Which four of the following actions should you take?

ISO-IEC-27001 Lead Auditor V2 0 Comments

During a follow-up audit, you notice that a nonconformity identified for completion before the follow-up audit is still outstanding.

Which four of the following actions should you take?

A. Report the failure to address the corrective action for the outstanding nonconformity to the organisation’s top management

B. Immediately raise an nonconformity as the date for completion has been exceeded

C. If the delay is justified agree on a revised date for clearing the nonconformity with the auditee/audit client

D. Contact the individuals) managing the audit programme to seek their advice as to how to proceed

E. Decide whether the delay in addressing the nonconformity is justified

F. Cancel the follow-up audit and return when an assurance has been received that the

nonconformity has been cleared

G. Note the nonconformity is still outstanding and follow audit trails to determine why H. If the delay is unjustified advise the auditee /audit client and agree on remedial action

Answer: ACEG

Explanation:

According to the ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) course, the following actions should be taken when a nonconformity identified for completion before the follow-up audit is still outstanding:

A. Report the failure to address the corrective action for the outstanding nonconformity to the organisation’s top management. This is part of the auditor’s responsibility to communicate the audit results and ensure that the audit objectives are met12.

C. If the delay is justified agree on a revised date for clearing the nonconformity with the auditee/audit client. This is part of the auditor’s responsibility to verify the effectiveness of the corrective actions taken by the auditee and to close the nonconformity when the evidence is satisfactory12.

. Decide whether the delay in addressing the nonconformity is justified. This is part of the auditor’s responsibility to evaluate the evidence presented by the auditee and to use professional judgement and objectivity to determine the validity of the reasons for the delay12.

G. Note the nonconformity is still outstanding and follow audit trails to determine why. This is part of

the auditor’s responsibility to collect and verify audit evidence and to identify the root causes of the

nonconformity12.

Reference: 1: ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) course, CQI and IRCA Certified Training, 1

2: ISO/IEC 27001 Lead Auditor Training Course, PECB, 2

Latest ISO-IEC-27001 Lead Auditor Dumps Valid Version with 100 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download ISO-IEC-27001 Lead Auditor PDF    ISO-IEC-27001 Lead Auditor Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments