| Exam Name: | ISO/IEC 42001:2023Artificial Intelligence Management System Lead Auditor Exam | ||
| Exam Code: | ISO-IEC-42001-Lead-Auditor Dumps | ||
| Vendor: | PECB | Certification: | AI management system (AIMS) |
| Questions: | 40 Q&A's | Shared By: | bella-rose |
Scenario 8 (continued):
Scenario 8:
Scenario 8: InnovateSoft, headquartered in Berlin, Germany, is a software development company known for its innovative solutions andcommitment to excellence. It specializes in custom software solutions, development, design, testing, maintenance, and consulting,covering both mobile apps and web development. Recently, the company underwent an audit to evaluate the effectiveness and
compliance of its artificial intelligence management system AIMS against ISO/IEC 42001.
The audit team engaged with the auditee to discuss their findings and observations during the audit's final phases. After evaluating theevidence, the audit team presented their audit findings to InnovateSoft, highlighting the identified nonconformities.
Upon receiving the audit findings, InnovateSoft accepted the conclusions but expressed concerns about some findings inaccuratelyreflecting the efficiency of their software development processes. In response, the company provided new evidence and additionalinformation to alter the audit conclusions for a couple of minor nonconformities identified. After thorough consideration, the audit teamleader clarified that the new evidence did not significantly alter the core conclusions drawn for the nonconformities. Therefore, thecertification body issued a certification recommendation conditional upon the filing of corrective action plans without a prior visit.
InnovateSoft accepted the decision of the certification body. The top management of the company also sought suggestions from theaudit team on resolving the identified nonconformities. The audit team leader offered solutions to address the issues, fostering acollaborative effort between the auditors and InnovateSoft.During the closing meeting, the audit team covered key topics to enhance transparency. They clarified to InnovateSoft that the auditevidence was based on a sample, acknowledging the inherent uncertainty. The method and time frame of reporting and grading findingswere discussed to provide a structured overview of nonconformities. The certification body's process for handling nonconformities,including potential consequences, guided InnovateSoft on corrective actions. The time frame for presenting a plan for correction was
communicated, emphasizing urgency. Insights into the certification body’s post-audit activities were provided, ensuring ongoing support.
Lastly, the audit team briefed InnovateSoft on complaint and appeal handling.
InnovateSoft submitted the action plans for each nonconformity separately, describing only the detected issues and the correctiveactions planned to address the detected nonconformities. However, the submission slightly exceeded the specified period of 45 days setby the certification body, arriving three days later. InnovateSoft explained this by attributing the delay to unexpected challengesencountered during the compilation of the action plans.
InnovateSoft’s corrective action plans described the detected issues and intended corrections but did not include the root causes.
Question:
Were InnovateSoft’s action plans drafted appropriately?
Question:
During a combined audit, if an auditor identifies a finding linked to one criterion, should they consider its potential impact on corresponding or related criteria of other management systems?
Scenario 4 (continued):
BioNovaPharm, a German biopharmaceutical company, has implemented an artificial intelligence management system AIMSbased on ISO/IEC 42001 to optimize various aspects of drug discovery, including analyzing extensive biological data, identifying potentialdrug candidates, and streamlining clinical trial processes. After having the AIMS in place for over a year, the company contracted acertification body and is now undergoing an AIMS audit to obtain certification against ISO/IEC 42001.
Adopting a risk-based approach, the audit team focused on risk throughout their activities. The level of detail outlined in the audit plancorresponded to the scope and complexity of the audit. The team employed a ranking system for detailed audit procedures, prioritizingthose with the highest risk.
Once the stage 1 audit began, the audit team started reviewing the auditee's documented information. To assess whether BioNovaPharmcomplies with the legal and regulatory requirements related to incident communication, the audit team examined evidence provided bythe company’s external legal office. The evidence confirmed that BioNovaPharm applies the requirements of the EU Al Act, whichmandates that providers of high-risk Al systems report serious incidents to relevant authorities.
Following the completion of the stage 1 audit, John, an audit team member, documented the stage 1 audit outputs, including theobservations of the audit team that could result in nonconformities during the on-site audit. However, the audit team leader, Emma, whowas overseeing the audit activities, observed that John failed to document significant observations related to the lack of transparency inthe Al decision-making processes of BioNovaPharm. Considering that Emma observed John's lack of competence in undertaking some
audit activities, a disciplinary note was recorded for John.
Question:
Based on Scenario 4, does the level of detail in the audit plan adequately reflect all aspects recommended for a comprehensive risk-based approach to planning?
TESTED 30 Apr 2025
