Accepted Risks in Architectural Design

With the introduction of any new business solution, there will be risks associated with a technology or design.
Whether they are specific product constraints, technical knowledge gaps, or budgetary/duration of a rollout, a project risk register can often be forgotten about once the project team has released the solution.

An architect can spend many hours documenting, researching, and considering the logical and physical design decisions for various project areas.

“Some might say that we should never ponder.

On our thoughts today ’cause they hold sway over time.”

Noel Gallagher – 1995

With every decision made, there can be an impact on the design and potentially the solution from a conceptual requirement perspective (i.e., SLA/RPO/RTO, Security, availability) and a potential risk to understand and ensure mitigation to protect the business investment.

Having a systematic approach to enterprise risk management has become one of the most valuable takeaways from my VCDX journey and something I continually seek to improve in my fieldwork.

The specific framework or methodology may vary from project to project; however, the ability to relate technological decisions to business objectives is valuable.   

In times of crisis, for example, with a service-impacting incident, a robust method of risk identification and design review is essential for any IT professional or technologist, not just someone with an architect design focus.   

When faced with a seemingly unfixable problem that potentially costs money/brand reputation for a customer, the fear of not knowing enough of a specific technology can be relentless, especially with the number of integration points and ever-changing approaches in the world today.

The ability to review, address, and mitigate technology areas in an agnostic manner can help calm these thoughts and help move forward within long-running troubleshooting or projects in crisis.

Some Thoughts From the Field & for Certification Efforts.

The business has accepted this risk.

Often this is agreed upon without the overarching understanding of a solution.

As an architect, one objective is to minimize the risk impact of new technology, potentially within the operationalizing phase.  

For example, creating a specific monitoring process.   

Once identified, the risk can potentially be lowered, and the initial manual process developed to automate, notify and correct with minimal service impact. 

Developing a risk-based specific check is different from applying a general cloud monitoring service or creating a new local monitoring product/instance.

The decision impacts another area; we don’t have responsibility for that

(i.e., Networking, Security).

As an architect proposing a solution, the aim is to create a working product that meets requirements and a measurable service definition (i.e., SLA, Performance, Cost optimization, Operational improvement, etc.).

Creating a new service with dependencies on other business areas or impacting existing layers without due diligence or review can be risky in the long term and hard to justify within architecture based certifications such as the VCDX.

It’s out of scope for this project & It will be covered in the next phase.

Conflicting requirements and scope can be challenging within projects.  

A pragmatic view of risk identification and mitigation is essential for this. What is the value of a project being delivered if it is not going to be successfully consumed or operationally reliable? 

Lots of business transformation programs consist of multiple projects, which over time increase as a business matures.  

An error in one project could impact user confidence, create operational issues and hinder the transformation journey.  

Recommended Resources