We have a badly out of shape but functional product , the result of a "if its not broke don't fix it" mentality. The only thing manangement cares is our next release and making meetings to plan other meetings...

Now comes the time of the security Audit (PCI)...

Manager : oh noooo the audit will fix this issue, quickkk fix it !

Us : welllll its a lengthy process but doable, we just gotta do a,b,c,d,e . Part a is essentially what we need the rest are refactoring bits of the system to support part a since the performance would be shit otherwise

Manager: can you do part a before the audit starts ?

Us: yep.

Manager: do it . Oh and pop those other issues on JIRA so we can track em

Audit completed....

Manager: so we got through ok?

Us : 👍 yep

Manager: okayy, take those other issues..... and stick em at the bottom of the back log...

Us : huh ? *suspicious faces*..... okay but performance is gonna be poor with the system as it is cuz of part A....

Manager: yeaaahhh * troll face* ....about that.... roll it back and stick that too at the bottom of the log. We got to focus our next release. Lemme schedule a meeting for that 😊

Us : faceplam