More Ramblings from a Los Angeles Programmer

May 29, 2007

View from the top

Filed under: daily life — Josh DeWald @ 7:16 pm

I was walking home from work and for some reason I remembered the time shortly after I started working at my current company and needed to access to something. I talked to one of the management guys because I couldn’t find it and he said “Oh, well everyone is supposed to check it so it should be on the list.” I remember laughing to myself and just walking away, because of course nobody actually used the check out list! You had to find the spreadsheet on the shared file system, open it in Excel (assuming it wasn’t locked by someone else, which it probably wasn’t), find the right worksheet and put my name and other details. Or I/everyone could just take it and not fill in the sheet. Which do you think usually happened? Nobody ever filled it out? It was way too inconvenient. When we needed to track something down, we just sent out an email or asked someone who probably had it.

So there was no real incentive to fill in the sheet, and the end goal (getting the item) was still accomplished. There was no “auto check-out” and no gatekeeper (the items were just in labelled boxes). Nonetheless, the manager fellow still believed that the check-out system worked, because, well that was the “policy”. He never had any need to make use of the policy and just assumed it was followed.

When our company first added a VPN to the system, you were unable to use the public internet while on it. How quickly do you think it was before every person became an expert (or became a friend of someone who was) at modifying their routing tables so that the internet could still be used. I’m sure that the upper management in the IT felt safe knowing that the system was “protecting” the network (don’t ask me how… this is not an effective security policy) while everyone on the ground was happily using their computer the way they wanted to. It was too inconvenient to do otherwise! It had nothing to do with just browsing the web, doing our job required us to be able to use Google for technical searches or one of many other necessary sites. The new VPN is simply a plugin for a browser that basically creates some tunnels so you can easily access both the public internet and the private network. I haven’t heard of any problems.

McDonald’s always claims “Service with a smile”. That’s their corporate policy. Do you think the high school kids working for beer and pot money at minimum wage really care about the policy? But no doubt all the way up the line the view is that there’s this amazing customer service.

When I worked at VONS (supermarket in the United States) they had a similar policy. What they also had was a “secret shopper” program tied to a profit sharing system. Only if the store got a perfect score during the “secret” shops did we get part of the profit sharing. I’ll tell you what, there was some “service with a smile” in that place. There was both incentive, and automatic feedback (through scores on the shops) back up to upper management. So there was no way for them to “fire and forget” the policy.

One wonders if this is how we end up with “private contractors” torturing people in Iraq. Officially, I’m sure, the government just wanted some information. And “officially”, we didn’t condone torture. But hey, if the information comes, I’m sure there weren’t a lot of questions filtering back down about how it came about. Sadly, there were also actual service men (and women) involved in humiliation and torture of people. Again, there was no feedback up the top (until there were pictures on the Internet) so if you’re of the mindset to do that sort of thing, why not? I don’t think it has a lick to do with the fact that they were in the military, but rather that happened to be how the got their jollies and there was nobody policing them. Officially though, the government would never condone that. I hope.

So if you’re the policy-making type,  know that people don’t just blindly follow if it’s inconvenient, doesn’t seem to have any tangible benefit, or appears to prevent them from doing something that they want/need to do. If you think the policy must be followed, then you better have checks in place to enforce it. So ask yourself if the extra bureaucracy is really worth it.


  1. In principle, I agree with you. We should not be in the habit of developing policies that are not enforceable, do not add value, do not improve productivitity, or have no controls (automated or otherwise) to ensure they are being followed. However, policies and procedures seem to be used by organizations (and governments) as protective measures. What I mean by this is that the organization can use policies and procedres as data points for non-compliance and should something happen, such as someone getting hurt, items being stolen, or in the case of the resource you were attempting to access and you couldn’t find it because someone else currently had it and you were unable to identify who had it, because they didn’t follow the policy, then the organization (or government) can initiate corrective action and impose blame, since there was a policy that would have prevented it, yet it just wasn’t followed. (Sorry for my run on sentence.) All this said, I would be careful in asking for policies that are always enforced, as you then create an environment where we blame those responsible for policy enforcement, rather than those that did not adhere to policy. This said, I prefer the policies not to be there in the first place, yet in my opinion the organizations are responding to a need created by an employee (or population) that was not willing to be responsible for thier own actions. I ramble, but I hope you see what I am trying to say.

    Comment by kriggio — May 30, 2007 @ 4:34 am

  2. It’s hard to actually disagree with you… but I think some of that assumes that the policies *would* have prevented whatever negative action took place. So it’s really a “cover your ass” for the company’s sake so that later on it can point at the policy and say “Look, it’s not our fault, we had a policy.”

    Definitely agree that that it’s a bad environment if it’s the enforcers who get all the blame, but there should be enough that if the policy is just completely disagreed with by an employee and they don’t follow it, they can leave the company (voluntarily or involuntarily so). But if the policy isn’t even enforced, except after the fact, then it serves merely as a means of punishment for those that don’t follow it.

    Honestly I think some policies are definitely necessary, but policy makers should also be able to realize when a policy is ineffective or wrong and modify or remove it.

    This is why lawyers exist I suppose, because there are so many laws (policies) that people feel are unjust (DMCA) and feel should be broken.

    Comment by Josh DeWald — May 30, 2007 @ 8:20 am

  3. Both enforcement and litigation have a significant cost factor associated with them. Many organization may have trouble with this cost, yet need to protect themselves by having policies.

    Comment by kriggio — May 30, 2007 @ 8:11 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: