PECB ISO-IEC-42001-Lead-Auditor ISO/IEC 42001:2023 Artificial Intelligence Management System Lead Auditor Exam Practice Test

[Conducting an ISO/IEC 42001 Audit]

During a combined audit, if an auditor identifies a finding linked to one criterion, should they consider its potential impact on corresponding or related criteria of other management systems?

[Fundamental Principles and Concepts of an AI Management System]

Scenario 1 (continued):

To ensure the integrity of the AI system, Future Horizon Academy has implemented measures to ensure that training data remain isolated from data that could lead to harmful or undesirable outcomes. The institution adds significant data elements as metadata, transforms the data into a format usable by the AI system, and uses data from one or more trusted sources.

Committed to standardization and continual improvement, Future Horizon Academy decided to implement an artificial intelligence management system (AIMS) based on ISO/IEC 42001 that would help the institution increase operational efficiency, resulting in improved processes.

After having the AIMS in place for a year, the institution decided to apply for a certification audit to get certified against ISO/IEC 42001. Prior to the certification audit, the institution conducted an internal audit and management review to ensure that the AIMS aligns with the institution's own requirements and that the system is being maintained effectively.

Based on Scenario 1, which of the following processes regarding data did Future Horizon Academy NOT conduct?

[Fundamental Audit Concepts and Principles]

Auditors use the ______ as a benchmark to determine conformity.

[Conducting an ISO/IEC 42001 Audit]

During an audit, the auditor employed data analytic technology to identify anomalies and unusualpatterns in the decision-making processes of an AI system used by a financial institution to approve or reject loan applications. Which data analytic technology did the auditor use?

[Closing an ISO/IEC 42001 Audit]

A few months after an audit, the auditor returns to the company to verify that corrective actions have been effectively implemented and that the issues identified have been resolved. Which step of the management system audit process does this activity correspond to?

[Conducting an ISO/IEC 42001 Audit]

Scenario 4:

BioNovaPharm, a German biopharmaceutical company, has implemented an artificial intelligence management system AIMSbased on ISO/IEC 42001 to optimize various aspects of drug discovery, including analyzing extensive biological data, identifying potentialdrug candidates, and streamlining clinical trial processes. After having the AIMS in place for over a year, the company contracted acertification body and is now undergoing an AIMS audit to obtain certification against ISO/IEC 42001.

Adopting a risk-based approach, the audit team focused on risk throughout their activities. The level of detail outlined in the audit plancorresponded to the scope and complexity of the audit. The team employed a ranking system for detailed audit procedures, prioritizingthose with the highest risk.

Once the stage 1 audit began, the audit team started reviewing the auditee's documented information. To assess whether BioNovaPharmcomplies with the legal and regulatory requirements related to incident communication, the audit team examined evidence provided bythe company's external legal office. The evidence confirmed that BioNovaPharm applies the requirements of the EU Al Act, whichmandates that providers of high-risk Al systems report serious incidents to relevant authorities.

Following the completion of the stage 1 audit, John, an audit team member, documented the stage 1 audit outputs, including theobservations of the audit team that could result in nonconformities during the on-site audit. However, the audit team leader, Emma, whowas overseeing the audit activities, observed that John failed to document significant observations related to the lack oftransparency inthe Al decision-making processes of BioNovaPharm. Considering that Emma observed John's lack of competence in undertaking some

audit activities, a disciplinary note was recorded for John.

What type of evidence did the audit team obtain to assess BioNovaPharm's compliance with legal and regulatory incident reporting requirements?

[Fundamental Principles and Concepts of an AI Management System]

Which of the following standards emphasizes the importance of conducting AI system impact assessments to evaluate the potential effects on individuals and societies affected by the AI system?