Comprehensive and Detailed In-Depth Explanation:

Audit risks are categorized into different types based on where failures may occur in the QMS audit process.

Clause References:

ISO 19011:2018, Clause 6.3 – Managing Audit Risk: Defines different audit risks, including control risk.

Why is the Correct Answer A?

Control risk occurs when internal controls fail to prevent or detect nonconformities.

Even if controls exist, the risk remains if the QMS fails to identify or correct defects.

Why are the Other Options Incorrect?

B (Inherent risk) → This refers to risks naturally present in processes, even before controls are applied.

C (Detection risk) → This is the risk that an auditor fails to detect nonconformities.

D (Operational risk) → This refers to risks related to day-to-day business operations, not QMS audits.