Mapping the Enterprise Architecture Principles in TOGAF to the Cybernetic Concepts – An Exploratory Study

Mohammad EsmaeilZadeh

Unversity of New South Wales at Australian Defence Force

Academy m.esmaeilzadeh@student.adfa.

edu.au

Gary Millar Unversity of New South Wales

at Australian Defence Force Academy

G.Millar@adfa.edu.au

Edward Lewis Unversity of New South Wales

at Australian Defence Force Academy

E.Lewis@adfa.edu.au

Abstract

Although principles are a key concept in the definition of Enterprise Architecture (EA), they have not received the same degree of attention as other EA concepts. The notion of EA principles (EAP) is suffering from the lack of a theoretical foundation that provides a logical framework for defining them.

Stafford Beer’s Viable System Model (VSM) and its application to IT governance, the Viable Governance Model (VGM), have shown to be comprehensive blueprints for designing viable organizations and IT governance arrangements, respectively. The purpose of this paper is to explore whether the principles of cybernetics can provide a theoretical basis for interpreting EA principles derived through practice. This paper maps the principles defined in the Open Group’s TOGAF to theoretical concepts drawn from the VSM/VGM and cybernetics. The paper concludes by identifying possible shortfalls in the existing set of principles and the need to develop a theoretical framework to overcome them. 1. Introduction

Among the many different definitions of Enterprise Architecture (EA), the most widely used is that of TOGAF which is based on the ISO/IEC 42010 definition of architecture [1]: ‘‘The fundamental organization of a system, embodied in its components, their relationships to each other and the environment, and the principles governing its design and evolution.’’

This definition indicates that principles represent an essential element of an EA. The literature also supports this view (see e.g., [2-4]). Some researchers, such as Hoogervorst, even believe that principles are the main element in the definition of EA [5]: “architecture is a coherent and consistent set of principles and standards”. However, despite their perceived importance, EAPs have received less attention than other EA concepts such as models and views (e.g. [2, 6-7]).

In recent years, several researchers have begun to investigate the domain of EA principles [2, 6-8]. Their studies are primarily concerned with finding a common definition, classifying EAPs, or collecting different types of EAPs. Stelzer [6] reviewed the different studies related to EAPs and identified the following limitations: the lack of an appropriate definition for EAP, the lack of a theoretical basis for developing them, and the lack of a set of generic EA design principles. Aier et al. [7] studied different approaches to defining EA principles and proposed a meta-model defining EA principles. Proper et al. [2] believed that EA is an integral part of the governance of an enterprise and its transformation. They regarded EAPs as the normative instruments in restricting design freedom in enterprise transformation. They provided a framework to position the different types of principles, and highlighted their role in EA. Lindstrom [8] proposed a reference model for IS/ICT responsibilities and related this model to architecture principles and exemplified them by some architecture principles, i.e. interoperability and data quality. She also proposed a set of guidelines to define and manage architecture principles.

However, despite these advances in defining EAP, there is no theoretical basis for proposing a coherent set of EAPs or guidelines to define them. The main goal of our research is to establish whether cybernetic principles, especially those embodied in the VSM/VGM, can provide a sound theoretical basis for deriving a robust set of EAPs. As the first step in reaching this goal, this paper explores whether EAPs established through practice can be explained using fundamental cybernetic concepts. 2. Principles in TOGAF

The main source for EAPs is TOGAF [21], which is available on The Open Group website [4]. These principles are usually adapted and customized by organizations as their EAPs. However, there are other

2012 45th Hawaii International Conference on System Sciences

978-0-7695-4525-7/12 $26.00 © 2012 IEEE

DOI 10.1109/HICSS.2012.422

4703

2012 45th Hawaii International Conference on System Sciences

978-0-7695-4525-7/12 $26.00 © 2012 IEEE

DOI 10.1109/HICSS.2012.422

4270

collections such as that in the US Government's Federal Enterprise Architecture Framework (FEAF) [9]. Greefhorst and Proper have recently proposed a set of principles based on an extensive study of “real-world architectures” [10]. As the main goal of this research is to propose a theoretical framework for explaining the existing EAPs, we focus on TOGAF’s principles in this paper, leaving other sets of principles for future work.

TOGAF defines EAP as [4]: “general rules and guidelines, intended to be enduring and seldom amended, that inform and support the way in which an organization sets about fulfilling its mission.” TOGAF notes that principles may be established at three levels: enterprise principles, IT principles and architecture principles. These sets of principles form a hierarchy, in that IT principles will be informed by, and elaborate on, the principles at the enterprise level; and architecture principles will likewise be informed by the principles at the two higher levels. TOGAF defines each EAP in a standard representation that includes: name, statement, rationale, and implications.

The alignment between business objectives and IT capabilities is an important key in defining principles in TOGAF. Specifically the following sources for developing the architecture principles are highlighted: enterprise mission and plans, enterprise strategic initiatives, external constraints, current systems and technology, and computer industry trends. TOGAF emphasized that principles should be few in number, future-oriented, and endorsed and championed by senior management. A good set contains principles that are understandable, robust, complete, consistent, and stable. 3. The VSM

Originally, cybernetics was defined as the science of communication and control in animals and machines [11]. In contemporary usage, cybernetics refers more broadly to the study of control and communication in systems, including socio-technical systems such as organizations. When applied to organizational systems, it has been referred to as the science of effective organizations [12]. For a comprehensive list of the most common principles of cybernetics and system thinking refer to [13].

Among these principles, one of the most influential concepts in organization theory is Ashby’s law of requisite variety: “Control can be obtained only if the variety of the controller is at least as great as the variety of the situation to be controlled” [14]. Variety is the measure of the number of different states within a system [12]. The variety of a system depends on the

context in which it is embedded, and also who is observing that system. Contemporary organizations are embedded in complex, dynamic environments. Therefore in order to cope with substantial variety, organizations need variety attenuator to reduce or filter the variety arising from the environment [12]. On the other hand, the organization needs to deploy variety amplifiers to amplify its own variety to increase its influence over the environment.

Applying the laws and principles of cybernetics, especially requisite variety, to the design of effective organizations, Stafford Beer formulated the Viable System Model (VSM) as a blueprint for designing organizations that are able to survive and thrive in a changing environment [12, 15-18]. VSM integrates into a coherent framework an array of cybernetic concepts, including: feedback, communications, variety, recursion, viability, autonomy, autopoiesis, self-regulation, self-organization, and learning [19].

The model comprises five main functions or systems: Policy, Intelligence, Control, Co-ordination, and Operations. Beer labeled these management functions Systems 5 to 1 respectively. A sixth function, Audit, is labeled 3* to indicate that it is a sub-system of System 3. These six functions are linked through a series of communication channels or information flows. The VSM is schematically represented in Figure 1.

Figure 1. The Viable System Model (VSM)

(Adapted from [17]) The five systems of the VSM represent the five

invariant functions of a viable organization; they do not necessarily represent discrete organizational

47044271

groupings or units. Two or more functions may be carried out by the same individual or unit. However, they MUST be carried out if the organization is to remain viable [12]. Another defining feature of VSM is its recursive nature. Stafford Beer’s Recursive System Theorem states that: “in a recursive organizational structure, any viable system contains, and is contained within, a viable system” [15].

The Viable Governance Model (VGM) adapts the VSM to one aspect of organizational control, namely IT governance [19]. The VGM is used to formulate a series of design propositions or principles that may be used to guide the design and implementation of specific IT governance arrangements. The VGM specifies the invariant sub-systems of an effective system of IT governance, together with the design principles to be followed when implementing a particular system. In defining the VGM, value creation and value preservation (or risk management) are the ultimate sources of organization viability, and therefore, their realization is the primary purpose in the VGM.

A key benefit of the VGM is the alignment between IT and business that it encourages. The VGM emphasizes that the IT function should be modeled as a service unit, not an operational unit (i.e., an embedded viable unit), unless IT is part of the organization’s value chain. A list of the most important design propositions for IT governance in VGM is given in [20]. There is a move to regard Enterprise Architecture as the planning of all resources, including people, not just information technology [21]. This fact must be considered when using the IT governance concepts, and specially the VGM, in the context of EA. 4. Developing EAPs based on the concepts of VSM and VGM

Two recent studies have used the VSM as a suitable theory for investigating facets of enterprise architecture (e.g. [22-23]). Looking for a holistic and integrated management of the different concepts in EA, Buckl et al. [22] approach the topic of EA management from a cybernetic point of view. Their research is primarily concerned with the management of EA and how EA forms and is embedded in a viable system. Graves [23] uses VSM to investigate Service Oriented Architecture (SOA). Aiming to extend EA frameworks beyond IT-systems, Graves used systems-theory, and especially the VSM, to improve the design and delivery of business services. He regarded services as viable systems and showed that using VSM concepts can be of direct benefit in providing simplicity and consistency in service design. Neither of these two

studies used the VSM as a conceptual framework for developing principles for EA.

In earlier definitions, EA is regarded as the blueprint for the architecture of an organization [5]. Similarly, the VSM is also a blueprint of an organization, one that is viable [16]. Given the potential overlap between these two concepts, the VSM/VGM may prove to be a useful theoretical foundation for developing EAPs.

In the first step, which is part of a broader research program, this paper will show how the existing heuristic principles defined by TOGAF can be mapped to the cybernetic principles embodies in the VSM/VGM. 5. Results

TOGAF Version 9 specifies a set of 21 principles categorized according to four domains: business, data, application and technology. The scope of this analysis is limited to the EAPs drawn from the business domain because of the embryonic stage of this research and the space limits of this paper. The complete list of EAPs is available in the Open Group web site [4].

The nine TOGAF business-domain principles are each examined in turn. First, the name, statement and rationale of each principle, as defined by TOGAF, are presented. This presentation is followed by an analysis of how the principles can be mapped to the concepts of cybernetics, as exemplified in the VSM or VGM. The mapping may not be one-to-one, i.e., one fundamental cybernetics concept may have explanatory power for one or more EAP.

In this approach, the implications sections of the EAP definitions are not examined. Although the implications statements are important, they are primarily concerned with issues related to the following the principles, rather than justifying the principles [4]. Implications statements address organization-specific aspects of the principles [10].

Table 1 shows a summary of the comparison between the EAPs of TOGAF and the related cybernetics concepts. The following paragraphs give the analyses of these TOGAF business principles through the concepts of cybernetics or VSM/ VGM.

5.1. Principle 1: Primacy of Principles

Statement: These principles of information management apply to all organizations within the enterprise.

Rationale: The only way we can provide a consistent and measurable level of quality information

47054272

Table1. Comparison of TOGAF’s EAPs with cybernetics, VSM and VGM concepts

EA principle in TOGAF Cybernetic principle, VSM and VGM concept 1. Primacy of Principles Viability, Recursion. 2. Maximize Benefit to the Enterprise Viability, Cohesion. 3. Information Management is Everybody’s Business Recursion, Cohesion, Coordination. 4. Business Continuity Homeostasis, Viability, Value Preservation 5. Common Use Applications Cohesion, Coordination 6. Service Orientation IT as a service unit 7. Compliance with Law Recursion, Audit 8: IT Responsibility IT as a service unit 9: Protection of Intellectual Property Viability, Value preservation

to decision-makers is if all organizations abide by the principles. Analysis: The VSM is based on the concept of viability. That is, to remain viable (i.e., to survive) the laws and principles embodied in the VSM must be complied with. Furthermore, because the VSM is a recursive model, all subsystems of the VSM must be viable too; that is, they too must comply with the same invariant principles as the containing system. Therefore, if the principles of cybernetics are used to derive a set of principles for EA, these principles must apply to all organizations within the enterprise. 5.2. Principle 2: Maximize Benefit to the Enterprise

Statement: Information management decisions are

made to provide maximum benefit to the enterprise as a whole.

Rationale: This principle embodies ‘‘service above self’’. Decisions made from an enterprise-wide perspective have greater long-term value than decisions made from any particular organizational perspective. Maximum return on investment requires information management decisions to adhere to enterprise-wide drivers and priorities. No minority group will detract from the benefit of the whole. However, this principle will not preclude any minority group from getting its job done.

Analysis: This principle can also be mapped to the concept of viability. Stafford Beer stated that “the viable system is a system that survives. It coheres; it is integral”[18]. That is, the enterprise and its embedded business units or service units must act in a coherent and integrated manner. Furthermore, when describing the embedded organizational units, Beer noted that one of the primarily purpose of the enterprise is to “get the most out of … [the sub-units] … as the systemic machinery can deliver.” [18]. That is, the VSM seeks to ensure that the whole is more than the sum of its

parts by exploiting organizational synergies. Therefore, decisions related to information management should optimize value at the enterprise level, rather than business-unit level.

5.3. Principle 3: Information Management is Everybody’s Business

Statement: All organizations in the enterprise

participate in information management decisions needed to accomplish business objectives.

Rationale: Information users are the key stakeholders, or customers, in the application of technology to address a business need. In order to ensure information management is aligned with the business, all organizations in the enterprise must be involved in all aspects of the information environment. The business experts from across the enterprise and the technical staff responsible for developing and sustaining the information environment need to come together as a team to jointly define the goals and objectives of IT.

Analysis: The Viable System Models provides multiple mechanisms for ensuring both the horizontal and vertical integration of the enterprise. Vertical integration is ensured through the recursive nature of the model, which facilitates the negotiation of objectives and resources between the management units at different layers of recursion. Horizontal integration is facilitated through the coordination function, which requires sub-organisational units at the same recursive layer to negotiate and coordinate their activities such that they collectively optimise the enterprise as a whole. Consequently, the VSM promotes the participation all relevant major organisational units in key management decisions, including those related to the management of IT. The VGM details the specific mechanisms that may be used for the governance of IT within a complex, multi-tiered enterprise.

47064273

5.4. Principle 4: Business Continuity

Statement: Enterprise operations are maintained in

spite of system interruptions. Rationale: As system operations become more

pervasive, we become more dependent on them; therefore, we must consider the reliability of such systems throughout their design and use. Business premises throughout the enterprise must be provided with the capability to continue their business functions regardless of external events. Hardware failure, natural disasters, and data corruption should not be allowed to disrupt or stop enterprise activities. The enterprise business functions must be capable of operating on alternative information delivery mechanisms.

Analysis: A viable system is one that is able to survive and thrive in its given environment. An important cybernetic concept embedded in the VSM is that of homeostasis. Homeostasis refers to the capacity of a system to maintain certain key parameters (e.g., cash flow in the case of a commercial enterprise) within a defined range despite disturbances or shocks in the environment. That is, a viable system has mechanisms in place to absorb and recover from disturbances in its environment. Within the VGM [19], the viability of an organisation is realised through two concepts: value creation and value preservation. Provided the organisation continues to contribute value to its environment (i.e., external stakeholders) its survival is assured. In the context of IT, value preservation, or risk management, encompasses the objectives of business continuity.

5.5. Principle 5: Common Use Applications

Statement: Development of applications used

across the enterprise is preferred over the development of similar or duplicative applications which are only provided to a particular organization.

Rationale: Duplicative capability is expensive and proliferates conflicting data.

Analysis: As discussed previously, one of the key objectives of the VSM is to ensure that the enterprise as a whole delivers more than the sum of its parts. That is, the VSM seeks to exploit synergies across its component parts through the functions of cohesion (System 3) and coordination (System 2). Within the IT domain, synergies or savings are realised through the use of common applications, as limited skills and resources can be shared across the enterprise. In terms of variety engineering, the complexity of the internal environment is significantly reduced through the reduction in the number of disparate and incompatible systems that need to be built, operated and maintained.

Within the business domain, synergies are realised through the sharing of business processes and data.

5.6. Principle 6: Service Orientation

Statement: The architecture is based on a design of

services which mirror real-world business activities comprising the enterprise (or inter-enterprise) business processes.

Rationale: Service orientation delivers enterprise agility and Boundaryless Information Flow.

Analysis: Stafford Beer [18] made a clear distinction between operational units and service units. Operational units comprised the embedded organisational units that were viable systems in their own right. Within an enterprise, the operational units would be the component business units. Service units were organisational groups or departments that existed to provide a service to operational units and their component sub-systems. These include groups such as finance, marketing and human resources. One organisational group that Beer clearly identified as a service unit was the IT department [17]. That is, the IT department existed to provide a service to the enterprise and its embedded operational units. Therefore when developing the architecture it is appropriate to design it as services that reflect the business activities that it enables and supports.

5.7. Principle 7: Compliance with Law

Statement: Enterprise information management

processes comply with all relevant laws, policies, and regulations.

Rationale: Enterprise policy is to abide by laws, policies, and regulations. This will not preclude business process improvements that lead to changes in policies and regulations.

Analysis: An enterprise is just one link in a chain of recursive systems. A business, for examples, can be viewed as being contained within a broader industrial or national system, depending on the perspective of the interested observer. Therefore, to remain viable an enterprise must comply with the laws and regulations of its wider systems, otherwise it would lose its legitimacy and therefore its right to exist. Within the VSM, system 5 is responsible for promulgating policy statements that require the enterprise to comply with the objectives and constraints imposed by the broader systems in which the enterprise is embedded. As a critical part of the enterprise, information management processes must also comply with these policy statements. Within the VSM, system 3* (audit) is charged with monitoring the organisation compliance with applicable laws, regulations, and policies.

47074274

5.8. Principle 8: IT Responsibility

Statement: The IT organization is responsible for

owning and implementing IT processes and infrastructure that enable solutions to meet user-defined requirements for functionality, service levels, cost, and delivery timing.

Rationale: Effectively align expectations with capabilities and costs so that all projects are cost-effective. Efficient and effective solutions have reasonable costs and clear benefits.

Analysis: As discussed above, the IT function must be regarded as a service unit, not an operational unit. The IT department is not an independent “viable” unit because its purpose is to facilitate the operations of other organisational units. Tasked with the responsibility for owning and operating IT processes and infrastructure, it must accomplish its assigned responsibility with the objective of providing solutions that satisfy the needs of the business in a manner that is both effective and efficient.

5.9. Principle 9: Protection of Intellectual Property

Statement: The enterprise’s Intellectual Property

(IP) must be protected. This protection must be reflected in the IT architecture, implementation, and governance processes.

Rationale: A major part of an enterprise’s IP is hosted in the IT domain. Analysis: Viability encompasses the twin concepts of value creation and value preservation. Viability is maintained through the governance mechanisms, as reflected in the VGM. Within a contemporary organisation, a considerable amount of value may be attributed to its intellectual property that is hosted within its IT domain. If IT is more than a service unit because it is part of the enterprise’s value chain (that is, it is core or strategic) then it is a viable system in its own right and so its resources, such as the IP it embodies, should be protected through the architecture of a viable system. Therefore, to preserve this value, the IP of the enterprise must be adequately protected through architecture, implementation, and governance. 6. Conclusion and Future Research

This paper analysed the business principles of TOGAF according to the principles of cybernetics, especially those embodied in the VSM and VGM. This mapping found that the TOGAF business

principles could be examined and interpreted using the principles and concepts of cybernetics.

In this study we found that the existing EA principles have two critical limitations:

1. Existing sets of EAPs lack a theoretical foundation. EAPs, such as those proposed by TOGAF, are typically based on established practice or empirical research.

2. Existing sets of EAPs typically comprise a collection of principles that lack a means for structuring and classifying them. Furthermore, they lack any theoretical criteria for determining whether the set of EAPs is correct, consistent and complete.

This study has found that the principles of cybernetics can establish a suitable theoretical foundation for developing a cohesive set of EA principles. A future study will build on this research by deriving a set of EA principles using cybernetic principles and concepts. 7. References

• [1] ISO/IEC 42010: 2010 Systems and software

engineering - Architecture descriptions, International Organization for Standardization, Geneva, Switzerland

• [2] E. Proper and D. Greefhorst, "The Roles of Principles in Enterprise Architecture", Trends in Enterprise Architecture Research, vol. 70, Springer Berlin Heidelberg, 2010, pp. 57-70.

• [3] J. Schekkerman, Enterprise Architecture: Good Practices Guide: how to Manage the Enterprise Architecture Practice: Trafford, 2008.

• [4] TOGAF. 2009, The Open Group Architecture Framework, TOGAF Version 9, Available at: http://www.opengroup.org/togaf/

• [5] J. A. P. Hoogervorst, Enterprise governance and enterprise engineering: Springer Verlag, 2009.

• [6] D. Stelzer, "Enterprise Architecture Principles: Literature Review and Research Directions," in Service-Oriented Computing. ICSOC/ServiceWave 2009 Workshops. vol. 6275, A. Dan, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 12-21.

• [7] S. Aier, et al., "Construction and Evaluation of a Meta-Model for Enterprise Architecture Design Principles," presented at the 10th International Conference on Wirtschaftsinformatik,, Zurich, Switzerland, 2011.

• [8] A. Lindstrom, "On the Syntax and Semantics of Architectural Principles," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS '06, 2006, pp. 178b-178b.

• [9] FEA. 2007, Federal Enterprise Architecture (FEA) Available: http://www.whitehouse.gov/omb/e-gov/fea/

47084275

• [10] D. Greefhorst and E. Proper, Architecture Principles: The Cornerstones of Enterprise Architecture. Springer-Verlag Berlin and Heidelberg GmbH & Co. K, 2011.

• [11] N. Wiener, Cybernetics, John Wiley & Sons, New York, 1948.

• [12] T. Hilder, "The viable system model," Cavendish Software Ltd, 1995.

• [13] L. Skyttner, General Systems Theory: problems, perspectives, practice: World Scientific Pub Co Inc, Singapore, 2005.

• [14] W. R. Ashby, An introduction to cybernetics, Chapman & Hall, London, 1956.

• [15] S. Beer, Brain of the Firm- The Managerial Cybernetics of Organization, Allen Lane and Penguin Press, London, 1972.

• [16] S. Beer, "The viable system model: its provenance, development, methodology and pathology," The Journal of the Operational Research Society, vol. 35, 1984, pp. 7-25.

• [17] S. Beer, Diagnosing the system for organizations, John Wiley & Sons, Chichester, 1985.

• [18] S. Beer, The heart of enterprise, John Wiley & Sons, Chichester, 1994.

• [19] G. Millar, "The Viable Governance Model: A Theoretical Model of IT Governance within a Corporate Setting," DIT Unpublished doctoral dissertation, University of New South Wales, Canberra, 2009.

• [20] E. Lewis and G. Millar, "The Viable Governance Model: A Theoretical Model for the Corporate Governance of IT," International Journal on IT/Business Alignment and Governance, vol. 1, July-September 2010, pp. 19-35.

• [21] E. Lewis. 2011, Layrib: Planning Viable Systems, Available at: http://www.layrib.com/

• [22] S. Buckl, et al., "A viable system perspective on enterprise architecture management," in Systems, Man and Cybernetics, 2009. SMC 2009. IEEE International Conference on, 2009, pp. 1483-1488.

• [23] T. Graves, The Service-Oriented Enterprise: Enterprise Architecture and Viable Services. Tetradian Books, 2009.

47094276