The notion of conceptual integrity is a lost concept in most minds of enterprise architecture where consensus rules the day. We so often compromise on core principles and then wonder why things go awry down the road.
Can the enterprise be truly competitive if decisions are made on facts and logic where perception management is more important? Lately I have been brainstorming PCI compliance and believe that the best way to comply may be to create a company policy that states all servers in the datacenter will be immediately turned off upon the arrival of auditors.
I bet you didn't know that PCI/DSS requires code review as part of its process but doesn't require its auditors to even know how to code? Even if this requirement were put there, PCI only spends an entire fifteen minutes teaching its auditors how to look for worst practices.
This reminds me that I need to bullshit a few process weenies I know and convince them I did a proper code review. Maybe I can ask my seven and four year old sons to bless my code just before heading out the door to Chuck E. Cheeses. I bet they will be real thorough...
