Critical. Authoritative. Strategic.


CBR is proudly produced & published
by Technews
Issue Date: July 2007

Mitigate change and risk

July 2007
Stuart Macgregor, MD, Real IRM

To become and remain competitive, organisations have to address the ongoing disconnect between business requirements and IT.

This age-old disconnect is an issue that continues to impact directly on companies' ability to make quick and accurate business decisions, and slows down their ability to take action. Growing regulatory pressures exerted by legislation are making the alignment of IT with business goals even more of an imperative.
That is where enterprise architecture (EA) comes in. A discipline that aims to make organisations more flexible, remove systems duplication, continually realign IT with business, and ease the path to regulatory compliance, among others, EA creates a complete mapping of business mission, strategy, processes, organisation and IT strategy.
EA can serve as a strategic vehicle for:
* Reducing IT costs.

* Enabling business change.

* Simplifying technology portfolios.

* Supporting greater flexibility.

* Improving process effectiveness.

* Delivering IT projects quicker and more cost-effectively.

* Rationalising application portfolios.

* Implementing IT governance, especially regulatory compliance such as Sarbanes-Oxley.
It helps you align business processes and IT systems to objectives and regulations, increasing corporate agility, ensuring regulatory compliance and keeping you competitive in a highly dynamic business environment.
Before a company embarks on an enterprise architecture, though, it typically needs some prompting - some enterprise-wide change forced on it from within or without. This major change serves as a trigger for the organisation to embark on what is a challenging, but supremely valuable and rewarding exercise.
Typical triggers which drive organisations to embrace enterprise architecture tend to be developments such as:
* Appointment of a new CIO.

* Merger or acquisition, with the resultant need to combine operations and processes.

* Consideration of a move to newer forms of computing.

* Recognition that IT is poorly aligned to business.

* Regulatory change, driven from without, especially the introduction of new legislation.

* Desire to achieve competitive advantage via technology.

* Requirement for complex, cross-functional solutions.

* Significant business change or rapid growth.
On the increasingly pressing question of governance, the demands of legislation such as Sarbanes-Oxley are making the alignment of technology with business goals, risk management, portfolio management and the deployment of EA all the more essential.
Operational risk is determined by the way an organisation implements and manages its strategies and processes to achieve its objectives. It is practically impossible to manage any complex organisation unless it is properly documented. EA methodology documents and maintains traceability between the various components of an organisation, thereby simplifying operational risk management.
It is also important to remember that each time new legislation is passed, organisational change is required. Constant systemic change is disruptive to business. One of EA's vital contributions in this scenario is that it makes it easier for organisations to find ways of absorbing that change without disrupting the business. Indeed, EA makes it possible for an organisation to actually understand the impact of such change before it even occurs.
An enterprise architecture means any changes made by those with an overall picture of the organisation can be examined and followed through the organisation to determine possible impacts at different operational levels. The converse also applies - changes made at the deeper levels, for instance IT applications, can be tracked back to determine their implications for the organisation as a whole. In this way, enterprise architecture provides the interface that enables business and IT to be aligned.
Much of the pressure being brought to bear on organisations today comes in the form of external regulatory compliance, which brings about such a requirement for change that it spurs management to create a foundation for coping with change.
Examples of this are Sarbanes-Oxley, Basel II and safety, health, environment, risk and quality (SHERQ) legislation, all of which need to be understood, managed and incorporated into the business as a standard way of doing business. Sarbanes-Oxley, as reported in Harvard Business Press's 'Enterprise Architecture as Strategy', consumes vast amounts of cash: up to 15% of IT budgets.
"Regulatory compliance creates overhead, but new regulations will likely appear every year. A foundation for execution significantly reduces the marginal cost of meeting the next regulation by creating a reusable capability to access data and metrics," say the authors.
The US federal government passed the Sarbanes-Oxley Act in 2002, assigning personal responsibility to senior management of public and non-public organisations for corporate governance and financial reporting. In the US, this can result in executives being sentenced to jail terms. Corporate governance of this nature is also being applied in various forms by other countries.
EA has an important role to pay in supporting the needs of senior management for governance analysis, as required by legislation which makes it the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
Internal controls vary from company to company. They need to be tailored to the relevant industry that the organisation operates within; they are also typically unique for each organisation. They are determined by its business activities and processes as well as its financial controls. They are closely related to the IT systems and databases that the enterprise uses for financial and other reporting.
Senior management needs to show that answers are available in relation to key resources such as: data; business activities and processes; locations; people and business units; and events. Answers should be available that also show how resources relate to strategic and tactical business plans that have been defined by management.
Basel II
Basel II is aimed at producing uniformity in the way banks and banking regulators approach risk management across national borders. It is fundamentally about improving risk and asset management to avoid financial disasters. Operational risk is defined by the Basel Capital Accord as: "The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events." It is not just about IT, as all companies are exposed to operational risk, and the integration of processes, systems and people has to be understood and continually monitored to mitigate these risks. Basel II acknowledges and includes operational risk as an element that must be assessed and managed along with credit risk and market risk. Risk assessment and management requires a systematic approach such as that enabled by EA, a discipline that documents the entire organisation, including processes, strategies and systems.
South African companies have to meet external, corporate and legal requirements for corporate welfare and individual wellbeing as determined by SHERQ legislation. In 2006, the Department of Labour found that over 75% of businesses in Ekurhuleni were not aware of these legal requirements. It is fairly safe to assume that this is the case across many regions. With SHERQ legislation becoming more and more comprehensive, there are increasing penalties for non-compliance. This highlights once again the need for organisations to find ways of understanding and absorbing change without disruption to the business.
Is your organisation ready to embrace EA? The answer to that depends on a number of elements. Do your executives fully appreciate the value of IT in your business? Does your IT division command respect and credibility across all other areas of the organisation? Do your IT people see themselves as ready for EA? Do they have the discipline that is required for a successful EA rollout?
EA translates internal and external technology forces so that business managers can anticipate and prepare for future changes that might affect business processes. EA can help better align IT capabilities with the needs of a business. EA can help an organisation improve its ability to deliver IT services. EA can help provide more effective IT governance, especially when combined with IT portfolio management, IT service management, and IT project management. However, you have to be able to communicate the essence of your EA efforts to all levels of people both inside and outside of IT, and across all business areas.
Stuart Macgregor
Stuart Macgregor
For more information contact Carla Bell, Real IRM, +27 (0)11 805 3734,

Others who read this also read these articles

Search Site

Search Directory

  • Search for:


Previous Issues