The old way of handling ISO standards is built on the idea that complying with requirements would deliver sustainable improvements. It does not. It only nails down the inefficiencies of your practices. Audits normally start at the side of the requirements (i.e. the practices) where they should have started at the other end of the stick: the principles.
These principles should have been laid down in a management system, but they are actually mostly missing. And no ISO standard defines a management system: even 9001 only describes requirements for a management system.
If you look at this traditional approach, you can only confirm that regular ISO auditing is the world upside down. And it does not lead to sustainable improvements.
Turn it around
You now may want to turn this around, next time you start a compliance project: you start at the principles, you define and deploy a management system based on a management architecture, and then you audit the results. Now the audit is simple and only confirms what you already knew: you are delivering your services in a systematic, sustainable way.
The cost of preparing for the auditing is then reduced to a small percentage of what it used to be.
I understand that this may violate the business model of many auditors and tool providers, but it would also open up a new perspective of value creation that would be highly appreciated by their customers, and I’m sure these customers would be willing to pay for it. Such a knife would cut at both sides: value creation in a pure format.
What do you think: is it time to turn this around?