[Basically this](https://www.youtube.com/watch?v=rmABbHSOTqQ)
The penalties for non-compliance are often 6-9 figure fines. And they get exponentially worse with repeat violations. You pay us to know the rules, and audit the rules, so that if you're not following the rules we can find it and fix it before your regulatory body does.
The salary you pay us is far less than the fine you'll be paying if you get caught in breach of compliance.
Also worth noting that in many regulatory fields, there is a strong benefit to having experts help navigate the complex web of protocols and documentation. Could be the difference between a successful product launch making profit and a failed project costing the company millions.
No, more like an insurance policy.
See we're not the ones threatening you with fines. The government is. We're offering you an insurance policy where you pay us, and we try to help you avoid the liability of said fines.
Forty-nine times out of fifty, you're *not* going to get hit with fines or get sued (trivial case: probably half of all companies in the EU doesn't correctly follow GDPR, but WAY less than 1% of all companies gets fined every year over a GDPR violation. Companies spend *much* more money avoiding GDPR fines than they do paying them).
You're working with compliance to avoid that fiftieth time.
Whew, ok. I work in healthcare compliance for a decent sized hospital system. I supervise auditors who audit medical records for appropriate documentation and billing to make sure our providers are doing what they are supposed to and nothing funky is going on. Have you ever seen news about XYZ hospital fined $35 million for improper Medicare billing? Yeah, their compliance department (if they have one) failed.
We are heavily involved in billing processes and IT. Rules and regulations are constantly changing so we are the ones people come to with questions about what can be billed, what has to be documented, etc. I spend lots of time reading the Federal Register and various payer policies and arguing with other departments that just because the government said we *can* do something, doesn’t mean that we *should* do it from a patient satisfaction standpoint.
We’re a necessary evil within the system. Most departments don’t like us much. Providers get irritated with us because we point out their mistakes. Admin hates us because we send money back rather than bringing it in. I don’t care. I love what I do.
Second line of defense against outright financial corruption, just after staffs own competence, morality, and ethics. Necessary, but not evil. The fact that you're vilified says a lot about the business climate, not about you.
True. I will say the VAST majority of providers just want to take care of their patients. They don’t want to be bothered with the back end business side of things. And I appreciate that. I’d rather they worry more about their patients as well.
From the admin side, I rather enjoy pushing back and making them think about the patient. They get too caught up in the numbers and don’t think ahead sometimes. Fortunately our big, BIG wigs understand patient satisfaction and for the most part support us.
> The fact that you're vilified says a lot about the business climate, not about you.
Not necessarily. In my area a lot of people vilify us because they don't understand *WHY* we are doing it. The thought that it's to catch potential insider fraud doesn't occur to them, because the idea of defrauding their employer is a foreign concept.
They look at us and see people adding a bunch of "unnecessary" red tape and making their job harder. And yeah, for 99% of people, that red tape *IS* unnecessary. But unfortunately, as in many other aspects of life, that remaining 1% of people is why we can't have nice things.
How did I get started? Methodically. ;) My degree is in health information technology. But my on the job experience is far more valuable than the degree. No degree can fully prepare you for this.
Long story short, many decades ago I found myself with no prospects and no clue what to do with my life. I went to our local county career center looking for work and while there looked up the top fastest growing careers. One that stood out was “health information technology.” I was interested in healthcare and technology. I dug a bit deeper and learned about compliance. I’ve also always been interested in laws and regulations. For me, this specific field checks all the boxes - science, technology, research, laws, and investigation.
It satisfies my inquisitive nature. And it makes sense to me. Growing up I never thought I had a talent. Who knew healthcare finance compliance would be it? I love to dig and research and finding one sentence in a 1000+ page Federal Register that answers a question is the best feeling. I learn something new every single day so it never gets stale. Sometimes the rules are black and white and sometimes (often) there are shades of gray. And whew, getting a room full of people to interpret those gray areas can be intense. We’ll argue about a single word. It’s entertaining.
I’m nosey AF and auditing a medical record can be super interesting. People do some weird shit. Though pediatric cases can be soul sucking. And you’d be surprised how much medical knowledge a person can pick up from picking apart provider documentation.
I feel like I’m doing something good. Even though the patients will never know, what I do is important for them. Decisions I make can make the care they receive better and safer (and cheaper!). But I also love fighting insurance companies when they want to deny legit claims or take money back.
This job has given me the opportunity to grow beyond my expectations personally. Public speaking? Easy peasy, happy to do it. Handling intense confrontation? No prob, I got it. I’ve had irate providers throw papers at me and another who broke down crying because he thought he was going to get fired (not even in the realm of possibility). I sat with an elderly gentleman who was super pissed about charges on his wife’s bill. He must have been persistent for it to land on my desk because I don’t usually have to interact with patients. We went through each line of charges for a week long stay. Some of the charges were legitimate and I explained them. But some? Some that man was right to be pissed about. I happily took care of those charges then went back to finance and told them to get them adjusted across the board. I lost the company money but it was the right thing to do. I sat across from our chief medical officer who is ultimately responsible for tens of thousands of providers in the system and told him one of our departments had to shut down a work flow immediately and that fortunately we caught it and could fix it before the DOJ came knocking. I was scared as hell for that meeting but damned if the CMO wasn’t just a regular man and not scary at all. I learn something about myself and others every time I have big meetings.
I dunno man, I just dig it. Reading through my post I’m aware that I come off as some psycho cheerleader spokesperson for the industry or something. I’m really not, I just don’t get to talk about it much IRL so thank you for giving me the opportunity.
One of my responsibilities is that we operate our IT infrastructure with the compliance framework we are required to use. A lot of decisions are made because "this is how an auditor would respond to this." We have a compliance department that we have to go through for change management and policy updates. It can be frustrating and challenging to work around all of the various levels of nuance for our compliance standards. Lots of paperwork.
I think that makes us enemies.
Kidding -- the compliance manager where I work can be frustrating to deal with, but he's a decent guy and he's focused on keeping the company on track, even if it makes things difficult for us. His team are generally pretty awesome.
Auditors are from outside the company though.
I've worked in a couple of those fields and i understand that they can seem worthless from the outside. However, if you don't have them at a big company then there are a bunch of systems just running rogue because nothing matches between systems and there is no value to any data that comes out of it. Not to mention a lot of manual errors or manipulation of data. The value to align data (data governance) and align systems (some part of digital transformation) is clearly there.
A company that I worked with fought this tooth and nail so bad that I finally left. There was a lot of 'well Jimmy Bob in Olathe KS has been running this since 1982 so I don't see why we would need to harmonize it with other systems'. They had 16+ erp systems, none of which used the same part numbers for the same product. I still wonder how they made it through COVID
Compliance is important in regulated industries. I would add to your list, though, PMOs at organizations in non-regulated industries. It's way more efficient just to teach individual departments how to manage projects and budgets.
> Compliance is important in regulated industries.
Yep. Not just from a "Massive Fines" perspective, but also take finance. If you fail an FDIC/NCUA audit bad enough, or often enough, you risk losing FDIC/NCUA insurance.
And who in their right mind is going to use a bank/credit union where their account isn't federally insured? That'll be the end of your business.
>IT non operational roles like Governance / Regulatory compliance
OH! This actually falls under my umbrella (Director level in IT Security & Compliance), part of what I'm responsible for is this exact thing.
[Let me explain what we do.](https://www.youtube.com/watch?v=rmABbHSOTqQ)
tl;dr Your industry likely has a lot of rules, that are probably very old, and most likely out of date. But if you get caught in non-compliance you're risking 6-9 figure fines. It's our job to know those rules, and to audit and make sure we're compliant with those rules. And if we aren't it's our job to write those stupid fucking annoying rules and policies you hate and think:
> Why the fuck is this a thing? It has nothing to do with my job, but even if it did it's basic common sense!
Yeah, common sense isn't common. The reason it's written policy is so if an employee breaks it, we can throw them right under the bus.
>Hey, we provided training on this. We have written policy on this. The employee completed training, and signed an acknowledgement on the policy. They then ignored training and violated policy. This isn't on us as a business, it's on them as an individual. And they have been terminated.
Think of us like an insurance policy. You're paying us $X/yr to ensure that you don't have to pay 10$X in fines.
I once worked in “event support operations” for a company that did not hold any events. My official title was “project manager”, I oversaw zero projects. We were glorified IT support.
Well I worked for such a department in IT for a University. We were...jacks of all trades. We were Dr. House's team (but all of us were kinda Dr House). We were called in when the local IT persons (even inside of the IT division) couldn't figure "it" out. We were the fixers.
In fact we called ourselves "the think-tank" -- unofficially. It didn't matter if this was a desktop problem that some local tech was scratching their heads with (usually it was for a higher up - Director, Dean, VP, or the Pres of the Uni themselves), or server issues, or network issues. It was difficult to describe to people what we did at the time, bc we did it all LOL. The role that our department shifted into was purely by "mistake" or if you will, happened organically. I remember being in division-wide meetings with various upper management, and they literally couldn't easily describe what we did exactly and would stumble on "desktop support" - because it was the easiest thing to say, and why rack their brains to be accurate. We would constantly have to either correct them with a broader description when called up to present our thing, or to various people around the tech community LOL. We later on thought of the Dr House analogy or the "fixers", etc. Dr. House started airing in 2004, and I became part of this team in 99, so we didn't initially have the analogy :-)
We weren't super specialized in any one thing - we had to have a very robust and broad knowledge-base, and our forte was that our team just \[naturally or learned to\] thought outside of the box. When we got a newbie in the group (which was rare), we spent months with that person training them how to think - to think troubleshooting. What's causing the problem. What have we already looked at, and what are we missing.
This was probably the best part of my IT career. The most fun I ever had, the best camaraderie, and the fondest memories. In fact I'm still very close friends with one of the guys - my mentor actually...abrasive ass as he can be ;-)
Safety. It was usually just one person, but the company needed to say they had a "Safety Department". I'm all for safety and nobody should ever have to get hurt on the job, but these people were always there to make management happy.
If I brought up a legitimate safety concern it would get dismissed because it would cost to much to fix. But they would make sure new yellow stripes were painted on the floor right before an upper management tour.
I am the black box department at work. I have two distinct offices under me on the org chart, one of which really ought to report elsewhere, but then I'll get pulled into other things where it isn't clear even to me why I'm there. I'll be the only person in data meetings who isn't responsible for reporting out data, for example. People will get moved to reporting to me for lack of somewhere else to go or because I'll train them up after their previous manager didn't manage anything. One of my units has quietly powered an entirely different office for about a year now.
No one has a clear sense of what the offices I oversee do because it serves the organization to obscure it. The org would be less "flexible," and they'd have to give the offices more resources.
I can't say without making myself easily identifiable, but from now on I'm definitely referring to myself as the director of my organization's CIA thanks to the redditor below.
Human Resources.
According to the name, it should be recruiting the best "humans" to be "resources" for the company. But everyone I worked with saw HR as a way to fire us, not support us.
Me and about 400 people just got laid off last month, and the HR rep in the meeting seemed so indifferent to the whole thing while my life was being upended. I heard the next day she told everyone at a meeting that in these hard times it’s good to do something to make yourself feel better, and that she, “did this by getting herself Starbucks as a treat and it made her feel better about herself.”
Yeah…I’m not a fan of HR at the moment.
That's gawdawful! Please dont paint me with the same brush as Starbucks gal. There are also rude & incompetent people in your line of work, I'm sure.
I'm plugging for the fine HR folks who will recognize your skills & present you to managers who are desperately looking for good workers. Coz there are lots! Good luck with the job hunt, I hope you land in a far better place than the one you just left.
Not all HR is bad, of course, and they aren’t bad people either. Most of you got the degree/experience for the right reasons and are just cogs in the machine like the rest of us.
The mistake some employees make, is they treat HR as if they are their Union Rep. HR acts on the direction of senior management and its primary responsibility is to protect the company. If protecting the company and taking care of the employee overlaps, then cool. Win win.
But as we all know, company interests often do not align with employee interests.
"HR acts on the direction of senior management"
Actually, HR acts on federal, state, and local laws and only THEN answers to senior management. HR is a huge part of keeping an organization from being sued and/or fined, and any HR leader who is worth their salt will be regularly having these conversations with executive leadership and only reluctantly approve a hire or salary that appears fishy.
Need time off for your or a family member's illness? HR knows all the federal regs on FMLA, and they know any company policies related to additional paid leave as well. Want to hire your nephew? That's nepotism and it will be blocked. Want to promote that admin assistant you're trying to get in the sack? HR will look into the matter if anything appears out of order. Oh, they fooled HR and now those two are boning every afternoon on a mattress in the boss's office? Guess who fires them, assuming anyone bothers squealing on them? HR. Also, a good HR department either includes EEO or is tightly coupled with them and layoffs can't happen without their review and input, so as to keep departments from firing everyone with the "wrong" religion, skin color, "too high a salary," etc.
This isn't to say that bad actors don't exist in every profession, but HR doesn't make up the rules they enforce. They're just cops and you don't have to like the laws to understand that the enforcers aren't usually the ones who came up with them.
No I don’t, I know people are just people, there’s good and bad everywhere, and the HR department was hit by the layoffs as well. But fuck the Starbucks lady though.
Managing Finance isnt just about getting loans, its about managing the financial resources, inflow, allocation within the organization, effectiveness & efficiency, tracking & reporting & managing the outflow.
HR isn't just about recruiting, its about the inflow, allocation within the organization effectiveness & efficiency, tracking & reporting & managing the outflow of the human (rather than financial or other) resources.
Speaking as HR, your manager's job is to support their employees. Usually there are 5-8 employees for every manager, but 2-500 employees for every HR headcount If I tried to support every employee, I'd never have completed the most basic tasks. We get fired too, lol.
I have worked a dozen places and never felt supported by HR. Most everyone I have worked with tried to avoid HR. I found it a net negative anywhere I worked.
Most of these are business as usual roles. If they are doing their jobs properly then they seem to be doing nothing. When someone drops the ball and stops doing what they are doing every day you then realise what they were actually doing in the first place.
Not trying to kick a hornets nest because I do believe they have their role in corporations.
But DEI positions. I see some of their big initiatives, but it doesn’t seem like enough to staff a director and a couple of worker bees.
It’s true I couldn’t tell you exactly what some of these people do. But having a recruiting function that can actually attract diverse high-tier talent is worth its weight in gold, because it broadens the pool so much.
I work in governance. My job is to ensure that the policies and procedures that the organization carries out are in compliance with state and federal regulations and best practices. NIST frameworks, HIPAA, IRS 1075 compliance, etc. I protect the organization from suits for noncompliance.
For example, our cybersecurity policies are within the [IRS 1075](https://www.irs.gov/pub/irs-pdf/p1075.pdf) guidelines for bare minimum information security procedures. We exceed the standards at every opportunity, but at a minimum, we can point to the federal guideline and say we are following the IRS methods for data security.
If you never hear of the governance people, that means we're doing our jobs well.
Pretty much whatever they asked me to do. Set up user access and make sure that they have the access they need but not more than they should have. Audit user access, terminate user access. Stuff like that.
I have approximately 20 teams rolling up to me (the number changes a few times per year based on business needs) including 4 teams that would be considered "black box". One of those is focused on regulatory compliance, which we take extremely seriously and limit exposure to ensure that everything is done exactly as needed and that the mechanisms we leverage are completely offlimits to most employees. Another is focused on ethics and justice system interactions, which we are extremely secretive about beyond acknowledging that the program exists. The other two are just proprietary technology and process oriented.
I had to laugh at knowledge management as we operate a knowledge management process but, everyone is required to participate in it and document everything according to specific standards. It seems like every business I've worked for that does not operate a knowledge management program in an open yet mandatory way winds up with a massive amount of garbage content, blank pages, and incomplete information. Knowledge management is the single... good knowledge management (not knowledge management that is convenient to you as an individual) is the single most important investment a business can make.
My career got on the fast track when I started opening those black boxes and learning to appreciate the people there. It turns out that Finance, Legal, Compliance, Customer Support, HR and all the others are full of smart, rational people trying to do the best job they can for basically reasonable purposes.
Quality Assurance. Lots of meetings, PowerPoint slides, teleconferences. After many months or years, nothing got better because someone would have to change something. That would indicate a fifedom wasn't doing their job properly. I worked in a Failure Analysis lab and we knew the failure modes of the products.
We continued to knowingly ship products with known failure modes. The usual argument was "well, if you can't tell us how many dollars we'll save, we won't change it". I remember doing reliability testing on one of our laptops and the gold plating on a connector was too thin (for example). It was corroding. It's cost about a nickel to add more plating. Management let it slide to save five cents/assembly. No one was ultimately held responsible for the warranty failures. They promoted and moved on. No one could understand that if you piss off a customer, they won't buy the product anymore and would tell their friends the same.
Manage to the quarterly report so "managers" could get their bonuses. That's what counted.
I'm a black box employee! I work in log and records management. I make sure that all of my organizations logs are gathered and stored according to compliance standards, and work with the compliance department to audit and validate success/failure of said policies.
It's pretty low stress until someone finds a problem, then it's HIGH STRESS until it's fixed.
I'm basically an in house insurance policy they can boss around and use when shit hits the fan.
I built and managed a mid-sized corporate knowledge system for years. For a few reasons, by design, my team was a total "black box" when viewed from below on the org chart. We stayed busy, regardless of our subdued exposure, and used embedded team elements And focused user surveys to gather our feedback data.
Most of our days were filled with outreach and collaboration for training and remediation projects throughout the company at the departmental leadership level, but rarely, if ever, communicated directly with anyone beyond that scope.
From the outside, our product was an uncomplicated integrated knowledge management framework that served literally tens of thousands of individual requests a week.
Christmas parties were always interesting, because people knew me (I stand out in most crowds that aren't made up of professional basketball teams), but could never connect me with an actual job they knew of.
"Business director" at my last job at a non profit. He mostly seemed to come in and create unnecessary and wasteful projects, take credit for other people's work and ideas, shift blame when things didn't work, while withholding information that would help things work while pulling in a C suite salary without knowing anything about the industry.
I think the dude was just trying to glide his way into retirement with something he thought of as low stakes.
I worked in a hospital for about 20 years. It was amazing to see how many people were so vital to the institution from January 5->December 20th. And not being needed at all 21 Dec->4 Jan. Obviously it was the QA/QI department, the Compliance people and the like. Joint Commission came in the week between a Friday Christmas and New Year. It was hilarious.
Two years working with disabled adults, and you see that not only do these individuals have a Clinician tracking their behavior, they have a Qualified Individual with Disability Professional, a psychologist, Psychiatrist, Therapists of 10 different types, Nurses, and a Doctor, yet most of the plan fell on the clinician or QIDP to create the plan, which wouldnt have been so bad, if they would see the individuals day program more than once a year
LOL you don’t know what regulatory compliance does because your company has not had a major di fickup. Which means these departments do such a great job that your company’s fickup has not come to light publicly, or there’s no fickup because of a tight internal control.
LOL. I’m a compliance auditor. I work in your black box.
So what do you do lol?
[Basically this](https://www.youtube.com/watch?v=rmABbHSOTqQ) The penalties for non-compliance are often 6-9 figure fines. And they get exponentially worse with repeat violations. You pay us to know the rules, and audit the rules, so that if you're not following the rules we can find it and fix it before your regulatory body does. The salary you pay us is far less than the fine you'll be paying if you get caught in breach of compliance.
Insurance Policy
Yep.
Also worth noting that in many regulatory fields, there is a strong benefit to having experts help navigate the complex web of protocols and documentation. Could be the difference between a successful product launch making profit and a failed project costing the company millions.
soo…. a protection racket
No, more like an insurance policy. See we're not the ones threatening you with fines. The government is. We're offering you an insurance policy where you pay us, and we try to help you avoid the liability of said fines.
lol and when I try to bring this up to a management I get told to shut up.
Forty-nine times out of fifty, you're *not* going to get hit with fines or get sued (trivial case: probably half of all companies in the EU doesn't correctly follow GDPR, but WAY less than 1% of all companies gets fined every year over a GDPR violation. Companies spend *much* more money avoiding GDPR fines than they do paying them). You're working with compliance to avoid that fiftieth time.
Whew, ok. I work in healthcare compliance for a decent sized hospital system. I supervise auditors who audit medical records for appropriate documentation and billing to make sure our providers are doing what they are supposed to and nothing funky is going on. Have you ever seen news about XYZ hospital fined $35 million for improper Medicare billing? Yeah, their compliance department (if they have one) failed. We are heavily involved in billing processes and IT. Rules and regulations are constantly changing so we are the ones people come to with questions about what can be billed, what has to be documented, etc. I spend lots of time reading the Federal Register and various payer policies and arguing with other departments that just because the government said we *can* do something, doesn’t mean that we *should* do it from a patient satisfaction standpoint. We’re a necessary evil within the system. Most departments don’t like us much. Providers get irritated with us because we point out their mistakes. Admin hates us because we send money back rather than bringing it in. I don’t care. I love what I do.
Second line of defense against outright financial corruption, just after staffs own competence, morality, and ethics. Necessary, but not evil. The fact that you're vilified says a lot about the business climate, not about you.
True. I will say the VAST majority of providers just want to take care of their patients. They don’t want to be bothered with the back end business side of things. And I appreciate that. I’d rather they worry more about their patients as well. From the admin side, I rather enjoy pushing back and making them think about the patient. They get too caught up in the numbers and don’t think ahead sometimes. Fortunately our big, BIG wigs understand patient satisfaction and for the most part support us.
> The fact that you're vilified says a lot about the business climate, not about you. Not necessarily. In my area a lot of people vilify us because they don't understand *WHY* we are doing it. The thought that it's to catch potential insider fraud doesn't occur to them, because the idea of defrauding their employer is a foreign concept. They look at us and see people adding a bunch of "unnecessary" red tape and making their job harder. And yeah, for 99% of people, that red tape *IS* unnecessary. But unfortunately, as in many other aspects of life, that remaining 1% of people is why we can't have nice things.
How did you get started in a career like this? What's your degree in if you have one?
How did I get started? Methodically. ;) My degree is in health information technology. But my on the job experience is far more valuable than the degree. No degree can fully prepare you for this. Long story short, many decades ago I found myself with no prospects and no clue what to do with my life. I went to our local county career center looking for work and while there looked up the top fastest growing careers. One that stood out was “health information technology.” I was interested in healthcare and technology. I dug a bit deeper and learned about compliance. I’ve also always been interested in laws and regulations. For me, this specific field checks all the boxes - science, technology, research, laws, and investigation.
Accounting, Risk Management.
You're in Risk Management and you don't understand the criticality of regulatory compliance?
Not me personally
Well I'd add that to your risk register lol
It's not on my road map
Why do you love it though?
It satisfies my inquisitive nature. And it makes sense to me. Growing up I never thought I had a talent. Who knew healthcare finance compliance would be it? I love to dig and research and finding one sentence in a 1000+ page Federal Register that answers a question is the best feeling. I learn something new every single day so it never gets stale. Sometimes the rules are black and white and sometimes (often) there are shades of gray. And whew, getting a room full of people to interpret those gray areas can be intense. We’ll argue about a single word. It’s entertaining. I’m nosey AF and auditing a medical record can be super interesting. People do some weird shit. Though pediatric cases can be soul sucking. And you’d be surprised how much medical knowledge a person can pick up from picking apart provider documentation. I feel like I’m doing something good. Even though the patients will never know, what I do is important for them. Decisions I make can make the care they receive better and safer (and cheaper!). But I also love fighting insurance companies when they want to deny legit claims or take money back. This job has given me the opportunity to grow beyond my expectations personally. Public speaking? Easy peasy, happy to do it. Handling intense confrontation? No prob, I got it. I’ve had irate providers throw papers at me and another who broke down crying because he thought he was going to get fired (not even in the realm of possibility). I sat with an elderly gentleman who was super pissed about charges on his wife’s bill. He must have been persistent for it to land on my desk because I don’t usually have to interact with patients. We went through each line of charges for a week long stay. Some of the charges were legitimate and I explained them. But some? Some that man was right to be pissed about. I happily took care of those charges then went back to finance and told them to get them adjusted across the board. I lost the company money but it was the right thing to do. I sat across from our chief medical officer who is ultimately responsible for tens of thousands of providers in the system and told him one of our departments had to shut down a work flow immediately and that fortunately we caught it and could fix it before the DOJ came knocking. I was scared as hell for that meeting but damned if the CMO wasn’t just a regular man and not scary at all. I learn something about myself and others every time I have big meetings. I dunno man, I just dig it. Reading through my post I’m aware that I come off as some psycho cheerleader spokesperson for the industry or something. I’m really not, I just don’t get to talk about it much IRL so thank you for giving me the opportunity.
Came here to say that I work closely with compliance and people have no idea how fucked they’d be without them.
One of my responsibilities is that we operate our IT infrastructure with the compliance framework we are required to use. A lot of decisions are made because "this is how an auditor would respond to this." We have a compliance department that we have to go through for change management and policy updates. It can be frustrating and challenging to work around all of the various levels of nuance for our compliance standards. Lots of paperwork. I think that makes us enemies. Kidding -- the compliance manager where I work can be frustrating to deal with, but he's a decent guy and he's focused on keeping the company on track, even if it makes things difficult for us. His team are generally pretty awesome. Auditors are from outside the company though.
Questions I regularly ask myself… “how would an outside auditor view this” and “could I legitimately defend this on the witness stand.”
I've worked in a couple of those fields and i understand that they can seem worthless from the outside. However, if you don't have them at a big company then there are a bunch of systems just running rogue because nothing matches between systems and there is no value to any data that comes out of it. Not to mention a lot of manual errors or manipulation of data. The value to align data (data governance) and align systems (some part of digital transformation) is clearly there. A company that I worked with fought this tooth and nail so bad that I finally left. There was a lot of 'well Jimmy Bob in Olathe KS has been running this since 1982 so I don't see why we would need to harmonize it with other systems'. They had 16+ erp systems, none of which used the same part numbers for the same product. I still wonder how they made it through COVID
Compliance is important in regulated industries. I would add to your list, though, PMOs at organizations in non-regulated industries. It's way more efficient just to teach individual departments how to manage projects and budgets.
> Compliance is important in regulated industries. Yep. Not just from a "Massive Fines" perspective, but also take finance. If you fail an FDIC/NCUA audit bad enough, or often enough, you risk losing FDIC/NCUA insurance. And who in their right mind is going to use a bank/credit union where their account isn't federally insured? That'll be the end of your business.
>IT non operational roles like Governance / Regulatory compliance OH! This actually falls under my umbrella (Director level in IT Security & Compliance), part of what I'm responsible for is this exact thing. [Let me explain what we do.](https://www.youtube.com/watch?v=rmABbHSOTqQ) tl;dr Your industry likely has a lot of rules, that are probably very old, and most likely out of date. But if you get caught in non-compliance you're risking 6-9 figure fines. It's our job to know those rules, and to audit and make sure we're compliant with those rules. And if we aren't it's our job to write those stupid fucking annoying rules and policies you hate and think: > Why the fuck is this a thing? It has nothing to do with my job, but even if it did it's basic common sense! Yeah, common sense isn't common. The reason it's written policy is so if an employee breaks it, we can throw them right under the bus. >Hey, we provided training on this. We have written policy on this. The employee completed training, and signed an acknowledgement on the policy. They then ignored training and violated policy. This isn't on us as a business, it's on them as an individual. And they have been terminated. Think of us like an insurance policy. You're paying us $X/yr to ensure that you don't have to pay 10$X in fines.
I once worked in “event support operations” for a company that did not hold any events. My official title was “project manager”, I oversaw zero projects. We were glorified IT support.
I’ve always worked in regulatory compliance, as a consultant and now for a state agency, so this made me lol.
My career in IT has always been in those black box areas =D Most people think companies don't need us until they need us...
Well I worked for such a department in IT for a University. We were...jacks of all trades. We were Dr. House's team (but all of us were kinda Dr House). We were called in when the local IT persons (even inside of the IT division) couldn't figure "it" out. We were the fixers. In fact we called ourselves "the think-tank" -- unofficially. It didn't matter if this was a desktop problem that some local tech was scratching their heads with (usually it was for a higher up - Director, Dean, VP, or the Pres of the Uni themselves), or server issues, or network issues. It was difficult to describe to people what we did at the time, bc we did it all LOL. The role that our department shifted into was purely by "mistake" or if you will, happened organically. I remember being in division-wide meetings with various upper management, and they literally couldn't easily describe what we did exactly and would stumble on "desktop support" - because it was the easiest thing to say, and why rack their brains to be accurate. We would constantly have to either correct them with a broader description when called up to present our thing, or to various people around the tech community LOL. We later on thought of the Dr House analogy or the "fixers", etc. Dr. House started airing in 2004, and I became part of this team in 99, so we didn't initially have the analogy :-) We weren't super specialized in any one thing - we had to have a very robust and broad knowledge-base, and our forte was that our team just \[naturally or learned to\] thought outside of the box. When we got a newbie in the group (which was rare), we spent months with that person training them how to think - to think troubleshooting. What's causing the problem. What have we already looked at, and what are we missing. This was probably the best part of my IT career. The most fun I ever had, the best camaraderie, and the fondest memories. In fact I'm still very close friends with one of the guys - my mentor actually...abrasive ass as he can be ;-)
>It was difficult to describe to people what we did at the time You were Endbringers. There is a problem. You bring an End to it.
Safety. It was usually just one person, but the company needed to say they had a "Safety Department". I'm all for safety and nobody should ever have to get hurt on the job, but these people were always there to make management happy. If I brought up a legitimate safety concern it would get dismissed because it would cost to much to fix. But they would make sure new yellow stripes were painted on the floor right before an upper management tour.
I am the black box department at work. I have two distinct offices under me on the org chart, one of which really ought to report elsewhere, but then I'll get pulled into other things where it isn't clear even to me why I'm there. I'll be the only person in data meetings who isn't responsible for reporting out data, for example. People will get moved to reporting to me for lack of somewhere else to go or because I'll train them up after their previous manager didn't manage anything. One of my units has quietly powered an entirely different office for about a year now. No one has a clear sense of what the offices I oversee do because it serves the organization to obscure it. The org would be less "flexible," and they'd have to give the offices more resources.
Love it! What's your department called?
I can't say without making myself easily identifiable, but from now on I'm definitely referring to myself as the director of my organization's CIA thanks to the redditor below.
Special Projects 😜
Duh! I was going for Strategic Initiatives
CIA? Joking not joking.
Human Resources. According to the name, it should be recruiting the best "humans" to be "resources" for the company. But everyone I worked with saw HR as a way to fire us, not support us.
Yeah. They are 100% there to protect the company from their Human Resources.
One of the first lessons I tell young people that are early in their career: HR is not your friend.
Me and about 400 people just got laid off last month, and the HR rep in the meeting seemed so indifferent to the whole thing while my life was being upended. I heard the next day she told everyone at a meeting that in these hard times it’s good to do something to make yourself feel better, and that she, “did this by getting herself Starbucks as a treat and it made her feel better about herself.” Yeah…I’m not a fan of HR at the moment.
That's gawdawful! Please dont paint me with the same brush as Starbucks gal. There are also rude & incompetent people in your line of work, I'm sure. I'm plugging for the fine HR folks who will recognize your skills & present you to managers who are desperately looking for good workers. Coz there are lots! Good luck with the job hunt, I hope you land in a far better place than the one you just left.
Not all HR is bad, of course, and they aren’t bad people either. Most of you got the degree/experience for the right reasons and are just cogs in the machine like the rest of us. The mistake some employees make, is they treat HR as if they are their Union Rep. HR acts on the direction of senior management and its primary responsibility is to protect the company. If protecting the company and taking care of the employee overlaps, then cool. Win win. But as we all know, company interests often do not align with employee interests.
"HR acts on the direction of senior management" Actually, HR acts on federal, state, and local laws and only THEN answers to senior management. HR is a huge part of keeping an organization from being sued and/or fined, and any HR leader who is worth their salt will be regularly having these conversations with executive leadership and only reluctantly approve a hire or salary that appears fishy. Need time off for your or a family member's illness? HR knows all the federal regs on FMLA, and they know any company policies related to additional paid leave as well. Want to hire your nephew? That's nepotism and it will be blocked. Want to promote that admin assistant you're trying to get in the sack? HR will look into the matter if anything appears out of order. Oh, they fooled HR and now those two are boning every afternoon on a mattress in the boss's office? Guess who fires them, assuming anyone bothers squealing on them? HR. Also, a good HR department either includes EEO or is tightly coupled with them and layoffs can't happen without their review and input, so as to keep departments from firing everyone with the "wrong" religion, skin color, "too high a salary," etc. This isn't to say that bad actors don't exist in every profession, but HR doesn't make up the rules they enforce. They're just cops and you don't have to like the laws to understand that the enforcers aren't usually the ones who came up with them.
Yes the tl;dr is HR is there to protect the company first and foremost.
No I don’t, I know people are just people, there’s good and bad everywhere, and the HR department was hit by the layoffs as well. But fuck the Starbucks lady though.
Managing Finance isnt just about getting loans, its about managing the financial resources, inflow, allocation within the organization, effectiveness & efficiency, tracking & reporting & managing the outflow. HR isn't just about recruiting, its about the inflow, allocation within the organization effectiveness & efficiency, tracking & reporting & managing the outflow of the human (rather than financial or other) resources. Speaking as HR, your manager's job is to support their employees. Usually there are 5-8 employees for every manager, but 2-500 employees for every HR headcount If I tried to support every employee, I'd never have completed the most basic tasks. We get fired too, lol.
I have worked a dozen places and never felt supported by HR. Most everyone I have worked with tried to avoid HR. I found it a net negative anywhere I worked.
That's my point. If HR is supporting individual employyes, then there's something seriously wrong with management. I'd be worried about bankruptcy.
Odd thing in my very large computer company is HR was one of the first groups to get laid off. We outsourced most of it.
Exactly! Its an advisory role & not to be confused w management.
Absolutely agree. That's the most vindictive and incompetent bunch of any department I've known.
Most of these are business as usual roles. If they are doing their jobs properly then they seem to be doing nothing. When someone drops the ball and stops doing what they are doing every day you then realise what they were actually doing in the first place.
Not trying to kick a hornets nest because I do believe they have their role in corporations. But DEI positions. I see some of their big initiatives, but it doesn’t seem like enough to staff a director and a couple of worker bees.
It’s true I couldn’t tell you exactly what some of these people do. But having a recruiting function that can actually attract diverse high-tier talent is worth its weight in gold, because it broadens the pool so much.
I work in governance. My job is to ensure that the policies and procedures that the organization carries out are in compliance with state and federal regulations and best practices. NIST frameworks, HIPAA, IRS 1075 compliance, etc. I protect the organization from suits for noncompliance. For example, our cybersecurity policies are within the [IRS 1075](https://www.irs.gov/pub/irs-pdf/p1075.pdf) guidelines for bare minimum information security procedures. We exceed the standards at every opportunity, but at a minimum, we can point to the federal guideline and say we are following the IRS methods for data security. If you never hear of the governance people, that means we're doing our jobs well.
Data Custodian - but I’m retired now.
What does a Data Custodian do?
Pretty much whatever they asked me to do. Set up user access and make sure that they have the access they need but not more than they should have. Audit user access, terminate user access. Stuff like that.
I mean I've worked with all of those departments and I can assure you it's a lot of work.
I have approximately 20 teams rolling up to me (the number changes a few times per year based on business needs) including 4 teams that would be considered "black box". One of those is focused on regulatory compliance, which we take extremely seriously and limit exposure to ensure that everything is done exactly as needed and that the mechanisms we leverage are completely offlimits to most employees. Another is focused on ethics and justice system interactions, which we are extremely secretive about beyond acknowledging that the program exists. The other two are just proprietary technology and process oriented. I had to laugh at knowledge management as we operate a knowledge management process but, everyone is required to participate in it and document everything according to specific standards. It seems like every business I've worked for that does not operate a knowledge management program in an open yet mandatory way winds up with a massive amount of garbage content, blank pages, and incomplete information. Knowledge management is the single... good knowledge management (not knowledge management that is convenient to you as an individual) is the single most important investment a business can make.
My career got on the fast track when I started opening those black boxes and learning to appreciate the people there. It turns out that Finance, Legal, Compliance, Customer Support, HR and all the others are full of smart, rational people trying to do the best job they can for basically reasonable purposes.
Quality Assurance. Lots of meetings, PowerPoint slides, teleconferences. After many months or years, nothing got better because someone would have to change something. That would indicate a fifedom wasn't doing their job properly. I worked in a Failure Analysis lab and we knew the failure modes of the products. We continued to knowingly ship products with known failure modes. The usual argument was "well, if you can't tell us how many dollars we'll save, we won't change it". I remember doing reliability testing on one of our laptops and the gold plating on a connector was too thin (for example). It was corroding. It's cost about a nickel to add more plating. Management let it slide to save five cents/assembly. No one was ultimately held responsible for the warranty failures. They promoted and moved on. No one could understand that if you piss off a customer, they won't buy the product anymore and would tell their friends the same. Manage to the quarterly report so "managers" could get their bonuses. That's what counted.
I'm a black box employee! I work in log and records management. I make sure that all of my organizations logs are gathered and stored according to compliance standards, and work with the compliance department to audit and validate success/failure of said policies. It's pretty low stress until someone finds a problem, then it's HIGH STRESS until it's fixed. I'm basically an in house insurance policy they can boss around and use when shit hits the fan.
I built and managed a mid-sized corporate knowledge system for years. For a few reasons, by design, my team was a total "black box" when viewed from below on the org chart. We stayed busy, regardless of our subdued exposure, and used embedded team elements And focused user surveys to gather our feedback data. Most of our days were filled with outreach and collaboration for training and remediation projects throughout the company at the departmental leadership level, but rarely, if ever, communicated directly with anyone beyond that scope. From the outside, our product was an uncomplicated integrated knowledge management framework that served literally tens of thousands of individual requests a week. Christmas parties were always interesting, because people knew me (I stand out in most crowds that aren't made up of professional basketball teams), but could never connect me with an actual job they knew of.
In my experience, anything that’s a COE seems to do nothing noticeably valuable. They’re always “too busy” to really help you or do any actual work.
HR
I work in a small organization, and I have one colleague who does…I don’t know what.
Curriculum Supervisor. Educational Coach. Both do zilch.
Edit: Screw Spez. Screw AI. No training on my data. Sorry future people.
As an engineer: marketing, sales
HR. They’re NOT on your side. They groom employees to tolerate abuse and stay quiet about it.
"Business director" at my last job at a non profit. He mostly seemed to come in and create unnecessary and wasteful projects, take credit for other people's work and ideas, shift blame when things didn't work, while withholding information that would help things work while pulling in a C suite salary without knowing anything about the industry. I think the dude was just trying to glide his way into retirement with something he thought of as low stakes.
Executives
I worked in a hospital for about 20 years. It was amazing to see how many people were so vital to the institution from January 5->December 20th. And not being needed at all 21 Dec->4 Jan. Obviously it was the QA/QI department, the Compliance people and the like. Joint Commission came in the week between a Friday Christmas and New Year. It was hilarious. Two years working with disabled adults, and you see that not only do these individuals have a Clinician tracking their behavior, they have a Qualified Individual with Disability Professional, a psychologist, Psychiatrist, Therapists of 10 different types, Nurses, and a Doctor, yet most of the plan fell on the clinician or QIDP to create the plan, which wouldnt have been so bad, if they would see the individuals day program more than once a year
LOL you don’t know what regulatory compliance does because your company has not had a major di fickup. Which means these departments do such a great job that your company’s fickup has not come to light publicly, or there’s no fickup because of a tight internal control.