On Fri, Mar 17, 2017 at 9:42 AM, <valdis.kletni...@vt.edu> wrote: > On 17 Mar 2017 15:47:50 +0100, "John R Levine" said: > >> I used to have my own credit card account and my card processor demanded >> PCI compliance. About 1/4 of it was reasonable, 3/4 was cargo cult stuff >> that mostly involved stuff like setting packet filters so they couldn't >> probe ports that weren't going to answer anyway. > > I gave up on thinking that PCI was something other than an extortion racket a > number of years ago, when somebody reported on the major breaches of the year > and noted that 100% of them were in full PCI compliance at the time of the > breach.
This field study - from a real-world state-government-level experiment that changed the incentives for auditing industrial plants in Gujarat - is informative: "Truth-telling by Third-party Auditors and the Response of Polluting Firms: Experimental Evidence from India" http://economics.mit.edu/files/10713 The auditing teams were compensated for *confirmed* findings. Magically, significantly more findings were discovered. Magically, compliance increased. Full abstract: In many regulated markets, private, third-party auditors are chosen and paid by the firms that they audit, potentially creating a conflict of interest. This article reports on a two-year field experiment in the Indian state of Gujarat that sought to curb such a conflict by altering the market structure for environmental audits of industrial plants to incentivize accurate reporting. There are three main results. First, the status quo system was largely corrupted, with auditors systematically reporting plant emissions just below the standard, although true emissions were typically higher. Second, the treatment caused auditors to report more truthfully and very significantly lowered the fraction of plants that were falsely reported as compliant with pollution standards. Third, treatment plants, in turn, reduced their pollution emissions. The results suggest reformed incentives for third-party auditors can improve their reporting and make regulation more effective. JEL Codes: Q56, M42, D22. [end abstract] The "before" section of the paper will seem hauntingly familiar. "Show me the incentives and I'll show you the outcome." - Charlie Munger Royce _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
