Looking for tips and advice. My company was just registered to the ISO 9001:2105 standard in May. Long story short -our ISO Project Leader (who happens to be my direct manager and our corporate level quality and CI resource) did not fully research our registrar and we ended up essentially passing the cert audit with flying colors -no records or samples were taken during the audit, no NCs noted, and with just few OFI's later we had our "certificate" in hand. I uncovered (after the fact) they they were an unaccredited outfit and essentially nothing more than a certificate mill. I know there is no requirement to use an accredited cert body - but as a professionally trained and certified ISO internal auditor for my company I know we were not assessed in a way that added much value to our newbie QMS. It almost makes a mockery of all of the hard work we did as an implementation team.... I brought the research to my manager who wants to keep the info under wraps ( he was recently commended by our president for getting the project done early and under budget ) and let any negative outcome or inquiry from our customers drive any further action on our parts. He does not intend to have us re-audited. He has directed me to conduct our first round of internal QMS audits not according to how I was trained, not according to the standard, but in a way that mirrors the way we were "audited"(Using their checklist, methodology, etc.) He said because we hold a certificate that is not accredited, we are not held to the guidance found in 19011 and that he would like me to limit any findings to just a "Few OFI's" like they did. I expressed that the internal auditor certification I hold required me to agree to an auditor code of conduct and of ethics and now we find ourselves at an impass.... This may end up being more of a personal decision for me to make long term, however I am wondering if anyone has any insight or has ever found themselves in a similar ethical pickle and if so, how you handled it as an auditor.