http://www.mega.com/mega-resource/2013/newsletter/ea_21/sun_tzu.pdf
“If you know the enemy and know
yourself, you need not fear the
result of a hundred battles. If you
know yourself but not the enemy,
for every victory gained you will
also suffer a defeat. If you know
neither the enemy nor yourself,
you will succumb in every battle.”
This quote comes from a translation of the Art of War by Sun
Tzu, written in China in what is
estimated to be 512 BC. It could
seem farfetched to assert that
this ancient quote is appropriate
in today’s business environment,
but it is actually a good metaphor
for the challenges and rewards
of enterprise architecture (EA)-
backed risk management.
To adapt it to the business context, let’s pacify and update the
quote by removing battles and
enemies: battles will be business
challenges and enemies will be
risks threatening the success of
your operations. Simply put, Sun
Tzu posits that knowing your risks
is not enough to ensure your success. Knowledge of the processes
that may create the risks is also
crucial for success. Incidentally,
considering risks in a vacuum is
also only half a solution.
Obviously, the “succumb in every
battle” outcome brought about by
ignorance of both the processes
and the risks needs no further
explanation. It is the “every victory for a defeat” outcome that
deserves particular attention.
Let’s take a hypothetical situation where you would consider
your risks only with no concern
for the business processes. Paying attention to the risks will allow
you to put controls in place and
thus limit the risks, but doing so
without considering how the risks
affect your processes, or which
processes may have created the
risks, is inefficient. Some risks
are more important than others
because they affect key business
processes. Without a mapping
of your risks alongside your processes, you would have to treat
every risk as if it is critical. This
obviously means spending more
resources than needed in managing the risks and, to follow the
metaphor, not having enough soldiers as you should for the next
battle.
How to win a hundred battles
then? Mastering your processes
is the first step, mapping them,
establishing objectives, threats,
controls, procedures, etc. Building and drawing your company’s
architecture, the road map that
will lead you to your objectives, is
the stepping stone. Business blueprints, creating a common understanding of the organization, and
recognizing strategic and tactical
business demands, will give you
the ability to monitor and upgrade
performance. That is what enterprise architecture is. The second
step would be to add the risks
to this blueprint, this conceptual
construct. Because your process
is real and not just a concept,
there are risks that could jeopardize it. Once more, awareness,
control, and planning will do the
trick, curbing the potential impact
or the probability that your process will be derailed. You could
even go one step further and
integrate all the factors that may
influence performance and strategy: competitors, technology, supply chain, regulations, etc. You’d
be beyond enterprise architecture
and into business architecture.
By combining EA and risk management, you face the real threats
to your objectives with the appropriate answer, knowledge of what
you have and what you want,
awareness of the threats… You
are equipped for battle. Furthermore, EA and risk management
will feed each other. Better EA
means more appropriate risk management (because the risks will be
better identified in context) and
better risk management will give
you tools to drive perform
No hay comentarios:
Publicar un comentario