I remember this from my time in banking. For those not familiar, essentially you need to disappear for two weeks a year without access to anything. This is basically a safeguard to make sure that operations are robust and won’t just fall over if you’re not there. It’s also to make sure you’re not cooking up something nefarious that requires you to be there every day and keep an eye on it.
I think that time away from a job has tremendous value for everyone. beyond the finance industry. Let's ignore the fun and regenerative benefits of vacations to the vacation-taker.
For the business:
* It's a real life test of what happens if an employee quits/resigns, with less impact (a team member will probably be able to reach them in an emergency).
* You can test your operational robustness (as mentioned by the parent comment).
* It exposes holes in processes and documentation that have been papered over by a human.
* The vacation may reveal tasks which can be delegated to others or not done at all (timeline depending, of course).
Damn. This just hit home for me really hard. On a previous team, I would take on tasks, learn what's going on, and then try to get a team mate up to speed so I wouldn't be the only one who knew how to run things. I feel like none of my team mates really took on those tasks or aspects of the work.
Over time this made me really angry at the team. It really shut down my brain because I had so many things to juggle. I really wish I could have replaced myself. I wound up just leaving the team, I think they struggled for a while.
When you're on a team with someone who seems to know everything, some people are much less motivated to learn the system. Also, sometimes things just suck. Sometimes you just have a team of jaded short-timers about to leave. Sometimes you have a team of junior employees who can "make things work" but leave a trail of half baked decisions.
There are certainly employees who think that they're so uniquely valuable that it would be unthinkable for them to take a 3-4 week vacation. Their employer, for the most part, does not suffer from the same delusion.
I took a week off recently. My teammates just sat on multiple “24 hour turnaround” requests until I got back, because they were too used to thinking of it as my job to bother even opening them.
Lots of large companies (I'm familiar, via friends, with Exxon) have a strong "rotation" policy in finance & related, for this exact reason. Many classes of fraudulent activity rely on networks of people who trust each other. If you break up the network, you can prevent gross levels of fraud.
Tangentially related: it's one of the reasons why government positions should be (randomly) rotated. In many ways, it's the same reason why we should choose our elected representatives randomly. (Also: I'm under the impression that random selection of representatives is one of the few ways to implement robust, fair representation.)
The research I've seen (slight) is that a random person is, on average, a more competent statesman than the average politician. (This is a result of the self-selection bias in people choosing a political career.)
The major downside is a lack of accountability; however, at least in large parts of the US, factionalism & gerrymandering have almost completely removed accountability, so we're not really losing anything.
Can you point us to any of that research? I'd be very interested to see how they managed to measure people's competence to serve as government officials. I'm frankly skeptical that can be done in a useful way.
I find this idea somewhat compelling. Anecdotally, my favorite boss was someone who did not want the job. He just looked around and realized the alternatives were worse. Meanwhile, everyone else seems to have arrived at the position by wanting the power/wealth of continuing to climb the ladder.
> The research I've seen (slight) is that a random person is, on average, a more competent statesman than the average politician. (This is a result of the self-selection bias in people choosing a political career.)
This seems extremely unlikely just by virtue of the fact that the average person has an IQ of 100 and the average MP doesn’t. Practically guaranteed to be above 115. There are very large differences in education. The median voter in the US is over 50 and never went to, never mind graduate from, college.
For that reason, instead of picking people directly at random, pick ballots at random to fill up parliament.
In theory, you could pick random votes first, and then ask them about their choice. But there's all kinds of targeted influence possible at that stage. So let voters make their choice first, and then pick randomly.
You'd need some kind of resolution mechanism for when multiple random ballots have the same candidate on them. Eg give the guys vote in parliament a higher weight, or have people write down multiple candidates in order, or just pick another random vote etc. (Some resolution mechanisms might work better than others. I don't know.)
I've long thought that once a person attains a certain level of success, roughly including college degree, certain military rank, managerial position of certain scope at medium-large company, etc., they should be subject to random political service in state or federal legislature or executive branches. Perhaps after one term, they can stand for re-election for maximum of two terms, 10 years max, to take advantage of experience gained. Pay should be greater of a set level or 110% of their max earnings in previous 5yrs (so service is not punitive).
There would of course be some random evil and grifters, but their concentration and ability to embed for life would be very limited.
How we get from constitutional structure to there is another question.
I'm all in favour of sortition, but I don't think it's a good idea to force people to serve.
Just pick randomly from all willing candidates to fill up parliament. Or even better: still have elections were people can vote for willing candidates, but instead of picking the winner by some kind of majority or proportionality scheme, you pick n ballots at random to fill up the n seats in parliament.
(You can come up with your favourite scheme to handle the case when a single candidate gets multiple votes for her selected. Eg give her extra weight in decisions?)
I would suggest using sortition only for instances where the law of large numbers helps you. Eg for filling up a parliament with a few hundred representatives, but not for picking a single president.
1.) Going to throw people into an unfamiliar role for, say, a couple years. So they're going to heavily lean of whatever permanent staff/civil service there is because their knowledge of the job is extremely limited
2.) You'd basically be asking/telling people to take two years off their job--for probably quite limited pay. (Sort of federal grand jury duty on steroids.) Which I can't believe would be very popular.
For 2 just have it be you’re
paid the max of the roles minimum or your old salary for those two years, maybe with a good bonus to make it even more palatable.
The government has the benefit of being able to eschew normal market pricing for things including job pay.
(1.A) Yes. As I said in another comment, though, it turns out that in the limited research that's been done, the average person is somewhat better at doing the job than the average career politician. The argument is that the sort of person who wants to be a career-politician is uniquely unsuited to actually running a government.
(1.B) The civil servants should be randomly rotated.
(2) There's normally a mechanism to preselect a pool of applicants. Universal sortition is interesting, but has drawbacks. I am drawn to a nomination mechanism: you have to get enough (unique) nominations before you're allowed in the sortition pool.
This is a major reform, as the politicians who are captured by various interests have STRONG incentives to join that Committee. For example, look at the Senate Energy & Natural Resources Committee -- there's only two Senators from states east of the Mississippi River, and one is West Virginia (a major energy provider as well). An elected official requesting a spot on the committee from an energy consuming state will have a very hard time.
The Republican party is somewhat better than the Democrats on this-- Committee reform was a major plank of the 1994 Contract With America and the GOP still has term limits for Committee Chairmen.
It probably somewhat depends on the level. I don't really expect random state reps or other local elected officials have any particular qualifications. They certainly aren't paid as if they did. In some states, such are basically part-time jobs. I do think it's a job a fair number of people would hate.
Low pay at the state/local level basically guarantees some level of corruption as the pool of applicants gets very tight when you combine small districts with minimum wealth requirements. How much that’s a feature or a bug is debatable.
> (1.B) The civil servants should be randomly rotated.
Institutional knowledge in civil service is the only reason our government functions even as well as it does. I'm not sure that's a great idea.
Also, it's a job like any other, and the more unpleasant you make it, the more workers with options will leave. And the workers with options will tend to be your best ones.
Isn't this sort of how ministries work in the UK, you have a dedicated civil service that does most of the work and then a politician that may or may not know whats going on setting direction?
The Japanese company that I worked for, for almost 27 years, had a similar policy.
Everyone in Japan, rotated, at least, every two years. Often, more frequently. This included very senior-level executives.
I'm not sure that it was to combat fraud, but I'm sure that was a knock-on effect.
I would work with engineers for many years, but they would be working on different projects, and might suddenly appear in the project I was on, many years after the last time I saw them.
They also had a lot of vacation/holiday time, but the company told them when they would take it. I think that more seniority gave you more discretion.
When I worked at IBM just out of college, my manager introduced me to someone who was getting promoted three levels up. It turned out that he had some months previously figured out how four people working together could evade the accounting controls and transfer $25 million out of the company on a Friday afternoon and be in Brazil or wherever (never to be seen again, presumably) before Monday. He reported the flaw in the controls and the promotion was the recognition of his acumen...
Such a policy is considered an important internal safeguard largely because of the fact that perpetration of an embezzlement of any substantial size usually requires the constant presence of the embezzler in order to manipulate records, respond to inquiries from customers or other employees, and otherwise prevent detection.
I went through this when working for a bank. It really felt like an outdated and not well thought out idea. I automated almost everything that I did daily. If I were doing something nefarious I would have automated it and it would still be running to this day within obfuscated automation accounts and systems, not as me. This is not even a new concept. This applies equally to mainframes, on-prem servers, clouds, kittens and cattle.
If you were able to do that, someone (probably multiple people) weren't doing their jobs. That should have been architecturally impossible.
At a certain level, you can't fix stupid (note: the person in my anecdote wasn't the stupid person). Example: once upon a time I worked for a very large public utility and got to be friends with a cool guy who seemed to live in the underground server rooms below Utility HQ. He would offer us (infosec group) 'free' hardware from time to time, which was cool (bear in mind CAPEX is a very good thing in the regulated utility industry, so there were all kinds of things kicking around taking up space).
At one point I was wandering around the halls underground, he spotted me, and said "Hey Mark, can you use this?" while pointing to a check printing machine loaded with valid corporate check paper. My jaw dropped. The first thing I did was look around for 'tells' of a corporate security sting. Dollar signs rolled in front of my eyes.
I asked said subterranean server room dweller if he had any idea what he had, and what he could do with it (I have no doubt one could easily make off with zillions of dollars and have it written off as billing errors). He smiled and said "no," to which I replied that was a good thing for our shareholders, and that he should probably properly dispose of that thing toot sweet. All the processes in the world and yet there was a literal money-printing machine hanging out with no oversight at all, prey to anyone with an RS-232 connection.
This, and laziness in the name of avoiding friction and remaining competitive. In every size organization I have been in the customer code will be audited by third parties. I have never seen internal automation audited by third parties. Not in banks or financial institutions. I've worked for both big banks and small financial institutions that grew into big ones. People get spread thin and fight to maintain control of the systems and code they are responsible for and this is only getting worse with time in my experience. With time more command and control systems are spread out and inter-connected with on-prem and cloud solutions that delegate root privs to third parties running entirely closed source code with very little consequences for damages. Infosec and security orgs apply very outdated logic that would not even stop an amateur attacker.
If you were able to do that, someone (probably multiple people) weren't doing their jobs.
By design these jobs do not exist at least not in a meaningful manor. People validate change tickets. People validate that code does what it says it does but that's where they usually stop. Security organizations these days are being moved under the same orgs that manage code to reduce friction. This stops Security Theater which is indeed a real problem but it also curtails people going down rabbit holes. Close ticket, move onto other issues, don't block a team from getting work done. Don't like what someone is trying to implement? No problem, design a better solution. For 8000+ developers? Yeah nobody scales like that.
People review individual code snippets. People stopped looking at big pictures of implementations. Disasters like Solar Winds don't happen because of one piece of nefarious code. They happen because a broken framework of thousands of pieces of poorly thought out code are glued together. There comes a point where the junk-yard of automation gets so big and ugly that even if leaders wanted to overhaul it they could not and if something nefarious was occurring nobody would see it, probably not even for a long time after damages were done. It's next to impossible to reverse engineer junk-yard automation which is what most automation becomes with time.
Yes, but this assumes that the people involved are the everyday finance idiots who think that excel is the tool of choice for automation.
There is truth in this but what I am referring to is happening with principal and senior developers and orgs that would never touch excel. In fact Microsoft products are forbidden by contract in the production datacenters I have worked with in the last couple of decades.
It's hard to see nefarious behavior when it depends on thousands of pieces of automation and frameworks that are poorly glued together. It's even happening albeit slowly in my favorite operating system that has no shortage of incredibly intelligent and talented developers. Ironically these folks won't see it because they did not experience all the vulnerable frameworks and bandages that Windows implemented early on and now history is rhyming with udev + systemd + debugfs + binfmt + firewalld + ebpf glued together but that is a long topic in and of itself.
Another related topic could be vehicle automation and inter-connectivity. I am intrigued and curious to see how that one plays out.
IT Audit/Governance manager here. This is still a very common preventative/detective control in many businesses even outside of Financial Services, so much so that it is taught as part of many IT governance certifications such as the ISC2 CISSP and ISACA CISA.
Although the provenance of the control is to deter and detect fraud, it also helps to highlight key-person dependencies (where a process cannot run without a specific individual present). On the flip-side, humans are very innovative creatures and you can use this control to identify where someone has found a way to bypass parts of the process (the process time suddenly increases a lot when someone in the team is on their mandatory-vaykay, or the quality suddently drops).
I also see it used in smaller companies by bosses who want to simulate the effects of a person quitting, and how confident the rest of the team are to take over the running of a task.
> I also see it used in smaller companies by bosses who want to simulate the effects of a person quitting, and how confident the rest of the team are to take over the running of a task.
Aka the Bus Factor. What if our lead engineer takes a bus out of town (or the darker version).
Even in large companies, work is done by teams and those teams are susceptible to this problem as well.
I was working with an IoT company who proudly showed us, their biggest customer, how the signing keys to particular actions that could impact many, many people were held on a rather trick little Spyrus USB stick. Which they displayed. In the pocket of a person that had the requisite passphrases to access it all on her own.
I asked what would prevent the person from hopping a plane out of nearby SFO and having a pleasant CCP-funded retirement and they turned all sorts of colors. They invested in a proper storage mechanism (and key management processes) after that.
With respect; a lot of us out here know and used many of those the same way; we’re silently aware of the intent. I used to be that way. Over time feeling the need to fake it fell away; now I just mock everyone through muted indifference and a shrug, “good job at being a member of social life like everyone else” kind of energy.
Emotional archetypes are limited. You have borrowed others ideas because that’s how it works; you memorized such emotional states from others. Awareness of such emotional state is not yours alone.
See. That’s how you put someone down. Directly. Not through passive aggressive southerner classics. You’re far too obvious to those who have diverse real world experience and just come off as a cliche. But we silently eye roll rather than validate such antics through feedback, good or bad.
I used to say, "in case I fall off a cliff," and then in a previous job a colleague went mountain climbing and literally fell to his death off a cliff. Now I just say, "for when I'm not around."
Similar here. 2000/2001(?), I was talking about the bus factor with a client, indicating that I'd brought on a couple more folks on my team - one part time, one full time, to avoid the bus factor.
"what do you mean?"
"oh, in case I get hit by a bus"
Silence.
Someone in their company had been hit by a bus and died a couple weeks earlier. Not in their department - it wasn't a direct friend/colleague - but it was... awkward enough that I didn't use that phrase again for a long time. And even when I do, I tend to catch myself before and rephrase it.
My defined benefit pension was basically handled by one person through a number of decades (and a couple acquisitions). If you wanted to start receiving your pension or whatever, you called so and so. I assume some degree of chaos would have ensued if something unexpected happened to her one day.
I assume she eventually retired or something because it was transferred to one of the big benefits companies a few years back.
That happened to my dad when he retired from a gov agency. He had an unusual situation and was held hostage for about a year, and eventually was able to retire with the intervention of a State Senator.
It was interesting when I joined my current employer about ten years ago after having worked for a big computer maker for about a decade (with an in between longish stint at a couple small to very small companies).
At the computer maker, where my pension is from, getting things done tended to be about reaching out to the right person who knew how to make such and such happen. Of course at the intervening smaller companies everyone knew everyone else. Where I am now, personal connections still matter of course. But when I joined, it was a bit of an adjustment to just "submit a ticket" rather than tracking down the right individual to ask a question or do something--at least with respect to company operations like payroll, benefits, or legal.
True, my company was founded basically as an agglomeration of several small companies where everyone knew each other, but due to big investment and commitments it was built with more formal business processes from the start. Old-timers like me still need occasional reminding that tickets do, in fact, are generally picked up without additional personal reminders.
It’s fascinating seeing a company successfully grow from 30 to 300 in a couple of years, with effectiveness mostly increasing.
i used to know the "pension person". and she wanted to keep working from home to take care of her family. the execs said no, so she quit. never had a backup person because.... that would have cost extra FTE.
chaos did, in fact, ensue. pretty sure it was part of the reason some big clients left.
Interestingly, I work in DoD IT where everyone is required to have certifications from ISC2, ISACA, CompTIA, etc. so we all get taught and tested on knowledge of this and many other controls, but I haven't actually heard of it formalized or enforced. In practice, we just rely on ad hoc high turnover as people change jobs every year or two, or get pulled away into unrelated projects, or sent away for exercises and deployments.
I worked a lot for banks and aside from mandatory vacation there are other rules.
For example in one bank I worked for there is a 2 year limit on how long you can work there as a contractor. This is to make sure that all key personnel is actually employed by the bank and the assumption being that if somebody worked for 2 years they become key personnel by default and have to either be hired as an employee or fired as a contractor.
One big reason for this is the tax law in US and Canada. Legally, contractors (esp. when incorporated) are considered employees if they work exclusively for one client over an extended period of time without interruption. Occasionally, I have seen such contractors take a few month sabbatical and return to work after that (still contracting).
Note: There are other criteria that have to be met as well for the govt to consider someone an employee:
- if work happens a the employer’s premises
- if the employer owns all equipment needed for work
- how is the work instructed - can denote a manager/employee dynamic)
Microsoft has approximately the same rule, and it’s entirely for the sake of employment law, not because they care about key personnel being contractors.
> IT Audit/Governance manager here. This is still a very common preventative/detective control in many businesses even outside of Financial Services, so much so that it is taught as part of many IT governance certifications such as the ISC2 CISSP and ISACA CISA.
This is covered in accounting and the CPA as well. Not that I'd necessarily recommend a CPA over an IT auditor in many cases.
Fun related anecdote: I used to be involved with doing data analysis of rogue traders in financial services and was involved in discovering and investigating several of these incidents.
In every case that I was personally involved in uncovering/investigating, suspicions were initially raised when the employee went on compulsory block leave.
Not that much detail I can share publicly about detection methods etc although some of it is public because I have patents.
The reason block leave is important is that some of the coverup behaviour has ponzi-like characteristics. So say you have a hole in one account because you’ve lost a lot of money. You find a way to cover that up by booking fake trades say. Well trades have a settlement and some gnome in the back office is going to contact the counterparty on the fake trade when the trade fails to settle and your fraud will be discovered so you have to cover that up before the trade settles. So maybe you move some money from another account (by booking a trade) and cancel your first fake trade, then you need to book a fake trade in your second account which you will then need to cancel and cover hp in the same way.
Basically the perpetrator often ends up on the coverup merry go round which falls apart if the take time away.
Two weeks seems weak; I would think five weeks is the minimum to catch things that happen monthly; unless part of the two weeks is specifically checking things.
There’s a rather prominent base with a large power footprint. So large that it has it’s own substation right off some main interstate power lines. The state has a policy that if you anticipate your electric bill will exceed last year’s electric bill, you can request a waiver. The base facilities person diligently submitted that from 1967 to 2020 when they retired. The 2021 bill was more than an order of magnitude larger. Something like 600K to 20M if I recall. The front office had to go ask the folks in DC for help.
> if you anticipate your electric bill will exceed last year’s electric bill, you can request a waiver
I suspect this was intended to be utilized by poor people who struggle to afford to power their homes. The US Military is certainly well funded enough to pay its electric bills.
You have to also make sure everyone is not taking vacation at the same time. In most of the places I've worked, nothing gets done in December because everyone is using up their vacation over the holidays. If something untoward were going on, nobody would be around to notice the absence of the bad actor.
This is why smart companies offer sabbaticals after 4-5 years. It forces the senior employees to teach their peers how to do their jobs and make sure they don't have any critical information or the only ones who can access a resource.
Where my wife used to work, the CFO seldom took vacations. A department head who loathed the CFO thought this very suspicious. As far as I ever heard, though, the CFO, whatever her faults, was honest.
I have been in peer groups of small and medium sized businesses. Many of these smaller organizations have only one person in the role of Controller or Comptroller and are vulnerable to embezzling. One interesting policy I have seen implemented is that this person gets extra vacation time in addition to what a normal employee gets, but never at time of their choosing. The CEO or COO just comes in one day and says, "Congratulations! Take the next X days off." The organization is forced to plan ahead for the Controller being unavailable and the Controller cannot hide much.
98 comments
[ 3.9 ms ] story [ 155 ms ] threadFor the business:
* It's a real life test of what happens if an employee quits/resigns, with less impact (a team member will probably be able to reach them in an emergency).
* You can test your operational robustness (as mentioned by the parent comment).
* It exposes holes in processes and documentation that have been papered over by a human.
* The vacation may reveal tasks which can be delegated to others or not done at all (timeline depending, of course).
Here are my general thoughts on that: https://letterstoanewdeveloper.com/2021/09/13/always-be-repl...
tl;dr "...you should always be looking at ways to replace yourself. This will free you up to work on new tasks and learn new things."
Over time this made me really angry at the team. It really shut down my brain because I had so many things to juggle. I really wish I could have replaced myself. I wound up just leaving the team, I think they struggled for a while.
When you're on a team with someone who seems to know everything, some people are much less motivated to learn the system. Also, sometimes things just suck. Sometimes you just have a team of jaded short-timers about to leave. Sometimes you have a team of junior employees who can "make things work" but leave a trail of half baked decisions.
-Flavor text from Netrunner CCG (1996)
Tangentially related: it's one of the reasons why government positions should be (randomly) rotated. In many ways, it's the same reason why we should choose our elected representatives randomly. (Also: I'm under the impression that random selection of representatives is one of the few ways to implement robust, fair representation.)
The major downside is a lack of accountability; however, at least in large parts of the US, factionalism & gerrymandering have almost completely removed accountability, so we're not really losing anything.
MP means Member of Parliament (or equivalent representative of a democratic government). Belgium has been a hot-spot for this kind of initiative.
This seems extremely unlikely just by virtue of the fact that the average person has an IQ of 100 and the average MP doesn’t. Practically guaranteed to be above 115. There are very large differences in education. The median voter in the US is over 50 and never went to, never mind graduate from, college.
For that reason, instead of picking people directly at random, pick ballots at random to fill up parliament.
In theory, you could pick random votes first, and then ask them about their choice. But there's all kinds of targeted influence possible at that stage. So let voters make their choice first, and then pick randomly.
You'd need some kind of resolution mechanism for when multiple random ballots have the same candidate on them. Eg give the guys vote in parliament a higher weight, or have people write down multiple candidates in order, or just pick another random vote etc. (Some resolution mechanisms might work better than others. I don't know.)
I've long thought that once a person attains a certain level of success, roughly including college degree, certain military rank, managerial position of certain scope at medium-large company, etc., they should be subject to random political service in state or federal legislature or executive branches. Perhaps after one term, they can stand for re-election for maximum of two terms, 10 years max, to take advantage of experience gained. Pay should be greater of a set level or 110% of their max earnings in previous 5yrs (so service is not punitive).
There would of course be some random evil and grifters, but their concentration and ability to embed for life would be very limited.
How we get from constitutional structure to there is another question.
Just pick randomly from all willing candidates to fill up parliament. Or even better: still have elections were people can vote for willing candidates, but instead of picking the winner by some kind of majority or proportionality scheme, you pick n ballots at random to fill up the n seats in parliament.
(You can come up with your favourite scheme to handle the case when a single candidate gets multiple votes for her selected. Eg give her extra weight in decisions?)
I would suggest using sortition only for instances where the law of large numbers helps you. Eg for filling up a parliament with a few hundred representatives, but not for picking a single president.
1.) Going to throw people into an unfamiliar role for, say, a couple years. So they're going to heavily lean of whatever permanent staff/civil service there is because their knowledge of the job is extremely limited
2.) You'd basically be asking/telling people to take two years off their job--for probably quite limited pay. (Sort of federal grand jury duty on steroids.) Which I can't believe would be very popular.
The government has the benefit of being able to eschew normal market pricing for things including job pay.
(1.A) Yes. As I said in another comment, though, it turns out that in the limited research that's been done, the average person is somewhat better at doing the job than the average career politician. The argument is that the sort of person who wants to be a career-politician is uniquely unsuited to actually running a government.
(1.B) The civil servants should be randomly rotated.
(2) There's normally a mechanism to preselect a pool of applicants. Universal sortition is interesting, but has drawbacks. I am drawn to a nomination mechanism: you have to get enough (unique) nominations before you're allowed in the sortition pool.
https://www.energy.senate.gov/members
The Republican party is somewhat better than the Democrats on this-- Committee reform was a major plank of the 1994 Contract With America and the GOP still has term limits for Committee Chairmen.
https://about.bgov.com/news/frustrated-democrats-mount-push-...
Institutional knowledge in civil service is the only reason our government functions even as well as it does. I'm not sure that's a great idea.
Also, it's a job like any other, and the more unpleasant you make it, the more workers with options will leave. And the workers with options will tend to be your best ones.
Source: have watched "The Think of It"
yes
> you have a dedicated civil service that does most of the work and then a politician that may or may not know whats going on setting direction?
this is the ministers and their private secretary.
> have watched "The Think of It"
you should also watch "Yes Minister" i find it a bit more charming if a little dated, but also quite real.
It has aged well and is arguably more relevant than it was when they released it.
Everyone in Japan, rotated, at least, every two years. Often, more frequently. This included very senior-level executives.
I'm not sure that it was to combat fraud, but I'm sure that was a knock-on effect.
I would work with engineers for many years, but they would be working on different projects, and might suddenly appear in the project I was on, many years after the last time I saw them.
They also had a lot of vacation/holiday time, but the company told them when they would take it. I think that more seniority gave you more discretion.
When I worked at IBM just out of college, my manager introduced me to someone who was getting promoted three levels up. It turned out that he had some months previously figured out how four people working together could evade the accounting controls and transfer $25 million out of the company on a Friday afternoon and be in Brazil or wherever (never to be seen again, presumably) before Monday. He reported the flaw in the controls and the promotion was the recognition of his acumen...
Such a policy is considered an important internal safeguard largely because of the fact that perpetration of an embezzlement of any substantial size usually requires the constant presence of the embezzler in order to manipulate records, respond to inquiries from customers or other employees, and otherwise prevent detection.
At a certain level, you can't fix stupid (note: the person in my anecdote wasn't the stupid person). Example: once upon a time I worked for a very large public utility and got to be friends with a cool guy who seemed to live in the underground server rooms below Utility HQ. He would offer us (infosec group) 'free' hardware from time to time, which was cool (bear in mind CAPEX is a very good thing in the regulated utility industry, so there were all kinds of things kicking around taking up space).
At one point I was wandering around the halls underground, he spotted me, and said "Hey Mark, can you use this?" while pointing to a check printing machine loaded with valid corporate check paper. My jaw dropped. The first thing I did was look around for 'tells' of a corporate security sting. Dollar signs rolled in front of my eyes.
I asked said subterranean server room dweller if he had any idea what he had, and what he could do with it (I have no doubt one could easily make off with zillions of dollars and have it written off as billing errors). He smiled and said "no," to which I replied that was a good thing for our shareholders, and that he should probably properly dispose of that thing toot sweet. All the processes in the world and yet there was a literal money-printing machine hanging out with no oversight at all, prey to anyone with an RS-232 connection.
This, and laziness in the name of avoiding friction and remaining competitive. In every size organization I have been in the customer code will be audited by third parties. I have never seen internal automation audited by third parties. Not in banks or financial institutions. I've worked for both big banks and small financial institutions that grew into big ones. People get spread thin and fight to maintain control of the systems and code they are responsible for and this is only getting worse with time in my experience. With time more command and control systems are spread out and inter-connected with on-prem and cloud solutions that delegate root privs to third parties running entirely closed source code with very little consequences for damages. Infosec and security orgs apply very outdated logic that would not even stop an amateur attacker.
If you were able to do that, someone (probably multiple people) weren't doing their jobs.
By design these jobs do not exist at least not in a meaningful manor. People validate change tickets. People validate that code does what it says it does but that's where they usually stop. Security organizations these days are being moved under the same orgs that manage code to reduce friction. This stops Security Theater which is indeed a real problem but it also curtails people going down rabbit holes. Close ticket, move onto other issues, don't block a team from getting work done. Don't like what someone is trying to implement? No problem, design a better solution. For 8000+ developers? Yeah nobody scales like that.
People review individual code snippets. People stopped looking at big pictures of implementations. Disasters like Solar Winds don't happen because of one piece of nefarious code. They happen because a broken framework of thousands of pieces of poorly thought out code are glued together. There comes a point where the junk-yard of automation gets so big and ugly that even if leaders wanted to overhaul it they could not and if something nefarious was occurring nobody would see it, probably not even for a long time after damages were done. It's next to impossible to reverse engineer junk-yard automation which is what most automation becomes with time.
There is truth in this but what I am referring to is happening with principal and senior developers and orgs that would never touch excel. In fact Microsoft products are forbidden by contract in the production datacenters I have worked with in the last couple of decades.
It's hard to see nefarious behavior when it depends on thousands of pieces of automation and frameworks that are poorly glued together. It's even happening albeit slowly in my favorite operating system that has no shortage of incredibly intelligent and talented developers. Ironically these folks won't see it because they did not experience all the vulnerable frameworks and bandages that Windows implemented early on and now history is rhyming with udev + systemd + debugfs + binfmt + firewalld + ebpf glued together but that is a long topic in and of itself.
Another related topic could be vehicle automation and inter-connectivity. I am intrigued and curious to see how that one plays out.
Although the provenance of the control is to deter and detect fraud, it also helps to highlight key-person dependencies (where a process cannot run without a specific individual present). On the flip-side, humans are very innovative creatures and you can use this control to identify where someone has found a way to bypass parts of the process (the process time suddenly increases a lot when someone in the team is on their mandatory-vaykay, or the quality suddently drops).
I also see it used in smaller companies by bosses who want to simulate the effects of a person quitting, and how confident the rest of the team are to take over the running of a task.
Aka the Bus Factor. What if our lead engineer takes a bus out of town (or the darker version).
Even in large companies, work is done by teams and those teams are susceptible to this problem as well.
I default to, what if Bob wins the lottery?
I was working with an IoT company who proudly showed us, their biggest customer, how the signing keys to particular actions that could impact many, many people were held on a rather trick little Spyrus USB stick. Which they displayed. In the pocket of a person that had the requisite passphrases to access it all on her own.
I asked what would prevent the person from hopping a plane out of nearby SFO and having a pleasant CCP-funded retirement and they turned all sorts of colors. They invested in a proper storage mechanism (and key management processes) after that.
Eg make it so that 10 out of 15 people employees need to sign.
HA! I've never heard this version of it. I've only ever heard the dark version. I like this better.
disgusting food -> interesting and unique flavor profile
bad movie -> the director made decisions that challenge audience expectations
take your crazy pills -> I had not heard of that before
and of course the Southern classic
you idiot -> bless your heart (this one doesn't really work anymore because people know it)
Edit: I remembered another one:
Resting B*tch Face -> Resting Business Face.
I'd heard it through two different management consultancy sources, but that could easily have a common root, of course.
Emotional archetypes are limited. You have borrowed others ideas because that’s how it works; you memorized such emotional states from others. Awareness of such emotional state is not yours alone.
See. That’s how you put someone down. Directly. Not through passive aggressive southerner classics. You’re far too obvious to those who have diverse real world experience and just come off as a cliche. But we silently eye roll rather than validate such antics through feedback, good or bad.
I try to be like "ok, let's get back to the topic"
"what do you mean?"
"oh, in case I get hit by a bus"
Silence.
Someone in their company had been hit by a bus and died a couple weeks earlier. Not in their department - it wasn't a direct friend/colleague - but it was... awkward enough that I didn't use that phrase again for a long time. And even when I do, I tend to catch myself before and rephrase it.
I assume she eventually retired or something because it was transferred to one of the big benefits companies a few years back.
At the computer maker, where my pension is from, getting things done tended to be about reaching out to the right person who knew how to make such and such happen. Of course at the intervening smaller companies everyone knew everyone else. Where I am now, personal connections still matter of course. But when I joined, it was a bit of an adjustment to just "submit a ticket" rather than tracking down the right individual to ask a question or do something--at least with respect to company operations like payroll, benefits, or legal.
It’s fascinating seeing a company successfully grow from 30 to 300 in a couple of years, with effectiveness mostly increasing.
chaos did, in fact, ensue. pretty sure it was part of the reason some big clients left.
For example in one bank I worked for there is a 2 year limit on how long you can work there as a contractor. This is to make sure that all key personnel is actually employed by the bank and the assumption being that if somebody worked for 2 years they become key personnel by default and have to either be hired as an employee or fired as a contractor.
Note: There are other criteria that have to be met as well for the govt to consider someone an employee: - if work happens a the employer’s premises - if the employer owns all equipment needed for work - how is the work instructed - can denote a manager/employee dynamic)
This is covered in accounting and the CPA as well. Not that I'd necessarily recommend a CPA over an IT auditor in many cases.
In every case that I was personally involved in uncovering/investigating, suspicions were initially raised when the employee went on compulsory block leave.
The reason block leave is important is that some of the coverup behaviour has ponzi-like characteristics. So say you have a hole in one account because you’ve lost a lot of money. You find a way to cover that up by booking fake trades say. Well trades have a settlement and some gnome in the back office is going to contact the counterparty on the fake trade when the trade fails to settle and your fraud will be discovered so you have to cover that up before the trade settles. So maybe you move some money from another account (by booking a trade) and cancel your first fake trade, then you need to book a fake trade in your second account which you will then need to cancel and cover hp in the same way.
Basically the perpetrator often ends up on the coverup merry go round which falls apart if the take time away.
I suspect this was intended to be utilized by poor people who struggle to afford to power their homes. The US Military is certainly well funded enough to pay its electric bills.
[1] https://netflix.github.io/chaosmonkey/