[x55j33]

IT Audit/Governance manager here. This is still a very common preventative/detective control in many businesses even outside of Financial Services, so much so that it is taught as part of many IT governance certifications such as the ISC2 CISSP and ISACA CISA.

Although the provenance of the control is to deter and detect fraud, it also helps to highlight key-person dependencies (where a process cannot run without a specific individual present). On the flip-side, humans are very innovative creatures and you can use this control to identify where someone has found a way to bypass parts of the process (the process time suddenly increases a lot when someone in the team is on their mandatory-vaykay, or the quality suddently drops).

I also see it used in smaller companies by bosses who want to simulate the effects of a person quitting, and how confident the rest of the team are to take over the running of a task.

[csours]

> I also see it used in smaller companies by bosses who want to simulate the effects of a person quitting, and how confident the rest of the team are to take over the running of a task.

Aka the Bus Factor. What if our lead engineer takes a bus out of town (or the darker version).

Even in large companies, work is done by teams and those teams are susceptible to this problem as well.

[jedberg]

> What if our lead engineer takes a bus out of town

HA! I've never heard this version of it. I've only ever heard the dark version. I like this better.

[csours]

Coming up with euphemisms is my hobby. No one can tell when I'm being mean now.

disgusting food -> interesting and unique flavor profile

bad movie -> the director made decisions that challenge audience expectations

take your crazy pills -> I had not heard of that before

and of course the Southern classic

you idiot -> bless your heart (this one doesn't really work anymore because people know it)

Edit: I remembered another one:

Resting B*tch Face -> Resting Business Face.

[sokoloff]

"Good For You!" is code for "Go F** Yourself!" in some circles. (would become the same three-letter acronym)

I'd heard it through two different management consultancy sources, but that could easily have a common root, of course.

[thrillgore]

Alternatively, "Pull Requests Welcome" is also code for "Go f*** yourself."

[tb_technical]

In some communities "Go f** yourself!" is code for "see ya later!", also.

[cosmodisk]

We used to have a Scotsman as a site manager. Every single day when we were wrapping for a day, he used to say: well, fuck off now! Nice bloke.

[cosmodisk]

Are you planning to live in England by any chance?:)

[rootsudo]

Sigh.

[yeasurebut]

With respect; a lot of us out here know and used many of those the same way; we’re silently aware of the intent. I used to be that way. Over time feeling the need to fake it fell away; now I just mock everyone through muted indifference and a shrug, “good job at being a member of social life like everyone else” kind of energy.

Emotional archetypes are limited. You have borrowed others ideas because that’s how it works; you memorized such emotional states from others. Awareness of such emotional state is not yours alone.

See. That’s how you put someone down. Directly. Not through passive aggressive southerner classics. You’re far too obvious to those who have diverse real world experience and just come off as a cliche. But we silently eye roll rather than validate such antics through feedback, good or bad.

[csours]

I read this comment with a Werner Herzog accent. I hope that's ok with you.

[ls15]

The best response to passive aggressive attacks is their own echo.

I try to be like "ok, let's get back to the topic"

[packetslave]

bless your heart.

[ok_dad]

I used to say, "in case I fall off a cliff," and then in a previous job a colleague went mountain climbing and literally fell to his death off a cliff. Now I just say, "for when I'm not around."

[mgkimsal]

Similar here. 2000/2001(?), I was talking about the bus factor with a client, indicating that I'd brought on a couple more folks on my team - one part time, one full time, to avoid the bus factor.

"what do you mean?"

"oh, in case I get hit by a bus"

Silence.

Someone in their company had been hit by a bus and died a couple weeks earlier. Not in their department - it wasn't a direct friend/colleague - but it was... awkward enough that I didn't use that phrase again for a long time. And even when I do, I tend to catch myself before and rephrase it.

[csours]

Holy crap!

[hirundo]

> (or the darker version)

I default to, what if Bob wins the lottery?

[aerostable_slug]

Or moves to China...

I was working with an IoT company who proudly showed us, their biggest customer, how the signing keys to particular actions that could impact many, many people were held on a rather trick little Spyrus USB stick. Which they displayed. In the pocket of a person that had the requisite passphrases to access it all on her own.

I asked what would prevent the person from hopping a plane out of nearby SFO and having a pleasant CCP-funded retirement and they turned all sorts of colors. They invested in a proper storage mechanism (and key management processes) after that.

[eru]

Funny thing, you can actually use USB sticks and passphrases like they did. But you need to have multi-party signing.

Eg make it so that 10 out of 15 people employees need to sign.

[twawaaay]

I worked a lot for banks and aside from mandatory vacation there are other rules.

For example in one bank I worked for there is a 2 year limit on how long you can work there as a contractor. This is to make sure that all key personnel is actually employed by the bank and the assumption being that if somebody worked for 2 years they become key personnel by default and have to either be hired as an employee or fired as a contractor.

[jagtesh]

One big reason for this is the tax law in US and Canada. Legally, contractors (esp. when incorporated) are considered employees if they work exclusively for one client over an extended period of time without interruption. Occasionally, I have seen such contractors take a few month sabbatical and return to work after that (still contracting).

Note: There are other criteria that have to be met as well for the govt to consider someone an employee: - if work happens a the employer’s premises - if the employer owns all equipment needed for work - how is the work instructed - can denote a manager/employee dynamic)

[lazyasciiart]

Microsoft has approximately the same rule, and it’s entirely for the sake of employment law, not because they care about key personnel being contractors.

[ghaff]

My defined benefit pension was basically handled by one person through a number of decades (and a couple acquisitions). If you wanted to start receiving your pension or whatever, you called so and so. I assume some degree of chaos would have ensued if something unexpected happened to her one day.

I assume she eventually retired or something because it was transferred to one of the big benefits companies a few years back.

[Spooky23]

That happened to my dad when he retired from a gov agency. He had an unusual situation and was held hostage for about a year, and eventually was able to retire with the intervention of a State Senator.

[ghaff]

It was interesting when I joined my current employer about ten years ago after having worked for a big computer maker for about a decade (with an in between longish stint at a couple small to very small companies).

At the computer maker, where my pension is from, getting things done tended to be about reaching out to the right person who knew how to make such and such happen. Of course at the intervening smaller companies everyone knew everyone else. Where I am now, personal connections still matter of course. But when I joined, it was a bit of an adjustment to just "submit a ticket" rather than tracking down the right individual to ask a question or do something--at least with respect to company operations like payroll, benefits, or legal.

[ansgri]

True, my company was founded basically as an agglomeration of several small companies where everyone knew each other, but due to big investment and commitments it was built with more formal business processes from the start. Old-timers like me still need occasional reminding that tickets do, in fact, are generally picked up without additional personal reminders.

It’s fascinating seeing a company successfully grow from 30 to 300 in a couple of years, with effectiveness mostly increasing.

[eru]

Nice illustration of the positive, pragmatic side of bureaucracy.

[fatneckbeardz]

i used to know the "pension person". and she wanted to keep working from home to take care of her family. the execs said no, so she quit. never had a backup person because.... that would have cost extra FTE.

chaos did, in fact, ensue. pretty sure it was part of the reason some big clients left.

[warner25]

Interestingly, I work in DoD IT where everyone is required to have certifications from ISC2, ISACA, CompTIA, etc. so we all get taught and tested on knowledge of this and many other controls, but I haven't actually heard of it formalized or enforced. In practice, we just rely on ad hoc high turnover as people change jobs every year or two, or get pulled away into unrelated projects, or sent away for exercises and deployments.

[formerkrogemp]

> IT Audit/Governance manager here. This is still a very common preventative/detective control in many businesses even outside of Financial Services, so much so that it is taught as part of many IT governance certifications such as the ISC2 CISSP and ISACA CISA.

This is covered in accounting and the CPA as well. Not that I'd necessarily recommend a CPA over an IT auditor in many cases.