• Home
  • Articles
  • Free ISO-IEC-42001-Lead-Auditor pdf Files With Updated and Accurate Dumps Training [Q96-Q111]

Free ISO-IEC-42001-Lead-Auditor pdf Files With Updated and Accurate Dumps Training [Q96-Q111]

Share

Free ISO-IEC-42001-Lead-Auditor pdf Files With Updated and Accurate Dumps Training

Top-Class ISO-IEC-42001-Lead-Auditor Question Answers Study Guide


PECB ISO-IEC-42001-Lead-Auditor Exam Syllabus Topics:

TopicDetails
Topic 1
  • Closing an ISO
  • IEC 42001 audit: This section of the exam measures the skills of an AI Compliance Officer and explains how to complete the audit process. It includes reporting findings, managing nonconformities, and conducting follow-ups to ensure continuous improvement and compliance.
Topic 2
  • Preparing an ISO
  • IEC 42001 audit: This section of the exam measures the skills of a Lead Auditor and covers how to plan and prepare for an AI management system audit. It includes creating audit plans, selecting team members, and setting clear objectives to ensure a smooth audit process.
Topic 3
  • Fundamental audit concepts and principles: This section of the exam measures the skills of a Lead Auditor and outlines essential audit concepts such as evidence collection, impartiality, objectivity, and ethical conduct. It introduces the core principles that form the foundation of a reliable and consistent auditing process.

 

NEW QUESTION # 96
Scenario 8 (continued):
Scenario 8:
Scenario 8: InnovateSoft, headquartered in Berlin, Germany, is a software development company known for its innovative solutions andcommitment to excellence. It specializes in custom software solutions, development, design, testing, maintenance, and consulting,covering both mobile apps and web development.
Recently, the company underwent an audit to evaluate the effectiveness and compliance of its artificial intelligence management system AIMS against ISO/IEC 42001.
The audit team engaged with the auditee to discuss their findings and observations during the audit's final phases. After evaluating theevidence, the audit team presented their audit findings to InnovateSoft, highlighting the identified nonconformities.
Upon receiving the audit findings, InnovateSoft accepted the conclusions but expressed concerns about some findings inaccuratelyreflecting the efficiency of their software development processes. In response, the company provided new evidence and additionalinformation to alter the audit conclusions for a couple of minor nonconformities identified. After thorough consideration, the audit teamleader clarified that the new evidence did not significantly alter the core conclusions drawn for the nonconformities. Therefore, thecertification body issued a certification recommendation conditional upon the filing of corrective action plans without a prior visit.
InnovateSoft accepted the decision of the certification body. The top management of the company also sought suggestions from theaudit team on resolving the identified nonconformities. The audit team leader offered solutions to address the issues, fostering acollaborative effort between the auditors and InnovateSoft.During the closing meeting, the audit team covered key topics to enhance transparency. They clarified to InnovateSoft that the auditevidence was based on a sample,acknowledging the inherent uncertainty. The method and time frame of reporting and grading findingswere discussed to provide a structured overview of nonconformities. The certification body's process for handling nonconformities,including potential consequences, guided InnovateSoft on corrective actions. The time frame for presenting a plan for correction was communicated, emphasizing urgency. Insights into the certification body's post-audit activities were provided, ensuring ongoing support.
Lastly, the audit team briefed InnovateSoft on complaint and appeal handling.
InnovateSoft submitted the action plans for each nonconformity separately, describing only the detected issues and the correctiveactions planned to address the detected nonconformities. However, the submission slightly exceeded the specified period of 45 days setby the certification body, arriving three days later.
InnovateSoft explained this by attributing the delay to unexpected challengesencountered during the compilation of the action plans.
During the closing meeting, the audit team covered key topics including sampling uncertainty, timelines for corrections, and complaint/appeals procedures.
Question:
Based on Scenario 8, was the concluding meeting comprehensive in addressing all essential components of the audit?

  • A. No, it should not have involved the post-audit activities of the certification body
  • B. No, it should not have involved the assessment of audit findings
  • C. Yes, it addressed all necessary aspects

Answer: C

Explanation:
The closing meeting covered:
* Uncertainty due to sampling
* Timeline for corrective actions
* Complaint and appeal procedures
* Findings and their classificationThese areall required elementsof the closing meeting.
* ISO/IEC 17021-1:2015 Clause 9.4.7requires the audit team to present a summary of findings and next steps during the closing meeting.
* ISO 19011:2018 Clause 6.6.12further includes communication of audit conclusions, clarification of nonconformities, and how findings will be managed post-audit.
Reference:ISO/IEC 17021-1:2015 Clause 9.4.7; ISO 19011:2018 Clause 6.6.12.


NEW QUESTION # 97
Question:
Which of the following describes a joint audit?

  • A. When audits are conducted back-to-back for efficiency
  • B. When an internal audit and a third-party audit are conducted simultaneously
  • C. When two or more management systems are audited together at a single auditee
  • D. When two or more auditing organizations cooperate to audit a single auditee

Answer: D

Explanation:
AJoint Auditis when two or more audit organizationscooperateto audit the same auditee.
* ISO 19011:2018 Clause 3.9defines joint audit as:"An audit carried out by two or more auditing organizations cooperating to audit a single auditee."
* This is further echoed in ISO/IEC 42001:2023, which supports joint audits especially inmulti-country and consortium environments (Clause 9.2.1 reference to audit scope management).
Reference:ISO 19011:2018 Clause 3.9; ISO/IEC 42001:2023 Clause 9.2.1.


NEW QUESTION # 98
Question:
For which of the following activities are certification bodies responsible?

  • A. Conducting internal audits on behalf of clients
  • B. Verifying whether a conformity assessment body meets established criteria to carry out conformity assessment tasks
  • C. Certifying management systems, persons, products, processes, and services
  • D. Implementing and managing the certified systems, processes, products, and services

Answer: C

Explanation:
Certification bodies are responsible for certifying management systems, persons, products, processes, and services, not for managing or implementing client systems. This responsibility isdefined in ISO/IEC 17021-1:
2015, Clause 4.2, and is referenced in ISO/IEC 42001 guidance materials.
Reference: ISO/IEC 17021-1:2015 Clause 4.2.


NEW QUESTION # 99
A healthcare provider wants to develop a system that can analyze medical images, such as X-rays and MRIs, to assist doctors in diagnosing diseases. Which AI concept is most relevant for this application?

  • A. Deep Learning (DL)
  • B. Machine Learning (ML)
  • C. Computer Vision
  • D. Natural Language Processing (NLP)

Answer: C

Explanation:
The AI concept most relevant for analyzingvisual data like X-rays and MRIsisComputer Vision. This field focuses on enabling machines tounderstand and interpret image and video data.
As outlined in thePECB Lead Auditor Guide - Domain 1, Computer Vision is specifically applied in medical imaging, object detection, facial recognition, and other tasks requiring interpretation of visual content.
WhileDeep Learningmay be used as an underlying technique (e.g., convolutional neural networks), Computer Visionis the broader and correct domain applicable to the question.
Reference: PECB Lead Auditor Guide - Domain 1: "AI Technologies and Use Cases" ISO/IEC 42001:2023 - Clause 8.2.3 (Selecting suitable AI approaches based on purpose and data types)


NEW QUESTION # 100
Which core element of AIMS is defined as: "Organizations are responsible for the development, deployment, and use of AI systems, and their potential impacts"?

  • A. Commitment
  • B. None of the above
  • C. Responsibility
  • D. Accountability

Answer: D

Explanation:
The correct core element isAccountability.
According toISO/IEC 42001:2023 - Clause 5.3, andPECB Lead Auditor Guide - Domain 1,accountability is defined as the obligation of organizations totake responsibility for the outcomes and impactsof AI systems across the lifecycle - including design, development, deployment, and operation.
This includes establishing:
* Clear roles and responsibilities
* Oversight mechanisms
* Escalation procedures for unintended consequences
It directly addresses the ethical and governance need to ensure AI systems are not used irresponsibly or without clear attribution.
Reference: ISO/IEC 42001:2023 - Clause 5.3 (Organizational roles, responsibilities and authorities) PECB Lead Auditor Guide - Domain 1: "Accountability in AI Governance"


NEW QUESTION # 101
Scenario 6:
Scenario 6: HappilyAI is a pioneering enterprise dedicated to developing and deploying artificial intelligence Al solutions tailored toenhance customer service experiences across various industries. The company offers innovative products like virtual assistants,predictive analytics tools, and personalized customer interaction platforms. As part of its commitment to operational excellence andinnovation, HappilyAI has implemented a robust Al management system AIMS to oversee its Al operations effectively. Currently.HappilyAI is undergoing a comprehensive audit process of its AIMS to evaluate its compliance with ISO/IEC 42001.
Under the leadership of Jess, the audit team began the audit process with meticulous planning and coordination, setting the groundworkfor the extensive on-site activities of the stage 1 audit. This initial phase was marked by a comprehensive documentation review. Theaudit scope encompassed a critical review of HappilyAI's core departments, including Research and Development (R&D), CustomerService, and Data Security, aiming to assess the conformity of HappilyAI's AIMS to the requirements of ISO/IEC 42001.
Afterward, Jess and the team conducted a formal opening meeting with HappilyAI to introduce the audit team and outline the auditactivities. The meeting set a collaborative tone for the subsequent phases, where the team engaged in information collection, executedaudit tests, identified findings, and prepared draft nonconformity reports while maintaining a strict quality review process.
In gathering evidence, the audit team employed a sampling method, which involved dividing the population into homogeneous groups toensure a comprehensive and representative data collection by drawing samples from each segment. Furthermore, the team employedobservation to deepen their understanding of the Al management processes. They verified the availability of essential documentation,including Al-related policies, and evaluated the communication channels established for reporting incidents.
Additionally, they scrutinized specific monitoring tools designed to track the performance of data acquisition processes, ensuring thesetools effectively identify and respond to errors or anomalies. However, a notable challenge emerged as the team encountered a lack ofaccess to documented information that describes how tasks about AIMS are executed. In addition to this, the team identified a potentialnonconformity within the Sales Department. They decided not to record this as a nonconformity in the audit report but onlycommunicated it to the HappilyAI's representatives.
During the stage 2 audit, the certification body, in collaboration with HappilyAI, assigned the roles of technical experts within the auditteam. Recognized for their specialized knowledge and expertise in artificial intelligence and its applications, these technical experts aretasked with the thorough assessment of the AIMS framework to ensure its alignment with industry standards and best practices,focusing on areas such as data ethics, algorithmic transparency, and Al system security.
Question:
Which level of documented information could the audit team NOT access?

  • A. Level 1
  • B. Level 2
  • C. Level 3

Answer: C

Explanation:
Level 3 documentationtypically includes detailed procedures, work instructions, and records explaining exactlyhow tasks are performed.
* ISO/IEC 42001:2023 Clause 7.5.1requires organizations to maintain documented information necessary for the effective functioning of the AIMS.
* TheLead Auditor Study Guideexplains:"Level 3 documents are the operational and procedural records that detail the execution of management system activities."The team lacked access to task execution procedures - indicating missing Level 3 documentation.
Reference:ISO/IEC 42001:2023 Clause 7.5.1; ISO 19011:2018 Clause 6.3.


NEW QUESTION # 102
Scenario 9 (continued):
Scenario 9: Securisai, located in Tallinn.Estonia, specializes in the development of automated cybersecurity solutions that utilize AIsystems. The company recently implemented an artificial intelligence management system AIMS in accordance with ISO/IEC 42001. Indoing so, the company aimed to manage its Al-driven systems' capabilities to detect and mitigate cyber threats more efficiently andethically. As part of its commitment to upholding the highest standards of Al use and management, Securisai underwent a certificationaudit to demonstrate compliance with ISO/IEC 42001.
The audit process comprised two main stages: the initial or stage 1 audit focused on reviewing Securisai's documentation, policies, andprocedures related to its AIMS. This review laid the groundwork for the stage 2 audit, which involved a comprehensive, on-site evaluation of the actual implementation and effectiveness of the AIMS within Securisai's operations. The goal was to observe the AIMS in operation,ensuring that it not only existed on paper but was effectively integrated into the company's daily activities and cybersecurity strategies.
After the audit, Roger, Securisai's internal auditor, addressed the action plans devised to rectify nonconformities identified during thecertification audit. He developed a long term strategy, highlighting key AIMS processes for triennial audits. Roger's internal audits play a key role in advancing Securisai's goals by employing a systematic and disciplined method to assess and boost the efficiency of risk management, governance processes, and strategic decision-making. Roger reported his findings directly to Securisai's top management.
Following the successful rectification of nonconformities, Securisai was officially certified against ISO/IEC
42001.
Recently, the company decided to transfer its ISO/IEC 42001 certification registration from onecertification body to another despitebeing initially bound by a long-term agreement with the current certification body.
This decision was motivated by the desire to partnerwith a certification body that offers deeper insights and expertise in the rapidly evolving field of artificial intelligence in cybersecurity.
To ensure a smooth transition and uphold its certification status, Securisai is diligently compiling the required documentation forsubmission to the new certification body. This includes a formal request, the most recent audit report underscoring its adherence toISO/IEC 42001, the latest corrective action plan that highlights its continuous efforts toward improvement, and a copy of its current validcertification registration.
A year following Securisai's initial certification audit, a subsequent audit was carried out by the certification body on its AIMS. The purpose of this audit was to assess compliance with ISO/IEC 42001 and verify the ongoing improvement of the AIMS. The audit team concluded that Securisai's AIMS consistently meets the requirements set by ISO/IEC 42001.
Question:
What type of audit is described in the last paragraph of Scenario 9?

  • A. Recertification audit
  • B. Surveillance audit
  • C. Internal audit

Answer: B

Explanation:
The follow-up auditone year after initial certificationto assess ongoing conformity is classified as a Surveillance Audit.
* ISO/IEC 17021-1:2015 Clause 9.6.2.1states:"Surveillance audits are conducted at least once a year to ensure that the certified management system continues to meet requirements."
* ISO/IEC 42001:2023 Clause 9.2.2also references surveillance as part of maintaining AI management system certification.
Reference:ISO/IEC 17021-1:2015 Clause 9.6.2.1; ISO/IEC 42001:2023 Clause 9.2.2.


NEW QUESTION # 103
An AI-driven recommendation system for online shopping has been accused of promoting products from certain vendors over others without clear reasoning. The company wants to address these concerns effectively. Which core element is most relevant to resolving this issue?

  • A. Fairness and Non-Discrimination
  • B. Human-Centered Design
  • C. Accountability
  • D. Privacy and Security

Answer: A

Explanation:
The concern here revolves aroundpotential algorithmic biasandpreferential treatment, which falls under the core ethical principle ofFairness and Non-Discrimination.
According to ISO/IEC 42001:2023, organizations mustidentify and mitigate discriminatory impactsof AI systems, especially where algorithmic decisions influenceuser experiences, accessto services, or market fairness(Clause 6.1.2 and Clause 8.2.3).
This core element ensures that AI decisions are:
* Equitable and unbiased
* Do not systematically favor or disadvantage individuals or groups
* Transparent in rationale and decision logic
The PECB Guide emphasizes that Fairness is particularly important inrecommendation, ranking, or classification systems, where outcomes affect stakeholders' access or exposure.


NEW QUESTION # 104
Scenario 9:
Scenario 9: Securisai, located in Tallinn.Estonia, specializes in the development of automated cybersecurity solutions that utilize AIsystems. The company recently implemented an artificial intelligence management system AIMS in accordance with ISO/IEC 42001. Indoing so, the company aimed to manage its Al-driven systems' capabilities to detect and mitigate cyber threats more efficiently andethically. As part of its commitment to upholding the highest standards of Al use and management, Securisai underwent a certificationaudit to demonstrate compliance with ISO/IEC 42001.
The audit process comprised two main stages: the initial or stage 1 audit focused on reviewing Securisai's documentation, policies, andprocedures related to its AIMS. This review laid the groundwork for the stage 2 audit, which involved a comprehensive, on-site evaluation of the actual implementation and effectiveness of the AIMS within Securisai's operations. The goal was to observe the AIMS in operation,ensuring that it not only existed on paper but was effectively integrated into the company's daily activities and cybersecurity strategies.
After the audit, Roger, Securisai's internal auditor, addressed the action plans devised to rectify nonconformities identified during thecertification audit. He developed a long term strategy, highlighting key AIMS processes for triennial audits. Roger's internal audits play a key role in advancing Securisai's goals by employing a systematic and disciplined method to assess and boost the efficiency of risk management, governance processes, and strategic decision-making. Roger reported his findings directly to Securisai's top management.
Following the successful rectification of nonconformities, Securisai was officially certified against ISO/IEC
42001.
Recently, the company decided to transfer its ISO/IEC 42001 certification registration from one certification body to another despitebeing initially bound by a long-term agreement with the current certification body.
This decision was motivated by the desire to partnerwith a certification body that offers deeper insights and expertise in the rapidly evolving field of artificial intelligence in cybersecurity.
To ensure a smooth transition and uphold its certification status, Securisai is diligently compiling the required documentation forsubmission to the new certification body. This includes a formal request, the most recent audit report underscoring its adherence toISO/IEC 42001, the latest corrective action plan that highlights its continuous efforts toward improvement, and a copy of its current validcertification registration.
A year following Securisai's initial certification audit, a subsequent audit was carried out by the certification body on its AIMS. The purpose of this audit was to assess compliance with ISO/IEC 42001 and verify the ongoing improvement of the AIMS. The audit team concluded that Securisai's AIMS consistently meets the requirements set by ISO/IEC 42001.
Question:
Roger followed up on action plans resulting from external audits. Is this acceptable?

  • A. Yes, the internal auditor should follow up on action plans submitted during internal and external audits
  • B. No, the internal auditor should follow up on action plans submitted in response to nonconformities resulting only from internal audits
  • C. No, it is the responsibility of the external auditor to follow up on action plans resulting from external audits

Answer: A

Explanation:
It isacceptableand even advisable for internal auditors to monitor bothinternalandexternal audit findingsto ensure the system's ongoing effectiveness.
* ISO/IEC 42001:2023 Clause 9.2.2states:"Internal audits shall ensure the AIMS conforms to both the organization's own requirements and the requirements of the standard, including actions arising from external audits."
* ISO 19011:2018 Clause 5.5allows internal auditors to verify that corrective actions from all sources (internal and external audits) are implemented effectively.
Reference:ISO/IEC 42001:2023 Clause 9.2.2; ISO 19011:2018 Clause 5.5.


NEW QUESTION # 105
Was the arrangement for assigning guides during the audit process appropriate?

  • A. No, because every auditor must have a guide accompanying them
  • B. No, because the auditee should not influence the guide selection process
  • C. Yes, the arrangement was appropriate
  • D. No, because guides must be independent of the auditee

Answer: C

Explanation:
According to ISO 19011:2018, Clause 6.4.2, guides may be appointed by the auditee to assist the audit team in identifying individuals to be interviewed, providing access to sites, and ensuring communication. Not every auditor must have an individual guide, and the decision is typically made collaboratively between the audit team leader and the auditee based on the audit scope, complexity, and logistics.
The scenario describes that the decision was made in mutual agreement with the audit team leader, which complies with best practices.
Reference:
ISO 19011:2018, Clause 6.4.2 - Use of guides and observers
ISO/IEC 17021-1:2015, Clause 9.1.6 - Audit support from guides
PECB ISO/IEC 42001 Lead Auditor Study Guide - Section: Role of Guides in Audits
\===========


NEW QUESTION # 106
Question:
During an audit, the auditor employed data analytic technology to identify anomalies and unusualpatterns in the decision-making processes of an AI system used by a financial institution to approve or reject loan applications. Which data analytic technology did the auditor use?

  • A. Text analytics
  • B. Visual analytics
  • C. Predictive analytics
  • D. Data mining

Answer: D

Explanation:
The auditor usedData Mining.
* Data mininginvolves exploring large datasets to identify patterns, anomalies, or relationships.
* ISO/IEC 20546:2019 Clause 3.5defines data mining as:"The process of discovering patterns, correlations, anomalies, and associations within large datasets."
* In ISO/IEC 42001:2023, auditors are encouraged in Clause 9.2.2 to useappropriate technological tools to analyze AI system behavior, including using big data technologies for pattern recognition during audits.
Reference:ISO/IEC 20546:2019 Clause 3.5; ISO/IEC 42001:2023 Clause 9.2.2.


NEW QUESTION # 107
What is the right series of AI system lifecycle?

  • A. System Verification & validation, System design & development, System Deployment, System Requirements & specification finalization, System Operation & monitoring
  • B. System Requirements & specification finalization, System design & development, System Deployment, System Verification & validation, System Operation & monitoring
  • C. System design & development, System Operation & monitoring, System Requirements & specification finalization, System Verification & validation, System Deployment
  • D. System Requirements & specification finalization, System design & development, System Verification
    & validation, System Deployment, System Operation & monitoring

Answer: D

Explanation:
The correct lifecycle sequence for an AI system as outlined inISO/IEC 42001:2023and supporting lifecycle methodologies (such as those influenced by ISO/IEC/IEEE 15288 and ISO/IEC TR 24028) is:
* System Requirements & Specification Finalization
* System Design & Development
* System Verification & Validation
* System Deployment
* System Operation & Monitoring
This lifecycle ensures that all AI systems are planned, built, tested, and monitored effectively to address functional, ethical, and risk management objectives.
The standard encourages applying astructured lifecycle approachto ensure that AI systems meet organizational goals and stakeholder expectations throughout their operational period.


NEW QUESTION # 108
Question:
Can ISO/IEC 42001 be integrated into an integrated management system (IMS) with ISO/IEC 27001 and ISO
9001?

  • A. Yes, because they share a similar standard structure
  • B. No, since they do not have a similar standard structure
  • C. Yes, but only under special organizational approval
  • D. No, because each management system should be implemented separately

Answer: A

Explanation:
ISO/IEC 42001 follows theHigh-Level Structure (HLS)(Annex SL) used by ISO management system standards such as ISO/IEC 27001 and ISO 9001. This structural alignment allows for easy integration into a unified management system, facilitating shared documentation, policies, audits, and continual improvement processes.
Reference:ISO/IEC 42001:2023 Introduction, Clause 0.3; ISO Directives Part 1, Annex SL.


NEW QUESTION # 109
Scenario 3 (continued):
ArBank is a financial institution located in Brussels, Belgium, which offers a diverse range of banking and investment servicesto its clients. To ensure the continual improvement of its operations, ArBank has implemented a quality management system QMS based on ISO 9001 and an artificial intelligence management system AIMS based on the requirements of ISO/IEC
42001.
Audrey, an experienced auditor, led an internal audit focused on the AIMS within ArBank. She assessed the chatbots integrated into thebank's website and mobile app, analyzing communications using big data technology to identify potential noncompliance, fraud, orunethical conduct. Instead of relying solely on the information provided by the chatbots, Audrey sought out evidence that would eitherconfirm or challenge the validity of the data, ensuring her conclusions were based on reliable and accurate information. Her review ofselected chatbot interactions confirmed they met their intended purpose.
For the specific context of ArBank's operations, Audrey utilized an Al system to assess the efficiency of the bank's digital infrastructure,focusing on tasks critical to the Finance Department. This Al system was able to analyze the functionality of chatbots integrated intoArBank's website and mobile app to determine if it adheres to ISO/IEC 42001 requirements and internal policies governing customerservice in the banking sector.
In addition, Audrey conducted a deeper assessment of the bank's AIMS. Her evaluation included observing different stages of the AIMSlife cycle, from development to deployment, to ensure that roles and responsibilities were clearly defined and aligned with ArBank'soperational goals. She also evaluated the tools used to monitor and measure the performance of the AIMS.
Audrey continued the audit process by auditing ArBank's outsourced operations. Upon checking the contractual agreements between thetwo parties, Audrey decided that there was no need to gather audit evidence regarding the contractual agreement. She reviewed thecompany's processes for monitoring the quality of outsourced operations, determined whether appropriate governanceprocesses are inplace with regard to the engagement of outsourced persons or organizations, and reviewed and evaluated the company's plans in case ofexpected or unexpected termination of the outsourcing agreement.
Based on the scenario above, answer the following question:
Question:
Did Audrey conduct the audit process for the outsourced operation correctly? Refer to Scenario 3.

  • A. No, she should have gathered audit evidence concerning the contractual agreement between the two parties
  • B. Yes, but only if the contract terms were re-audited
  • C. Yes, she reviewed the company's processes for monitoring the quality of outsourced operations
  • D. No, Audrey should not have been responsible for determining whether appropriate governance processes are in place for engaging outsourced persons or organizations

Answer: C

Explanation:
Audrey acted correctly because she focused onthe governance and quality monitoring processesof outsourced services.
* ISO/IEC 42001 Clause 8.1 ("Operational Planning and Control") requires organizations to ensure that external providers' activities are controlled, monitored, and reviewed during audits.
* TheLead Auditor Guide for ISO/IEC 42001states:"It is sufficient to review outsourced process management without directly auditing the contract itself unless otherwise stated in the audit objectives." Reference:ISO/IEC 42001:2023 Clause 8.1; Lead Auditor Study Guide Section 6.2 ("Auditing Outsourced Activities").


NEW QUESTION # 110
A global bank is currently evaluating the effectiveness of its AI management system controls through an AIMS audit. Which role is being played by this company?

  • A. An accreditation body
  • B. A certification body
  • C. An advisory body
  • D. An auditee

Answer: D

Explanation:
In this context, theglobal bankis theauditee, as it is theorganization being audited. According toISO 19011:
2018 - Clause 3.12, anauditeeis "the organization being audited."
Since the bank is undergoing aninternal or external auditof its AI Management System (AIMS), it assumes the role of theentity whose AIMS is being evaluatedfor effectiveness, compliance, and performance.
* Accreditation bodyis responsible for accrediting certification bodies.
* Certification bodyconducts audits for conformity assessments.
* Advisory bodyprovides consultation but does not participate directly in audits.
Reference: ISO 19011:2018 - Clause 3.12 (Auditee)
PECB Lead Auditor Guide - Domain 5: "Roles in the Audit Process"


NEW QUESTION # 111
......

Real Updated ISO-IEC-42001-Lead-Auditor Questions & Answers Pass Your Exam Easily: https://www.practicedump.com/ISO-IEC-42001-Lead-Auditor_actualtests.html

Easily To Pass New ISO-IEC-42001-Lead-Auditor Verified & Correct Answers: https://drive.google.com/open?id=1Ijmag5l6zCUEYrOgPIXbt8X-uAJ5lcoF

Related Articles

more
PECB ISO-IEC-42001-Lead-Auditor Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.