Traditional industry ecosystems are changing and restructuring in response to continuous business model disruption. New, non-traditional competitors are leveraging digital technology to power flexible business models to rapidly enter existing markets and disrupt the ecosystem as competitor or partner to existing participants.
To compete in this new world, businesses need to rapidly deliver high quality change to transform their business services and continuously:
- Innovate their business model
- Adapt their business capabilities
- Optimize and transform their business services, and
- Maximize the value of change investments
Digital-native organizations such as Amazon, Google and Netflix are able to deploy releases to production multiple times per day, while many traditional organizations are still deploying a major update once or twice a year, at best. The need for business innovation, translated into rapidly delivering new product and service to market is driving many organizations to look at adopting DevOps and Agile approaches.
The balancing act between innovation and compliance
All businesses, especially those operating in regulated industries, have to balance the need for rapid change with the need to manage and mitigate business risks - reputational, financial, legal, or regulatory. Amongst the risks to be managed is the risk of failure of complex and increasingly business-critical IT system change.
One of the traditional roles of Enterprise Architecture has been to govern solution design to ensure viability and manage the total cost of ownership. However, design of the solution is just one of the many control points that must be addressed; security, business information risk, operational acceptance, vendor/partner management, etc are some of the others.
In many organizations, the distinction between these different control points can become blurred as the governance of these additional control points is layered onto the solution design governance process and its stage gates. This is done to ensure that all control point requirements are satisfied before a solution change can be released into production. To deliver rapid change while ensuring compliance with the business controls framework requires a significant rethink of the design process and controls governance.
Rethinking governance with architectural decision driven approach
Traditional stage gate and design document-centric governance approaches have been successfully applied to waterfall projects. However, these traditional approaches significantly constrain the pace at which Agile development practices can proceed. This either frustrates the objective to deliver rapid change or leads to abandonment of the governance process. If a business wants to deliver rapid change, and is looking to adopt Agile, then it needs to rethink its approach to governance.
One option is to switch the focus to architectural decisions rather than architectural documents. Traditionally, solution architects craft large design documents, which are taken to some governance body for a design review. These design review sessions typically focus on asking questions about the key architecturally-significant decisions within the design. These key design decisions are aligned to the architectural control points, which the organization considers valuable to manage, i.e. these will reduce risk or cost, or increase compliance, or provide future agility, etc. This list of control points tends to be reasonably consistent over time and therefore, it can be captured as a well-known list of potentially significant decision points.
With an approach driven by architectural decisions, the traditional process is flipped around, and the relevant architectural decisions are identified quickly upfront. This enables the solution architect to prepare just enough documentation to support the rationale behind each key architectural decision as it occurs. These are reviewed without waiting for a scheduled design review forum. Given the smaller scope of an iterative release, there are typically only a small number of architectural decisions per release and with a ‘just enough’ documentation approach, these can be reviewed much more quickly, with minimal impact on the rapidity of Agile delivery. This seemingly subtle change of focus from design document to design decision, and from stage gates to just in-time review, enables businesses to achieve rapid change while still retaining business control framework veracity.
To be successful in the shift to architectural decisions based approach to governance, the focus needs to be within the context of an integrated approach that incorporates organizational change, cultural change, design process change, change in how control points are articulated, change in compliance evidence requirements, and re-purposing of design artefacts (See Figure 1).