Capability modelling has become something of a de facto standard within contemporary Enterprise Architecture practice. Capability-based planning is also a proven tool when it comes to change portfolio management and the development of strategic roadmaps. However, I wonder if we architects aren’t guilty at times of being overzealous in our readiness to label anything that a business does or needs as a ‘business capability’, resulting in capability models that are in reality a mixture of capabilities, services, business functions and processes? Although the concept ‘business function’ might be considered ‘old school’ and only ‘reinforcing siloed architectures’, it becomes crucially important when we want to describe how an enterprise needs to organise itself in order to operate a given business model. Moreover, the term ‘function’ is highly overloaded, meaning different things to different people in different contexts adding to confusion with similar ideas and a lack of precision in its use.
The recent disclosure of a multi-billion dollar trading loss at JPMorgan Chase reminds us again of the challenge and complexity of risk management, the subject of our June 2012 HBR article, “Managing Risks: A New Framework.” Many people, including quite a few U.S. legislators and regulators, believe that risks can be managed by establishing and following rules, standards and guidelines. But for certain categories of risk, this is a false and dangerous assumption.
Our article classifies risks based on their degree of controllability and their connection to the strategy. We identify and describe three categories of risk: preventable risks, strategy risks, and external (non-preventable) risks. Each requires customized risk management processes.
A rules and compliance-based approach may work well for managing preventable risks, but is inadequate for strategy and external risks as companies that failed during the financial crisis illustrated all too well. The compliance-oriented risk manager of a failed U.K. bank observed that his organization had “a cultural indisposition to challenge” and that the task of “being a risk and compliance manager…felt a bit like being a man in a rowing boat trying to slow down an oil tanker.”
Source: Managing Risks: A New Framework