One of My Capabilities – Risk Management

If you are not aware of the ongoing development of the capability guidebook, you should take a closer look. This program brings together individual contributors with the Iasa Board of Education to drive a new level of understanding and utility in the skills and capabilities necessary to grow the individual practice. I am, of course, writing one or two of them. I began writing my capability, risk management, about a week ago and was deeply surprised at how difficult it was to write well. I have been a chief architect with a large architect staff. I have taught and developed knowledge on enterprise and technology architecture for 13 years. I have spoken at hundreds of events. And yet, when I began writing my capability I was again confronted with something that is likely familiar to all professionals - you never know it all.

Risk management is a critical aspect to architecture practice. We are constantly identifying risks, analyzing their impacts and working to mitigate their consequences. Architects are both a source of risk management activities as well as critical in risk avoidance and mitigation. And yet, the direct ownership of the skill is not directly aligned with architecture practice. I have now read an additional 3 large risk management books as well as visiting countless websites, reviewing templates and reading standards and yet the exact alignment of risk to architecture is elusive. For example, in a large retail project, is the architect a decider on risk mitigation strategies or is it the executive sponsor or even the risk management office? How does risk management align to the architect process? Is the solution architect responsible for identification and analysis or should this be left up to the risk management office? What is the architect's responsibility or even liability in risk exposure?

As I worked through the sources and content for the document I realized, again, how much architects need to get involved in developing their own body of knowledge, awareness of value contribution and most importantly ownership. One of the more difficult and engaging aspects of this work is the development of learning objectives for different levels of risk management activities based on the Iasa Career Path. Foundation level architects are at level one of Bloom's Taxonomy (an education standard for learning and capability) but CITA-Ps may need to be upwards of level 5 or even 6 depending on their organization.

We estimate that over 40% of EA initiatives still fail within 3 years and this is the most fundamental reason. Does your team deal extensively with risk mitigation? Are you characterizing and cataloging the dollar amount of risk avoidance your team has achieved this year? If not you are missing a huge opportunity for value development.