Architecture maturity

The Enterprise Architects as every professionals naturally would like to know how effective their work and how big their contributions in the business success. The maturity assessment of your Enterprise Architecture could answer these questions - and should be the basis of your improvements in the future and helps showing the provided values today.

Is it sounds good? Let’s see the details! First question is: who run the assessment the EA team or external consultant? This decision highly depends on the aim of the assessment. If we would like to prove our mature EA processes to our external partners the good answer is to choose the external consultant. In case of internal usage the EA team is the better choice.

In case of external consultant they will bring their assessment methodology and the benchmarks and finally we will get a detailed evaluation how well our practise is performing compared to other relevant companies. We can use the result for further development actions.

The self-assessment is a bit different approach. This way the EA team itself assess the EA practise based on one of the public Architecture maturity models. The most obvious choice is the US Doc ACMM which is referred by TOGAF too. This methodology defines nine enterprise architecture elements and six levels of maturity. It describes in detail which levels mean per architecture elements. For the evaluation you should tailor this model. You may skip those architecture elements which are not relevant for you and go ahead to evaluate the relevant parts. It could be useful to involve the EA team’s stakeholders to the evaluation. This will help to get more realistic picture and utilising the discussion some hidden expectation may come up also. The figure below shows a good visualization example of the assessment result. Beside the current maturity the improvement plans and their impacts on the assessment are visualized too. This is the one pager to the decision-makers. The evaluation was made by TOGAF 9 Chapter 45.3.

Independently who made the assessment you could use it to develop your practise. In the first case you clearly see the fields what should develop to achieve the industry average in other words what are your weaknesses. It will help a lot to achieve the industrial best practise. In case of self assessment you see what kind of capabilities should be implemented or developed to achieve the ideal state. It is more difficult because sometimes you are the first on this road. No matter which way you go never forget to think over: Do you really need this new capability?

Let's take an example! The figure above shows a case, where the avlues of IT security and IT investment are low. It may mean that thesea areas are not handled properly but the other side is also possible, that they are not in focus for the Enterprise Architects yet. TOGAF says for IT security Level 2: "IT security architecture has defined clear roles and responsibilities". It seems to be nice, but what is missing? TOGAF gives you the direction:

  • Level 3: IT security architecture Standards Profile is fully developed and is integrated with enterprise architecture
  • Level 4: Performance metrics associated with IT security architecture are captured
  • Level 5: Feedback from IT security architecture metrics are used to drive architecture process improvements

If the given company would be more advanced in the security area, they should focus first on standardisation, which is included into the enterprise architecture toolset, then define and capture metrics and afterwards loop back the metrics results into the architecture development process.

IT security is something which gets more and more focus and it is something which must be handled by EA, therefore this given company has to have future plans of development their maturity! On the other hand I like TOGAF description of IT security: it does not define "solutions", but standards avoiding the mistake of focusing on firewalls, anti-virus, anti-span, anti-xyz solutions and missing the general security awareness about all activities of the enterprise.

Take now the investment planning dimension. TOGAF says for Level 2: "Little or no formal governance of IT investment and acquisition strategy. Operating unit demonstrates some adherence to existing Standards Profile". It can mean the case, that the company does not have investment planning at all, but the definition allows to focus only on architecture related investments, when most of the investments are not changing the architecture itself but enriching the capabilities of the actual architecture components. This approach may mean, that there is no dedicated budget for architectural changes. This is common for most of the enterprises. Living in a similar environment, Enterprise Architects have to focus on the opportunities are shown by the new business requirements, identifying those ones which fit to target architecture or takes a step towards that.

Maturity of Enterprise Architecture practise is a valuable indicator of Enterprise Architect’s work but never forget: it is only an indicator. You should never improve your processes or capabilities in order to get higher rating on the assessment only if there is a real business need behind the improvement. Otherwise you always get the question why this is needed for us?

Log in to comment
© 2017 Architect Archers