I never thought in 2016 that I would hear someone say, “We have always done it that way,” but I did. Undoubtedly, these are 7 of the saddest and most expensive words in the English language. You might know this phrase by one of its variants: “That is not the way we do it here,” or “You just do not understand how we do things around here.” These are what psychologists call “stuck thoughts.” They are the brick walls that form a prison around your mind. The harder you try to get rid of them, the more powerful they become. The walls get higher and more defensive. You get trapped in firefighting mode because it is all you know. You are in your comfort zone. Forget that you are wasting resources. But is there a better way?
Well, most of the existing guidance thinks so. It is called “continual improvement.” The goal of continual improvement is to optimize efficiency, effectiveness and economic efficiency. You do this by continuously checking your processes, making improvements and sustaining those improvements. This is also how you provide value—assuming you are working on the right things.
You could call upon Lean IT or Six Sigma principles that are generally well established and have broad applicability. Should you feel that these are a tad esoteric and not applicable to your organization, look at COBIT 5 processes, such as APO01, APO04 and APO11 from the Align, Plan and Organize (APO) domain, for information on continual improvement and innovation.
You need to look for the waste in your organization, and the most prevalent type of waste in a stuck-thought organization are defects (i.e., unauthorized changes and motion, for example, firefighting or repeat problems within the IT infrastructure and applications). When you are repeatedly fighting the same problem, you are not providing value-added work. Probably the most shameful waste is unused employee knowledge. This waste is exemplified by the failure to capture innovative ideas and employees spending time on repetitive or mundane tasks. For example, you send your employees to COBIT 5 Foundation training and when they return energized and engaged, you tell them, “That is not the way we do it here.” Do you hear “psssst”? That is the air escaping from the balloon you just popped. Now that is a real demotivator.
You cannot use yesterday’s tools and processes to deal with today’s environment and problems.
When you are not improving your processes, you risk falling over the cliff from control to chaos—and it is a very steep drop off. Your organization is a complex adaptive system. It is constantly changing. Take risk management for example. You cannot use yesterday’s tools and processes to deal with today’s environment and problems. Not that long ago, organizations would look for hackers scanning each port. But that practice is simplistic and probably ineffectual to deal with advanced persistent threats (APTs).
Smart organizations know they should leverage best and good practice for the simple and complicated things, such as change management. There is a reason it is called best or good—it works. Not improving puts your organization at risk. So why do organizations not use these practices? Is it that they think their business is so unique? Well, let me tell you, “There is only one way to pay an invoice, and that is the right way!”
A tenet of most guidance, COBIT 5 included, is that you must focus on continual improvement. Continual improvement is, as the name implies, a continuing and long-term process. Just because something did not work three years ago is no reason to not try it again. If you are not moving forward, you are falling back. And your organization cannot afford to fall back in these hypercompetitive times characterized by unsustainable advantage. You must move past event-focused activities and embrace continual improvement. You may choose not to change, but rest assured your competitors and customers will. Quite frankly, it is a recipe for disaster to do things the same old way without at least occasionally ascertaining whether that mode of operation is actually working or you simply think it is working for you. The great American humorist Will Rogers once said: “Even if you are on the right track, you will get run over if you just sit there.”
Recently, someone said to me half-jokingly, “I am all for improvement. I just do not want to change things.” But you cannot improve until you start the process of improving. So, you must move your organization to “That is the way we used to do things.” Get unstuck.
Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 27005 Lead Risk Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC
Is the principal of Peter Davis+Associates, a management consulting firm specializing in IT governance, security and audit. He currently teaches COBIT 5 Foundation/Implementation/Assessor, ISO 27001 Foundation/Lead Implementer/Lead Auditor, ISO 31000/ISO 27005 Risk Manager (RM), ISO 20000 Foundation/Lead Implementer/Lead Auditor, ISO 22301 Foundation, ISO 9001 Foundation and Project Management Institute Risk Management Professional (PMI-RMP) courses.