Risk Management
There will always be risk with any architecture/business transformation effort. It is important to identify, classify, and mitigate these risks before starting so that they can be tracked throughout the transformation effort.
Mitigation is an ongoing effort and often the risk triggers may be outside the scope of the transformation planners (e.g., merger, acquisition) so planners must monitor the transformation context constantly.
It is also important to note that the Enterprise Architect may identify the risks and mitigate certain ones, but it is within the governance framework that risks have to be first accepted and then managed.
There are two levels of risk that should be considered, namely:
- Initial Level of Risk: risk categorisation prior to determining and implementing mitigating
actions - Residual Level of Risk: risk categorisation after implementation of mitigating actions (if any
The process for risk management is described in the following sections and consists of the following activities:
- Risk classification
- Risk identification
- Initial risk assessment
- Risk mitigation and residual risk assessment
- Risk monitoring
Usage in the ADM
Risks are identified in Phase A as part of the initial Business Transformation Readiness Assessment.
The risk identification and mitigation assessment worksheets are maintained as governance artefacts and are kept up-to-date in Phase G (Implementation Governance) where risk monitoring is conducted.
Implementation Governance can identify critical risks that are not being mitigated and might require another full or partial ADM cycle.