I think there is a lack of distinction between compliance auditing (external certification and some internal audits), adherence & operational auditing (should be in internal audits) and improvement audits.
John Broomfield's comments feel more like the latter two, and do add value beyond the limited intent of focused regulations.
I often dislike an antagonistic attitude but it is necessary when auditors overstep the scope of their audits or the nature of the finding transforms from a requirement not being met to it not being met in the way they (or the auditing organisations' internal policies) see fit. However, there are audits which are not for certification but for improvement with best practice. There it is not about what any law (directly or indirectly) says you must do, but what is wise to do as indicated through an auditor who has seen many types of organisations through many phases of growth. There the auditor selected by management is chosen based on trust in value they might bring, which is a rather different relation to the auditor forced on you because of (mandatory) certification.
John Broomfield's comments feel more like the latter two, and do add value beyond the limited intent of focused regulations.
I often dislike an antagonistic attitude but it is necessary when auditors overstep the scope of their audits or the nature of the finding transforms from a requirement not being met to it not being met in the way they (or the auditing organisations' internal policies) see fit. However, there are audits which are not for certification but for improvement with best practice. There it is not about what any law (directly or indirectly) says you must do, but what is wise to do as indicated through an auditor who has seen many types of organisations through many phases of growth. There the auditor selected by management is chosen based on trust in value they might bring, which is a rather different relation to the auditor forced on you because of (mandatory) certification.
From a wider perspective I agree.