ISO-IEC-42001-Lead-Auditor Exam Dumps - ISO/IEC 42001:2023 Artificial Intelligence Management System Lead Auditor Exam

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
Next
Last >>

Question # 33

What should an auditor do to evaluate the auditeeâ€™s conformity to control A.9 Use of AI systems?

Analyze contracts with partners, suppliers, and third parties to verify that responsibilities related to AI systems are stated

Verify processes and objectives for the responsible use of AI systems, assess implementation mechanisms, and confirm compliance with intended use

Review diagrams or records that show the data flow and history to validate traceability

Interview the CEO regarding ethical decisions made in previous AI projects

Full Access

Question # 34

Scenario 2 (continued):

Empsy HR Solutions is a human resources consulting company that provides innovative HR solutions to diverse industries. Recognizing the significant impact of artificial intelligence Al in HR processes, including its ability to automate repetitive tasks, analyze vast amounts of data for insights, improve recruitment and talent management strategies, and personalize employee experiences, the company has initiated the implementation of an artificial intelligence management system AIMS based on ISO/IEC 42001.

Initially, the top management established an Al policy that was aligned with the company's objectives. The Al policy provided a framework for defining Al objectives, a commitment to meeting relevant requirements, and a dedication to continually improve the AIMS. However, it

did not refer to other organizational policies, although some were relevant to the AIMS. Afterward, the top management documented the policy, communicated it internally, and made it accessible to interested parties.

The top management designated specific individuals to ensure that the AIMS meets the standard's requirements. Additionally, they ensured that these individuals were responsible for overseeing the AIMS, reporting its performance to the top management, and facilitating continual improvement. Moreover, in its awareness sessions, the company focused exclusively on ensuring that all personnel

were informed about the Al policy, emphasizing their role in ensuring the effectiveness of the AIMS and the benefits of enhanced Al performance.

The company also planned, implemented, and monitored processes to meet AIMS requirements. Additionally, it set clear criteria and implemented controls based on them, ensuring effective operation, alignment with organizational objectives, and continual improvement. Empsy HR Solutions decided to implement strict measures to control changes to documented information within the AIMS. To ensure the integrity and accuracy of documentation, the company adopted version control practices. Each document update was tracked using a versioning system, with clear records of what was modified, who made the changes, and when the updates occurred. Access to make changes was restricted to authorized personnel, and any proposed modifications required approval from the designated management team before being implemented.

Moreover, considering past experiences where the company encountered unforeseen risks, Empsy HR Solutions established a comprehensive Al risk assessment process. This process involved identifying, analyzing, and evaluating Al risks to determine if it is necessary to implement additional controls than those specified in Annex A. The company also referred to Annex B for guidance on implementing controls and, ultimately, produced a Statement of Applicability So A. The SoA contained the necessary controls, including all the controls of Annex A and justifications for their inclusion or exclusion.

Lastly. Empsy HR Solutions decided to establish an internal audit program to ensure the AIMS conforms to both the company's requirements and ISO/IEC 42001. It defined the audit objectives, criteria, and scope for each audit, selected auditors, and ensured objectivity and impartiality during the audit process. The results of the first audit were documented and reported only to the top

management of the company.

Question:

Does the company's implementation of version control practices for documented information align with the requirements of ISO/IEC 42001?

Yes, as the standard emphasizes the importance of controlling changes through accurate records of modification and approvals

No, as the standard does not require specific measures for tracking changes in documented information

No, as the standard requests a focus on preserving legibility and storage rather than controlling changes

Yes, but only if done manually without automated systems

Full Access

Question # 35

Scenario 4 (continued):

BioNovaPharm, a German biopharmaceutical company, has implemented an artificial intelligence management system AIMS based on ISO/IEC 42001 to optimize various aspects of drug discovery, including analyzing extensive biological data, identifying potential drug candidates, and streamlining clinical trial processes. After having the AIMS in place for over a year, the company contracted a certification body and is now undergoing an AIMS audit to obtain certification against ISO/IEC 42001.

Adopting a risk-based approach, the audit team focused on risk throughout their activities. The level of detail outlined in the audit plan corresponded to the scope and complexity of the audit. The team employed a ranking system for detailed audit procedures, prioritizing those with the highest risk.

Once the stage 1 audit began, the audit team started reviewing the auditee's documented information. To assess whether BioNovaPharm complies with the legal and regulatory requirements related to incident communication, the audit team examined evidence provided by the companyâ€™s external legal office. The evidence confirmed that BioNovaPharm applies the requirements of the EU Al Act, which mandates that providers of high-risk Al systems report serious incidents to relevant authorities.

Following the completion of the stage 1 audit, John, an audit team member, documented the stage 1 audit outputs, including the observations of the audit team that could result in nonconformities during the on-site audit. However, the audit team leader, Emma, who was overseeing the audit activities, observed that John failed to document significant observations related to the lack of transparency in the Al decision-making processes of BioNovaPharm. Considering that Emma observed John's lack of competence in undertaking some

audit activities, a disciplinary note was recorded for John.

Question:

What level of negligence did Emma observe regarding Johnâ€™s audit documentation failures?

Ordinary negligence

Gross negligence

Fraud

Minor error

Full Access

Question # 36

During which phase of the certification process is confirmation of registration performed?

Before the initial audit

During the initial audit

Beyond the initial audit

Full Access

Question # 37

Question:

A certification body is conducting surveillance audits for a company managing multiple sites, including a temporary construction site with a limited duration.

The audit team is considering whether the presence of this temporary site should influence the frequency of surveillance audits.

Can this factor necessitate an adjustment in the audit schedule?

Yes, because it represents a management system certification of limited duration

No, temporary construction sites do not influence audit frequency

Yes, but only if the construction site operates under different seasonal conditions

Full Access

Question # 38

Question:

Which of the following standards emphasizes the importance of conducting AI system impact assessments to evaluate the potential effects on individuals and societies affected by the AI system?

ISO/IEC 42005

ISO/IEC 42006

ISO/IEC 22989

ISO/IEC 27001

Full Access