1st, let me say and please understand the opinions I express are mine alone and not a reflection of or in any way related to whom I work for. This is Randy talking, nothing more and nothing less.
A great majority of responsibility has to be born by the individual auditors themselves, and with that responsibility a corresponding accountability (the two cannot be seperated).
Auditors have the have the freedom to say "your system sucks" and then have the personal courage and fortitude to actually say it. (Maybe not in those actual words, but you understand my meaning). If auditors were to be totally honest about the lapses they see, organizations would be changing their registration bodies more often than you change your skivies. It doesn't happen, it won't happen. Why? Because business begins with customer expectation and ends with customer satisfaction, period. Theoretically pure, independent, objective auditors are truly not and will never be.
The weakness and failings that we identify in this endeavor of 3rd Party what-cha-ma-call-it revolves around an un-quantifiable, uncontrollable element called a human being. As we sit here, as friends and professionals in our own right, the accreditation authorities for auditors (like the RABQSA) are stumbling though the process (not unlike a freshly castrated calf) of trying to verify the "competence" of auditors. We now have grander schemes, physco-social testing, observation of performance and all other kinds of jibberish and whoop-dee-doo happening, but what is not happening is a quantification of the process. Why you ask? Because it all boils down to "is the glass half full or half empty?" You can call this perception based upon perspective.
The recommendations made by auditors, to 3rd party organizations, for registration purposes to whatever "standard" are ultimately made based upon the perception of the systems effectivess by the auditor through the evaluation of evidence gathered balanced against the applicable criteria, through the individuals auditors eyes (and mind) or in a short version, from the auditors perspective.
We're not dealing with an exact science here. There is black and there is white, but there is a whole lot more grey in the middle of varying shades. Most certificates are created from the grey and not from the black and white, always have been and always will be.
The process we have probably isn't the best, but it's what we have.
Hopefully I didn't stray too much from the topic, but I haven't written much lately and this feels good.