Can an organization comply its way to catastrophe? We design processes for absolute predictability and build systems to eliminate risk systematically. Throughout my three decades leading technology and strategic initiatives, first as an officer in the Indian Army and later as a corporate IT executive, I have watched organizations pour millions into crafting flawless standard operating procedures (SOPs). We achieve international certifications, pass external audits with flying colors and display pristine compliance dashboards to our boards. Yet the corporate landscape remains littered with organizations that suffered catastrophic implosions despite possessing these gold standard manuals.
Asking the wrong question
When a major operational, financial or cultural failure occurs, senior executives almost instinctively ask: “Which process failed?” But that is fundamentally the wrong question to ask. In the majority of corporate crises, the process existed exactly as written on paper. The failure happens because the invisible architecture — the unwritten culture, informal power dynamics and behavioral realities of the workplace — has completely decoupled from the formal governance framework. There is a ghost in the governance, and as leaders, it is our responsibility to understand why our best-designed systems fail us when we need them most.
The rise of the parallel operating system…and a confession
In my experience managing complex IT infrastructures and driving digital transformations across interdependent manufacturing environments, I have noticed a recurring corporate phenomenon: the more rigid, complex and over-engineered a formal system becomes, the more it actively invites the birth of shadow processes. When frontline employees are faced with aggressive operational targets but are simultaneously bogged down by bureaucratic, multi-layered compliance checklists, they will inevitably find an unapproved workaround just to get their daily job done. I have done it myself. I have found alternate methods of getting things done without breaking any rules because the formal system did not allow a straight-through processing.
The intentional entropy
Initially, these workarounds are not malicious; they are driven by operational survival and a desire to get things done. If you are a senior leader relying solely on automated green lights on a dashboard, you are flying the corporate ship from a bridge that might not actually be connected to the engine room. This divergence leads directly to what I term intentional entropy. This occurs when the original risk-mitigation purpose of a safety, financial or compliance rule is entirely forgotten by the workforce, leaving behind nothing but the empty mechanics of ticking a box.
The ghost
This creates a dangerous compliance paradox within the firm. An overabundance of formal rules that dilutes individual accountability rather than strengthening it. When a disaster strikes, the immediate defense from middle management is almost always, “But we followed the protocol to the letter.” When a process is designed to eliminate human judgment entirely, it inadvertently eliminates the human responsibility to sound the alarm when something looks profoundly wrong. Over time, the defined process becomes a ghost — it exists prominently in the employee handbook, but it is completely dead on the shop floor.
How deviance becomes the new normal
This structural drift away from the manual is best explained by a sociological concept pioneered by Diane Vaughan in her landmark study on the Challenger disaster, known as the “Normalization of Deviance”. Vaughan demonstrated how an unsafe practice, a minor financial bypass or an operational shortcut is repeated without immediate negative consequences, eventually leading the organization to reclassify a highly dangerous risk as a standard operating norm. Because nothing catastrophic happens on day one, day two or day fifty, leadership lulls itself into believing that past success guarantees future safety.
Lessons from the Army
Why does this normalization of deviance thrive in a corporate skyscraper but wither in a military outpost? In the military — an environment fundamentally defined by rigid protocols — the ghost in the governance rarely takes hold because of an unforgiving, zero-lag feedback loop. In corporate operations, a bypassed process introduces a massive time lag; a hidden financial nuance or a suppressed complaint can simmer for years before a dashboard turns red.
In a tactical context, bypassing an SOP results in immediate, often lethal failure. There is simply no time lag to allow a shortcut to be rationalized into a standard operating norm. Furthermore, military governance enforces a strict standard of command responsibility, where a superior is held legally liable for a culpable dereliction of duty if their subordinates stray, regardless of whether the leader claims ignorance. This prevents local units from ever becoming isolated, untouchable corporate fiefdoms.
The Wells Fargo case
Consider the catastrophic operational and retail banking implosion at Wells Fargo that culminated in 2016. On paper, the bank was a darling of Wall Street, celebrated for its rigid compliance frameworks, comprehensive ethics training manuals and sophisticated risk management committees. Yet beneath this gold-standard exterior, a destructive parallel operating system had completely taken over the retail division.
Driven by intense, unrealistic corporate mandates to cross-sell eight accounts per customer. To survive, thousands of employees began opening millions of unauthorized checking and credit accounts without customer consent. It was a classic manifestation of the normalization of deviance on a massive scale. Because these shadow processes initially drove up short-term retail performance metrics and pleased executive leadership, the fraudulent behavior was quietly tolerated, rationalized and embedded into the daily operational culture.
Whistleblowers who tried to utilize the formal ethics hotlines to report the rampant fraud were systematically terminated or sidelined by local managers. The internal compliance and HR departments became entirely submissive to the high-performing retail sales engine. This created a profound corporate culture blind spot where leadership remained entirely insulated from reality. Luckily, the bank did not collapse into bankruptcy, but the resulting multi-billion-dollar fines, severe regulatory growth caps and catastrophic damage to its brand equity served as a brutal reminder to the entire corporate world.
Dismantling the blind spots in senior leadership
This pattern of systemic blindness is not confined to financial trading floors or engineering environments; it manifests just as destructively within modern corporate operations and human resources. We are seeing this play out right now in the technology sector, specifically during the recent investigations into the TCS Nashik facility that came to light in early 2026.
The genesis of this article lies in that incident.
Here was a multi-billion-dollar enterprise with robust, legally certified Prevention of Sexual Harassment (POSH) protocols, detailed corporate values and sophisticated global ethics hotlines. Yet, according to the National Commission for Women (NCW) fact-finding report released in May 2026, the BPO unit was effectively captured by a small group of operational leaders who created an insulated bubble of intimidation, harassment and religious coercion that persisted unchecked for years.
Understanding the root cause
How does a catastrophic breakdown of internal governance like this happen under the nose of global corporate leadership? It happens when compliance nodes like HR, risk management or internal audit become submissive to localized operational power. The formal systems were pristine, but the psychological safety required to trigger those systems had been entirely dismantled. What happened in the HR space at Nashik is an urgent analytical warning for executives: the exact same systemic collapse can happen in your supply chain, your cybersecurity defences or your financial operations.
The halo trap
As senior executives, we must recognize that our organizations are highly vulnerable to the halo trap — the comforting but dangerous belief that because our brand is prestigious, ethical and highly successful, we are somehow immune to internal rot. When the gap between what is written in our gold-standard manuals and what is actually practiced on the ground becomes too wide, the organization loses its ultimate line of defence: the capacity to self-correct.
Exorcising the ghost
To exorcise the ghost in our governance, corporate leaders must adopt the military’s institutionalized commitment to truth-telling, utilizing raw, hierarchy-free debriefs to expose operational friction. True organizational resilience is achieved only when executives step past the safety of the dashboard, accept absolute command responsibility for their workplace culture and ensure that the structural incentive to speak an uncomfortable truth consistently outweighs the desire to maintain a comfortable illusion.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?