Many organizations today are not machines anymore. They do not operate through rigid command-and-control structures, and they do not rely on one fixed way of doing things. In reality, many companies already behave like Octopus organizations. Decisions are taken close to the work, teams adapt their methods based on context, people use judgement rather than blindly following procedures, and learning happens continuously as situations change.
Yet, when ISO audits approach, something strange happens.
The same organizations that operate flexibly and intelligently on the ground suddenly begin to pretend they are Tin Man organizations. Procedures are tightened, documents are polished, workflows are frozen, and reality is simplified. What gets presented to the auditor is often not how the organization truly works, but how it thinks an ISO-compliant organization is supposed to look.
This gap between reality and representation is where most ISO pain lives.
At a principled level, Tin Man and Octopus organizations are fundamentally different (courtesy HBR). A Tin Man organization is built on the belief that work is predictable, that variation is a threat, and that control comes from rules, approvals, and strict adherence to procedures. In such organizations, consistency means doing the same thing every time. Documentation describes exact steps, responsibilities are centralized, and compliance is demonstrated by showing that people followed what was written.
An Octopus organization operates on a different belief system altogether. It accepts that work happens in a complex world where not everything can be predicted in advance. It assumes that people closest to the work often have the best information to decide how to act. Control does not disappear, but it shifts form. Consistency comes from shared intent, clear boundaries, competence, and risk awareness rather than from identical actions. Documentation, if it exists, is meant to guide thinking rather than dictate behaviour.
The problem is not that ISO standards demand Tin Man behaviour. The problem is that ISO evidence has traditionally been interpreted through a Tin Man lens. When auditors ask for documented information, managers instinctively think of procedures, step-by-step instructions, and standardized records. That model fits Tin Man organizations perfectly. It fits Octopus organizations very poorly.
So what do many managers do?
They camouflage.
They temporarily dress an Octopus organization in Tin Man clothing. They write procedures that describe a clean, linear process even though real work is more fluid. They generate records that show compliance rather than learning. They simplify decision-making logic so it looks neat on paper. During the audit, the organization appears controlled, stable, and predictable. After the audit, everyone quietly goes back to how work actually happens.
This camouflage is understandable. Managers are under pressure to “pass the audit.” They know that explaining adaptive behaviour takes effort, confidence, and skill. They worry that auditors may not understand nuance. So they choose the safer path: present a Tin Man system, even if it is not real.
The cost of this approach is high. Over time, documentation drifts further away from reality. People stop respecting the management system because it does not reflect how they work. Audits become performances rather than evaluations. ISO becomes something that lives in files, not in daily decisions.
The irony is that Octopus organizations are often more mature than Tin Man organizations. They manage risk dynamically. They respond faster to issues. They engage people deeply. But because their control is embedded in behaviour rather than paperwork, they struggle to demonstrate it.
