Perform Risk Analysis

Identify, classify and mitigate risks for the architecture

There is always risk associated to the architecture you’re developing. These can be risks that the architecture will fail, whether it cannot be developed, cannot be operated upon or is not in line with other ongoing projects.

GOAL

Perform Risk Analysis to identify and act upon risks in architecture development

PEOPLE

Enterprise Architect(s)

TIME NEEDED

30 - 60 minutes

PHASE

Discover

Before You Start

You Should Have Performed the Following Previous Activities
To best utilize Risk Analysis, it is necessary to already have aligned with the corporate strategy, mapped the architecture stakeholders, and identified the scope of your architecture, with the resulting artifacts available as input. To access those activities, you can use the following links:

Align With Your Corporate Strategy
Map Architecture Stakeholders
Identify the Scope of Your Architecture

Materials You Will Need

Resources for Download

Download All Resources

Steps

Performing risk analysis includes several steps. We recommend completing them in one session.

Identify and Briefly Describe the Risks

When you think about risk, you can distinguish between two levels of risk: the initial level of risk and the residual level of risk. Classify them according to the categories ‘high’, ‘medium’, and ‘low’ (initial level of risk). Describe the impact of the initial level of risk to the architecture.

Always remain in the scope of your architecture as defined in the Statement of Architecture Work. You can decide to only define mitigation actions for risks having an initial level of high and medium.

You can think of three categories for risks:

  • (H)igh Risk: Significant failure of parts of the architecture project. Certain goals of the organization/business unit will not be achieved.
  • (M)oderate Risk: Noticeable failure of parts of the architecture project threatening the success of certain goals of the organization/business unit.
  • (L)ow Risk: Certain goals of the organization/business unit will not be fully successful.

Define Actions for Mitigating the Risks Identified

Actions can range from an additional level of stakeholder management to identifying reference architectures solving a similar request for architectural work.

Reassess the Risk Level

Assign the residual level of risk. Describe the impact of the residual level of risk to the architecture.

See Completed Example

You're Done!

You can now move on to create the Solution Context Diagram, if you want to visualize how your solution relates to your organization.