The certification body did not include all departments covered by the AIMS scope in the...

The certification body did not include all departments covered by the AIMS scope in the audit scope. Is this acceptable? Refer to Scenario 5.

Scenario 5: Alterhealth is a mid-sized technology firm based in Toronto. Canada. It develops Al systems for healthcare providers, focusing on improving patient care,

optimizing hospital workflows, and analyzing healthcare data for insights that can improve health outcomes. To ensure responsible and effective use of Al in its

operations, Alterhealth has implemented an artificial intelligence management system AIMS based on ISO/IEC 42001. After a year of having the AIMS in place, the

company decided to apply for a certification audit to obtain certification against ISO/IEC 42001.

The company contracted a certification body to conduct the audit, who assembled the audit team and appointed the audit team leader. The audit team leader had

conducted a certification audit at Alterhealth in the past. The top management of Alterhealth decided to reject the appointment of this auditor because they believed

that they would not receive added value from the audit. In response, the certification body appointed Jonathan, an independent auditor with no prior engagements with

Alterhealth, as the new audit team leader. Jonathan's introduction marked the beginning of a collaborative process aimed at evaluating the conformity of the AIMS to

ISO/IEC 42001 requirements.

The certification body determined the audit scope, which included only specific departments essential to the integration and application of Al, such as the Al Research,

Machine Learning Applications, and Al Ethics and Compliance Departments, and did not cover all of the departments covered by the AIMS scope. Meanwhile,

Alterhealth determined the audit time, setting the necessary time frame for planning and conducting a thorough and effective review to ensure all aspects of the AIMS

within the selected departments were meticulously reviewed.

Afterward, Jonathan received a detailed offer from the certification body, outlining his role and including information related to the audit, such as the audit's duration,

team members, their responsibilities, the limits to the audit engagement, and their salary compensation. With a clear mandate, Jonathan was tasked with a multitude

of responsibilities: defining the audit objectives and criteria, planning the audit process, identifying and addressing audit risks, managing communication with

Alterhealth, overseeing the audit team, and ensuring a smooth and conflict free execution.

With Jonathan's leadership and a well-defined audit framework in place, the certification audit proceeded with a structured and objective evaluation of Alterhealth's

AIMS.