The Unexpected, Part 2: Preparation — Leveraging Business Architecture to Prepare for the Unexpected

This is the second installment of a multi-part StraightTalk series on how business architecture can help an organization prepare for, respond to, recover from and build resilience for the unexpected. The unexpected may include an incident caused by an organization (e.g., an accident or data breach) or one that has happened to it (e.g., a natural disaster).

In our first installment, we covered the most urgent, response, so now we will focus on preparation. Here goes.

P.S. If you haven’t seen it yet, make sure to check out Post No. 73 on incident response because we covered some important foundational topics like why business architecture is so valuable for this type of decision-making and what to do if you don’t have a business architecture when the unexpected happens

So, what is this topic of preparing for the unexpected all about?

Let’s focus on the concept of Business Continuity Planning (BCP), which is the “process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery.” 1

So, let’s think about some activities related to preventing and preparing for an incident, such as:

  • Identifying potential hazard or threat scenarios (e.g., a severe weather incident, a fire, a pandemic, etc.)
  • Assessing the potential impacts of each scenario to the organization and its stakeholders
  • Defining the response to each scenario (e.g., initial protective actions for life safety like taking shelter during a tornado or evacuating a building during a fire as well as longer-term responses for continuity like working remotely or shifting work for critical capabilities to employees or partners in unaffected locations)
  • Training people to respond and then performing testing and exercises to evaluate recovery strategies and plans

Why is this important?

When the unexpected strikes it can be tremendously disruptive to an organization – and potentially disrupt an entire industry, community, country, or even our entire global population. In the worst cases, an incident may impact an organization’s ability to deliver products and services that are essential to human survival (think about interruptions to a government, for-profit or non-profit organization that provides healthcare, food or protection for people). In other cases, disruption to businesses (or entire industries) can lead to lost revenues or even failure, which in turn can have a vast ripple effect on unemployment, economies and even just our daily happiness to do and buy the things we enjoy.

So, the idea is to be as ready as we can for unexpected incidents, and where feasible try to prevent them from happening in the first place.

How can business architecture help organizations prepare for the unexpected?

Simply said, better decision-making. Business architecture helps organizations to make decisions that are more informed, more holistic and faster.

Here are a few ways in which business architecture can help to frame, inform and accelerate decision-making when preventing or preparing for incidents:

  • As it pertains to both prevention and preparation, organizations need to define performance objectives and action items for incident mitigation, preparedness and response (e.g., to track progress of mitigation measures such as phasing out use of hazardous materials, completeness of training, response time to an incident, etc.) – Business architecture helps to:
    • Capture objectives and action items and track initiatives and progress against them, framed within a value stream and capability context 
    • Illuminates the gap between current state abilities and target state requirements (e.g., human resource preparedeness, remote work enablement, succession plans, system backups, etc.)
    • Identify impacted resources (human, assets, technology, etc.) to deliver on objectives and action items

Prevent

  • Organizations need to identify and assess impact for potential hazard and threat scenarios – and take steps to mitigate them where possible – Business architecture helps to frame the full breadth of impacts for potential hazard/threat scenarios through value streams and capabilities along with all impacted aspects of the business and technology environment.

Prepare

  • Organizations need to identify business-critical activities for which continuity is necessary – Business architecture helps to identify and track critical core business capabilities as well as incident scenario-specific capabilities along with the necessary aspects of business and technology required to support them (think capabilities + metrics in a value stream context to identify importance as well as their associated business units, stakeholders, information, products, policies, processes, applications, software services, etc.)
  • Organizations need to define, train for and test incident response strategies and plans – Business architecture helps to:
    • Perform what-if impact analysis to inform incident response strategy definition and selection
    • Identify internal human resources and external partners (business units, stakeholders and locations) as well as supporting aspects of business and technology required to train and prepare for incident response
    • Identify stakeholders with whom to communicate during an incident (business units, stakeholders and locations)

Here’s a handy diagram to summarize all of that.

diagram representing responses to pre-incident, incident and post-incident measures shaped and informed by business archtiecture

Anything else?

Remember, never waste a good crisis. You can leverage business architecture right now to help your organization prevent and prepare for the unexpected – while simultaneously building your case for business architecture and demonstrating its value.

P.S. If you’re new to business architecture, StraightTalk has you covered. Start with Posts No. 1 (what), No. 2 (why) and No. 3 (more on why). To learn a bit more about how it’s created, check out Posts No. 17, No. 18 and No. 51. And for a bit more on how to use it and why it matters, see Posts No. 55, 56, 68 and 72.


1 “Business Continuity Planning.” Wikipedia, Wikimedia Foundation, 25 Mar. 2020, en.wikipedia.org/.


More Good Stuff…

How to Make Healthy Decisions With the COVID Perimeter Framework (Dr. Raj Ramesh and Whynde Kuehn): This animated video illustrates an approach for decision-making related to the coronavirus challenge. The authors present their COVID Perimeter Framework which helps guide healthy decision-making whether for individuals, healthcare professionals, businesses or government – based on principles of structured thinking and underpinned by business architecture. The intent of the video was not to be comprehensive but rather to provide a starting point for looking at such challenges.

Leveraging Business Architecture For Crisis Management (BrightTALK by William Ulrich): A talk on crisis response challenges at a major financial institution and the role business architecture should play in addressing a variety of related scenarios.

Business Continuity Planning (Department of Homeland Security): An excellent resource for Business Continuity Planning and much more (US-based).

Preserving Optionality: Preparing for the Unknown (Farnam Street): As the future gets harder to predict, keeping options allows us to pivot when the unexpected happens.

People (Men In Black): Just for fun. Here’s a clip from the movie Men In Black, where we are reminded of our humanness and fallibility when it comes to things we “know.”

The Next Outbreak? We’re Not Ready (TED Talk): An excellent TED Talk from Bill Gates on how we can think about and prepare for a pandemic.

The Unexpected, Part 1: Response – Leveraging Business Architecture to Respond to the Unexpected

We interrupt your regularly scheduled programming. We are postponing our originally planned post to bring you this breaking series. We strive to keep StraightTalk relevant, timely, cutting edge and engaging. In light of the rapidly developing coronavirus pandemic, we believe a focus on leveraging business architecture to help organizations navigate the unexpected is highly valuable in this uncertain time.

This installment of StraightTalk kicks off a series on how business architecture can help an organization prepare for, respond to, recover from and build resilience for the unexpected. We’ll start with the most urgent: enabling response to a major incident. Here we go.

What sort of events does this discussion of the unexpected include?

The unexpected may include an incident caused by an organization or one that has happened to it. For example, incidents caused by an organization can include anything from accidents to defective products to data breaches or other perceived or actual wrongdoings. Incidents that happen to an organization can include anything from natural disasters to pandemics to political situations or other man-made disasters.

Officially defined, crisis management is the “process by which an organization deals with a disruptive and unexpected event that threatens to harm the organization or its stakeholders,”1 but we will refer to these things as incidents here.

How can business architecture help organizations respond to the unexpected?

In a nutshell, business architecture enables organizations to make better decisions when responding to an incident. More informed decisions, more holistic decisions, quicker decisions.

Why is business architecture so valuable for decision-making? With value streams and capabilities at the core, business architecture is the framework that represents an organization which is:

  • A high-level enterprise view that crosses all business units and products, allowing us to see the forest for the trees
  • A pure business view, completely independent from technology
  • An agreed-upon view, created by a respected group of cross-functional business experts
  • An objective view without any organizational bias or otherwise
  • An accessible view to everyone in the organization (provided it has been published)

More details, please.

Let’s think about an organization managing a major incident across three phases: Pre-Incident where we prevent and prepare, Incident where we assess, plan and respond to something that has happened, and Post-Incident where we recover and learn. This installment of StraightTalk focuses on the Incident phase, but we’ll cover the other two as the series unfolds.

Here are a few ways in which business architecture can help to frame, inform and accelerate decision-making when responding to an incident:

Assess Incident

  • Organizations need to detect an incident as well as assess and isolate the impact of an incident – Business architecture helps to frame the scope of the incident to identify who is impacted (stakeholders and business units), where (locations) and for what (value streams, capabilities, information and products).

Plan and Respond to Incident

  • Organizations need to prioritize essential versus non-essential activities to control, contain and resolve incident – Business architecture helps to:
    • Perform what-if impact analysis for different response scenarios.
    • Identify key capabilities to focus on or pend (capabilities + metrics in a value stream context).
  • Organizations need to maximize their capacity to deliver essential activities – Business architecture helps to:
    • Identify people, processes and technology to further enable (for essential activities) or reallocate/deprioritize (for non-essential activities).
    • Identify options to increase capacity (e.g., reallocate human resources or partners, leverage products in new ways, etc.).
    • Identify strategies and initiatives to put on hold.
  • Communicate to those affected by the incident, response team and other stakeholders – Business architecture helps to identify all people who need communication both internal and external to the organization (stakeholders, business units and locations).

Here’s a handy diagram to summarize all of that.

diagram representing responses to pre-incident, incident and post-incident measures shaped and informed by business archtiecture

Extra bonus, here’s an animated video that illustrates an approach for decision-making – based on principles of structured thinking and underpinned by business architecture – using the coronavirus pandemic as an example.

Anything else?

Yes. Business architecture can facilitate better decision-making at any level: within an organization, across two or more partnering organizations, or across an entire ecosystem. It just depends on how you define the scope of the business architecture and which hat you are wearing as you do the analysis.

For example, business architecture can be leveraged for making decisions by one hospital, one healthcare system, the healthcare industry within one country, a cross-sector perspective on healthcare for one country, or the global healthcare community focused on better outcomes.

What if an organization doesn’t have a business architecture in place when the unexpected happens?

There’s no time like the present, so create one now. The great news is that business architecture is high level and there are reference models that may be leveraged to accelerate its creation. (See Post No. 22 for more on that.) If you’re under pressure, get the baseline good enough, start using it and refine and expand it as you go.

Ideally, the best way to be prepared to respond to an incident is to have at least a minimum business architecture baseline in place before it happens, so that people do not need to spend time inventorying and agreeing upon what they do during a time of crisis. An organization’s minimum baseline should include:

  • A capability map (one that encompasses the whole scope of the organization and its ecosystem, and is based on defined business information concepts)
  • Value streams (a core set of value streams, typically customer-facing, created at the ecosystem level without business unit or product specificity)
  • Capabilities cross-mapped to value stream stages

Once this baseline is in place, additional detail and content can be added just enough, just in time as it is needed by the organization.

The silver lining is that crisis also brings opportunity. It presents an opportunity for individuals and organizations to come together and reinvent. Start using business architecture right now to help your organization prepare for, respond to, and/or recover from the unexpected. It may even turn out to be an excellent and highly relevant way to build your case for business architecture and demonstrate its value. Never waste a good crisis.

P.S. If you’re new to business architecture, StraightTalk has you covered. Start with Posts No. 1 (what), No. 2 (why) and No. 3 (more on why). To learn a bit more about how it’s created, check out Posts No. 17, No. 18 and No. 51. And for a bit more on how to use it and why it matters, see Posts No. 55, 56, 68 and 72.


1 Bundy, Jonathan; Pfarrer, Michael D.; Short, Cole E.; Coombs, W. Timothy (2017). “Crises and Crisis Management: Integration, Interpretation, and Research Development.” Journal of Management.


More Good Stuff…

How to Make Healthy Decisions With the COVID Perimeter Framework (Dr. Raj Ramesh and Whynde Kuehn): This animated video illustrates an approach for decision-making related to the coronavirus challenge. The authors present their COVID Perimeter Framework which helps guide healthy decision-making whether for individuals, healthcare professionals, businesses or government – based on principles of structured thinking and underpinned by business architecture. The intent of the video was not to be comprehensive but rather to provide a starting point for looking at such challenges.

What 9/11 Taught Us About Leadership in a Crisis (Stanley McChrystal and Chris Fussell): Must-read wisdom for leading during these unprecedented times. “Our greatest leaders emerge from the darkest moments.”

Strategy Under Uncertainty (McKinsey): A classic piece with great relevance now: Strategy in a time of uncertainty. The article lays out a framework and four different levels to help organizations to make decisions on the way forward.

Leverage Points: Places to Intervene in a System (Donella H. Meadows): An absolutely brilliant piece based on systems-thinking on how to address complex problems – in ways that challenge our usual thinking. “… ‘leverage points’ are places within a complex system (a corporation, an economy, a living body, a city, an ecosystem) where a small shift in one thing can produce big changes in everything.”

Using Models to Stay Calm in Charged Situations (Farnam Street): Mental models are valuable tools you can use to navigate through challenging or confusing situations with objectivity and improved success.

Leveraging Business Architecture For Crisis Management (BrightTALK by William Ulrich): A talk on crisis response challenges at a major financial institution and the role business architecture should play in addressing a variety of related scenarios.

Applying Past Leadership Lessons to the Coronavirus Pandemic (McKinsey): Three seasoned leaders describe what they learned from managing through past crises.

How to Be Your Best Self in Times of Crisis (TED Talk): Check out this special TED Talk virtual conversation where psychologist Susan David answers questions from people around the world in the midst of the coronavirus pandemic. Susan shares some deep wisdom on how to build resilience, courage and joy in the midst of this unprecedented time. “Life’s beauty is inseparable from its fragility. ” BTW, here’s another fantastic TED Talk by Susan on The Gift and Power of Emotional Courage. Sawubona.

Happy Birthday, StraightTalk!

Three years ago, April 3, 2017, we launched our first StraightTalk blog post. Today, we have subscribers located in 6 continents in more than 26 countries, with extended readership through social media and sharing among colleagues.

To all of you who subscribe, read and share the blog with others—THANK YOU for being on this journey with us. Thank you for your engagement and for the kind words you have shared. It is our joy and honor to continue producing the content that gets to the heart of all things business architecture. Here’s to another great year of StraightTalk and continued growth of the discipline we are all so passionate about!

How can you help? Keep reading and share it with a friend! If you know someone who would find value in the straight talk on business architecture, here’s a link for them to sign up: bit.ly/ST-sign-up.

Remember that all past installments of StraightTalk are always available for you in our archives, too.