What’s the point of publishing rules if company leaders aren’t going to enforce those rules? What purpose do they serve in deterring unacceptable conduct? Should we simply do away with organisational policies entirely and just hope for the best?
How do you
know which rules your organisation takes seriously and which ones they only give lip service to? This is important. Every organisation has policies, regulations, or mandated behaviours. Some of these are dictated by laws. Some by industry regulations or best-practices. Some are entirely home-grown.
Most of those rules are written with good intent but are not consistently followed. This can be because the organisation’s leaders don’t believe in them, because they’ve become obsolete, because users aren’t aware of them, or because it’s too much of a hassle to enforce them. No matter the cause, the end result of ‘only-on-paper rules’ is a natural erosion in worker faith in
all of the organisation’s rules … which leads, inevitably, to common flaunting of rules. Every observed instance of an ‘only-on-paper’ rule being violated without consequences reinforces the idea that company rules are strictly optional.
The antidote to this syndrome is direct confrontation and enforcement. When a leader sees a rule being broken, then call out the violation, correct everyone’s understanding of the associated rule, and act as required. In the military, we called this an ‘on-the-spot correction.’ It was the duty of every leader at every echelon to reinforce and clarify standards. This holds just as true inside a corporate culture. Business leaders
don’t have to act like shouty angry drill sergeants. They do, however, have to enforce the standards that they’ve set. If they don’t, those standards collapse.
Again: every organisation has its rules. Every organisation also has
people, and people are notorious for breaking rules. Deliberately, sometimes; accidentally other times. No matter what, organisational; rules are different from suggestions, aspirations, or cultural norms. Official rules carry weight: do (or don’t) do this; if you fail to comply, there will be
consequences. That the entire
point of publishing official doctrine. Warnings and training exist so that workers are forewarned about the behaviours that will get them reprimanded, demoted, or sacked, specifically
because it’s natural and normal for people to break rules. Pre-empting the inevitable.
The headache for doctrine writers is that people are not (contrary to business school case studies) servile automatons. Real people are naturally inclined to push against constraints; to probe the limits of their ability to deviate from norms. This isn’t criminal; it’s how people learn where the so-called ‘red lines’ are in their culture and how close they can manoeuvre near (but not over!) those red lines before they put themselves in danger.
sue imaginary cows. Anyone can sue anyone else for anything.
POC is Keil Hubert, keil.hubert@gmail.com
Follow him on Twitter at @keilhubert.
You can buy his books on IT leadership, IT interviewing, horrible bosses and understanding workplace culture at the Amazon Kindle Store.
Keil Hubert is the head of Security Training and Awareness for OCC, the world’s largest equity derivatives clearing organization, headquartered in Chicago, Illinois. Prior to joining OCC, Keil has been a U.S. Army medical IT officer, a U.S.A.F. Cyberspace Operations officer, a small businessman, an author, and several different variations of commercial sector IT consultant.
Keil deconstructed a cybersecurity breach in his presentation at TEISS 2014, and has served as Business Reporter’s resident U.S. ‘blogger since 2012. His books on applied leadership, business culture, and talent management are available on Amazon.com. Keil is based out of Dallas, Texas.
