Signature of Auditor/with date: 01FEByyyy

Part-4: Further action taken

Update of Processes (4.4), and ‘Actions to address Risks (6.1): Documented information
revised based on corrective action carried out, and updated procedures published by
Document Control Officer and copy of mail dt. 27FEByyyy shared with auditor on
25FEByyyy.
Satisfactory : Checked and approved by: Audit Manager/ 28FEByyyy

ACTION BY DELEGATES: To review the above-process, and share their views

as follows: Highlight in yellow, either a) or b):

a) Above process is complete and correct:

b) Above-process has defect or gap: (Please describe the gap, if any)::

In Part 2-B and C above: Missing action: Clause 10.2.1.b “…evaluate
the need for action to eliminate the cause(s) of the nonconformity, in
order that it does not recur or occur elsewhere

Page 44 of 64
 *****END OF EXERCISE*****
Exercise No. 18

Title Identification of Documented information (MAINTAINED AND

RETAINED)

Learning Understanding ‘which requirement in ISO 9001:2015 requires

MANDATORY documented information maintained and retained
Outcome

Duration 30 Minutes

Method Individual Exercise

Exercis ● ISO 9001:2015 Standard

e
Material
1. Delegates to review ALL clauses of ISO 9001:2015, and LIST

the requirements that require mandatory documented

information maintained and retained

Delegate
Instruction 2. This can be achieved by listing or by developing a matrix

using a worksheet

3. Additionally, delegates may also identify non-mandatory

documented information (maintained and retained) may

help a business to establish conformity

Page 45 of 64
 Template for Exercise 18:

# Clause # requiring mandatory Clause # requiring mandatory Documented

Documented information MAINTAINED information RETAINED
1 4.3 Scope 9.2 Internal audit
2 5.2 Policy 9.3 Management Review

SPECIMEN - ISO 9001-2015 Mandatory documented information

A. DOCUMENTED INFORMATION MAINTAINED
4.3 Scope of QMS
4.4.2 QMS and its processes
5.2.1 Quality Policy
6.2.1 Quality Objectives
8.1.e Operational Planning and Control

B. DOCUMENTED INFORMATION RETAINED

4.4.2 QMS and its processes

7.1.5.1 Monitoring and measuring resources
7.2 Competence
8.2.3.2 Review of the requirements for products and services
8.3.3 Design and development inputs
8.3.5 Design and development outputs
8.3.6 Design and development changes
8.4.1 Control of externally provided processes, products and services
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.6 Control of changes
8.6 Release of products and services
8.7.2 Control of nonconforming outputs
9.1.1 Monitoring, measurement, analysis and evaluation
9.2.2.f Internal audit
9.3.3 Management review outputs
10.2.2 Nonconformity and corrective action

C. NON-MANDATORY DOCUMENTED INFORMATION - SPECIMEN

4.1 List of determined 'External and internal issues' - DULY APPROVED

4.2 List of determine 'Interested parties, and their needs and expectations' -DULY APPROVED
9.2 Procedure for Internal audit
9.3 Procedure for Management Review

**** End of Exercises ****

Page 46 of 64