Month: January 2026

Approving suppliers often creates more risk, not less.

Most businesses do not intentionally build a broken supplier approval process.

It usually starts with good intentions. We need an approved supplier list for ISO, UVDB, RISQS, or general compliance. A spreadsheet appears. A few certificates are collected. Boxes are ticked. The list is declared complete.

Except the control is often an illusion.

When approval criteria are poorly defined, supplier lists become comfort blankets. They look reassuring but quietly mislead everyone who relies on them. Worse, they create unnecessary administration while providing a false sense of assurance.

The real problem begins with a deceptively simple question. What is a supplier?

 

The Definition Problem

In many organisations, supplier is a catch all label. It can include material suppliers, service providers, and subcontractors working on site, all treated broadly the same.

Some businesses do separate suppliers and subcontractors and apply different controls to each. Both approaches can work. Problems arise when the definition is unclear or inconsistently applied.

If subcontractors are treated like generic suppliers; then health, safety, and competence risks are under controlled.

If low risk suppliers are treated like subcontractors, the system becomes bloated and inefficient. Either way, confusion at the definition stage undermines everything that follows.

 

Approved often just means on the list

In theory, supplier approval should provide confidence in competence, compliance, and reliability. In practice, many systems exist mainly to satisfy a requirement rather than to manage risk.

When criteria are vague and categories are blurred, people rely on judgement calls.

 

The Accreditation Contradiction

Many organisations initially create supplier approval in preparation for external assessment and accreditation, yet rarely assess the accreditation bodies themselves.

We demand evidence because we do not trust suppliers by default, but we trust accreditation and assessment bodies by default without defined criteria. This creates a fragile chain of assurance.

Some checks can be meaningfully verified live online. Gas engineers can be checked via the Gas Safe Register. Waste carriers can be verified through SEPA or the Environment Agency’s online checks. Click here for more info on Block Chain Auditing.

Insurance is different. PDFs are accepted at face value. Authenticity is rarely challenged.

When contradictions appear, the whole exercise collapses.

If your supplier list contains contradictions, different standards for similar providers, unclear approval logic, or decisions no one can explain, then the list is not reducing risk.

 

Example 1

A common example is ISO certification. One supplier is approved solely because they hold ISO 9001, while another doing the same work is used without it. Either both suppliers meet defined performance criteria, or the ISO badge is irrelevant.

It goes further. Even where ISO certification is cited as the approval basis, many organisations don’t check (where applicable) whether it’s issued by a UKAS-accredited certification body. Often it’s little more than a logo or a certificate taken at face value. That exposes the truth: the “check” isn’t really part of the decision-making at all.

 

Example 2

Waste carriers. Almost every company uses one, yet many never check whether the carrier is actually licensed, even though this can be verified online in minutes. The irony is that waste carriers are sometimes listed as “approved suppliers”, despite not supplying a product or service that affects the organisation’s output in any traditional sense. They support a non-profit generating process.

Once you accept that logic, a bigger question appears.

If waste carriers require approval and periodic checks, what about other suppliers, such as cleaners accessing offices, building repairs , or fire extinguisher servicing companies maintaining safety equipment?

These suppliers may have no link to product quality, but they clearly affect legal compliance, safety, environmental risk, and business continuity.

If they sit outside your supplier assessment simply because “they’re not an end product/service related supplier”, the supplier list is already inconsistent, and that inconsistency usually means the process hasn’t been properly defined in the first place.

When approval criteria are inconsistent, unverified, or ignored in practice, the system isn’t controlling risk, it’s documenting assumptions.

 

A quick sanity check

• Do we have a definition of what a supplier is?

• What specifically makes a supplier approved, and is that same logic applied to others providing similar products and/or services?

• Are there organisations we actively use that are not on the supplier list, and if so, why?

• If ISO certification forms part of the approval, have we verified that it is relevant, current, and UKAS accredited?

 

The takeaway

Your supplier list starts lying the moment approved becomes vague.

At Accendo Consultants Ltd, we help organisations define supplier approval properly so it can be explained, defended, and trusted.

The aim is not more paperwork. It is approval logic you can explain, defend, and trust.

Find us on LinkedIn for practical insights and real-world guidance or visit accendo.org.uk to see how we help businesses simplify compliance and get it right first time.

There’s a long-standing belief in many organisations that ISO standards create unnecessary bureaucracy. Too much paperwork. Too much admin. Too much time spent “feeding the system” instead of running the business.

In reality, ISO itself is rarely the issue.

Most of the frustration businesses experience comes from how their management system has been designed and implemented, not from the requirements of the standard.

Where the pain really comes from

When people describe ISO as heavy or painful, what they’re usually dealing with is a combination of:

• Manual processes that rely on constant human input

• Disconnected policies and procedures that don’t reflect how work is actually done

• Evidence stored across emails, folders, and spreadsheets with no structure

• Knowledge that sits with one person rather than within the system

These are not ISO requirements. They are symptoms of outdated system design.

A management system built this way will always feel like admin, because it creates work instead of controlling it.

ISO is about control, not paperwork

At its core, ISO is about consistency, accountability, and control.
It doesn’t require endless updates, constant chasing of evidence, or hours of manual record keeping.

Those behaviours emerge when systems are bolted on after the fact, rather than embedded into day-to-day operations.

When designed properly, an ISO management system should quietly support the business in the background — capturing evidence as work happens, highlighting risks early, and reducing the chance of things being missed.

The role of automation and AI

Modern tools change what’s possible.

With the right use of automation and AI-enabled workflows, evidence collection, monitoring, and reporting can become largely passive. Information is captured once, reused many times, and aligned directly with how teams already work.

This doesn’t mean adding more software or complexity. It means designing systems around real operations, not forcing operations to serve the system.

When ISO starts to compete with your clients

If maintaining ISO pulls people away from sites, projects, and customers, it’s doing the opposite of what a management system is meant to do.

Your clients don’t pay for organised folders or perfectly formatted documents. They pay for delivery, communication, and control under pressure.

Every hour spent firefighting ISO admin is an hour taken away from the work that actually generates value.

A better way forward

A well-designed ISO system should feel almost invisible.
It should reduce effort, not demand it.
It should prevent problems, not generate noise.

If your management system needs constant attention just to stay compliant, it isn’t managing anything — it’s slowing the business down.

If this sounds familiar, it may be time to rethink how your ISO system is structured, supported, and maintained.

You can find us on LinkedIn or visit https://accendo.org.uk to learn more about designing ISO systems that support delivery rather than compete with it.

The start of a new year is usually when construction businesses take stock. Projects are planned, resources are allocated, and priorities are set for the months ahead.

Yet for many SMEs, one issue quietly carries over from year to year: an ISO management system that takes more time than it gives back.

When ISO starts stealing time, something’s wrong

Let’s be clear from the outset.

If your ISO 9001 management system is consuming time, pulling people away from sites, or distracting from client delivery, that isn’t “just compliance”. It’s a system design problem.

There’s a persistent myth that ISO standards require large amounts of administration. In reality, ISO 9001 requires control — control of processes, risks, suppliers, and outcomes. It does not require endless document updates, manual evidence chasing, or constant spreadsheet maintenance.

When those things exist, they exist because the system has been built badly.

The hidden cost of ISO admin

The real cost of an inefficient management system is rarely measured properly.

Every hour spent feeding unnecessary ISO admin is an hour not spent on:

• delivering work on site,

• communicating with clients,

• managing subcontractors,

• or improving commercial performance.

Your clients don’t experience your procedures folder. They experience delays, inconsistencies, poor communication, and rework. A management system that competes with delivery doesn’t just waste internal time — it introduces operational and commercial risk.

What a good ISO system should actually do

A well-designed ISO 9001 system should:

• support how your business actually operates,

• reduce reliance on memory and last-minute firefighting,

• surface issues early, before they become problems,

• and require minimal ongoing attention.

In practical terms, it should be quiet. If your management system constantly needs updating, chasing, or “keeping alive”, it isn’t managing anything — it’s creating noise.

Why this matters even more in construction

Construction businesses operate under pressure. Tight programmes, multiple suppliers, and changing site conditions are normal. ISO systems built like office-based compliance tools don’t survive in that environment.

They become bloated, ignored by site teams, and maintained purely for audit purposes.

That isn’t a people problem. It’s a design problem.

A better way to think about ISO this year

As you move through the year ahead, there’s a simple but powerful question worth asking:

Is our management system giving time back to the business — or taking it away?

ISO success shouldn’t be measured by how much activity happens around the system. It should be measured by how effectively the system protects delivery, supports decision-making, and reduces friction.

Better ISO isn’t about doing more.
It’s about doing less — but doing it properly.

If ISO is stealing time from your business, it’s not compliance doing its job. It’s a signal that the system needs rethinking.

---

If this sounds familiar, it may be time to rethink how your ISO management system is designed.
Visit: https://accendo.org.uk/