Building a House Without Plans is a Disaster Waiting to Happen

Add bookmark

Craig Libby

Just as with building a house, it would be ill advised to construct the house without a blueprint and plans. Yet, many businesses do something like that. Third Party Risk programs, especially associated with procurement departments, should have a business design. An architecture with all the required pieces and an understanding of how well each piece is performing is key to making better investment decisions in building out a Third Party Risk Management program.

The term business architecture is not new, but there are many who haven't heard of it or if they have, may not know what it is, why it is important and how to develop one. We will walk through the basics of business architecture as it relates to Third Party Risk Management and Procurement so you can hit the ground running; or if you already have a program, check where you are against what we cover.

Let’s first get some basic terms out of the way.

From The Business Architecture Guild BIZBOK (Business Book of Knowledge):

What is Business Architecture?

The Business Architecture Guild states…"Business architecture represents holistic, multidimensional business views of: capabilities, end-to-end value delivery, information, and organizational structure; and the relationships among these business views and strategies, products, policies, initiatives, and stakeholders."

Think of business architecture as the best way to effectively execute strategy. William Ulrich and Whynde Kuehn, partners at Business Architecture Associates show the flow as….

What is the Value of Business Architecture?

The value of business architecture is multifold. It provides the best representation of what a business does, an analysis tool for translating strategy into actionable initiatives, enhances capacity to enact transactional change, navigate complexity, reduce risk, make more informed decisions, align diverse stakeholders to a shared vision of the future, and leverage technology more effectively.

With all that, many still do not fully implement, let alone understand, business architecture. So why?

Why Business Architecture Can Be Confusing

Ulrich and Kuehn explain that business architecture requires a new way of thinking and understanding of business vs. the traditional organizational chart. The main aspects of business architecture include capabilities, information, value streams and organization. Additional elements include strategies, initiatives, metrics, products, polices and stakeholders. All help represent the business better than an organizational chart.

Joe Ryan, Visiting Professor of Management, ­­Vanderbilt’s Owen Business School explains why It is difficult to effectively execute strategy:

  • Unclear strategy and/or inadequate strategic thinking by the company leaders
  • Lack of top management support for initiatives
  • Not having an implementation model­­
  • Dysfunction separation of planning and doing
  • Too many initiatives
  • Failure to kill projects and re-allocate resources
  • Lack of understanding of organizational structure and its role in strategy implementation as both a restraining and enabling factor
  • Inappropriate incentives: rewarding the wrong things
  • Not managing change effectively
  • Over-promising and pie in the sky communication


Business architecture addresses most of the above issues Ryan lists.

Ulrich and Kuehn frame business architecture as normally going hand-in-hand with the business operating model in helping determine the right investments and resources applied to best execute the business strategy:

Where Can Business Architecture Be Applied?

So, what areas could business architecture be used for? According to Ulrich and Kuehn, plenty:

  • Investment Analysis
  • Shift to Customer-Centric Business Model
  • Digital Transformation
  • Merger and Acquisition Analysis
  • New Product / Service Rollout
  • Globalization
  • Business Capability Outsourcing
  • Supply Chain Streamlining
  • Divestiture
  • Regulatory Compliance
  • Change Management
  • Operational Cost Reduction
  • Joint Venture Deployment
  • Customer Experience Improvement
  • IT Portfolio Investment Analysis


How Is Business Architecture Applied To Third Party Risk Management (TPRM)?

Now that you have a better understanding of the what and why of business architecture, lets apply it to Third Parties. Narrowing our focus of business architecture on TPRM, we can look at the value stream of procurement (based on the U.S. Office of the Comptroller of the Currency regulatory body):



From the diagram, it is clear there are a number of stakeholders, as well as a number of capabilities just in the due diligence portion. How well a company performs these capabilities is paramount to the quality of selecting the right third party. By assessing each area, the business can identify strengths and weakness in their due diligence and Third Party Selection portion of their value chain, based on regulatory requirements, for example. From there, the business can assess what strategic objectives and associated initiatives are in place to improve these hotspots, as well as what level of investment and types (process, people, policies, information, technology, organization, etc.).

While the specific tools and techniques of business architecture are too numerous and detailed for this discussion, it is clear that it can address many of the issues and difficulties Ryan provided.

Common, visual understanding of how a department and business operates, and how well (or poorly), is key.


Just as you wouldn’t try to build a house or remodel a room without a plan, neither should you build and run your business without one!