PECB ISO/IEC 42001:2023Artificial Intelligence Management System Lead Auditor - ISO-IEC-42001-Lead-Auditor Exam Practice Test

Question:
During which phase of the certification process is confirmation of registration performed?

A certification body is conducting surveillance audits for a company that manages multiple sites, including a temporary construction site with a limited duration. The audit team is considering whether the presence of this temporary site should influence the frequency of surveillance audits. Can this factor necessitate an adjustment in the audit schedule?

Which of the following is NOT a common feature shared by AI systems?

A social media platform wants to automatically detect and remove inappropriate content from images and videos uploaded by users. Which AI concept is most appropriate for this task?

UrDesign, an interior design company, has recently decided to use machine learning for classification, regression tasks, and more complex tasks related to structured prediction. What category of machine learning did UrDesign decide to use?

Which of the following statements best describes the evidence collection process carried out by the audit team at Finalogic? Refer to Scenario 4.
Scenario 4: Finalogic leads the application of artificial intelligence in the financial services sector, which is used to improve risk assessment, fraud detection, and customer service. The company has implemented an artificial intelligence management system AIMS based on ISO/IEC 42001 to ensure operational quality, ethical Al use, regulatory compliance, and transparency, allowing for consistent oversight and structured governance.
This month, Finalogic is undergoing an audit to obtain certification against ISO/IEC 42001, a critical step in demonstrating its commitment to responsible Al. To evaluate Finalogic's conformity to the audit criteria, the audit team adopted a comprehensive, evidence-based approach. The gathered evidence ranged from analyses of unquantifiable information to analyses of samples related to determining the audit criteria-including internal reports generated by Finalogic's own Al system-which assert successful integration and compliance with the standard.
Additionally, presentations by the company's Al team during the audit highlighted the system's success in customer service enhancements and fraud detection, emphasizing improved efficiency, decision making accuracy, and user trust. An evaluation report prepared by an independent third party firm specializing in Al systems also provided an objective review of Finalogic's AIMS. It assessed the system's effectiveness, bias, and compliance through a thorough examination.
During the audit, the audit team applied the same level of effort and utilized the same techniques across all audit areas, regardless of their risk level. This strategy ensured a consistent and thorough evaluation of the AIMS, uncovering any latent weaknesses or inefficiencies that might otherwise go unnoticed.
Despite Finalogic's advanced AIMS and adherence to ISO/IEC 42001 for ethical Al practices, there remains a risk of Al algorithms inadvertently perpetuating bias or making inaccurate predictions due to unforeseen flaws in training data or algorithmic models. This could lead to unfair loan rejections or approvals, potentially causing financial losses or damaging the company's reputation for fairness and accuracy in its financial services. By acknowledging these risks. Finalogic remains committed to refining its Al governance, implementing bias mitigation strategies, and enhancing transparency to uphold its reputation as a leader in Al driven financial services.

Which among the following is NOT a core element of AIMS?

Scenario 5 (continued):
Scenario 5: Aizoia, located in Washington, DC, has revolutionized data analytics, software development, and consulting by using advanced Al algorithms. Central to its success is an Al platform adept at deciphering complex datasets for enhanced insights. To ensure that its Al systems operate effectively and responsibly, Aizoia has established an artificial intelligence management system AIMS based on ISO/IEC 42001 and is now undergoing a certification audit to verify the AIMS's effectiveness and compliance with ISO/IEC 42001.
Robert, one of the certification body's full-time employees with extensive experience in auditing, was appointed as the audit team leader despite not receiving an official offer for the role. Understanding the critical importance of assembling an audit team with diverse skills and knowledge, the certification body selected competent individuals to form the audit team. The certification body appointed a team of seven members to conduct the audit after considering the specific conditions of the audit mission and the required competencies.
Initially, the certification body, in cooperation with Aizoia, defined the extent and boundaries of the audit, specifying the sites (whether physical or virtual), organizational units, and the activities for review. Once the scope, processes, methods, and team composition had been defined, the certification body provided the audit team leader with extensive information, including the audit objectives and documented details on the scope, processes, methods, and team compositions.
Additionally, the certification body shared contact details of the auditee, including locations, time frames, and the duration of the audit activities to be conducted. The team leader also received information needed for evaluating and addressing identified risks and opportunities for the achievement of the audit objectives.
Before starting the audit, Robert wrote an engagement letter, introducing himself to Aizoia and outlining plans for scheduling initial contact. The initial contact aimed to confirm the communication channels, establish the audit team's authority to conduct the audit, and summarize the audit's key aspects, such as objectives, scope, criteria, methods, and team composition. During this first meeting, Robert emphasized the need for access to essential information that would help to conduct the audit.
Moreover, audit logistics, such as scheduling, access, health and safety arrangements, observer attendance, and the need for guides or interpreters, were thoroughly planned. The meeting also addressed areas of interest or concern, preemptively resolving potential issues and finalizing any matters related to the audit team composition.
As the audit progressed, Robert recognized the complexity of Aizoia's operations, leading him to conclude that a review of its Al-related data governance practices was essential for compliance with ISO/IEC 42001.
He discussed this need with Aizoia's management, proposing an expanded audit scope. After careful consideration, they agreed to conduct a thorough review of the Al data governance practices, but there was no mutual decision to officially change the audit scope. Consequently. Robert decided to proceed with the audit based on the original scope, adhering to the initial audit plan, and documented the conversation and decision accordingly.
Based on the scenario above, answer the following question:
Question:
According to Scenario 5, was Robert's decision to proceed with the audit without changing its scope appropriate?

Scenario 9 (continued):
Scenario 9: Securisai, located in Tallinn. Estonia, specializes in the development of automated cybersecurity solutions that utilize AI systems. The company recently implemented an artificial intelligence management system AIMS in accordance with ISO/IEC 42001. In doing so, the company aimed to manage its Al-driven systems' capabilities to detect and mitigate cyber threats more efficiently and ethically. As part of its commitment to upholding the highest standards of Al use and management, Securisai underwent a certification audit to demonstrate compliance with ISO/IEC 42001.
The audit process comprised two main stages: the initial or stage 1 audit focused on reviewing Securisai's documentation, policies, and procedures related to its AIMS. This review laid the groundwork for the stage 2 audit, which involved a comprehensive, on-site evaluation of the actual implementation and effectiveness of the AIMS within Securisai's operations. The goal was to observe the AIMS in operation, ensuring that it not only existed on paper but was effectively integrated into the company's daily activities and cybersecurity strategies.
After the audit, Roger, Securisai's internal auditor, addressed the action plans devised to rectify nonconformities identified during the certification audit. He developed a long term strategy, highlighting key AIMS processes for triennial audits. Roger's internal audits play a key role in advancing Securisai's goals by employing a systematic and disciplined method to assess and boost the efficiency of risk management, governance processes, and strategic decision-making. Roger reported his findings directly to Securisai's top management.
Following the successful rectification of nonconformities, Securisai was officially certified against ISO/IEC
42001.
Recently, the company decided to transfer its ISO/IEC 42001 certification registration from one certification body to another despite being initially bound by a long-term agreement with the current certification body.
This decision was motivated by the desire to partner with a certification body that offers deeper insights and expertise in the rapidly evolving field of artificial intelligence in cybersecurity.
To ensure a smooth transition and uphold its certification status, Securisai is diligently compiling the required documentation for submission to the new certification body. This includes a formal request, the most recent audit report underscoring its adherence to ISO/IEC 42001, the latest corrective action plan that highlights its continuous efforts toward improvement, and a copy of its current valid certification registration.
A year following Securisai's initial certification audit, a subsequent audit was carried out by the certification body on its AIMS. The purpose of this audit was to assess compliance with ISO/IEC 42001 and verify the ongoing improvement of the AIMS. The audit team concluded that Securisai's AIMS consistently meets the requirements set by ISO/IEC 42001.
Question:
What type of audit is described in the last paragraph of Scenario 9?