As Enterprise Architecture buzz is gaining ground within IT Divisions, what auditors, may think about it ? Since version 4.0, one of Cobit focuses is strategic alignment which is attained by a 3 stages macro process : translating by the business into objectives related to IT-enabled initiatives, defining IT’s own objectives, defining the IT resources and capabilities required to successfully execute IT’s part of the enterprise’s strategy. Although the CIO is responsible for the whole process, the IT Chief architect contributes to stage 1 and stage 2, and is responsible for IT architecture design.
With ITIL, the situation is much more confusing. In its post “ITIL v3, Enterprise architecture…“, Steve Thorn who made a research on TOGAF 8.1.1 and ITIL v2 relationships for the Open Group, points out that service strategy process is not very clear about Enterprise Architect responsibility alongside project portfolio manager and IT service manager responsibilities. Enterprise Architect role may be shared by both of them.
TOGAF 8.1.1 addresses strategic alignment as well, but focus on Architecture life cycle. It gives the responsibility of identifying business requirements and designing IT architecture to IT architects, up to them to identify stakeholders and to set up the detailed process.
According to Cobit Togaf 8.1 mapping document, Cobit and TOGAF cover more or less the same extent regarding entreprise architecture. They may be considered as complementary in respect of TOGAF is adressing detailed activities of Cobit Chief Architect.
With Cobit, auditors find support to assess architecture macro process regarding deliverables and performance through KPI assessment. But, as design decisions are critical, it is interesting to detect flaws earlier than system go in live time. Because TOGAF is compatible with setting up a Quality Insurance Activity dedicated to Enterprise Architecture, it is a very interesting reference for managers and auditors.
Nevertheless, in accordance with framework approach, process are loosely defined, each company has to decide of its own implementation. Then, auditing Enterprise Architecture requires for the auditor to be able to assess not only if the process implementation is appropriate to company goals, but the same about methods and if indicators enable to detect quality risks early.
When Cobit enables to manage and drive globally strategic alignment, TOGAF, although restricted to architecture function, may be used equally on the scope of a whole company, a business domain or a program. With TOGAF, IT Divisions are able to manage alignment locally and globally at design time. Often Business Divisions focus on time to market and time-scale, when companies mainly focus on compliance and costs. TOGAF allows to build a comprehensive framework which may drive all design activities of the IT Division in accordance with Business Goals.
One thought on “What about Enterprise Architecture and IT auditors ?”