Perform Risk Analysis
Identify, classify and mitigate risks for the architecture
There is always risk associated to the architecture you’re developing. These can be risks that the architecture will fail, whether it cannot be developed, cannot be operated upon or is not in line with other ongoing projects.
GOAL
Perform Risk Analysis to identify and act upon risks in architecture development
PEOPLE
Enterprise Architect(s)
TIME NEEDED
30 - 60 minutes
PHASE
Discover
Before You Start
- You should have performed the following previous activities
- To best utilize Risk Analysis, it is necessary to already have aligned with the Corporate Strategy, mapped the architecture stakeholders, and identified the scope of your architecture, with the resulting artifacts available as input. To access those activities, you can use the following links:
Align with the Corporate Strategy
Map Architecture Stakeholders
Identify the Scope of Your Architecture
Materials you will need
Templates for Download
Identify and briefly describe the risks
When you think about risk, you can distinguish between two levels of risk: the initial level of risk and the residual level of risk. Classify them according to the categories ‘high’, ‘medium’, and ‘low’ (initial level of risk). Describe the impact of the initial level of risk to the architecture.
Always remain in the scope of your architecture as defined in the Statement of Architecture Work. You can decide to only define mitigation actions for risks having an initial level of high and medium.
You can think of three categories for risks:
- (H)igh Risk: Significant failure of parts of the architecture project. Certain goals of the organization/business unit will not be achieved.
- (M)oderate Risk: Noticeable failure of parts of the architecture project threatening the success of certain goals of the organization/business unit.
- (L)ow Risk: Certain goals of the organization/business unit will not be fully successful.
Define actions for mitigating the risks identified
Actions can range from an additional level of stakeholder management to identifying reference architectures solving a similar request for architectural work.
Reassess the risk level
Assign the residual level of risk. Describe the impact of the residual level of risk to the architecture.
See the Completed Example
You're done!
You can now move on to create the Solution Context Diagram, if you want to visualize how your solution relates to your organization.