
Free ISO-IEC-42001-Lead-Auditor Questions for PECB ISO-IEC-42001-Lead-Auditor Exam [Apr-2026]
Validate your ISO-IEC-42001-Lead-Auditor Exam Preparation with ISO-IEC-42001-Lead-Auditor Practice Test (Online & Offline)
PECB ISO-IEC-42001-Lead-Auditor Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 106
During a certification audit, the audit team reviewed the defined roles and responsibilities within the auditee and conducted interviews with key personnel. They also evaluated whether the roles and responsibilities were aligned with the AI policy and objectives, examined reporting mechanisms for concerns, and reviewed the reporting frequency and response time for AI-related matters. The implementation of which control of ISO
/IEC 42001 is being verified in this case?
- A. A.4 Resources for AI systems
- B. A.3 Internal organization
- C. A.6 External context and stakeholder engagement
- D. A.5 Assessing impacts of AI systems
Answer: B
Explanation:
Control A.3 in ISO/IEC 42001:2023 focuses on the internal organization of the AI management system. This includes establishing, assigning, and communicating roles and responsibilities related to the AI system's governance and operations, aligning responsibilities with the AI policy and objectives, and establishing mechanisms for raising concerns and tracking responses.
In this case, reviewing roles, responsibilities, reporting mechanisms, and response times directly relates to verifying the implementation of A.3 Internal organization.
Reference:
ISO/IEC 42001:2023, Annex A, Control A.3 - Internal Organization
PECB ISO/IEC 42001 Lead Auditor Study Guide - Annex A Control Descriptions
\===========
NEW QUESTION # 107
Scenario 5 (continued):
Scenario 5: Aizoia, located in Washington, DC, has revolutionized data analytics, software development, and consulting by usingadvanced Al algorithms. Central to its success is an Al platform adept at deciphering complex datasets for enhanced insights. To ensure that its Al systems operate effectively and responsibly, Aizoia has established an artificial intelligence management system AIMS basedon ISO/IEC 42001 and is now undergoing a certification audit to verify the AIMS's effectiveness and compliance with ISO/IEC 42001.
Robert, one of the certification body's full-time employees with extensive experience in auditing, was appointed as the audit team leaderdespite not receiving an official offer for the role. Understanding the critical importance of assembling an audit team with diverse skills and knowledge, the certification body selected competent individuals to form the audit team. The certification body appointed a team ofseven members to conduct the audit after considering the specific conditions of the audit mission and the required competencies.
Initially, the certification body, in cooperation with Aizoia, defined the extent and boundaries of the audit, specifying the sites (whetherphysical or virtual), organizational units, and the activities for review. Once the scope, processes, methods, and team composition hadbeen defined, the certification body provided the audit team leader with extensive information, including the audit objectives anddocumented details on the scope, processes, methods, and team compositions.
Additionally, the certification body shared contact details of the auditee, including locations, time frames, and the duration of the auditactivities to be conducted. The team leader also received information needed for evaluating and addressing identified risks andopportunities for the achievement of the audit objectives.
Before starting the audit, Robert wrote an engagement letter, introducing himself to Aizoia and outlining plans for scheduling initialcontact. The initial contact aimed to confirm thecommunication channels, establish the audit team's authority to conduct the audit, andsummarize the audit's key aspects, such as objectives, scope, criteria, methods, and team composition. Duringthis first meeting, Robertemphasized the need for access to essential information that would help to conduct the audit.
Moreover, audit logistics, such as scheduling, access, health and safety arrangements, observer attendance, and the need for guides orinterpreters, were thoroughly planned. The meeting also addressed areas of interest or concern, preemptively resolving potential issuesand finalizing any matters related to the audit team composition.
As the audit progressed, Robert recognized the complexity of Aizoia's operations, leading him to conclude that a review of its Al-relateddata governance practices was essential for compliance with ISO/IEC 42001. He discussed this need with Aizoia's management,proposing an expanded audit scope. After careful consideration, they agreed to conduct a thorough review of the Al data governancepractices, but there was no mutual decision to officially change the audit scope. Consequently. Robert decided to proceed with the auditbased on the original scope, adhering to the initial audit plan, and documented the conversation and decision accordingly.
Based on the scenario above, answer the following question:
Question:
Based on Scenario 5, did the certification body provide all the necessary information to conduct the audit to the audit team leader?
- A. Yes, all the necessary information was provided to the audit team leader
- B. No, information on the resources necessary to conduct the audit was not provided
- C. No, the audit team leader did not receive details on the audit team's training requirements
Answer: A
Explanation:
The certification body providedall the necessary information, including scope, objectives, methods, contact information, and risks.
* ISO/IEC 17021-1:2015 Clause 9.2.3.1and ISO/IEC 42001:2023 Clause 9.2 state that the certification body must equip the audit team leader with sufficient information for audit planning and execution.
* TheLead Auditor Study Materialconfirms:"Audit planning must be supported by complete and verified information provided by the certification body." Reference:ISO/IEC 17021-1:2015 Clause 9.2.3.1; ISO/IEC 42001:2023 Clause 9.2.
NEW QUESTION # 108
Which control in Annex A of ISO 42001:2023 focuses on the need for stakeholder engagement in AI system development?
- A. Risk Assessment
- B. Data Management
- C. Stakeholder Consultation
- D. Continuous Improvement
Answer: C
Explanation:
Annex A - Control A.5.2.2: Stakeholder Consultationexplicitly requires organizations toconsult with relevant stakeholders(such as users, impacted communities, regulators, etc.) during the development and operation of AI systems.
This control emphasizes the importance of engaging stakeholders toidentify expectations, values, ethical concerns, and social impact risksassociated with the AI system.
Stakeholder engagement supports transparency, ethical alignment, and social acceptability of AI solutions.
Reference: ISO/IEC 42001:2023 - Annex A, Control A.5.2.2 (Stakeholder Consultation) PECB Lead Auditor Guide - Domain 2: "Governance and Control Requirements for Ethical AI"
NEW QUESTION # 109
Which of the following is NOT a common feature shared by AI systems?
- A. Interactive
- B. Contextual
- C. Infallible
Answer: C
Explanation:
AI systems are often described as:
Interactive - They interact with users or their environment (e.g., via input/output mechanisms).
Contextual - They operate within and adapt to specific contexts, often requiring contextual understanding.
Infallible - This is a misleading term. No AI system is infallible. AI systems are prone to errors, limitations in training data, algorithmic bias, and decision uncertainty.
Therefore, "infallible" is NOT a common or realistic feature of AI systems.
Reference:
ISO/IEC 22989:2022 - Artificial Intelligence - Concepts and terminology, Clause 3.3: General AI capabilities ISO/IEC 42001:2023, Annex A - Emphasizes the importance of risk, uncertainty, and human oversight, further confirming that AI systems are not infallible.
NEW QUESTION # 110
Audit evidence must be:
- A. Structured
- B. Physical
- C. Verifiable
- D. Refutable
Answer: C
Explanation:
Audit evidencemust beobjective and verifiable, meaning that it can beconfirmed through observation, documentation, or reproducible results. This is a foundational principle of auditing as per:
* ISO 19011:2018 - Clause 3.8defines audit evidence as "records, statements of fact or other information which arerelevant to the audit criteria and verifiable."
* This principle is also emphasized in ISO/IEC 42001 during internal audits (Clause 9.2), ensuring that conclusions are based onfactual, traceable, and confirmabledata.
Verifiability ensures the credibility and reliability of audit findings, especially critical in evaluating AIMS due to the complexity and potential subjectivity of AI behaviors.
NEW QUESTION # 111
An organization is undergoing a certification audit to evaluate its compliance with ISO/IEC 42001 and ISO
/IEC 27001 for its AIMS and ISMS, respectively. What type of audit is the organization undergoing in this case?
- A. A concurrent audit
- B. A sequential audit
- C. An independent system audit
- D. A combined audit
Answer: D
Explanation:
A combined audit refers to a single audit that covers two or more management systems (e.g., AIMS and ISMS) managed as a single system. In this case, the organization is undergoing a certification audit for both ISO/IEC 42001 and ISO/IEC 27001 simultaneously.
According to ISO 19011:2018 (Clause 3.11), a combined audit is "an audit conducted at one auditee on two or more management systems of different disciplines." Reference:
ISO 19011:2018, Clause 3.11 - Combined audit
ISO/IEC 42001:2023, Clause 9.2 - Internal and external audits
PECB ISO/IEC 42001 Lead Auditor Study Guide - Section: Combined and Integrated Audits
\===========
NEW QUESTION # 112
A social media platform wants to automatically detect and remove inappropriate content from images and videos uploaded by users. Which AI concept is most appropriate for this task?
- A. Machine Learning (ML)
- B. Computer Vision
- C. Natural Language Processing (NLP)
- D. Deep Learning (DL)
Answer: B
Explanation:
The most appropriate AI concept for analyzingimages and videosisComputer Vision. Computer Vision is a subfield of artificial intelligence that enables systems tointerpret and process visualdata, such as photos and video frames, which is exactly what is required in this scenario.
According to thePECB Lead Auditor Guide,Computer Visionis explicitly associated with tasks such as object recognition, content moderation, facial recognition, and image classification - all of which are relevant in detecting inappropriate content on platforms like social media.
WhileDeep Learningis often usedwithinComputer Vision (e.g., convolutional neural networks), thecorrect high-level conceptbeing asked here is Computer Vision, which encompasses the overall domain applicable to this scenario.
* NLPis used for analyzing text and language, not visual content.
* MLis a broader category under which Computer Vision models are trained, but is too general for this specific task.
NEW QUESTION # 113
Which of the following is NOT a guide's responsibility?
- A. Witnessing the audit activities on behalf of the client
- B. Drafting and communicating the conclusions of the audit
- C. Assisting with access and facilitating communication
- D. Establishing contacts and timing for interviews
Answer: B
Explanation:
Per ISO 19011:2018, Clause 6.4.2, guides are provided by the auditee to assist the audit team. Their role includes arranging interviews, ensuring access to documentation and locations, and clarifying organizational processes. However, they are not involved in drafting audit findings, conclusions, or decisions.
Drafting and communicating audit conclusions is the sole responsibility of the audit team leader and the audit team - not the guide.
Reference:
ISO 19011:2018, Clause 6.4.2 - Use of Guides
PECB ISO/IEC 42001 Lead Auditor Study Guide - Section: Role of Guides in Audits
\===========
NEW QUESTION # 114
A tech company has decided to apply ISO/IEC 42001 specifically to integrate the AIMS with existing management systems, such as the Information Security Management System and the Business Continuity Management System. Which part of ISO/IEC 42001 should the company use as guidance on aligning the AIMS with these systems to ensure cohesive objectives, streamlined processes, and unified documentation?
- A. Annex C
- B. Annex B
- C. Annex D
Answer: B
Explanation:
Annex B of ISO/IEC 42001:2023 provides detailed guidance on the integration of AIMS with other management systems. It supports harmonization with existing systems, such as:
ISO/IEC 27001 (Information Security Management System)
ISO 22301 (Business Continuity Management System)
ISO 9001 (Quality Management System)
Annex B promotes the use of a high-level structure (HLS), aligned terminology, and a risk-based approach to enable integrated planning, unified documentation, and cohesive objectives across systems.
Option B (Annex C) relates to additional implementation guidance for AI-specific controls.
Option C (Annex D) does not exist in ISO/IEC 42001.
Reference:
ISO/IEC 42001:2023, Annex B - Integration with other management system standards ISO/IEC Directives Part 1 - Harmonized Structure (Annex L) PECB Lead Auditor Study Guide, Chapter 3 - Integration of AIMS with existing management systems
NEW QUESTION # 115
According to the core element of 'Privacy and Security,' what is essential when developing AI systems?
- A. Enhancing the graphical user interface
- B. Ensuring the protection of personal data and system security
- C. Increasing the efficiency of AI algorithms
- D. Reducing the development time
Answer: B
Explanation:
ThePrivacy and Securityprinciple focuses on safeguardingpersonal dataand ensuring therobustness of AI systems against security threats.
As outlined inISO/IEC 42001:2023 - Clause 6.1.2 and 8.2.3, organizations must addressdata protection, cybersecurity, and access controlsthroughout the AI system lifecycle.
This is particularly relevant in contexts where AI systems handlesensitive or identifiable data, such as health, finance, or biometrics.
Reference: ISO/IEC 42001:2023 - Clause 6.1.2 (AI-related risks and impacts), Clause 8.2.3 (Controls for privacy, ethics, and security) PECB Lead Auditor Guide - Domain 1: "Trustworthy AI - Privacy and Security Requirements"
NEW QUESTION # 116
Scenario 1 (continued):
To ensure the integrity of the AI system, Future Horizon Academy has implemented measures to ensure that training data remain isolated from data that could lead to harmful or undesirable outcomes. The institution adds significant data elements as metadata, transforms the data into a format usable by the AI system, and uses data from one or more trusted sources.
Committed to standardization and continual improvement, Future Horizon Academy decided to implement an artificial intelligence management system (AIMS) based on ISO/IEC 42001 that would help the institution increase operational efficiency, resulting in improved processes.
After having the AIMS in place for a year, the institution decided to apply for a certification audit to get certified against ISO/IEC 42001. Prior to the certification audit, the institution conducted an internal audit and management review to ensure that the AIMS aligns with the institution's own requirements and that the system is being maintained effectively.
Question:
Based on functionality, what type of AI system did Future Horizon Academy establish?
- A. Reactive machines
- B. Theory of mind
- C. Limited memory
- D. General AI
Answer: C
Explanation:
The AI system described uses training data and prior experience (historical data) to make decisions, which matches Limited Memory systems. ISO/IEC 22989:2022 (supportive reference) categorizes Limited Memory AI as those that rely on past data and metadata to improve decision making, and ISO/IEC 42001 refers to AI functionality understanding under Clause 4.2 when considering context and system type.
Reference: ISO/IEC 22989:2022 Section 5.2.3; ISO/IEC 42001:2023 Clause 4.2.
NEW QUESTION # 117
Which step involves reviewing documents and records relevant to the audit scope?
- A. Document review
- B. Closing meeting
- C. Audit follow-up
- D. Audit reporting
Answer: A
Explanation:
TheDocument Reviewstep is a key part of audit preparation where auditors evaluate relevantdocuments, records, policies, and proceduresto understand the structure and implementation of the AI Management System.
As perISO 19011:2018 - Clause 6.4.3, document review helps auditorsfamiliarize themselves with the management system, identify potential areas of concern, and refine the audit plan.
In AI audits (such as AIMS under ISO/IEC 42001), this may include reviewingAI governance policies, data governance procedures, impact assessments, or model documentation.
NEW QUESTION # 118
A global bank is currently evaluating the effectiveness of its AI management system controls through an AIMS audit. Which role is being played by this company?
- A. An accreditation body
- B. An auditee
- C. An advisory body
- D. A certification body
Answer: B
Explanation:
In this context, theglobal bankis theauditee, as it is theorganization being audited. According toISO 19011:
2018 - Clause 3.12, anauditeeis "the organization being audited."
Since the bank is undergoing aninternal or external auditof its AI Management System (AIMS), it assumes the role of theentity whose AIMS is being evaluatedfor effectiveness, compliance, and performance.
* Accreditation bodyis responsible for accrediting certification bodies.
* Certification bodyconducts audits for conformity assessments.
* Advisory bodyprovides consultation but does not participate directly in audits.
NEW QUESTION # 119
What type of audit risk is described in the last paragraph of Scenario 4?
Scenario 4: Finalogic leads the application of artificial intelligence in the financial services sector, which is used to improve risk assessment, fraud detection, and customer service. The company has implemented an artificial intelligence management system AIMS based on ISO/IEC 42001 to ensure operational quality, ethical Al use, regulatory compliance, and transparency, allowing for consistent oversight and structured governance.
This month, Finalogic is undergoing an audit to obtain certification against ISO/IEC 42001, a critical step in demonstrating its commitment to responsible Al. To evaluate Finalogic's conformity to the audit criteria, the audit team adopted a comprehensive, evidence-based approach. The gathered evidence ranged from analyses of unquantifiable information to analyses of samples related to determining the audit criteria-including internal reports generated by Finalogic's own Al system-which assert successful integration and compliance with the standard.
Additionally, presentations by the company's Al team during the audit highlighted the system's success in customer service enhancements and fraud detection, emphasizing improved efficiency, decision making accuracy, and user trust. An evaluation report prepared by an independent third party firm specializing in Al systems also provided an objective review of Finalogic's AIMS. It assessed the system's effectiveness, bias, and compliance through a thorough examination.
During the audit, the audit team applied the same level of effort and utilized the same techniques across all audit areas, regardless of their risk level. This strategy ensured a consistent and thorough evaluation of the AIMS, uncovering any latent weaknesses or inefficiencies that might otherwise go unnoticed.
Despite Finalogic's advanced AIMS and adherence to ISO/IEC 42001 for ethical Al practices, there remains a risk of Al algorithms inadvertently perpetuating bias or making inaccurate predictions due to unforeseen flaws in training data or algorithmic models. This could lead to unfair loan rejections or approvals, potentially causing financial losses or damaging the company's reputation for fairness and accuracy in its financial services. By acknowledging these risks. Finalogic remains committed to refining its Al governance, implementing bias mitigation strategies, and enhancing transparency to uphold its reputation as a leader in Al driven financial services.
- A. Detection risk
- B. Compliance risk
- C. Inherent risk
- D. Control risk
Answer: C
Explanation:
In the final paragraph, it is mentioned that "there remains a risk of AI algorithms inadvertently perpetuating bias or making inaccurate predictions due to unforeseen flaws in training data or algorithmic models." This describes a situation where the AI system may produce incorrect or biased outcomes even if controls are in place - this is an example of inherent risk.
Inherent risk refers to the susceptibility of a process or system to error or failure in the absence of any related internal controls. These are naturally occurring risks in any environment, particularly when dealing with complex systems like AI.
Reference:
ISO/IEC 42001:2023, Clause 6.1.1 - Understanding risk in AI systems
ISO 19011:2018, Clause 5.4.1 - Types of audit risk
PECB ISO/IEC 42001 Lead Auditor Study Guide - Section: Risk Management in AI Audits
\===========
NEW QUESTION # 120
Scenario 6 (continued):
Scenario 6: HappilyAI is a pioneering enterprise dedicated to developing and deploying artificial intelligence Al solutions tailored toenhance customer service experiences across various industries. The company offers innovative products like virtual assistants,predictive analytics tools, and personalized customer interaction platforms. As part of its commitment to operational excellence andinnovation, HappilyAI has implemented a robust Al management system AIMS to oversee its Al operations effectively. Currently.HappilyAI is undergoing a comprehensive audit process of its AIMS to evaluate its compliance with ISO/IEC 42001.
Under the leadership of Jess, the audit team began the audit process with meticulous planning and coordination, setting the groundworkfor the extensive on-site activities of the stage 1 audit. This initial phase was marked by a comprehensive documentation review. Theaudit scope encompassed a critical review of HappilyAI's core departments, including Research and Development (R&D), CustomerService, and Data Security, aiming to assess the conformity of HappilyAI's AIMS to the requirements of ISO/IEC 42001.
Afterward, Jess and the team conducted a formal opening meeting with HappilyAI to introduce the audit team and outline the auditactivities. The meeting set a collaborative tone for the subsequent phases, where the team engaged in information collection, executedaudit tests, identified findings, and prepared draft nonconformity reports while maintaining a strict quality review process.
In gathering evidence, the audit team employed a sampling method, which involved dividing the population into homogeneous groups toensure a comprehensive and representative data collection by drawing samples from each segment. Furthermore, the team employedobservation to deepen their understanding of the Al management processes. They verified the availability of essential documentation,including Al-related policies, and evaluated the communication channels established for reporting incidents.
Additionally, they scrutinized specific monitoring tools designed to track the performance of data acquisition processes, ensuring thesetools effectively identify and respond to errors or anomalies. However, a notable challenge emerged as the team encountered a lack ofaccess to documented information that describes how tasks about AIMS are executed. In addition to this, the team identified a potentialnonconformity within the Sales Department. They decided not to record this as a nonconformity in the audit report but onlycommunicated it to the HappilyAI's representatives.
During the stage 2 audit, the certification body, in collaboration with HappilyAI, assigned the roles of technical experts within the auditteam. Recognized for their specialized knowledge and expertisein artificial intelligence and its applications, these technical experts aretasked with the thorough assessment of the AIMS framework to ensure its alignment with industry standards and best practices,focusing on areas such as data ethics, algorithmic transparency, and Al system security.
Question:
During the stage 2 audit, the certification body and the company assigned the roles of technical experts. Is this acceptable?
- A. No, the company must assign the roles of technical experts independently of the certification body's involvement
- B. No, the roles of technical experts must be assigned by the certification body prior to conducting the audit
- C. Yes, the role of technical experts must be agreed upon by the certification body and the company during the audit process
Answer: C
Explanation:
It isacceptableif thecertification body and auditee agreeon the technical experts' roles.
* ISO/IEC 17021-1:2015 Clause 9.1.9states:"The role and involvement of technical experts must be planned and agreed between the certification body and auditee prior to their participation."
* TheLead Auditor Manualreinforces:"Technical experts provide specialized knowledge, but their roles must be coordinated through mutual agreement between certification bodies and auditees." Reference:ISO/IEC 17021-1:2015 Clause 9.1.9; ISO/IEC 42001:2023 Clause 9.2.2.
NEW QUESTION # 121
Were VeridicAI's action plans drafted appropriately? Refer to Scenario 8.
Scenario 8: VeridicAI. based in San Francisco. USA, specializes in market research using Al technologies to analyze customer behavior. Founded in 2023, the company employs natural language processing, machine learning, and predictive analytics to provide real time insights to a range of businesses. VeridicAI has implemented an artificial intelligence management system AIMS based on ISO/IEC 42001 to manage its Al technologies effectively. The AIMS scope includes select departments within the company, for which it has received a four-year certification against ISO/IEC 42001. Committed to transparency. VeridicAI publicly shares details of this certification.
As the certification nears its end, VeridicAI is preparing for an audit to renew its certification.
The audit process was led by Sharona, the audit team leader, who is a full-time employee of the certification body. Sharona and the audit team undertook all planned audit activities. Afterward, they organized the closing meeting with VeridicAl's management. During the meeting, Sharona and the team made a recap on audit objectives and scope, presented the audit findings and conclusions, presented identified nonconformities, and organized a session for questions and answers for the auditee.
VeridicAI received a conditional recommendation for certification, underscoring its compliance with the industry's standards. Sharona confirmed that the company met the essential requirements but noted some identified minor nonconformities. In response, VeridicAI compiled and submitted a comprehensive action plan that addresses all identified nonconformities within a designated timeframe. Because of the comprehensive action plan, Sharona did not see the need for an additional on- site visit to verify the effectiveness of the action plan.
Sharona played an integral role in the certification decision process. Her thorough understanding of VeridicAI's operations, gained from the audit, guided the certification body towards a well-informed certification decision.
- A. Yes, a general action plan must be submitted, addressing all nonconformities simultaneously
- B. No, an action plan must be submitted separately for each nonconformity
- C. No, a general action plan must be submitted for all the minor nonconformities, whereas for major nonconformities, a separate action plan for each
Answer: A
Explanation:
The scenario confirms that all the nonconformities identified were minor, and VeridicAI responded with a comprehensive (i.e., general) action plan covering all of them. According to ISO/IEC 42001:2023 Clause 10.2 and audit guidelines in ISO 19011:2018, it is acceptable and often encouraged for the auditee to submit a consolidated corrective action plan for multiple minor nonconformities. Separate plans are generally only required for significant (major) nonconformities that impact the effectiveness of the management system.
Reference:
ISO/IEC 42001:2023 Clause 10.2 - Nonconformity and corrective action
ISO 19011:2018 Clause 6.6 - Audit report and nonconformity documentation
\===========
NEW QUESTION # 122
Scenario 1 (continued):
To ensure the integrity of the AI system, Future Horizon Academy has implemented measures to ensure that training data remain isolated from data that could lead to harmful or undesirable outcomes. The institution adds significant data elements as metadata, transforms the data into a format usable by the AI system, and uses data from one or more trusted sources.
Committed to standardization and continual improvement, Future Horizon Academy decided to implement an artificial intelligence management system (AIMS) based on ISO/IEC 42001 that would help the institution increase operational efficiency, resulting in improved processes.
After having the AIMS in place for a year, the institution decided to apply for a certification audit to get certified against ISO/IEC 42001. Prior to the certification audit, the institution conducted an internal audit and management review to ensure that the AIMS aligns with the institution's own requirements and that the system is being maintained effectively.
Question:
Prior to the certification audit, the institution conducted an internal audit and management review. Is this acceptable?
- A. No, the internal audit should be conducted after the certification audit to ensure any recommendations from the audit team are addressed
- B. No, only an internal audit should be conducted before the initial audit
- C. No, internal audits are only required for recertification audits
- D. Yes, an internal audit and management review can be conducted before the certification audit
Answer: D
Explanation:
ISO/IEC 42001:2023 Clause 9.2 (Internal Audit) and Clause 9.3 (Management Review) require organizations toperform internal audits and management reviewsto ensure the system's continued suitability, adequacy, and effectivenessprior to certification audits.Reference:ISO/IEC 42001:2023 Clauses 9.2 and 9.3.
NEW QUESTION # 123
......
Check Real PECB ISO-IEC-42001-Lead-Auditor Exam Question for Free (2026): https://www.latestcram.com/ISO-IEC-42001-Lead-Auditor-exam-cram-questions.html
Get all the Information About PECB ISO-IEC-42001-Lead-Auditor Exam 2026 Practice Test Questions: https://drive.google.com/open?id=1CP6YIekElOSei0mYw-Zn1tFK_otnKrbu
