Blog

enterprise-architecture

Ensuring Compliant Architectures with the ADM

2016-02-05-compliance-adm-architecture

Imagine having conceptualized and designed architectures of unprecedented expected future business value, only for it to be tossed into the bin never to see the light of day. All the hard yards invested amounting to nothing. Probably not a scenario any organization I know would want to encounter. But what if it had been even worse, and the architecture had been implemented only for disastrous consequences to follow… Not much of a choice is it?

Enterprises today are arguably faced with a more compelling case for corporate governance than any of their predecessors before them. As much as we hear of globalization and glocalization, we have seen first-hand the exponential emergence of regulated markets in almost every industry the world over, and the inculcation of business critical compliance within the fabric of the contemporary organization - essential for survival in local or global environments. Compliance inside the enterprise has evolved too, somewhat revolutionary, from a ‘toe the line’ mantra to playing a pivotal role in creating and sustaining competitive advantage for the organization.

When we talk of corporate governance, it’s not all about number crunching and men in grey suits. To the contrary think of it as the umbrella under which all supporting functional governances reside and operate across the entire enterprise. Yes, financial governance (including auditing) is indeed there in the enterprise’s Governance hierarchy, but so too is HR, Operations… and relevant to our topic – Technology / IT Governance, and typically within that Architecture Governance specifically. All of these ‘subservient’ governances subscribe up the chain so to speak, ultimately to the organization’s corporate governance whose primary objective is to ensure the enterprise is creating value. So it’s no wonder that Governance is on the mind of every CIO or CTO in the 21st century… after all who wouldn’t want to optimize risks and costs, and empower value creation for the business.

So what is this ‘ADM’ and how can it help when it comes to your organization’s enterprise architecture? ADM, an abbreviation for Architecture Development Method, forms part of The Open Group Architecture Framework (TOGAF) and is a phase based methodology and process for developing or changing enterprise architecture. For any organization contemplating embarking on the enterprise architecture journey the ADM is the perfect guide to get you there, step by step, to help your organization to not only design architecture that satisfies stakeholder’s requirements but deliver them too.

The ADM consists of a central Architecture Requirements Management phase, surrounded by a Preliminary Phase and 8 other phases, A through H as listed below:

  • Phase A: Architecture Vision
  • Phase B: Business Architecture
  • Phase C: Information Systems Architecture
  • Phase D: Technology Architecture
  • Phase E: Opportunities and Solutions
  • Phase F: Migration Planning
  • Phase G: Implementation Governance
  • Phase H: Architecture Change Management

Phases A through F essentially translate the business need into a target architecture, define the associated architecture roadmap, and detail the implementation (and migration) plan to deliver it. But how can organizations be sure that they not only ‘get what they asked for’ but that architectural compliance is assured across all implementation projects in the organization… enter Phase G – Implementation Governance.

The key objectives of Phase G of the ADM are to:

  • Formulate recommendations for each implementation project.
  • Construct an Architecture Contract to govern the overall implementation and deployment process.
  • Perform appropriate governance functions while the system is being implemented and deployed.
  • Ensure conformance with the defined architecture by implementation projects and other projects.

Comprehensive architectural governance, which is the management and control of all aspects of the development and evolution of enterprise architectures, is embedded into Phase G, not least of all to prevent any non-compliant solutions being deployed into the business environment. Architectural Governance includes processes to -

  • identify, manage, audit, and disseminate all information related to architecture management, contracts, and implementation
  • ensure that all architecture artifacts and contracts, principles, OLAs and SLAs are monitored on an ongoing basis with clear auditability of all decisions made

Within the Architecture Governance processes, are two processes specifically focused around compliance:

Compliance Process

Compliance assessments against SLAs, OLAs, standards, and regulatory requirements will be implemented on an ongoing basis to ensure stability, conformance, and performance monitoring. These assessments will be reviewed and either accepted or rejected depending on the criteria defined within the governance framework.

Dispensation Process

A Compliance Assessment can be rejected where the subject area (design, operational, service level, or technology) are not compliant. In this case the subject area can:

  1. Be adjusted or realigned in order to meet the compliance requirements
  2. Request a dispensation

Where a Compliance Assessment is rejected, an alternate route to meeting interim conformance is provided through dispensations. These are granted for a given time period and set of identified service and operational criteria that must be enforced during the lifespan of the dispensation. Dispensations are not granted indefinitely, but are used as a mechanism to ensure that service levels and operational levels are met while providing a level of flexibility in their implementation and timing. The time-bound nature of dispensations ensures that they are a major trigger in the compliance cycle.

Implementation Governance (Phase G) forms part of Architecture Governance and within this implementation phase of the ADM, is effected through key deliverables like:

Architecture Contracts – all architecture or architecture changes being implemented are subject to an architecture contract with the ‘contractors’ responsible for delivering all or part of the solution and form a basis for assessing compliance

Architecture Compliance Reviews – to evaluate the compliance of a specific project (architecture) against established architectural criteria, spirit, and business objectives. These reviews follow a detailed step by step process with roles and responsibilities; attach levels of conformance to project architectures, utilizing detailed checklists with questions covering every aspect of architecture from hardware to software to security and more.

  • Levels of Conformance

- Irrelevant
- Consistent
- Compliant
- Conformant
- Fully Conformant
-Non-Conformant

  • Process
  • Checklists

Audit the majority of existing enterprise architectures in organizations where a formal architecture development methodology has not been in place, and you are (virtually) guaranteed to discover what business stakeholders would label as non-compliant systems and solutions. Perhaps in days gone by the implications were not as severe as nowadays, where enterprises are faced with substantial punitive and even criminal consequence the risk, or perhaps the positive correlation between compliance and competitive advantage was not widely acknowledged. Or perhaps it was even simply a case of there not being a proven ‘ADM’ out there even if they wanted one…

But today more and more enterprises have been realizing the benefits and ultimate value that can be derived from adopting enterprise architecture in their organization, and choosing an architecture framework (TOGAF) that comes with a robust, effective and efficient architecture development methodology (ADM) to boot. I bet you never thought that ensuring compliance in your enterprise architecture could be made so easy… ADM - providing a fully comprehensive level of governance and assurance to help organizations get and keep compliant architectures.