There's such thing as overkill isn't there? Have you suggested making passwords more secure and changes less often to the management?