- Let's take a look at the last two guidelines and techniques: risk management and capability-based planning. Let's start by looking at risk management. There's always an element of risk involved in a transformation activity. This covers all areas of life, not just in enterprise architecting. Risk management is a technique used in TOGAF and is a consideration that must be taken throughout the ADM beginning in phase A. Approaching risk management involves identifying the risk. You'll likely generate risks when you're developing your business transformation readiness. Assessing the initial risk by considering the effects that the risk could have on the enterprise. Are they catastrophic? Critical? Marginal? Or negligible? The frequency of the risk occurring. Is it frequent? Likely? Occasional? Seldom? Or unlikely to occur? The end risk to the enterprise if its occurred, would it have an extremely high, high, moderate, or low impact? Risk mitigation is the identification, planning, and conduct of actions that will reduce the risk to an acceptable level. And finally, risk monitoring, this is conducted after the risks have been identified and accepted. Any actions that attempt to mitigate the risks need to be monitored. One last consideration is that the actual risk that is taken is referred to as the residual risk. Residual risk is any risk that remains assuming that successful mitigating action has been taken. Risk management is something that should be considered throughout the ADM. Next, let's look at capability-based planning. Capability-based planning originates from a military context. The idea is that strategic planners define outcomes and then consider the capabilities that are needed to deliver those business outcomes. This means that capabilities are business driven and business led. A crucial aspect of capability-based planning is the creation of shared capabilities. Capabilities are commonly concerned with or made up of skills, resources, training, and maturity measured processes. For example, you might need to consider the capabilities of the people implementing your architecture. Do they have the resources they need to implement a new cloud-based platform that the enterprise will be using? Do they require any training in implementing cloud security? The business scenario technique is helpful in discovering and refining these capabilities. As an architect develops new scenarios about the enterprise, they'll probably discover areas where they need to assess the capabilities they have in order to meet the target architecture. Let's consider a recent real world example of capability planning that occurred in 2019. The introduction of the new data regulations embodied in GDPR that covers the handling and processing of personal data. In order to be compliant, an organization must look across multiple areas and make sure that it can meet the requirements of GDPR. You'll likely immediately think of the information services side of the organization. But who is ultimately responsible for the data in the organization? Where does data get handled? And where is the data stored? Architects need to think laterally about the capabilities across all areas of the enterprise in order to be compliant with the regulation. Essentially, what capability does the organization have to be compliant with the regulation? And that's it for this video. Next, we'll be looking at the final area of this module, governance.