• Bookmark

The Failed Vasa: COBIT 5 Governance and the Seven Enablers (Part 3)

By William C. Brown, Ph.D., CISA, CPA

COBIT Focus | 13 October 2014

William C. BrownOn 10 August 1628, the Vasa, among the most expensive ships of the era, sailed on her maiden voyage and within minutes sank below the waves in the Stockholm (Sweden) harbor.1 This is the third of a three-part series that illustrates Vasa’s stakeholder drivers, benefits, risk, costs, enterprise goals and, ultimately, enabler failures, all of which provide context for the seven COBIT 5 enablers.


While the failed Vasa is not about a failed IT implementation, its story describes failures of concepts that are embedded within COBIT 5. COBIT 5 embraces an enterprise view, rather than a technology division or technology-in-isolation approach; a holistic approach; and a new process model with distinct roles for governance and management. At a high level, many of the concepts embedded in COBIT 5, such as the balanced scorecard (BSC), reach beyond IT. While the author acknowledges the limitations of using COBIT 5 for shipbuilding, the story of the failed Vasa offers a comparative analogy and valuable insight into COBIT 5 and its broadened scope compared to earlier COBIT releases. This article illustrates significant failures of governance for the doomed Vasa and sets the stage for a discussion on the seven COBIT 5 enablers and their roles related to the failed ship.


As the Vasa set sail in August of 1628, several hundred spectators filled the beaches around Stockholm to witness a warship built by one of the most successful military leaders of Europe, King Gustavus Adolphus. Shortly after deploying the sail, the ship began to heel as the sails caught a breeze. The Vasa righted herself slightly and then heeled over again. Water gushed in through the open gun ports and to everyone’s disbelief, the Vasa suddenly sank! Most analysts now believe the ship was disproportionately narrow for a second tier of heavy cannon. So what factors contributed to the Vasa disaster? COBIT 5 translates the king’s needs into specific, practical and customized goals within the context of the enterprise, technology and, ultimately, enabler goals (figure 1).


Figure 1—Stakeholder Drivers Ultimately Cascade to Enabler Goals and Interactions
Figure 1
Source: Adapted from ISACA, COBIT 5, 2012


Enabler Performance Management

The governance processes of enterprise technology discussed in this article (figure 2), combined with the previous two articles, set the stage for the ultimate question for this three-part series: Why do the seven COBIT 5 enablers (figure 2) matter in the context of the Vasa? The article walks through the enabler dimensions, each of the seven enablers for the Vasa, and then identifies their failures.


Figure 2 —COBIT 5 Governance Processes
Figure 2
View large graphic.
Source: Adapted from ISACA, COBIT 5, 2012


COBIT 5 requires that all seven enablers work together to achieve adequate governance within COBIT’s goal of “Enabling a Holistic Approach.” Each enabler embraces two concepts: an enabler dimension and enabler performance management (figure 3). The enabler dimension covers four aspects: stakeholders, goals, life cycle and good practices. Enabler performance management asks whether each enabler dimension meets the stated objective and offers metrics to measure the achievement of appropriate dimension. Metric types are either lagging indicators or leading indicators.


Figure 3—COBIT 5 Enabler Dimensions and Management
Figure 3
Source: Adapted from ISACA, COBIT 5, 2012


Figure 4 cites several examples of the leading and lagging performance measures for the Vasa. Given the absence of data collection from the shipbuilding process, the Vasa shipbuilding enterprise lacked lagging and Leading and lagging metrics deemed as meeting or exceeding expectations do not ensure successful governance, but they increase the probability that successful governance, including value creation, is ensured.2 As such, enablers have a significant role in risk management (figure 14).
 

Figure 4—Lagging and Leading Performance Measures

Enabler Dimension Lagging Performance Measures Leading Performance Measures
COBIT 5 performance management
  • Are stakeholder needs addressed?
  • Are enabler goals achieved?
  • Focuses on results at the end of the period
  • Characterizes historical performance
  • Is the enabler life cycle managed?
  • Are good practices applied?
Examples
  • Lineal feet or tonnage of ships built
  • Number of cannon deployed
  • Budget vs. actual spending
  • Number of personnel who could read and write
  • Average years of shipbuilding experience among the personnel building the Vasa
  • Training hours spent on new technologies
Advantages
  • Easy to identify
  • Predictive in nature and allows the organization to make adjustments in life cycle and good practices
Issues
  • Historical in nature
  • Lacks predictive power
  • More difficult to define and capture as the measures should correlate to life cycle and good practices
  • Often new measures are adapted with no history within the organization


The Seven Enablers and the Vasa


While the king may have articulated principles, policies and goals, there is scant evidence of written principles, policies and goals supporting the shipbuilding effort (figure 5). As late as 1750, critical reading ability in the German lands and northwest Europe was confined to just 10 percent of the population,3 and it is likely that many of the shipbuilders did not have the reading ability to consume written principles, policies and goals if the king and the shipbuilders had chosen to provide these.
 

Figure 5—COBIT 5 Principles, Policies and Frameworks Enabler and the Vasa

Enabler COBIT 5 Principles, Policies, and Frameworks Goals for the Vasa (adapted from COBIT 5) Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
Principles, policies and frameworks The principles, policies and frameworks of this government enterprise translate stakeholders’ behaviors into practical guidance for Vasa’s day-to-day management.
  • Written policies did not exist to support principles, policies and frameworks.
  • It is very possible the shipwright, the shipbuilder and subcontractors failed to comprehend the king’s principles and goals.
  • A life cycle most likely did not exist as there is limited evidence of a written shipbuilding plan.
  • Good practices to define exceptions likely did not exist in an unstructured framework.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


Arguably, the Processes enabler (figure 6) is the most important among the seven enablers (the foundation of COBIT 4.1 and previous frameworks released by ISACA).
 

Figure 6—COBIT 5 Processes Enabler Goal and the Vasa

Enabler COBIT 5 Processes Enabler Goals for the Vasa Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
Processes Leverage COBIT 5 processes to enable the creation of a two-deck sailing vessel with heavy cannon on each deck and the capability of holding 300 armed Swedes.
  • Internal stakeholders included the shipbuilders, naval officers and the king. External stakeholders included other monarchs in the kingdom and the Swedish population.
  • Process goals did not exist. If they existed, they should have been intrinsic and conformed to good practice.
  • Basic technologies inhibited process goals as methods to calculate the center of gravity, heeling characteristics, and other stability factors for ships did not exist in the 17th century.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


Part 2 of this three-part series identified 19 processes (figure 7) that failed or performed at less than optimal levels using the COBIT 5 Process Reference Model.
 

Figure 7—Failed or Compromised COBIT 5 Processes for the Vasa

Align, Plan and Organize Build, Acquire and Implement Deliver, Service and Support Monitor, Evaluate and Assess
  • Manage strategy
  • Manage innovation
  • Manage budgets and costs
  • Manage human resources
  • Manage relationships
  • Manage suppliers
  • Manage risk
  • Manage programs and projects
  • Manage requirements definition
  • Manage organizational change enablement
  • Manage change
  • Manage change acceptance and transitioning
  • Manage knowledge
  • Manage configuration
  • Manage operations
  • Manage service requests and incidents
  • Manage problems
  • Monitor, evaluate and assess performance and conformance
  • Monitor, evaluate and assess compliance with external requirements

Based on ISACA, COBIT 5, 2012


Evidence suggests that information flowed from the top down through the king’s orders, but not from the bottom up as leading or lagging performance measures are reported (figure 8).
 

Figure 8—COBIT 5 Information Enabler and the Vasa

Enabler COBIT 5 Information Enabler Goals for the Vasa Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
Information Information meets three parameters:
  • Intrinsic
  • Contextual and representational
  • Secure and accessible qualities
For King Gustavus Adolphus, all standards were important to some degree. Intrinsic standards require information that is accurate, objective, believable and in compliance with professional standards for shipbuilding in that era.
  • The king pressed the Vasa forward on several occasions with accelerated timetables and expanding requirements, e.g., added length and additional cannon, otherwise known as “requirements creep.”
  • Feedback to the king from the shipbuilder or the shipwrights about unrealistic time tables or the achievability of the requests (e.g., large cannon on the second deck) was either not communicated to the king or was ignored by the king.
  • The king and others responsible for building the Vasa did not receive feedback about the failed stability test just before launch.
  • Evidence suggests that information flowed from the top down through the king’s orders, but not from the bottom up as leading or lagging metrics were not collected.
  • To some degree, information failures occurred for all three standards: intrinsic quality, contextual standards and accessibility of information.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


The resume of King Gustavus Adolphus included literature, law, history and theology, as well as fluency in German and other foreign languages. The king personally advanced the science of logistics, military organization and strategy. Despite the king’s education, the shipbuilding enterprise appeared to have failed in fundamental organizational processes (figure 9).
 

Figure 9—COBIT 5 Organizational Structure Enabler and the Vasa

Enabler COBIT 5 Organizational Structure Enabler Goals for the Vasa (adapted from COBIT 5) Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
Organizational structure The outcome of the organizational enabler should include a sailing ship(s) that meets or exceeds stakeholder goals.
  • As a monarch, the king governed Sweden, the navy and the shipbuilding enterprise.
  • Stakeholders included Swedish nobility and the population who aligned with the king’s goals.
  • Life cycle updates to the organizational chart appear not to have existed.
  • Good organizational practices, e.g., succession management, did not exist.
  • The mandate for the Vasa was clear, but the operating principles and good practices did not exist, or if they existed, were not formalized.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


Stakeholders—in this case, the king, the shipbuilders, artisans and officers of the Sweden navy—should align with good practices for culture, ethics and behavior (figure 10). In a very important quality control evaluation before the Vasa’s maiden voyage, a failed quality test did not surface at a critical juncture. That particular incident suggested ethics and behavior inconsistent with high standards. Without high standards for culture, ethics and behavior, other enablers are compromised leading to higher risk and, ultimately, a failed ship.
 

Figure 10—COBIT 5 Culture, Ethics and Behavior Enabler and the Vasa

Enabler COBIT 5 Culture, Ethics and Behavior Enabler Goals for the Vasa Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
Culture, ethics and behavior Expressed values for quality and risk-taking behaviors are consistent with high standards of culture, ethics and behavior. The collective behavior of the shipbuilding enterprise should embrace those standards. The shipbuilding culture and behavior are resilient to failure and ongoing changes in the environment.
  • Individual behavior, including that of the king, demonstrated high-risk behavior, including leading military charges in close combat without body armor. As such, the lead stakeholder failed in governance.
  • High-risk behavior by the king may have spilled over to the Vasa shipbuilding effort.
  • Life cycle updates did not exist.
  • The officers and shipwrights did not report the results of the failed stability test and, as such, a very important failed good practice led to the failed Vasa.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


The Vasa relied heavily on skilled artisans with adequate shipbuilding knowledge as the science of shipbuilding was in a trial-and-error period of design and development. As it was, questions about the qualifications of key personnel arose (figure 11).
 

Figure 11—COBIT 5 People, Skills and Competencies Enabler and the Vasa

Enabler COBIT 5 People, Skills and Competencies Goals for the Vasa Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
People, skills and competencies Qualifications, including technical, experience, knowledge and behavioral skills, are required to provide and perform processes, organizational roles, etc. The goals for the people include appropriate levels of availability.
  • Except for the first shipbuilder, the quality of personnel was suspect.
  • His successor was not qualified, as evidenced by project delays and poor communications.
  • All personnel should have been qualified for their assignments.
  • Good practices including minimum qualifications should have existed for shipbuilders.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


Little historical comment exists about the infrastructure and services supporting the Vasa shipbuilding effort. However, the services and infrastructure should have accommodated changing requirements, including heavier cannon and longer keel lengths (figure 12).
 

Figure 12—COBIT 5 Services, Infrastructure and Applications Enabler and the Vasa

Enabler COBIT 5 Services, Infrastructure and Applications Enabler Goals for the Vasa (adapted from COBIT 5) Enabler Dimensions: Stakeholders, Goals, Life Cycle and Good Practices
Services, infrastructure and applications enabler The shipbuilding infrastructure, including the dry dock, the tools and other support, can deliver a two-deck sailing vessel with an extended keel length with heavy cannon.
  • Stakeholders delivered and used services associated with the infrastructure.
  • Infrastructure and services supporting the Vasa shipbuilding effort should have existed.
  • Transition support for the extended keel length and other needs defined by the king should have existed.
  • Support for a changing environment with good practices should have existed.

Based on: ISACA, COBIT 5, 2012, and Fairly, W.; “Why the Vasa Sank: 10 Lessons Learned,” Oregon Graduate Institute, USA, 2014


Value Creation Is the Ultimate Objective of Governance

COBIT 5 addresses governance and management of technology from an end-to-end perspective, starting with stakeholder goals that ultimately cascade to enabler goals (figure 1). Governance is ultimately responsible for value creation, integrating benefits realization, risk optimization and resource optimization (figure 13).


Figure 13—Governance Objective: Value Creation
Figure 13
Source: Adapted from ISACA, COBIT 5, 2012


Risk optimization in the midst of a war with an unknown technology was among the most important roles for the king. As king, Gustavus Adolphus was directly responsible for risk management:

The understanding, articulation, and communication of the enterprise risk appetite and tolerance and ensure identification and management of risk to the enterprise that is related to technology use and its impact. The goals are to define and communicate risk threshold, effectively and efficiently manage critical enterprise risk, and ensure enterprise risk does not exceed risk appetite.4


COBIT 5 describes the Vasa as an IT benefit/value enablement risk, a risk that is associated with missed opportunities to use technology to improve efficiency or effectiveness of business processes or as an enabler for new business (or wartime) initiatives.


When King Gustavus Adolphus lost his life at 37 years of age, he was leading a cavalry charge, which he frequently did throughout his successful military career. Gustavus Adolphus is reported to have entered numerous battles without wearing any armor. The king assuming risk on the battlefield (e.g., not wearing armor or leading a cavalry charge in close combat) while being responsible for risk optimization is seemingly in direct conflict with governance responsibilities defined from a COBIT 5 perspective. The king’s high-risk behaviors and those influences throughout the shipbuilding operation fall under the enabler Culture, Ethics and Behavior. Leadership behavior does matter and the influence of the king’s attitude toward risk likely had an influence on those who held responsible roles in building the Vasa. The obvious question is, “How would the king’s behavior be modified using enabler performance management?” An audit committee or another board level organization would (or should) assert itself with high-risk behavior in a 21st-century organization.


Risk Management, Controls and Value Creation

In COBIT 5, IT controls can be any enabler or combination of enablers, e.g., putting in place an organizational structure or putting in place certain governance or management practices or activities. COBIT 5 for Risk provides guidance and describes how each enabler contributes to the overall governance and management of the risk function. Risk management examines core risk governance and risk management processes (figure 14). Given the high-risk nature of the Vasa, enablers or controls should have had a very important role.


Figure 14—COBIT 5 Enablers and the Risk Function
Figure 14
Source: Adapted from ISACA, COBIT 5, 2012


Mitigating risk for the Vasa may have included all seven COBIT 5 enablers, but the evidence suggests that controls on the Processes enabler with 19 failed or compromised processes (figure 7) are high priorities for attention. Leading and lagging indicators and other dimensions appear to have been nonexistent and, therefore, the 19 processes lacked controls. Additionally, given the king’s high-risk behaviors, the Culture, Ethics and Behavior enabler should have had controls, board oversight or, in the case of the king, oversight by other monarchs in the kingdom. The lack of enabler goals and corresponding reporting metrics over the shipbuilding process ultimately resulted in the failures of the Vasa and failures in the king’s governance.


William C. Brown, Ph.D., CISA, CPA

Is an assistant professor, chair of the Accounting and Business program and director of the Master of Accounting program in the College of Business at Minnesota State University, Mankato (Minnesota, USA). His teaching experience includes management information systems and accounting, and he has served at various levels of responsibility, including chief financial officer, at three US Securities and Exchange Commission (SEC)-registered organizations for more than 25 years. Brown has led several project teams to implement enterprise accounting and related systems.


Endnotes

1 Vasa Museet, "The Ship," 2014
2 Harmer, G.; Governance of Enterprise IT Based on COBIT 5, IT Governance Publishing, UK, 2013
3 Houston, R. A.; Literacy in Early Modern Europe: Culture and Education, 1500–1800 2nd Edition, Longman Group, UK, 2001
4 Adapted from ISACA, COBIT 5, 2012

THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA. OUR PRIVACY POLICY IS LOCATED HERE.