Enterprise Architecture Risk Management Framework EA 2 Terry
- Slides: 159
Enterprise Architecture & Risk Management Framework (EA) 2 Terry Merriman www. OADConsulting. com tm@OADConsulting. com Copyright 2013 OAD Consulting, Inc. . All Rights 1
(EA) 2 Enterprise Architecture & Risk Management Framework (EA) 2 is an add-in extension to Enterprise Architect, Sparx Systems’ UML design tool. (EA) 2 is the result of over 10 years of experience applying various architectural standards (RM-ODP, RUP, TOGAF, Archimate, COSO) on real projects. It provides the tools needed to model your Enterprise Architecture and to use it for tactical and strategic planning purposes. (EA) 2 provides tools to ensure that your architectural models are created consistently across your architectural teams and the reporting environment to extract information from the repository to enhance all phases of your strategic planning. (EA) 2 has been developed using OAD’s Model Guardian framework & model management system. Therefore, it is completely customizable. For a limited time, (EA) 2 is being bundled with Model Guardian free of charge. To find out more about Model Guardian go to: www. OADConsulting. com Copyright 2013 OAD Consulting, Inc. . All Rights 2
(EA) 2 Enterprise Architecture & Risk Management Framework Viewing This Presentation This presentation provides an overview of (EA) 2. The presentation is driven by the table of contents on the next slide. You may jump directly to each topic and automatically return to the table of contents when the topic has completed. You may return at any time by pressing the ESC key. Some slides represent sub table of contents and work in the same manner. The presentation contains a lot of animation to help illustrate many of the points. A slide’s animation may pause to let you view the slide before going on. You will see a small “Continue” in the bottom right corner when this happens. When you are ready, you can continue the animation by clicking on the slide, or by pressing the keys that advance the presentation. If you have reached the end of a section, you will see “Back” rather than “Continue”. Press the ESC key to return to Table of Contents or the last sub Table of Contents slide. Pressing the Page. Down key will skip past the animations on the current slide. Copyright 2013 OAD Consulting, Inc. . All Rights Continu 3
(EA) 2 Enterprise Architecture & Risk Management Framework Table of Contents Ø Ø Ø Ø Ø Introduction to EA/RM (High Level Concepts) Architecture Details Business Process Realizations Roadmaps and Projects Enterprise Risk Management Iterative, Incremental Approach Model Guardianship Upcoming Features Summation Copyright 2013 OAD Consulting, Inc. . All Rights 4
An Integrated Approach to EA/RM (EA) 2 builds on and integrates numerous standards to provide a framework designed to speed you through the process of modeling your Enterprise Architecture and Enterprise Risk Management. Based on Numerous Standards RM-ODP RUP TOGAF Archimate COSO Models the Different Architectural Views Business Information Systems Infrastructure GRC Integrated Framework Continuous Monitoring ERM / Key Risks Business Processes, Organization, People Business Process Realizations Future State Roadmaps Project Portfolio Management Objectives Risks & Opportunities Risk Responses Manual & Automated Controls Transactional and Analytical Data KPIs / Key Metrics Business Architecture Provides Information for Strategic Planning Integrates with Risk Management Financial, Business and IT Controls Application Architecture Data Architecture Services Data Information Technology Architecture Hardware, Software, Network Copyright 2013 OAD Consulting, Inc. . All Rights Continu 5
Modeling Enterprise Architecture Imagine your architecture Architectural as Assets a 3 -dimensional space What’s in the Box? Copyright 2013 OAD Consulting, Inc. . All Rights Continu e 6
Modeling Enterprise Architecture nt e em g na te c ts a M s hi rc ior How Do We Address Who is Interested? All of Their Needs? IT M ana ger s ch ite cts Ar ss Bu sin e ness l Busi ne Oper ation s. S on ers taff AP Ap pl Q/ ica ts ec hit c Ar tio n. A Sen ta Se Audit & Compliance Personnel Da r o i n s e n si Bu Architectural Stakeholders Expe rts Copyright 2013 OAD Consulting, Inc. . All Rights Infrastructure Architects D pers o l e v e nt e m e g a an t. M jec o r P Continu e 7
Modeling Enterprise Architecture Service Driven Multi-dimensional Set of Architectural Views Through a Separation of Concerns Ø To address the needs of: • • • Copyright 2013 OAD Consulting, Inc. . All Rights The Stakeholders The Business Processes The Future Continu e 8
Modeling Enterprise Architecture Service Driven Multi-dimensional Set of Architectural Views Horizontal Slices Through a Separation of Concerns Business Architecture Application Architecture Information Systems Architecture Data Architecture Infrastructure Architecture Horizontal Slices provide an inventory of architectural assets and their relationships within each view (layer) Copyright 2013 OAD Consulting, Inc. . All Rights Continu e 9
Modeling Enterprise Architectural Views Horizontal Slices Service Driven Multi-dimensional Set of Architectural Views Business Architecture EA Services “Glue” the Layers Together Information Systems Architecture Using an Enterprise Level Service Taxonomy Infrastructure Architecture EA Services provide Different stable layers specifications have differentoflife-cycles architectural needs and a categorization of architectural elements Copyright 2013 OAD Consulting, Inc. . All Rights Continu 10 e
Modeling Enterprise Architectural Views Horizontal Slices Service Driven Multi-dimensional Set of Architectural Views Business Architecture Service Requirements Information Systems Architecture Service Specializations Infrastructure Architecture For example, a Business App requires an Execution Environment Tomorrow it may Today it runs in an run in an. System App Operating Server container Lower Architectural level Higher elements level elements provide implement require specific thegeneric serviceservices specializations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 11 e
Modeling Enterprise Architecture Service Driven Multi-dimensional Set of Architectural Views Vertical Slices Architectural Views Horizontal Slices s Bu si n Re es al s P iz r at oc io e n s si Bu ss e oc Pr ion ss zat e in ali s e Bu R n Re es al s P iz ro at io ce n ss Business Process Realization Architectural Requirements Business Architecture Service Requirements Information Systems Architecture Service Specializations Infrastructure Architecture Vertical Slices show IT is aligned with the business and provide a means to discover architectural requirements Copyright 2013 OAD Consulting, Inc. . All Rights Continu 12 e
Future State Roadmap a dm l Sl ap ice s s Infrastructure Architecture Service Specializations oa Information Systems Architecture Current State Service Requirements Future State s Bu si n Re es al s P iz r at oc io e n s si Bu Business Architecture Te mp or R Architectural Views Horizontal Slices ss e oc Pr ion ss zat e in ali s e Bu R n Re es al s P iz ro at io ce n ss Business Process Realization Architectural Requirements Future State Roadmap Vertical Slices Future State Roadmap Service Driven Multi-dimensional Set of Architectural Views Future State Roadmap Modeling Enterprise Architecture Roadmaps show the architecture is to change over time Projects align with the Roadmaps to affect the change Copyright 2013 OAD Consulting, Inc. . All Rights Continu 13 e
Enterprise Risk Management Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State s Bu si n Re es al s P iz r at oc io e n s n Re es al s P iz ro at io ce n ss si Bu ss e oc Pr ion ss zat e in ali s e Bu R Execution Project Portfolio Management Planning Infrastructure Architecture Risk Mediation Copyright 2013 OAD Consulting, Inc. . All Rights Continu 14 e
Driving the Project Portfolio Copyright 2013 OAD Consulting, Inc. . All Rights Continu 15 e
Architectural Over view Copyright 2013 OAD Consulting, Inc. . All Rights Continu 16 e
Architectural Over view Ø Frameworks vs. frameworks • Frameworks – industry-based standards § Frameworks § Taxonomies § Methodologies • Framework – enterprise-level standards § Can be based on one or more industry-based standards § Can be an interpretation of one or more industry-based standards § Include extensions created by the enterprise model guardians to ensure all of the models are complete, concise, consistent, and comprehensible Copyright 2013 OAD Consulting, Inc. . All Rights Continu 17 e
Architectural Details Service Requirements Information Systems Architecture Service Specializations Future State Business Architecture Current State Bu s si n Re es al s P iz ro at io ce n ss B Bu ss e oc Pr ion ss zat e in ali s u Re in Re es al s P iz r at oc io e n ss Click on the labels below to see more information about each topic. Infrastructure Architecture Enterprise Risk Management Copyright 2013 OAD Consulting, Inc. . All Rights Back 18
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Business Architecture Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 19
Business Architecture Ø Allows You to Capture the Relationships Between • • • Business Objectives Business Needs (High Level Requirements) Business Activities Quality Attributes Use Case Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 20
Business Architecture Ø Allows You to Capture the Relationships Copyright 2013 OAD Consulting, Inc. . All Rights Continu 21
Business Architecture Ø Organizational Roles and Assigned Resources Copyright 2013 OAD Consulting, Inc. . All Rights Continu 22
Business Architecture Ø Business Process Model with Drill-downs Copyright 2013 OAD Consulting, Inc. . All Rights Continu 23
Business Architecture Ø Business Information Model with Drill-downs Copyright 2013 OAD Consulting, Inc. . All Rights Continu 24
Business Architecture Ø Business Policies and Rules Copyright 2013 OAD Consulting, Inc. . All Rights Continu 25
Business Architecture Ø Business Objectives Mapped to High Level Requirements Copyright 2013 OAD Consulting, Inc. . All Rights Continu 26
Business Architecture Ø Sample Report – Tracing Objectives to Use Cases Copyright 2013 OAD Consulting, Inc. . All Rights Back 27
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Application Architecture Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 28
Modeling Enterprise Architecture Ø Application Architecture Toolbox Provides… • • Roles and actors Logical components Interface definitions Exposed Interfaces § Implementation of interfaces (Provided Interface) § Requirement for an interface (Required Interfaces) § Integration styles to be employed Ø Application Architecture Also Includes… • All standard UML tools • Quicklinks to ensure proper connectors • Various SQL reports on the state of the architecture (Reporting Editions only) Copyright 2013 OAD Consulting, Inc. . All Rights Continu 29
Application Architecture Business System Components Copyright 2013 OAD Consulting, Inc. . All Rights Continu 30
Application Architecture Ø Application Context Diagram • Shows the Business Applications, Services, DB Schemas and their interactions through interfaces for a given scenario Interface stereotypes represent the integration style to be used. For example, <<ESB>> indicates that the communication will go through an Enterprise Service Bus. Copyright 2013 OAD Consulting, Inc. . All Rights Continu 31
Application Architecture Ø Application Component Context Diagram • Shows a detailed view of the application components • Used when building vs. buying These are the components of the Player Rating Front End Application from the previous slide Copyright 2013 OAD Consulting, Inc. . All Rights Continu 32
Application Architecture Ø Integration Styles • Details the integration styles represented on the context diagrams • The <<ESB>> stereotype on the previous slide is detailed with the Enterprise Service Bus design in the diagram below Copyright 2013 OAD Consulting, Inc. . All Rights Continu 33
Application Architecture Ø Behavioral View – Sequence Diagram Copyright 2013 OAD Consulting, Inc. . All Rights Continu 34
Application Architecture Sample Report – Logical Dependencies Copyright 2013 OAD Consulting, Inc. . All Rights Continu 35
Application Architecture Sample Report – Locate Where Data is Being Passed Copyright 2013 OAD Consulting, Inc. . All Rights Continu 36
Application Architecture Sample Report – Data Flow through a Scenario Copyright 2013 OAD Consulting, Inc. . All Rights Continu 37
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Informations Systems / Data Architecture Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 38
Data Architecture Ø Data Architecture Toolbox Provides… • Local and enterprise level DB Schemas • Interface definitions § § § DB Schema access, e. g. <<R/W>> vs. <<R/O>> ETL Jobs with scheduling information Stored Procedures XML documents Definition of “Enterprise Level Data” that you want to track as it moves through the system Ø Data Architecture Also Includes… • All standard UML tools • Quicklinks to ensure proper connectors • Various SQL reports on the state of the architecture (Reporting Editions only) Copyright 2013 OAD Consulting, Inc. . All Rights Continu 39
Data Architecture DB Schemas and their Access Paths Copyright 2013 OAD Consulting, Inc. . All Rights Continu 40
Data Architecture Logical/Physical Design Copyright 2013 OAD Consulting, Inc. . All Rights Continu 41
Data Architecture XML Documents Copyright 2013 OAD Consulting, Inc. . All Rights Continu 42
Data Architecture ETL Jobs Copyright 2013 OAD Consulting, Inc. . All Rights Back 43
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 44
Infrastructure Architecture Ø Infrastructure Architecture Toolbox Provides • • • Various Roles, Actors, and Vendors Network and Site information IT Software and Services Hardware Model Configurations Deployed Hardware Base on the Models Executions Environments Ø Infrastructure Architecture Also Includes… • All standard UML tools • Quicklinks to ensure proper connectors • Various SQL reports on the state of the architecture (Reporting Editions only) Copyright 2013 OAD Consulting, Inc. . All Rights Continu 45
Infrastructure Architecture Network Topology Copyright 2013 OAD Consulting, Inc. . All Rights Continu 46
Infrastructure Architecture Server Deployments Copyright 2013 OAD Consulting, Inc. . All Rights Continu 47
Infrastructure Architecture Sample Report – Server Deployments Copyright 2013 OAD Consulting, Inc. . All Rights Back 48
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss EA Service Taxonomy Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 49
EA Service Taxonomy Ø EA Service Taxonomy Provides… • A way to create stable architectural requirements while tracking the underlying changes in the elements realizing the requirements • A way to categorize the functionality provided by architectural elements and a way to eliminate redundant implementations • A way to plan the introduction and elimination of entire technologies with minimal effort Copyright 2013 OAD Consulting, Inc. . All Rights Continu 50
EA Service Taxonomy TOGAF provides a starter taxonomy of applications, interfaces, and The categories contain similar services than can be modified to fit but distinct services. your environment Software Data Management Engineering Services • • • • • Data dictionary/repository Programming language services Object code Database management linking services system (DBMS) services Computer Aided Software Object Oriented Database Engineering (CASE) environment Management System services and tools services Graphical File management User Interface services (GUI) building services functions Query processing Scripting language functions services Screen generation Language binding services Report generation functions Run Time Environment access services Networking/concurrent functions Application Binary Interface services Warehousing functions This was the hardest part! Combination of callable (SOA) and non-callable services - a superset of an SOA service taxonomy Copyright 2013 OAD Consulting, Inc. . All Rights Continu 51
EA Service Taxonomy Service Category Services are Service Layer includes: - EA Business Service groups similar required by - EA App Service - EA IT Services architectural elements This slide shows a few IT Services Copyright 2013 OAD Consulting, Inc. . All Rights Service Specializations provide technology and/or standards based methods for implementing Services. Infrastructure elements provide implementations of the Service Specializations. Continu 52
Service-Driven Enterprise Architecture Example Provides Service Implementation <<Requires IT Service>> Phased Approach to Service Introduction Requires Service <<Requires IT Service>> Provides Service Implementation Copyright 2013 OAD Consulting, Inc. . All Rights Continu 53
Service-Driven Enterprise Architecture Example Copyright 2013 OAD Consulting, Inc. . All Rights Continu 54
Service-Driven Enterprise Architecture Example Copyright 2013 OAD Consulting, Inc. . All Rights Continu 55
Service-Driven Enterprise Architecture Example Copyright 2013 OAD Consulting, Inc. . All Rights Continu 56
Extended Service Taxonomy EA Business Services - Capabilities required by external constituents - Implemented by Business Processes’ Activities EA Information System Services - Capabilities required by Business Activities - Implemented by Business Applications and enterprise level DB Schemas EA Infrastructure (IT) Services - Capabilities required by Business Applications - Infrastructure supplies service specializations - Implemented by IT Software Copyright 2013 OAD Consulting, Inc. . All Rights Continu 57
Extended Service Taxonomy Sample Report – EA Service Taxonomy (IT Service Layer) Copyright 2013 OAD Consulting, Inc. . All Rights Continu 58
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Business Process Realizations Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 59
Business Process Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 60
Business Process Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 61
Business Process Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 62
UI Driven Design Copyright 2013 OAD Consulting, Inc. . All Rights 63
UI Driven Design Copyright 2013 OAD Consulting, Inc. . All Rights 64
UI Driven Design Copyright 2013 OAD Consulting, Inc. . All Rights 65
BP Realization Sample Report Ø This shows each layer’s required services and the configuration items that provide the services within the context of the Business Process Copyright 2013 OAD Consulting, Inc. . All Rights Continu 66
BP Realization Sample Report Ø This shows each layer’s required services and the configuration items that provide the services within the context of the Business Process Copyright 2013 OAD Consulting, Inc. . All Rights Continu 67
BP Realization Sample Report Copyright 2013 OAD Consulting, Inc. . All Rights Continu 68
BP Realization Sample Report Copyright 2013 OAD Consulting, Inc. . All Rights Continu 69
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Roadmaps and Projects Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 70
Roadmaps and Projects Ø Roadmaps • Define the future state representation of the architecture Ø Roadmap Phases • Provide an iterative/incremental implementation Ø Projects • Align to Roadmap Phases and implement the architectural vision Copyright 2013 OAD Consulting, Inc. . All Rights Continu 71
Roadmaps & Business Process Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 72
Roadmaps & Business Process Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 73
Life-Cycle Information Ø Items with Life-cycles • Service Specializations § When technology and/or standards will be introduced and retired • Configuration Items (CI) § When CIs are approved or no longer approved for purchase or development, e. g. when a particular server model may be purchased • Inventory Items (II) § When IIs have been purchased/built and retired, e. g. when a particular server has been put into service and then retired (retiring a CI doesn’t mean that all of the CI’s deployed II’s have to be retired at the same time they have their own retirement date) • One CI supplying a Service to another CI • Service Provisions in the context of a given Business Process Copyright 2013 OAD Consulting, Inc. . All Rights Continu 74
CMDB Style Sample Report Ø This report shows the deployment status of configuration items for a five year period. It organizes them by the IT Service they provide. The report can also show configuration items that provide Business and IS services. Copyright 2013 OAD Consulting, Inc. . All Rights Continu 75
CMDB Style Sample Report Copyright 2013 OAD Consulting, Inc. . All Rights Continu 76
Project Scope Ø Linking a Project to all Impacted Architectural Elements • Business Objectives Business Needs Use Case Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 77
Project Scope Ø Linking a Project to all Impacted Architectural Elements • Business Objectives Business Needs Use Case Realizations Copyright 2013 OAD Consulting, Inc. . All Rights Continu 78
Project Scope Sample report showing all architectural elements impacted by a project, including elements from all Use Case Realization diagrams Copyright 2013 OAD Consulting, Inc. . All Rights Continu 79
Project Scope Ø Project Context Report Copyright 2013 OAD Consulting, Inc. . All Rights Continu 80
Project Scope Copyright 2013 OAD Consulting, Inc. . All Rights Continu 81
Enterprise Risk Management Ø Concepts • • Objectives Risk Responses Controls § Implementation § Validation § Remediation Copyright 2013 OAD Consulting, Inc. . All Rights Slide 82
Enterprise Risk Management Ø Goals of an ERM Framework • Determine objectives, their associated risks, and the candidate and selected risk responses • To discover and validate the existing controls • To discover missing controls • To determine the level of support required • To design the optimal control solution • To provide continuous monitoring of the effectiveness of the controls • To provide input into the project portfolio Copyright 2013 OAD Consulting, Inc. . All Rights Slide 83
Enterprise Risk Management Ø Key Objectives of an ERM Framework • Not to automate as much of the process as is possible… • But rather to balance the cost of the impact against the cost of avoidance • To continuously monitor the effectiveness of their controls to ensure that objectives are met within their level of approved tolerance • The focus of this presentation is been on risk mitigation, but the same framework can be used for performance optimization Copyright 2013 OAD Consulting, Inc. . All Rights Slide 84
Enterprise Risk Management Key Elements of an ERM Framework • Objective Categories • Strategic Objectives • Risks • Risk Responses • Controls Copyright 2013 OAD Consulting, Inc. . All Rights Slide 85
Enterprise Risk Management Objective Categories and Strategic Objectives Ø Key Elements of an ERM Framework • Objective Categories § Provide a way of organizing the objectives § Ex: Hazardous Waste Risk Management • Strategic Objectives § Address different concerns within the category § Are top level objectives § Ex: Maintain a Safe, Productive Workplace, Complying with all Regulations Copyright 2013 OAD Consulting, Inc. . All Rights Slide 86
Enterprise Risk Management Objectives Ø Key Elements of an ERM Framework • (Tactical) Objectives detail the strategic objectives § Objective types – Operational – Reporting – Compliance § Objective data points – Measure: Indicates how the objective is measured – Target: What the desired measure is – Tolerance: The permitted deviation from the target § Ex: Ensure No Environmental Damage is Incurred Along with any Subsequent Fines § Ex: Report All Incidents in a Timely and Transparent Manner Copyright 2013 OAD Consulting, Inc. . All Rights Slide 87
Enterprise Risk Management Risks Ø Key Elements of an ERM Framework • Risks may adversely impact the objectives § Ex: Corrosion on Barrels Causes Material to Leak • Risk data points § Event Level – Indicates the scope of the risk – Industry, Entity, Business Unit, Process § Leading indicator – Predicts future likelihood of the risk § Escalation trigger – The measure of the leading indicator that triggers the need for action § Likelihood – The likelihood that the risk will occur within the time horizon § Time horizon – The time period during which the risk may occur § Impact – Quantitative cost should the risk occur – May be a financial cost, a hit to the company’s reputation, etc Copyright 2013 OAD Consulting, Inc. . All Rights Slide 88
Enterprise Risk Management Risk Responses Ø Key Elements of an ERM Framework • Risk Responses provide possible solutions to mitigate the risks § § § Risk one or more risk responses Trade off between the potential impact vs. mitigation cost Designed to avoid, reduce, share, or accept the risk Ex: Accept Barrel Leakage Ex: Proactive Barrel Replacement • Risk Response Data Points (Residual Risk) § Estimated cost of implementation § Residual impact § Residual likelihood Copyright 2013 OAD Consulting, Inc. . All Rights Slide 89
Enterprise Risk Management Controls Ø Key Elements of an ERM Framework • Controls provide a means to mitigate risk § Ex: Manual Barrel Inspection Activity § Ex: Automated Barrel Age Monitoring • Controls relate to actions that are taken § Following policies – manual check lists § Performing business activities – Manual activities described in the business process model § Invoking IT solutions – IT services that represent the automation of activities from the business process model § Charting compilations – Typically, spreadsheets containing 10’s to 100’s of controls at a fine grained level – For example, the dozens of controls within SAP regarding the month-end closing process Copyright 2013 OAD Consulting, Inc. . All Rights Slide 90
Enterprise Risk Management Controls Ø Key Elements of an ERM Framework • Controls should be verified by… § Reports showing the results of the control’s actions • Controls can be… § Detective § Preventive • Control results should be continuously monitored by… § People § Automated systems • Controls may have remedial actions should objectives not be met § Manual activities § Automated systems • Control results should be reviewed to determine whether adjustments must be made Copyright 2013 OAD Consulting, Inc. . All Rights Slide 91
Enterprise Risk Management Ø Phases of ERM • Planning Copyright 2013 OAD Consulting, Inc. . All Rights Slide 92
Copyright 2013 OAD Consulting, Inc. . All Rights Slide 93
Enterprise Risk Management Phases of ERM Planning Execution Copyright 2013 OAD Consulting, Inc. . All Rights Continu 94
Enterprise Risk Management Phases of ERM Planning Execution Risk Mediation Implementation Continuous Monitoring Copyright 2013 OAD Consulting, Inc. . All Rights Continu 95
Copyright 2013 OAD Consulting, Inc. . All Rights 96
Enterprise Risk Management Example Ensure Proper Handling of Personal Health Information Copyright 2013 OAD Consulting, Inc. . All Rights Continu 97
Enterprise Risk Management Example: Hazardous Waste Risk Management Copyright 2013 OAD Consulting, Inc. . All Rights Slide 98
Enterprise Risk Management Example Risk Responses 1 st Candidate Response Copyright 2013 OAD Consulting, Inc. . All Rights Slide 99
Enterprise Risk Management Example 2 nd Candidate Response Copyright 2013 OAD Consulting, Inc. . All Rights Slide 100
Enterprise Risk Management Example Selected Response Copyright 2013 OAD Consulting, Inc. . All Rights Slide 101
Enterprise Risk Management Example Healthcare Example Copyright 2013 OAD Consulting, Inc. . All Rights Slide 102
Healthcare Example Copyright 2013 OAD Consulting, Inc. . All Rights Slide 103
Enterprise Risk Management Example Candidate Response This Response provides a Policy to be followed by hospital admissions staff and two manual activities. These are detective Controls that are inexpensive to implement but are neither preventive nor automatic. Copyright 2013 OAD Consulting, Inc. . All Rights Continu 104
Enterprise Risk Management Example Selected Response The response was selected after weighing the risk’s impact and likelihood over its time horizon against the cost of implementing and maintaining the Response’s Controls along with the residual risk still in place after implementing the Response. Copyright 2013 OAD Consulting, Inc. . All Rights This Response specifies an automated, preventive Control in the form of an IT Service to be realized by a system component. Continu 105
Enterprise Risk Management Example Tying Automated Controls to the Architecture Plan The IT Service representing the Control is included in the Business Process Realization along with the system component that realizes the Control within the timeframe of the Roadmap. Copyright 2013 OAD Consulting, Inc. . All Rights Continu 106
Enterprise Risk Management UI Driven Design Copyright 2013 OAD Consulting, Inc. . All Rights Slide 107
Enterprise Risk Management UI Driven Design Copyright 2013 OAD Consulting, Inc. . All Rights Slide 108
Enterprise Risk Management A More Friendly View Copyright 2013 OAD Consulting, Inc. . All Rights Slide 109
Enterprise Risk Management UI Driven Design Copyright 2013 OAD Consulting, Inc. . All Rights Slide 110
Enterprise Risk Management A More Friendly View Copyright 2013 OAD Consulting, Inc. . All Rights Slide 111
Enterprise Risk Management Example Copyright 2013 OAD Consulting, Inc. . All Rights Slide 112
Enterprise Risk Management Example Copyright 2013 OAD Consulting, Inc. . All Rights Slide 113
Modeling Enterprise Architecture How Do You Go About Modeling Your Enterprise Architecture? Build Incrementally Copyright 2013 OAD Consulting, Inc. . All Rights Continu 114
Modeling Enterprise Architectural Views Horizontal Slices How Do You Go About Modeling Your Enterprise Architecture? Business Architecture Information Systems Architecture Infrastructure Architecture Model Some Key Architectural Elements to Build your Inventory Copyright 2013 OAD Consulting, Inc. . All Rights Continu 115
Modeling Enterprise Architectural Views Horizontal Slices How Do You Go About Modeling Your Enterprise Architecture? Business Architecture Generic Services Information Systems Architecture Service Specializations Infrastructure Architecture Add Services as You Learn About Them Copyright 2013 OAD Consulting, Inc. . All Rights Continu 116
Modeling Enterprise Architecture How Do You Go About Modeling Your Enterprise Architecture? Vertical Slices Business Process Realization Architectural Requirements Architectural Views Horizontal Slices ss e oc Pr ion ss zat e in ali s e Bu R Business Architecture Generic Services Information Systems Architecture Service Specializations Infrastructure Architecture Pick a Business Process to Model Its Realization Copyright 2013 OAD Consulting, Inc. . All Rights Continu 117
Modeling Enterprise Architecture How Do You Go About Modeling Your Enterprise Architecture? Vertical Slices a dm l Sl ap ice s s Infrastructure Architecture Service Specializations oa Generic Services Information Systems Architecture Current State Business Architecture Te mp or R Architectural Views Horizontal Slices ss e oc Pr ion ss zat e in ali s e Bu R Future State Business Process Realization Architectural Requirements Add the Future State in Conjunction with a Development Project Copyright 2013 OAD Consulting, Inc. . All Rights Continu 118
Modeling Enterprise Architecture How Do You Go About Modeling Your Enterprise Architecture? Vertical Slices s s Sli ps ce ad ma Ro Infrastructure Architecture Current State Service Specializations or al Generic Services Information Systems Architecture Future State Bu si n Re es al s P iz r at oc io e n s si Bu Business Architecture Te mp Architectural Views Horizontal Slices ss e oc Pr ion ss zat e in ali s e Bu R n Re es al s P iz ro at io ce n ss Business Process Realization Architectural Requirements Continue to Build Iteratively & Incrementally Copyright 2013 OAD Consulting, Inc. . All Rights Continu 119
Modeling Enterprise Architecture How Do You Go About Proselytizing Your Architecture? Vertical Slices Generic Services Information Systems Architecture Service Specializations Future State s Bu si n Re es al s P iz r at oc io e n s si Bu Business Architecture Current State Architectural Views Horizontal Slices ss e oc Pr ion ss zat e in ali s e Bu R n Re es al s P iz ro at io ce n ss Business Process Realization Architectural Requirements Infrastructure Architecture 2 provides numerous SQL reports and the tools to create your (EA) Finally, The Sparx Enterprise resulting Systems building Architect EAprovides the model perfect allows isa readily free architecture youread-only toavailable publish means version your to allnothing models stakeholders! of Enterprise unless… in RTF 2 metamodel Architect to allow reports everyone and to your to view intranet your web model site in native form own reports built on the (EA) and toolsets Copyright 2013 OAD Consulting, Inc. . All Rights Continu 120
Modeling Enterprise Architecture Service Requirements Information Systems Architecture Service Specializations Current State Business Architecture Future State in Re es al s P iz r at oc io e n ss Bu s B Bu ss e oc Pr ion ss zat e in ali s u Re si n Re es al s P iz ro at io ce n ss Sample Reports Infrastructure Architecture Copyright 2013 OAD Consulting, Inc. . All Rights Continu 121
Sample Reports Copyright 2013 OAD Consulting, Inc. . All Rights Continu 125
Sample Reports Copyright 2013 OAD Consulting, Inc. . All Rights Continu 126
(EA) 2 Features Copyright 2013 OAD Consulting, Inc. . All Rights Continu 127
A Few Upcoming Features Ø Framework Import • Current model’s stereotypes, tagged values, and links • Current model’s hierarchy of object and connector types • Technology files Ø SQL View Generation • Auto-generated views from the metamodel • Auto-generated user-defined views modeled in EA Ø User Interface for Merging New Releases Ø Design by Interface • Dialogs for creating model elements with the tags and relationships defined in the metamodel • Dialogs for handling complex tasks (like the Service Provisioning) Ø Domain Specific Frameworks • Embed the design of domain specific, including attributes, operations, and relationships in the framework • Create domain specific elements from the framework and track any changes against the metamodel definition Ø Framework and Model Compliance Reports Copyright 2013 OAD Consulting, Inc. . All Rights 128
A Few Upcoming Features Ø New Frameworks • • • Business Model Canvas TOGAF Archimate COBIT (Control Objectives for Information and Related Technology (EA)2 Ø New Automation • Framework Specific UI Design § Generic forms that read the framework § Model elements, connectors, and relationships built via the UI Ø Your Suggestions! Copyright 2013 OAD Consulting, Inc. . All Rights 129
Model Guardianship Ø Objectives • To coordinate all modeling activities in order to produce complete, consistent, concise, and comprehensible designs across the enterprise • To ensure that models meet the needs of the various stakeholders with views that are understandable by them • To provide tools that make conforming to your standards the easiest path with an appropriate level of governance • To ensure that models do not become obsolete causing expensive rework • To automate the more complex tasks as an alternative to drawing diagrams Ø Implementation • Model Guardian Framework & Model Management System Copyright 2013 OAD Consulting, Inc. . All Rights 130
Framework Maintenance Ø Lifecycle Control to Eliminate Obsolescence • Start with commercially available frameworks or create your own § Import stereotypes, tags, and relationships from existing models § Import from MDG XML files • Merge changes from commercially available frameworks into your own customized version of those frameworks Copyright 2013 OAD Consulting, Inc. . All Rights 131
Framework Maintenance Ø Lifecycle Control to Eliminate Obsolescence • Build your framework in a Work-in-Progress area with test models • Publish to a deployment area to work with production models Copyright 2013 OAD Consulting, Inc. . All Rights 132
Framework Maintenance Ø Domain Specific Standardized Set of Modeling Tools • • Object Types Connector Types Tag Definitions Relationships Toolboxes and Toolbox Sections Diagram Types Domain Roles Copyright 2013 OAD Consulting, Inc. . All Rights 133
Framework Editor Ø Object Types Copyright 2013 OAD Consulting, Inc. . All Rights 134
Framework Editor Ø Connector Types Copyright 2013 OAD Consulting, Inc. . All Rights 135
Framework Editor Ø Tag Definitions Copyright 2013 OAD Consulting, Inc. . All Rights 136
Framework Editor Ø Relationships Copyright 2013 OAD Consulting, Inc. . All Rights 137
Framework Editor Ø Toolbox Sections Copyright 2013 OAD Consulting, Inc. . All Rights 138
Framework Editor Ø Toolboxes Copyright 2013 OAD Consulting, Inc. . All Rights 139
Framework Editor Ø Framework Editor Copyright 2013 OAD Consulting, Inc. . All Rights 140
Framework Editor Ø Framework Archival & Retrieval Copyright 2013 OAD Consulting, Inc. . All Rights 141
Framework Editor Ø Framework Archive Management Copyright 2013 OAD Consulting, Inc. . All Rights 142
Model Editor Ø Model Editor Copyright 2013 OAD Consulting, Inc. . All Rights 143
Model Editor Ø Change Stereotypes Copyright 2013 OAD Consulting, Inc. . All Rights 144
Model Editor Ø Change Tag Names Copyright 2013 OAD Consulting, Inc. . All Rights 145
Model Editor Ø Synchronize Individual Elements Copyright 2013 OAD Consulting, Inc. . All Rights 146
Model Editor Ø Model Element Usage Copyright 2013 OAD Consulting, Inc. . All Rights 147
Model Editor Ø Model Element Usage Copyright 2013 OAD Consulting, Inc. . All Rights 148
Model Editor Ø Relocate Elements in the Project Browser Copyright 2013 OAD Consulting, Inc. . All Rights 149
Model Governance Ø Three Levels + Reporting • Suggest • Warn • Enforce Ø Subject Areas • Object/Connector Types § Tag cardinalities § Tag population • Relationships § Appropriate end points § Endpoint cardinalities Copyright 2013 OAD Consulting, Inc. . All Rights 150
Model Reporting Ø Built-in Enterprise Architect Capabilities Ø Ø Framework SQL Views • Inventory style reporting • Types of views § § Base views Framework metatype views Composite views Complex views • Usage § With SQL report writers § With Enterprise Architect model searches and model views § Custom Applications Copyright 2013 OAD Consulting, Inc. . All Rights 151
Model Reporting Ø SQL View Generation • Framework generated views § § Metatype view Metatype + Subtypes view Diagram Elements Diagram Connectors • User-defined views § Modeled in Enterprise Architect § Generated with the framework views Copyright 2013 OAD Consulting, Inc. . All Rights 152
Model Reporting Ø SQL Views and SQL Report Writers • Framework Element Views Copyright 2013 OAD Consulting, Inc. . All Rights 153
Model Reporting Ø SQL Views and SQL Report Writers • Composite Element Views Copyright 2013 OAD Consulting, Inc. . All Rights 154
Model Reporting Ø SQL Views and SQL Report Writers • Complex views leveraging the relationships among the elements Copyright 2013 OAD Consulting, Inc. . All Rights 155
Model Guardian Help Ø About Model Guardian Copyright 2013 OAD Consulting, Inc. . All Rights 156
Model Guardian Help Ø About Model Guardian Copyright 2013 OAD Consulting, Inc. . All Rights 157
SQL Reports Copyright 2013 OAD Consulting, Inc. . All Rights 158
Summation Ø Captured each architectural view along with life-cycle information Ø Shown how the applications and database schemas interact to realize key scenarios Ø Shown the key architectural elements involved in the business process realizations Ø Added roadmaps and projects to tie portfolio management to the elements of the architecture Ø Integrated risk management with the business policies, activities, and services of the architectural views Ø Provided a visible path from the objectives to how successfully they are being met Copyright 2013 OAD Consulting, Inc. . All Rights Slide 159
nt e em g na Audit & Compliance Personnel ior IT M ana ger s ts te c Expe rts Copyright 2013 OAD Consulting, Inc. . All Rights Infrastructure Architects ers lop e v e D oje ness Pr Busi ct Ma n ag em en t l Oper at ne on ions S ers AP taff Q/ Ap pl ica ts tio ec hit n. A rc c Ar hi ta Se Sen Da r o i n s e n si Bu a M s Going From Chaos Slide 160
To Strategic Planning Vertical Slices si n Re es al s P iz at roc io e n ss s lic es ap l. S Infrastructure Architecture dm Service Specializations Current State Information Systems Architecture Ro ora a Service Requirements mp Business Architecture Te Architectural Views Horizontal Slices s es c o Pr ion ss izat e in eal s Bu R Bu s es c o Pr on i ss zat e in eali s Bu R Future State Business Process Realization Architectural Requirements Continuous Monitoring Objectives – Risk Responses Controls –Verification – Mitigation Copyright 2013 OAD Consulting, Inc. . All Rights Slide 161
Enterprise Architecture & Risk Management Framework (EA) 2 Terry Merriman www. OADConsulting. co m tm@OADConsulting. com Give (EA) 2 a try. Download the free 45 -day evaluation copy of Model Guardian with (EA) 2 today. And remember, you are not alone! OAD Consulting provides architectural consulting services to ensure the success of your EA practice and the adoption of your modeling frameworks. Copyright 2013 OAD Consulting, Inc. . All Rights Back 162
- Common risk mitigation strategy
- Enterprise risk management integrated framework
- Enterprise architecture risk management
- Enterprise architecture tool selection guide
- Enterprise architecture survey
- Feaf
- Market risk assessment
- Terry hill framework
- Literature review on enterprise risk management
- Enterprise risk management for financial institutions
- Internal audit data analytics maturity model
- Omb a-123
- Enterprise risk management pharmaceutical industry
- Bindesh rach
- Enterprise risk management association
- Gartner eim maturity model
- Enterprise architecture management
- Knowledge management and enterprise architecture
- Key risk indicators template
- Risk map
- Supply chain risk management framework
- Supply chain risk management framework
- 6 steps of risk management framework
- Data risk framework
- Goldman sachs risk management framework
- Citigroup risk management framework
- Hse risk management framework
- Octave risk management framework
- Dss risk management framework
- Anz risk management framework
- Hitrust assessment xchange
- Supply chain risk management
- National disaster risk reduction and management framework
- Cash flow risk management
- Credit risk evaluation framework
- Jp morgan risk management framework
- Putting the enterprise into the enterprise system
- Putting the enterprise into the enterprise system
- Erm tool
- 831b captives
- Enterprise risk captive
- Enterprise delivery framework
- Uniquing
- Cmmi model
- Enterprise integration reference architecture
- Federal enterprise architecture business reference model
- Chess and the art of enterprise architecture
- Federal enterprise architecture business reference model
- Fea framework
- Enterprise architecture presentation
- Introduction to enterprise architecture
- Enterprise architecture metrics
- Enterprise architecture principles
- Enterprise architecture vision statement example
- Cisco enterprise architecture model
- Enterprise architecture city planning analogy
- Syngenta sharepoint
- Disney company value
- Purdue enterprise reference architecture
- Gis enterprise architecture
- Java enterprise architecture
- Pragmatic enterprise architecture
- Enterprise network architecture
- Faa enterprise architecture
- Enterprise architecture roadmap
- Esb integration patterns
- Enterprise architecture key concepts
- Enterprise architecture proposal
- Enterprise architecture reference model
- Ict enterprise architecture
- Enterprise service bus architecture
- Enterprise search architecture
- Enterprise architecture svenska
- Soa enterprise architecture
- Nas enterprise architecture
- Federated enterprise architecture
- Draw rmmm plan
- Risk management avoidance
- Relative risk calculation
- Residual risk and secondary risk pmp
- Ar = ir x cr x dr
- Absolute risk vs relative risk
- Activity sheet 1 about p/e ratios answer key
- Medium-term risk examples
- Risk financing retention adalah
- The biggest risk is not taking any risk
- Business risk vs audit risk
- Business risk and financial risk leverage
- Attributable risk formula
- Attributable risk
- Orca risk assessment
- Irm risk culture framework
- Junior marsipan risk assessment framework
- It risk and compliance
- Market risk factors
- Sendai
- Dispositional framework vs regulatory framework
- Conceptual and theoretical framework example
- Iso/iec/ieee 42010
- Conceptual framework theoretical framework
- Dispositional framework vs regulatory framework
- Theoretical framework
- Integrated architecture framework (iaf)
- Spring framework architecture
- Integrated architecture framework iaf
- Struts architecture
- Unified architecture framework
- Togaf history
- Android application components
- Bian capability model
- Dodaf examples
- David selvaraj
- Julie rae jennings
- Terry goh
- Terry stop
- Supreme x terry richardson
- Nazon maya
- Terry fox elementary school
- Pengertian pengambilan keputusan menurut george r terry
- Terry laster
- Terry traffic tamer pltw
- Terry eagleton what is a novel
- Pbr membership
- Michael fellows barrister
- Terry hayes md
- Dr terry weaver
- We finally arrived at your destination
- Intermediate math problems for students by m. colwell
- Dr terry correll
- Terry tadlock
- Terry biddington
- Chapter 26 pedicuring
- Types of ergonomics
- Stagg chargers
- Eye drops off shelf
- Viessmann manufacturing company inc.
- Terry fox paragraph
- Sleeping beauty retold by brent lansing genre
- Noman terry towel mills ltd
- Terry gage
- Testamento de freddie mercury
- Duke pre med
- Terry landscaping & lawn care
- Terry goh singapore
- Dasar dasar pengambilan keputusan menurut george r terry
- Dr. terry wong
- Terry roe
- Terry michler
- Nemmco
- Iss
- Terry marsh finance
- Terry curry msu
- Tipos de control terry (1999) son:
- Kappa alpha psi incorporation date
- Terry garvey
- Terry mc kirchy
- Arthur terry school death
- Terry metz
- Terry goh
- Donat agosti