Anyone who relies upon an external auditor alone for their view is, as Andy says, foolhardy. That is not supposed to be the point of external registration, nor the sole criteria of its value!
When determining the effectiveness of the management system, I agree that management should use a whole raft of data. But, when evaluating the compliance of a system to a standard such as ISO 9001, they generally have only 2 sources of data, the internal auditor and the external auditor. When the results are divergent, as in this case, management can choose to believe the story they want to hear.
I've been in the position described by the OP with external auditors praising areas which were non-compliant (in my case with TS 16949). It undermined the internal audit team (led by me) and allowed the management to bury their heads in the sand for a bit longer. All the management wanted was a certificate on the wall to allow them to mislead our customers into believing we were working to the TS standard when we clearly weren't. In most cases the external auditors found the major non-compliances (because I pointed them out) but chose to ignore them.
(Before you criticise my competence, note that I was a third party lead auditor for more than 20 years before moving back into industry. I was IRCA registered and a lead for QS-9000, TS 16949, ISO 14001, ISO 9001)
Re-educating management would be nice but is frequently impossible. Re-educating external auditors/CBs/ABs would be nice too but I see no evidence of it happening. Despite my background, I've directly experienced too many bad external auditors and heard so many horror stories that I can, sadly, no longer give credence to third party certification.
The responses in this thread seem to have ignored the incompetent external auditor and are blaming the organization's management for the problem. I really think it's time the third party registration industry accepted responsibility for the problems the rogues within their industry are creating and took some visible and effective action to clean up their act. That would leave no hiding place for the "badge on the wall" management attitude.