This chapter provides a framework and guidelines for architecture governance.
This section describes the nature of governance, and the levels of governance.
Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level.
Architecture governance typically does not operate in isolation, but within a hierarchy of governance structures, which, particularly in the larger enterprise, can include all of the following as distinct domains with their own disciplines and processes:
Each of these domains of governance may exist at multiple geographic levels - global, regional, and local - within the overall enterprise.
Corporate governance is thus a broad topic, beyond the scope of an enterprise architecture framework such as TOGAF.
This and related subsections are focused on architecture governance; but they describe it in the context of enterprise-wide governance, because of the hierarchy of governance structures within which it typically operates, as explained above.
In particular, this and following sections aim to:
Governance is essentially about ensuring that business is conducted properly. It is less about overt control and strict adherence to rules, and more about guidance and effective and equitable usage of resources to ensure sustainability of an organization's strategic objectives.
The following outlines the basic principles of corporate governance, as identified by the Organization for Economic Co-operation and Development (OECD):
Supporting this, the OECD considers a traditional view of governance as: "... the system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation - such as the board, managers, shareholders, and other stakeholders - and spells out the rules and procedures for making decisions on corporate affairs. By doing this, it also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance" [OECD (1999)].
The following characteristics have been adapted from Naidoo (2002) and are positioned here to highlight both the value and necessity for governance as an approach to be adopted within organizations and their dealings with all involved parties:
Technology governance is a key capability, requirement, and resource for most organizations because of the pervasiveness of technology across the organizational spectrum.
Recent studies have shown that many organizations have a balance in favor of intangibles rather than tangibles that require management. Given that most of these intangibles are informational and digital assets, it is evident that businesses are becoming more reliant on IT: and the governance of IT - IT governance - is therefore becoming an even more important part of technology governance.
These trends also highlight the dependencies of businesses on not only the information itself but also the processes, systems, and structures that create, deliver, and consume it. As the shift to increasing value through intangibles increases in many industry sectors, so risk management must be considered as key to understanding and moderating new challenges, threats, and opportunities.
Not only are organizations increasingly dependent on IT for their operations and profitability, but also their reputation, brand, and ultimately their value are also dependent on that same information and the supporting technology.
IT governance provides the framework and structure that links IT resources and information to enterprise goals and strategies. Furthermore, IT governance institutionalizes best practices for planning, acquiring, implementing, and monitoring IT performance, to ensure that the enterprise's IT assets support its business objectives.
In recent years, IT governance has become integral to the effective governance of the modern enterprise. Businesses are increasingly dependent on IT to support critical business functions and processes; and to successfully gain competitive advantage, businesses need to manage effectively the complex technology that is pervasive throughout the organization, in order to respond quickly and safely to business needs.
In addition, regulatory environments around the world are increasingly mandating stricter enterprise control over information, driven by increasing reports of information system disasters and electronic fraud. The management of IT-related risk is now widely accepted as a key part of enterprise governance.
It follows that an IT governance strategy, and an appropriate organization for implementing the strategy, must be established with the backing of top management, clarifying who owns the enterprise's IT resources, and, in particular, who has ultimate responsibility for their enterprise-wide integration.
As with corporate governance, IT governance is a broad topic, beyond the scope of an enterprise architecture framework such as TOGAF. A good source of detailed information on IT governance is the COBIT framework (Control OBjectives for Information and related Technology). This is an open standard for control over IT, developed and promoted by the IT Governance Institute, and published by the Information Systems Audit and Control Foundation (ISACF).
COBIT also provides a generally accepted standard for good IT security and control practices to support the needs of enterprise management in determining and monitoring the appropriate level of IT security and control for their organizations.
The IT Governance Institute has also developed and built into the COBIT framework a set of Management Guidelines for COBIT, which consist of Maturity Models, Critical Success Factors (CFSs), Key Goal Indicators (KGIs), and Key Performance Indicators (KPIs). The framework responds to management's need for control and measurability of IT, by providing management with tools to assess and measure their organization's IT environment against the IT processes that COBIT identifies.
Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level. It includes the following:
As mentioned above, IT governance has recently become a board responsibility as part of overall business governance. The governance of an organization's architectures is a key factor in effective IT/business linkage, and is therefore increasingly becoming a key board-level responsibility in its own right.
This section aims to provide the impetus for opening up IT and architecture governance so that the business responsibilities associated with architecture activities and artefacts can be elucidated and managed.
Phase G of the TOGAF ADM (see Part II: Architecture Development Method (ADM), Phase G: Implementation Governance) is dedicated to implementation governance, which concerns itself with the realization of the architecture through change projects. implementation governance is just one aspect of architecture governance, which covers the management and control of all aspects of the development and evolution of enterprise architectures and other architectures within the enterprise.
Architecture governance needs to be supported by an Architecture Governance Framework (described in detail in Architecture Governance Framework) which assists in identifying effective processes so that the business responsibilities associated with architecture governance can be elucidated, communicated, and managed effectively.
This section describes a conceptual and organizational framework for architecture governance.
As previously explained, Phase G of the TOGAF ADM (see Part II: Architecture Development Method (ADM), Phase G: Implementation Governance) is dedicated to implementation governance, which concerns itself with the realization of the architecture through change projects.
Implementation governance is just one aspect of architecture governance, which covers the management and control of all aspects of the development and evolution of enterprise architectures and other architectures within the enterprise.
Architecture governance needs to be supported by an Architecture Governance Framework, described in detail below. The governance framework described is a generic framework that can be adapted to the existing governance environment of an enterprise. It is intended to assist in identifying effective processes and organizational structures, so that the business responsibilities associated with architecture governance can be elucidated, communicated, and managed effectively.
Conceptually, architecture governance is an approach, a series of processes, a cultural orientation, and set of owned responsibilities that ensure the integrity and effectiveness of the organization's architectures.
The key concepts are illustrated in Architecture Governance Framework - Conceptual Structure .
The split of process, content, and context are key to the support of the architecture governance initiative, by allowing the introduction of new governance material (legal, regulatory, standards-based, or legislative) without unduly impacting the processes. This content-agnostic approach ensures that the framework is flexible. The processes are typically independent of the content and implement a proven best practice approach to active governance.
The Architecture Governance Framework is integral to the Enterprise Continuum, and manages all content relevant both to the architecture itself and to architecture governance processes.
Governance processes are required to identify, manage, audit, and disseminate all information related to architecture management, contracts, and implementation. These governance processes will be used to ensure that all architecture artefacts and contracts, principles, and operational-level agreements are monitored on an ongoing basis with clear auditability of all decisions made.
All architecture amendments, contracts, and supporting information must come under governance through a formal process in order to register, validate, ratify, manage, and publish new or updated content. These processes will ensure the orderly integration with existing governance content such that all relevant parties, documents, contracts, and supporting information are managed and audited.
Compliance assessments against Service Level Agreements (SLAs), Operational Level Agreements (OLAs), standards, and regulatory requirements will be implemented on an ongoing basis to ensure stability, conformance, and performance monitoring. These assessments will be reviewed and either accepted or rejected depending on the criteria defined within the governance framework.
A Compliance Assessment can be rejected where the subject area (design, operational, service level, or technology) are not compliant. In this case the subject area can:
Where a Compliance Assessment is rejected, an alternate route to meeting interim conformance is provided through dispensations. These are granted for a given time period and set of identified service and operational criteria that must be enforced during the lifespan of the dispensation. Dispensations are not granted indefinitely, but are used as a mechanism to ensure that service levels and operational levels are met while providing a level flexibility in their implementation and timing. The time-bound nature of dispensations ensures that they are a major trigger in the compliance cycle.
Performance management is required to ensure that both the operational and service elements are managed against an agreed set of criteria. This will include monitoring against service and operational-level agreements, feedback for adjustment, and reporting.
Internal management information will be considered in Environment Management .
Business Control relates to the processes invoked to ensure compliance with the organization's business policies.
This identifies all the services required to ensure that the repository-based environment underpinning the governance framework is effective and efficient. This includes the physical and logical repository management, access, communication, training, and accreditation of all users.
All architecture artefacts, service agreements, contracts, and supporting information must come under governance through a formal process in order to register, validate, ratify, manage, and publish new or updated content. These processes will ensure the orderly integration with existing governance content such that all relevant parties, documents, contracts, and supporting information are managed and audited.
The governance environment will have a number of administrative processes defined in order to effect a managed service and process environment. These processes will include user management, internal SLAs (defined in order to control its own processes), and management information reporting.
Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled. In order to ensure that this control is effective within the organization, it is necessary to have the correct organizational structures established to support all governance activities.
An architecture governance structure for effectively implementing the approach described in this section will typically include the following levels, which may in practice involve a combination of existing IT governance processes, organizational structures, and capabilities. They will typically include the following:
The architecture organization illustrated in Architecture Governance Framework - Organizational Structure highlights the major structural elements required for an architecture governance initiative. While each enterprise will have differing requirements, it is expected that the basics of the organizational design shown in Architecture Governance Framework - Organizational Structure will be applicable and implementable in a wide variety of organizational types.
Architecture Governance Framework - Organizational Structure identifies three key areas of architecture management: Develop, Implement, and Deploy. Each of these is the responsibility of one or more groups within the organization, while the Enterprise Continuum is shown to support all activities and artefacts associated with the governance of the architectures throughout their lifecycle.
The Develop responsibilities, processes, and structures are usually linked to the TOGAF ADM and its usage, while the Implement responsibilities, processes, and structures are typically linked to Phase G (see Part II: Architecture Development Method (ADM), Phase G: Implementation Governance).
As mentioned above, the Architecture Governance Framework is integral to the Enterprise Continuum, and manages all content relevant both to the architectures themselves and to architecture governance processes.
As illustrated in Architecture Governance Framework - Organizational Structure , the governance of the organization's architectures provides not only direct control and guidance of their development and implementation, but also extends into the operations of the implemented architectures.
The following benefits have been found to be derived through the continuing governance of architectures:
These benefits position the TOGAF Architecture Governance Framework as an approach, a series of processes, a cultural orientation, and a set of owned responsibilities, that together ensure the integrity and effectiveness of the organization's architectures.
This section provides practical guidelines for the effective implementation of architecture governance.
It is important to consider the following to ensure a successful approach to architecture governance, and to the effective management of the Architecture Contract:
There is a similarity between enterprise architecture and architecture in the physical world, in that politics has an important role to play in the acceptance of both architectures. In the real world, it is the dual politics of the environment and commerce, while in the world of enterprise architecture a consideration of corporate politics is critical.
An enterprise architecture imposed without appropriate political backing is bound to fail. In order to succeed, the enterprise architecture must reflect the needs of the organization. Enterprise architects, if they are not involved in the development of business strategy, must at least have a fundamental understanding of it and of the prevailing business issues facing the organization. It may even be necessary for them to be involved in the system deployment process and to ultimately own the investment and product selection decisions arising from the implementation of the Technology Architecture.
There are three important elements of architecture governance strategy that relate particularly to the acceptance and success of architecture within the enterprise. While relevant and applicable in their own right apart from their role in governance, and therefore described separately, they also from an integral part of any effective architecture governance strategy:
The TOGAF document set is designed for use with frames. To navigate around the document:
Downloads of the TOGAF documentation, are available under license from the TOGAF information web site. The license is free to any organization wishing to use TOGAF entirely for internal purposes (for example, to develop an information system architecture for use within that organization). A hardcopy book is also available from The Open Group Bookstore as document G063.