Enterprise architects and strategy leaders need to be on the front foot to help their organisation manage disruption caused by external shocks and crises, such as pandemics.
This step-by-step guide covers how architects and strategy leaders can move swiftly to identify business and technology risks and improve resilience of enterprise systems and processes.
Risk Modeling & Enterprise Resilience Roadmaps
Enterprises need a centralized view of Technology and Operations Resilience as well as People and Process Resilience. A useful set of steps to work through when building roadmaps for resilience, and to manage and mitigate risk include:
- Integrate and centralize company data (Excel, Visio, SharePoint etc)
- Model systems, technology and infrastructure. Pull together Application Catalogs, Application Landscapes, Infrastructure Registers, Process Diagrams, and Business Capability Maps.
- Identify which critical processes may not be resourced sufficiently or may need management (e.g. essential work carried out by contract workers, processes for communicating with customers if systems are down, etc).
- Graph database views of connected applications, infrastructure and processes can help to visually identify dependencies, where processes are reliant on systems or infrastructure.
- Focus Resources using Risk Scoring: a function of the probability of a scenario taking place and its impact. This allows your teams to zero in on particularly vulnerable areas of the business, in which the impact of failure is severe, and probability of it taking place is also high. Impact scores should include costs, and in various industries also other severe outcomes such as danger to life.
- Plan for the best and prepare for the worst by assessing a range of scenarios. Availability algorithms can be used to measure resilience. Other metrics which can be aggregated using algorithms include Performance, Reliability, Resource Utilization, Response Time, Security.
- Focus on providing real-time KPIs which help the business understand what is happening in the external environment, with consumers and customers.
- Set out strategies for risk mitigation: model target states which have higher resilience ratings, i.e. where some redundancy is built in. Build roadmaps to identify steps to reach this target state.
- Use algorithms to compare the metrics of highest concern across future state options.
- Track remediation projects using Gantt charts
- The path back to normal conditions (or a new normal) will depend on the degree to which demand may have been delayed or foregone, the degree of supply chain disruption and any structural damage to the business. Demand for some products may also have increased temporarily and may readjust downwards. Each of these scenarios can again be mapped out, to anticipate how processes, infrastructure and technology can support recovery.
- Recovery scenarios will be useful in making data-driven and level-headed adjustments to support growth following a period of shock and perhaps pessimism
- Crises can accelerate the adoption of technologies and business models, such as increased remote working, supporting higher uptake of cloud-based systems
- In the longer term, companies are likely to rethink their reliance on one source of supply, aiming to diversify and decentralize supply chains and possibly technology as well. Companies are also likely to consider the crisis-management and supply chain effects of external shocks more seriously as part of general risk management and enterprise architecture.
Resilience and External Shocks
Resilience is the ability of a system (including its People, Processes and Technology) to respond to challenges resulting from negative impacts and changes. It is useful to consider several domains:
- Operational & Technology Resilience – The ability of systems and technology to perform during and after shocks
- Organizational Resilience – The ability of organizations to take actions to reduce impact of shocks
- Supply Chain Resilience – The ability of trade networks to continue moving goods and people under constrained conditions
- Social Resilience – The ability of the communities and workplaces to manage negative consequences
- Economic Resilience – The capacity of enterprises and economies to absorb economic losses
Architecture and business strategy leaders need to be prepared to navigate acute shocks and chronic stresses. These include cyberattacks, economic downturns, natural disasters, terrorist attacks, and pandemics.
Social Resilience and Remote Working
If your team is working remotely, double down on connecting and communicating with stakeholders using video software and online collaboration and data management tools. Check in and engage with people more regularly, to ensure lines of communication are open and to catch problems early.
Social software such as MS Teams, online conferencing and other cloud-based digital collaboration tools are part of this. (ABACUS offers a cloud-based collaborative environment with centralized data repository which integrates with other digital business tools to support remote working.)
Remote working basics also include: a laptop/computer plus webcam for online conferencing, a headset or headphones with mic and possible secure VPN access to non-cloud-based business assets or services.
Teams Working Remotely, Watch Out For…
- “Business-led IT” overlap – Keep track by ensuring your application register is online, shareable, editable and searchable
- In workplaces with highly sensitive information, the security implications of remote access need to be assessed, policies updated, and practices reviewed
- Barriers to adoption of remote-working tools: encourage staff to up-skill / recommend training
- Increased use / load issues where either hardware or software contracts updated to provision increased access in a cost-efficient manner
- Data conflicts and “commit” issues with VPNs: ensure that as much as possible data is stored in shared databases to support real-time collaboration
Remote Reporting & Data Management: More Regular, More Rigorous
Key data enterprise architects, business analysts, and managers will need to be at-hand for quick review of systems such as applications lists, roadmaps, capability maps and process diagrams, etc.
Consider how this data is stored in the “new normal”. Ideally EAs should be able to set up self-service access to browser-based and collaborative portfolios.
These data-stores provide a straightforward first-step to connecting with stakeholders, starting conversations and improving transparency.
Likewise, browser-based reporting dashboards allow EAs to gain insights and traceability of this data. So, decide what you need to communicate about regularly and set up a dashboard with a few key charts, data visualizations (inc. graph views), KPI portlets plus the data registers these are linked to, as the basis for a regular meeting about issues or progress.
Data-Driven Decision Making & Scenario Planning
Help your lines of business avoid knee-jerk reactions prompted by sudden changes in business conditions, including customer demand (which may be down, delayed or delivered differently). Be ready to pull together metrics which allow data-driven decision making.
Stronger centralized data-management will also pay off as organizations make decisions mid-crisis, and manage the recovery process.
As Gartner says: “Confusing data from unverified sources- or the sheer lack of data- can lead to ill-informed decisions being made, escalating employee anxiety and making organizations under-prepared for returning to normal operations.”
Operational Resilience: Audit critical services, processes, tasks, infrastructure and access
Help your line-of-business stakeholders to anticipate any gaps which might stop core services being delivered in enforced remote working environments, or where key people or teams are unable to travel or unwell.
Consider which roles and duties:
- Can be done, even partially, without a physical presence in the workplace
- Cannot be done, even somewhat, outside of the physical office, and
- Status is uncertain / adjustments may be needed
Identify whether cross-training or handover notes on essential tasks, access etc. are necessary. (More here)
You may already have a register of essential technology infrastructure rated with associated criticality ratings and an understanding of dependencies.
This connected view of essential processes and technology is a high value understanding enterprise architects can provide to the business in a crisis or rapidly changing business conditions.
Peer-to-peer knowledge sharing and professional development
With uncertainty around travel likely to continue for some time, many of us will turn to online information sources for professional networking and skill development.
For enterprise architecture, user groups and industry bodies include: