This chapter will help you understand Architecture Governance, and how it contributes to the Architecture Development Cycle.
Key Points Explained
This chapter will help you to answer the following questions:
• What is Architecture Governance?
• What are the main concepts that make up an Architecture Governance Framework?
• Why is Architecture Governance beneficial?
• What is the need to establish an Architecture Board?
• What are the responsibilities of an Architecture Board?
• What is the role of Architecture Contracts?
• What is Architecture Compliance?
• How can the ADM be used to establish an Architecture Capability?
The TOGAF standard provides significant guidance on establishing effective Architecture Governance and coordinating with other governance processes within the organization. Effective governance ensures that problems are identified early and that subsequent changes to the environment occur in a controlled manner. [Source: Bill Estrem, “TOGAF to the Rescue” (www.opengroup.org/downloads)]
(Syllabus Reference: Unit 8, Learning Outcome 1: You should be able to briefly explain the concept of Architecture Governance.)
Architecture Governance is the practice by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level.
Architecture Governance includes the following:
• Implementing a system of controls over the creation and monitoring of all architectural components and activities, to ensure the effective introduction, implementation, and evolution of architectures within the organization
• Implementing a system to ensure compliance with internal and external standards and regulatory obligations
• Establishing processes that support effective management of the above processes within agreed parameters
• Developing practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization
Architecture Governance typically operates within a hierarchy of governance structures which, particularly in the larger enterprise, can include the following as distinct domains with their own disciplines and processes:
• Corporate Governance
• Technology Governance
• IT Governance
• Architecture Governance
Each of these domains of governance may exist at multiple geographic levels – global, regional, and local – within the overall enterprise. Corporate Governance is a broad topic and outside the scope of the TOGAF framework.
What is Governance?
Governance is about ensuring that business is conducted properly. It is less about overt control and strict adherence to rules, and more about effective usage of resources to ensure sustainability of an organization’s strategic objectives. The following characteristics, adapted from Corporate Governance (Naidoo, 2002), are used in the TOGAF standard to highlight both the value and necessity for governance as an approach to be adopted within organizations and their dealings with all involved parties:
Discipline: All involved parties will have a commitment to adhere to procedures, processes, and authority structures established by the organization.
Transparency: All actions implemented and their decision support will be available for inspection by authorized organization and provider parties.
Independence: All processes, decision-making, and mechanisms used will be established so as to minimize or avoid potential conflicts of interest.
Accountability: Identifiable groups within the organization – e.g., governance boards who take actions or make decisions – are authorized and accountable for their actions.
Responsibility: Each contracted party is required to act responsibly to the organization and its stakeholders.
Fairness: All decisions taken, processes used, and their implementation will not be allowed to create unfair advantage to any one particular party.
(Syllabus Reference: Unit 8, Learning Outcome 2: You should be able to describe the main concepts that make up an Architecture Governance Framework.)
Phase G of the TOGAF ADM is dedicated to Implementation Governance, which concerns itself with the realization of the architecture through change projects. Architecture Governance covers the management and control of all aspects of the development and evolution of architectures. It needs to be supported by an Architecture Governance Framework which assists in identifying effective processes so that the business responsibilities associated with Architecture Governance can be elucidated, communicated, and managed effectively. The TOGAF standard provides such a framework, which is described in the following sections.
Architecture Governance is an approach, a series of processes, a cultural orientation, and set of owned responsibilities that ensure the integrity and effectiveness of the organization’s architectures. The key concepts are shown in Figure 18.
Figure 18: Architecture Governance Framework – Conceptual Structure
The split of process, content, and context is key to supporting an Architecture Governance initiative. It allows the introduction of new governance material (for example, due to new regulations) without unduly impacting the processes. The content-agnostic approach ensures the framework is flexible.
Key Architecture Governance Processes
The following are the key processes:
1. Policy Management and Take-On
2. Compliance
3. Dispensation
4. Monitoring and Reporting
6. Environment Management
Governance is the practice of managing and controlling architectures. An effective Architecture Governance structure requires processes, structures, and capabilities (see Figure 19) and will typically include a global governance board, local governance board, design authorities, and working parties.
Figure 19: Architecture Governance Framework – Organizational Structure
(Syllabus Reference: Unit 8, Learning Outcome 3: You should be able to explain why Architecture Governance is beneficial.)
Architecture Governance is beneficial because it:
• Links IT processes, resources, and information to organizational strategies and objectives
• Integrates and institutionalizes IT best practices
• Aligns with industry frameworks such as COBIT (planning and organizing, acquiring and implementing, delivering and supporting, and monitoring IT performance)
• Enables the organization to take full advantage of its information, infrastructure, and hardware/software assets
• Protects the underlying digital assets of the organization
• Supports regulatory and best practice requirements such as auditability, security, responsibility, and accountability
• Promotes visible risk management
What are the Key Success Factors when establishing Architecture Governance?
It is important to consider the following to ensure a successful approach to Architecture Governance, and effective management of the Architecture Contract:
• Establishment and operation of best practices for submission, adoption, reuse, reporting, and retirement of architecture policies, procedures, roles, skills, organizational structures, and support services
• Establishment of correct organizational responsibilities and structures to support Architecture Governance processes and reporting requirements
• Integration of tools and processes to facilitate take-up of processes (both procedural and cultural)
• Management of criteria for control of Architecture Governance processes, dispensations, compliance assessments, Service Level Agreements (SLAs), and Operational Level Agreements (OLAs)
• Meeting internal and external requirements for effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability of Architecture Governance-related information, services, and processes
(Syllabus Reference: Unit 8, Learning Outcome 4: You should be able to briefly explain the need for establishment of an Architecture Board.)
An enterprise architecture imposed without appropriate political backing is bound to fail. An important element in any Architecture Governance strategy is establishment of a cross-organizational Architecture Board to oversee the implementation of the governance strategy. This body should be representative of all the key stakeholders in the architecture, and will typically comprise a group of executives responsible for the review and maintenance of the overall architecture.
(Syllabus Reference: Unit 8, Learning Outcome 5: You should be able to list the responsibilities of an Architecture Board.)
The Architecture Board is typically made responsible, and accountable, for achieving some or all of the following goals:
• Providing the basis for all decision-making with regard to changes to the architectures
• Consistency between sub-architectures
• Establishing targets for re-use of components
• Flexibility of enterprise architecture; to meet business needs and utilize new technologies
• Enforcement of Architecture Compliance
• Improving the maturity level of architecture discipline within the organization
• Ensuring that the discipline of architecture-based development is adopted
• Supporting a visible escalation capability for out-of-bounds decisions
The Architecture Board is also responsible for operational items such as the monitoring and control of Architecture Contracts, and for governance items such as producing usable governance materials.
(Syllabus Reference: Unit 8, Learning Outcome 6: You should be able to briefly explain the role of Architecture Contracts.)
Architecture Contracts are joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture. Successful implementation of these agreements will be delivered through effective Architecture Governance. Taking a governed approach to contract management ensures a system that continuously monitors integrity, changes, decision-making, and audit, as well as adherence to the principles, standards, and requirements of the enterprise. The architecture team may also be included in product procurement, to help minimize the opportunity for misinterpretation of the enterprise architecture.
(Syllabus Reference: Unit 8, Learning Outcome 7: You should be able to briefly explain the meaning of Architecture Compliance.)
The TOGAF standard defines the meaning of key terms such as “conformant”, “compliant”, etc. as shown in Figure 20.
Figure 20: Levels of Architecture Conformance
(Syllabus Reference: Unit 8, Learning Outcome 8: You should be able to briefly explain the need for Architecture Compliance.)
Ensuring the compliance of individual projects within the enterprise architecture is an essential aspect of Architecture Governance. An Architecture Compliance strategy should be adopted. The TOGAF standard recommends two complementary processes:
• The Architecture function will be required to prepare a series of Project Architectures; i.e., project-specific views of the enterprise architecture that illustrate how the enterprise architecture impacts on the major projects within the organization. (See ADM Phases A to F.)
• The IT Governance function will define a formal Architecture Compliance Review process (see below) for reviewing the compliance of projects to the enterprise architecture.
Apart from defining formal processes, the Architecture Governance function may also stipulate that the architecture function should extend beyond the role of architecture definition and standards selection, and participate also in the technology selection process, and even in the commercial relationships involved in external service provision and product purchases. This may help to minimize the opportunity for misinterpretation of the enterprise architecture, and maximize the value of centralized commercial negotiation.
(Syllabus Reference: Unit 8, Learning Outcome 9: You should be able to briefly explain the purpose of Architecture Compliance Reviews.)
The purpose of an Architecture Compliance Review includes the following:
• To catch errors in the project architecture early, and thereby reduce the cost and risk of changes required later in the lifecycle; this in turn means that the overall project time is shortened, and that the business gets the bottom-line benefit of the architecture development faster
• To ensure the application of best practices to architecture work
• To provide an overview of the compliance of an architecture to mandated enterprise standards
• To identify where the standards themselves may require modification
• To identify services that are currently application-specific but might be provided as part of the enterprise infrastructure
• To document strategies for collaboration, resource sharing, and other synergies across multiple architecture teams
• To take advantage of advances in technology
• To communicate to management the status of technical readiness of the project
• To identify key criteria for procurement activities (e.g., for inclusion in Commercial Off-The-Shelf (COTS) product RFI/RFP documents)
• To identify and communicate significant architectural gaps to product and service providers
The Architecture Compliance Review can also be a good way of deciding between architectural alternatives, since the business decision-makers typically involved in the review can guide decisions in terms of what is best for the business, as opposed to what is technically more pleasing or elegant.
(Syllabus Reference: Unit 8, Learning Outcome 10: You should be able to briefly describe the Architecture Compliance Review process.)
An Architecture Compliance Review is a scrutiny of the compliance of a specific project against established architectural criteria, spirit, and business objectives. The TOGAF standard describes a process, including the roles and actions to undertake a review and deliver an assessment report, as summarized in Figure 21.
Figure 21: Architecture Compliance Review Process
This consists of 12 steps as follows:
(Syllabus Reference: Unit 8, Learning Outcome 11: You should be able to briefly explain how the ADM can be used to establish an Architecture Capability.)
Establishing a sustainable Architecture Capability within an organization can be achieved by adhering to the same approach that is used to establish any other capability – such as a business process management capability – within an organization. The ADM is an ideal method to be used to architect and govern the implementation of such a capability. Applying the ADM with the specific Architecture Vision to establish an architecture practice within the organization would achieve this objective.
The TOGAF standard states that this should not be seen as a phase of an architecture project, or a one-off project, but rather as an ongoing practice that provides the context, environment, and resources to govern and enable architecture delivery to the organization. As an architecture project is executed within this environment it might request a change to the architecture practice that would trigger another cycle of the ADM to extend the architecture practice.
Implementing any capability within an organization would require the design of the four domain architectures: Business, Data, Application, and Technology. Establishing the architecture practice within an organization would therefore require the design of:
• The Business Architecture of the architecture practice that will highlight the Architecture Governance, architecture processes, architecture organizational structure, architecture information requirements, architecture products, etc.
• The Data Architecture that would define the structure of the organization’s Enterprise Continuum and Architecture Repository
• The Application Architecture specifying the functionality and/or applications services required to enable the architecture practice
• The Technology Architecture that depicts the architecture practice’s infrastructure requirements and deployment in support of the architecture applications and Enterprise Continuum
Architecture Governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level. It includes the following:
• Implementing a system of controls over the creation and monitoring of all architecture components and activities, to ensure the effective introduction, implementation, and evolution of architectures within the organization
• Implementing a system to ensure compliance with internal and external standards and regulatory obligations
• Establishing processes that support effective management of the above processes within agreed parameters
• Developing practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization
An important element in any Architecture Governance strategy is establishment of a cross-organizational Architecture Board to oversee the implementation of the governance strategy. This body should be representative of all the key stakeholders in the architecture, and will typically comprise a group of executives responsible for the review and maintenance of the overall architecture.
Architecture Contracts are joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture. Successful implementation of these agreements will be delivered through effective Architecture Governance.
Ensuring the compliance of individual projects within the enterprise architecture is an essential aspect of Architecture Governance. An Architecture Compliance strategy should be adopted.
Q1: Which of the following statements about Architecture Governance is not correct?
A. It is the practice and orientation by which enterprise architectures and other architectures are managed and controlled.
B. The Chief Architect manages the Architecture Governance activity.
C. An Architecture Governance Framework supports it.
D. It is a set of owned responsibilities that ensure the integrity and effectiveness of the organization’s architecture.
Q2: The following are included in Architecture Governance, except:
A. Implementing a system of controls over expenditure within the enterprise
B. Implementing a system of controls over the creation and monitoring of all architecture components and activities
C. Implementing a system to ensure compliance with internal and external standards and regulatory obligations
D. Establishing processes that support effective management of the Architecture Governance process
E. Developing practices that ensure accountability to stakeholders
Q3: Which of the following maps to the characteristic “transparency”?
A. All decisions taken, processes used, and their implementation will not be allowed to create unfair advantage to any one particular party.
B. Each contractual party is required to act responsibly to the organization and its shareholders.
C. All actions implemented and their decision support will be available for inspection by authorized organization and provider parties.
D. All involved parties will have a commitment to adhere to procedures, processes, and authority structures established by the organization.
E. All processes, decision-making, and mechanisms used will be established so as to minimize or avoid potential conflicts of interest.
Q4: Conceptually, the structure of an Architecture Governance Framework consists of process, content, and context (stored in the repository). The following are included in content, except:
A. Compliance
B. SLAs and OLAs
C. Organizational standards
D. Regulatory requirements
E. Architectures
Q5: The following are key Architecture Governance processes, except:
A. Compliance
B. Dispensation
C. Monitoring and reporting
D. Budgetary control
E. Business control
Q6: Why is Architecture Governance beneficial?
A. It links IT processes, resources, and information to organizational strategies and objectives.
B. It integrates and institutionalizes IT best practices.
C. It enables the organization to take full advantage of its information, infrastructure, and hardware/software assets.
D. It protects the underlying digital assets of the organization.
E. All of these.
Q7: Which one of the following is not the responsibility of an Architecture Board?
A. Resourcing of architecture projects
B. Decision-making with regards to changes to the architectures
C. Enforcement of Architecture Compliance
D. Monitoring of Architecture Contracts
Q8: Which one of the following best describes an Architecture Contract?
A. An agreement between the development partners and stakeholders on the acceptable risks and mitigating actions for an architecture
B. An agreement between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture
C. An agreement between the lead architect and the development partners on the enforcement of Architecture Compliance for an architecture
D. An agreement between development partners and sponsors on how best to monitor implementation of the architecture
Q9: The TOGAF standard defines a set of terms to describe Architecture Compliance. Which one of the following applies to the case where an implementation has no features in common with the architecture specification?
A. Compliant
B. Conformant
C. Irrelevant
D. Non-conformant
Q10: In an Architecture Compliance Review, who is responsible for accepting and signing off on the review?
A. Architecture Board
B. Architecture Review Co-ordinator
C. Lead Enterprise Architect
D. Project Leader
Q11: When using the ADM to establish an Architecture Capability, which phase would define the infrastructure requirements to support the practice?
A. Application Architecture
B. Business Architecture
C. Data Architecture
D. Technology Architecture
The following are recommended sources of further information for this chapter:
• TOGAF 9 Part VII: Architecture Capability Framework, Chapter 46 (Establishing an Architecture Capability)
• TOGAF 9 Part VII: Architecture Capability Framework, Chapter 47 (Architecture Board)
• TOGAF 9 Part VII: Architecture Capability Framework, Chapter 48 (Architecture Compliance)
• TOGAF 9 Part VII: Architecture Capability Framework, Chapter 49 (Architecture Contracts)
• TOGAF 9 Part VII: Architecture Capability Framework, Chapter 50 (Architecture Governance)
