Report Offensive Message

I think the article points out well how NOT to communicate policies in general. The example of HR spam puts it in the right light. However lack of IT Policies is asking for a world of hurt for the entire company. One worm attack can cause hours or even days of diminished productivity. Let's also not forget that IT policies apply to IT. Imagine no policy for application access? User creation? Incident resoultion?