Exactly this. The procedures are put in place to prevent abuse of the system by the individual. The problem is that they rarely have the intended effect. First, frequently the policies are put in place to prevent an abuse which performed by an individual at some point. As time goes on, not only do conditions in the world / org change but the people who were part of the org when the abuse happened leave. This creates a situation where people can't remember why a rule exists, but follow it blindly just because it exists, even if in current circumstances it hampers the organization.
Second, inevitably there will be a series of edge cases which any rule is poorly suited to address. These edge cases require a thoughtful application of regulatory authority, which itself requires a thorough understanding of the current context and the purpose of the rule. This thoughtfulness requires intelligence or deep domain expertise, which is often not found in the regulators because if they had these things then they wouldn't be in boring regulatory jobs like HR to begin with. Evaluation of edge cases also requires work, and it's far easier for someone to simply say no than it is to actually investigate the request.
Third, everyone knows that some employees are more valuable to the organization than others and should be allowed to bend or break simple rules as long as permission is sought. However, this will inevitably invite a bullshit lawsuit and so companies have a huge incentive to codify policies and be rigid about them.
> As time goes on, not only do conditions in the world / org change but the people who were part of the org when the abuse happened leave. This creates a situation where people can't remember why a rule exists, but follow it blindly just because it exists, even if in current circumstances it hampers the organization.
Not only that, organizations measure different things differently even from the start. If someone is socializing at work and this wastes 15% of their time, but a procedure to prevent them from socializing at work wastes 40% of their time, everyone is actually better off to just allow employees to socialize (or what have you). But "employees slacking off" is an unsanctioned thing to be reduced whereas "employees following procedure" is an officially sanctioned thing to be increased, so the fact that the procedure is more costly than the "abuse" never enters the decision process.
Second, inevitably there will be a series of edge cases which any rule is poorly suited to address. These edge cases require a thoughtful application of regulatory authority, which itself requires a thorough understanding of the current context and the purpose of the rule. This thoughtfulness requires intelligence or deep domain expertise, which is often not found in the regulators because if they had these things then they wouldn't be in boring regulatory jobs like HR to begin with. Evaluation of edge cases also requires work, and it's far easier for someone to simply say no than it is to actually investigate the request.
Third, everyone knows that some employees are more valuable to the organization than others and should be allowed to bend or break simple rules as long as permission is sought. However, this will inevitably invite a bullshit lawsuit and so companies have a huge incentive to codify policies and be rigid about them.