TOGAF Architecture Governance Framework

What is Architecture Governance?

Architecture Governance is the practice of managing and controlling enterprise architecture at an enterprise-wide level. It ensures:

• Architecture aligns with business strategy
• Standards are followed consistently
• Architectural decisions support business objectives
• Value is realized from architecture investments

The Governance Framework

Core Components

• Governance Processes: Architecture compliance reviews, Dispensation handling, Architecture change management, Architecture monitoring
• Governance Organization: Architecture Board, Architecture Review Committee, Enterprise Architects, Domain Architects
• Governance Artifacts: Architecture principles, Standards and guidelines, Reference architectures, Compliance criteria
• Governance Mechanisms: Architecture contracts, Compliance assessments, Stage-gate reviews, Architecture scorecards

Architecture Board

The Architecture Board is the primary governance body.

Responsibilities

| Responsibility | Activities | |----------------|------------| | Strategy | Ensure architecture supports business strategy | | Standards | Approve and maintain architecture standards | | Compliance | Review and approve architectural designs | | Disputes | Resolve architectural conflicts | | Communication | Ensure stakeholder awareness |

Typical Composition

• Chair: Chief Architect / CTO
• Enterprise Architect (permanent)
• Business Representative (rotating)
• Domain Architects (as needed): Business, Data, Application, Technology
• Project Representatives (as needed)

Meeting Cadence

| Meeting Type | Frequency | Focus | |--------------|-----------|-------| | Strategy Review | Quarterly | Architecture roadmap, strategic alignment | | Compliance Review | Bi-weekly | Project architecture approvals | | Exception Review | As needed | Dispensation requests | | Standards Review | Monthly | New/updated standards |

Architecture Compliance

Compliance Review Process

1. Project Submission - Project team submits architecture artifacts
2. Initial Assessment - Architect reviews against standards
3. Board Review - Present findings, discuss exceptions
4. Decision - Approved, Approved with conditions, Deferred, or Rejected
5. Follow-up - Track conditions, verify changes

Compliance Levels

| Level | Description | Action | |-------|-------------|--------| | Fully Compliant | Meets all standards | Approve | | Partially Compliant | Minor deviations | Approve with conditions | | Non-Compliant but Justified | Has valid business reason | Dispensation process | | Non-Compliant | Does not meet standards | Reject, require redesign |

Compliance Checklist Example

| Standard | Status | Notes | |----------|--------|-------| | Security Standards | ✓ Pass | | | Data Classification | ✓ Pass | | | API Design Guidelines | ⚠ Partial | Missing versioning | | Cloud Platform (Azure) | ✓ Pass | | | Monitoring Standards | ✗ Fail | No APM defined |

Recommendation: Approve with conditions Conditions:

1. Add API versioning within 30 days
2. Implement APM monitoring before production

Dispensation (Exception) Management

When a project cannot comply with standards, they can request a dispensation.

Dispensation Request Elements

• Standard being excepted
• Business justification
• Proposed mitigation
• Duration requested
• Review date

Dispensation Decision Matrix

| Factor | Weight | |--------|--------| | Business justification strength | 30% | | Risk level | 25% | | Mitigation adequacy | 20% | | Strategic alignment | 15% | | Precedent impact | 10% |

Architecture Contracts

Architecture Contracts formalize agreements between architecture and project teams.

Contract Elements

Agreed Architecture:

• Technology stack (per standards)
• Integration patterns
• Security requirements
• Non-functional requirements

Project Team Commits To:

• Follow approved architecture
• Participate in architecture reviews
• Report deviations immediately
• Complete compliance self-assessment

Architecture Team Commits To:

• Provide timely guidance
• Review designs within 5 days
• Support dispensation requests
• Update standards as needed

Governance:

• Review points: Design, Build, Deploy
• Escalation path: Domain Architect → EA → Board
• Metrics: Compliance score, deviation count

Governance Metrics

Architecture Scorecard

| Metric | Target | Actual | Trend | |--------|--------|--------|-------| | Standards Compliance Rate | 90% | 87% | ↑ | | Dispensations Approved | <10 | 8 | ─ | | Technical Debt Items | <50 | 62 | ↓ | | Architecture Reviews Done | 100% | 95% | ↑ | | Time to Architecture Sign-off | 5 days | 4.2 days | ↑ | | Reuse of Building Blocks | 60% | 55% | ↑ |

Key Performance Indicators

| KPI | Formula | Target | |-----|---------|--------| | Compliance Rate | Compliant projects / Total projects | >90% | | Review Throughput | Reviews completed / Reviews requested | 100% | | Dispensation Rate | Dispensations / Total reviews | <10% | | Architecture Debt | Open technical debt items | Decreasing | | Stakeholder Satisfaction | Survey score | >4/5 |

Governance Integration with ADM

Phase-Specific Governance

| ADM Phase | Governance Activities | |-----------|----------------------| | Preliminary | Establish governance framework | | Phase A | Approve architecture vision | | Phase B-D | Review domain architectures | | Phase E | Approve roadmap and transition architectures | | Phase F | Approve migration plan | | Phase G | Implementation compliance reviews | | Phase H | Change request governance |

Project Lifecycle Governance Gates

• Gate 0: Project Intake - Architecture impact assessment
• Gate 1: Design Approval - Architecture compliance review
• Gate 2: Build Sign-off - Implementation compliance check
• Gate 3: Deployment Approval - Production readiness review
• Gate 4: Post-Implementation - Lessons learned, debt assessment

Common Governance Challenges

Challenge: Governance as Bottleneck

Problem: Architecture reviews slow down projects

Solutions:

• Self-service compliance checklists
• Pre-approved patterns (no review needed)
• Parallel review tracks (fast/normal)
• Architecture office hours
• Embedded architects in Agile teams

Challenge: Standards Proliferation

Problem: Too many standards, hard to follow

Solutions:

• Tiered standards (mandatory, recommended, optional)
• Regular standards pruning
• Clear ownership per standard
• Automated compliance checking

Challenge: Governance Theater

Problem: Reviews happen but don't add value

Solutions:

• Outcome-focused reviews (not checkbox)
• Architecture Board training
• Clear decision criteria
• Feedback loops from implementation

Exam Tips

Key Concepts:

1. Architecture Board = Primary governance body
2. Compliance Reviews = Ensure projects follow standards
3. Dispensations = Managed exceptions with justification
4. Architecture Contracts = Formal agreements

Common Questions:

• "What is the role of the Architecture Board?" → Approve architectures, maintain standards, resolve disputes
• "What is a dispensation?" → Approved exception to a standard with justification
• "Which phase establishes governance?" → Preliminary Phase
• "What is an Architecture Contract?" → Agreement between architecture and project teams

Key Takeaway

Effective architecture governance balances control with enablement. It's not about blocking projects but about ensuring architectural decisions support business objectives while managing risk. The key is making governance lightweight enough to be adopted while rigorous enough to be effective. Good governance becomes invisible - embedded in how the organization naturally works rather than an overhead to overcome.