Share on:


Why Peter Pan Hates COBIT 2019

By Bruno Horta Soares, CISA, CRISC, CGEIT, PMP

COBIT Focus | 15 July 2019

Why would Peter Pan have an opinion on COBIT 2019, and a dark one no less? No, COBIT is not the name of the newest deckhand working for Captain Hook. Rather, it can be explained by my experience in which many enterprises are averse to change and, therefore, refuse to evolve and adopt new practices related to the governance and management of enterprise information and technology (I&T).

We all know the adventures of Peter Pan, the boy who refuses to grow up and spends his life having magical adventures with his friend, Wendy. What began as a simple children's story, told by James M. Barrie,1 became a true global phenomenon with adaptations for print, theater and film. This children’s book was so successful that it gave rise to the book The Peter Pan Syndrome: Men Who Have Never Grown Up,2 written by Dan Kiley, Ph.D., in 1983. He would eventually bestow the same name on a syndrome in the field of psychology.

I do not have any qualifications in the field of psychology, but when I heard about this syndrome, I recalled the reference I have made hundreds of times when I present the COBIT 5 framework in conferences or training sessions: “Attention: This is for adults only!”

My interjection arises directly from my experience of the evolution of the COBIT framework, from its inception in support of IT audit/assurance, through its childhood as a reference for the control environment, its youthful application to the field of management and, finally, to its adulthood upon arrival in the world of IT governance. When ISACA launched the COBIT 5 framework in 2012, it was a mature framework capable of leaving the world of IT and venturing into the wonderful world of business, supporting organizations to satisfy internal and external stakeholder needs related to I&T.

While it was exciting to understand how the COBIT framework had grown, I also realized that there has been widespread resistance to its adoption. One might naturally look for errors or defects in the framework to justify the reservations of others who do not share the same enthusiasm I feel for COBIT. As I looked deeper into the causes of such resistance, I realized that it had little to do with rational explanations, and it is not because of the COBIT 5 framework itself. There is nothing conceptually wrong with the COBIT 5 framework. In fact, the framework is responsible for revealing a set of underlying signs and symptoms that had not surfaced for years: Practitioners and organizations never ceased to live in the wonderful world of audit/assurance and, at most, have only arrived—against their will and scared by “Captain SOX”—in the world of business and technology controls. The framework evolved from COBIT 4.1 to COBIT 5, but, in fact, practitioners and organizations were scared to evolve with it. Most had ignored previous evolutions of COBIT 3 and COBIT 4.1 because they never really visited the worlds of management and IT governance.

Documentation supporting the COBIT 5 framework made it clear that, although it was a powerful tool for valuing practitioners and organizations in the governance and management of enterprise IT, it could also be used for less ambitious or more pragmatic purposes (e.g., assurance, risk, security). However, many practitioners and organizations did not realize that and simply did not adopt COBIT 5 because it was very “high level” and complex.

COBIT 2019 marks another milestone in ISACA's history and demonstrates, above all, its enormous commitment to the concept "leave no one behind." Instead of just continuing to evolve the framework, and ignoring an ever-widening gap between theory and practice, COBIT 2019 provides practical tools to help practitioners and enterprises overcome fear, uncertainty and doubt, and fully leverage the framework’s capacity to remake IT governance and management—and thereby enhance the contribution of I&T to the value creation of any enterprise in the context of digital transformation. COBIT 2019 leaves no excuses for practitioners who still do not want to evolve. To help diagnose Peter Pan syndrome, the following outline of 6 symptoms, cures and therapeutic pointers can help enterprises identify and address excuses for not fully adopting COBIT 2019 (figure 1).


Figure 1—Peter Pan Syndrome Symptoms, Cures and Pointers

Peter Pan Symptom 

Cure3

Therapeutic Pointers 

1. Dodges responsibilities and seeks pleasure in repetitive tasks

COBIT 2019 Governance System Principle 1: Provide Stakeholder Value

  • Let go of procedure’s checklists and the main goal (and pleasure) of finding noncompliance issues to report.
  • Take responsibility for stakeholder needs and help to ensure that the enterprise generates value from the use of I&T.
  • Understand stakeholder drivers and needs in order to transform them into actionable enterprise strategy.

2. Lacks confidence and fears rejection when doing something different

COBIT 2019 Governance System Principle 2: Holistic Approach

  • “First it´s strange, then it gets into you!”4
  • Rethink the traditional viewpoint that a quality or control environment is mainly about a process’s practices and value other components.
  • Focus on what is most effective to address a specific goal or mitigate a specific risk.
  • Explore processes, but also other components such as Organizational structures; Information; Skills and competencies; Culture and behavior; Policies and procedures; or Services, infrastructure and applications.

3. Struggles with emotions when facing change

COBIT 2019 Governance System Principle 3: Dynamic Governance System

  • It is not possible that organizations stop working to make it easier to perform the management, control or audit/assurance work.
  • Acknowledge that change is now part of the game. It is time to adapt to the speed of change in the digital age.
  • If the enterprise must be agile and flexible to adapt and embrace digital transformation, so too professionals and their tools should be adaptive and dynamic.

4. Relates only to colleagues who also do not want to grow up

COBIT 2019 Governance System Principle 4: Governance Distinct From Management

  • Acknowledge the full breadth of engagement required for digital transformation. At the operational level, everyone needs to be a specialist and know how to do things. However, spending too much time with those who care only about “how to do things” (operations) will eventually cause practitioners to forget “why to do the things” (governance) and “what to do” (management).
  • Governance, management and operations are distinct but need to be aligned and integrated to ensure the value from I&T.

5. Fears or has trouble with commitment; breaks promises and blames others for failures

COBIT 2019 Governance System Principle 5: Tailored to Enterprise Needs

  • Focus less on addressing the familiar management, control and audit/assurance with which users are comfortable; think more about customizing and developing the governance and management system according to enterprise needs.
  • Stop blaming the business, the framework, the stakeholders, etc.; start adapting to survive! Once you start using COBIT 2019, the question will no longer be “Are we using COBIT?” but “How are we using COBIT?”

6. Has difficulty forming genuine friendships, especially outside the group.

COBIT 2019 Governance System Principle 6: End-to-End Governance System

  • It is time to end the internal conflict of “business vs. IT,” among the different IT-related areas and between the 3 lines of defense. I&T is everywhere, and everyone is important.
  • COBIT 2019 can enable everyone to speak the same language across business and IT, throughout all 3 lines of defense and the external ecosystem. Bridging the divide between the business and IT requires engaging all key stakeholders in the organization.


Just as the Peter Pan book says, “It is not in doing what you like, but in liking what you do that is the secret of happiness.”5 Go on and try COBIT 2019. You will see that once you grow up, you will not want to go back.


Bruno Horta Soares, CISA, CRISC, CGEIT, PMP

Is founder and senior advisor at GOVaaS (Governance Advisors as-a-Service) Governance Advisors, founder and president of the ISACA Lisbon (Portugal) Chapter, and is enthusiastically engaged in teaching, training and coaching in the areas of governance, audit, risk, control and security of information technologies in Portugal, Angola, Mozambique and Brazil.


Endnotes

1 Barrie, J. M.; Peter and Wendy, Charles Scribner's Sons, USA, 1911
2 Kiley, D.; The Peter Pan Syndrome: Men Who Have Never Grown Up, Dodd Mead, USA, 1983
3 ISACA, COBIT 2019 Framework: Introduction and Methodology, USA, 2018
4 As said by the famous Portuguese poet Fernando Pessoa when he wrote the first Portuguese Coca-Cola slogan in 1928.
5 Op cit Barrie