Many companies today aren't like old-fashioned machines. They don't just follow strict orders from the top or do things one set way. In fact, lots of businesses are more like an "Octopus organization." This means decisions are made right where the work is happening, teams change how they do things depending on the situation, people use their brains instead of just blindly following rules, and everyone learns as they go.
But here's the funny part: when it's time for those ISO audits, these flexible "Octopus" companies suddenly start acting like "Tin Man organizations." They tighten up rules, make their documents look perfect, freeze their usual ways of working, and simplify everything beyond recognition. What they show the auditors often isn't how they actually work, but how they think an ISO-approved company should look.
This big disconnect between how things really are and how they're presented? That's where all the stress and headache around ISO audits comes from.
Let's compare the two:
A "Tin Man organization" believes everything should be predictable, that any change is a problem, and that control comes from tons of rules, approvals, and strict adherence to procedures. For them, "consistency" means doing the exact same thing every single time. Their rulebooks describe every tiny step, bosses make all the big decisions, and they prove they're compliant by showing everyone followed the written rules.
An "Octopus organization" has a totally different mindset. They know the world is complicated and you can't plan for everything. They trust that the people actually doing the work usually know best how to get things done. Control is still there, but it's not about rigid rules. Instead, consistency comes from everyone understanding the goals, clear boundaries, being good at their jobs, and knowing the risks—not from everyone doing the exact same thing. Any documents they have are there to help people think, not to tell them exactly what to do.
The real issue isn't that ISO standards are bad. It’s that people have always looked at what ISO needs through "Tin Man glasses." When auditors ask for proof, managers immediately think of detailed procedures, step-by-step instructions, and standard reports. That works perfectly for "Tin Man" companies, but it's a terrible fit for "Octopus" ones.
So, what do many managers end up doing?
They camouflage!
They temporarily dress their "Octopus" company in "Tin Man" clothes. They write procedures that make everything look super neat and organized, even though the real work is much more fluid. They create records that just show they're compliant, not that they're learning or improving. They simplify how decisions are made so it looks tidy on paper. During the audit, the company seems totally controlled, stable, and predictable. But as soon as the auditor leaves, everyone quietly goes back to doing things the way they actually work.
It's easy to understand why managers do this. They're under pressure to "pass the audit." They know that explaining flexible ways of working takes effort, confidence, and skill. They worry auditors might not get the nuances. So, they choose the safer route: show a "Tin Man" system, even if it's not the truth.
But this hiding comes at a high price. Over time, the official documents get further and further from reality. People stop respecting the company's management system because it doesn't match how they really work. Audits become fake performances instead of genuine checks. ISO becomes just something in a filing cabinet, not something that guides daily decisions.
It's pretty ironic, actually: "Octopus" organizations are often better and more advanced than "Tin Man" ones. They handle risks quickly, respond faster to problems, and get their people deeply involved. But because their control is built into how people behave, rather than just paperwork, they have a tough time proving how good they are during an audit.
