Risk Management and CBP
Start course

Course Description 

This module looks at the supporting guidelines and techniques of the Architecture Development Method, as well as governing the architecting process. This module is supported by videos and a PDF, and is followed by a quiz to help support your understanding. 

Learning Objectives

This module will cover:  

  • Architecture Governance  
  • Architecture Principles
  • Business Scenarios  
  • Gap Analysis  
  • Interoperability  
  • Business Transformation Readiness 
  • Risk Management  

 Intended Audience  

This course is intended for anyone looking to understand Enterprise Architecture.  It is helpful however to have several years' experience in IT in a variety of roles, or to have an understanding of Enterprise or IT Architecture. 

Prerequisites of the Certifications 

There are no formal pre-requisites for this course.  


We welcome all feedback and suggestions - please contact us at to let us know what you think. 


- Let's take a look at the last two guidelines and techniques: risk management and capability-based planning. Let's start by looking at risk management. There's always an element of risk involved in a transformation activity. This covers all areas of life, not just in enterprise architecting. Risk management is a technique used in TOGAF and is a consideration that must be taken throughout the ADM beginning in phase A. Approaching risk management involves identifying the risk. You'll likely generate risks when you're developing your business transformation readiness. Assessing the initial risk by considering the effects that the risk could have on the enterprise. Are they catastrophic? Critical? Marginal? Or negligible? The frequency of the risk occurring. Is it frequent? Likely? Occasional? Seldom? Or unlikely to occur? The end risk to the enterprise if its occurred, would it have an extremely high, high, moderate, or low impact? Risk mitigation is the identification, planning, and conduct of actions that will reduce the risk to an acceptable level. And finally, risk monitoring, this is conducted after the risks have been identified and accepted. Any actions that attempt to mitigate the risks need to be monitored. One last consideration is that the actual risk that is taken is referred to as the residual risk. Residual risk is any risk that remains assuming that successful mitigating action has been taken. Risk management is something that should be considered throughout the ADM. Next, let's look at capability-based planning. Capability-based planning originates from a military context. The idea is that strategic planners define outcomes and then consider the capabilities that are needed to deliver those business outcomes. This means that capabilities are business driven and business led. A crucial aspect of capability-based planning is the creation of shared capabilities. Capabilities are commonly concerned with or made up of skills, resources, training, and maturity measured processes. For example, you might need to consider the capabilities of the people implementing your architecture. Do they have the resources they need to implement a new cloud-based platform that the enterprise will be using? Do they require any training in implementing cloud security? The business scenario technique is helpful in discovering and refining these capabilities. As an architect develops new scenarios about the enterprise, they'll probably discover areas where they need to assess the capabilities they have in order to meet the target architecture. Let's consider a recent real world example of capability planning that occurred in 2019. The introduction of the new data regulations embodied in GDPR that covers the handling and processing of personal data. In order to be compliant, an organization must look across multiple areas and make sure that it can meet the requirements of GDPR. You'll likely immediately think of the information services side of the organization. But who is ultimately responsible for the data in the organization? Where does data get handled? And where is the data stored? Architects need to think laterally about the capabilities across all areas of the enterprise in order to be compliant with the regulation. Essentially, what capability does the organization have to be compliant with the regulation? And that's it for this video. Next, we'll be looking at the final area of this module, governance.

About the Author

In a varied career that began in 1974, John Coleshaw has trodden a relatively unusual path whereby his roles have split evenly between Business and IT. In the early 80s he was the Credit Manager for a multi-national electronics company, and at the same time built a computerised financial and credit analysis tool using the original version of the IBM PC. In the mid-80s, whilst performing the role of senior underwriter in the Credit Insurance industry, he managed the IT system, as well as developed an innovative risk analysis tool. At the start of the 90s, as a manager in a financial information company, he developed an early form of expert system whose purpose was to predict corporate failure.

His current career as an IT trainer began in 1998, specialising at the time in Object Oriented programming languages. In 2002 he started developing and delivering IT Architecture training and has now had the opportunity to meet and discuss architecture matters with over a thousand architects. The courses he trains now span both The Open Group (TOGAF and ArchiMate), and BCS.

He has a book to his name, one written in the late 80s on Credit Risk Analysis.