ā± 6 min read
EA Governance Checklist
A Story from a European Pharmaceutical Company
When Architecture Became a Board-Level Concern
In 2023, a mid-sized European pharmaceutical company found itself in a paradox.
Scientifically, it was thriving. Commercially, it was expanding. Digitally, it was fragmented.
Over the previous decade, growth had come through acquisitions---research boutiques, regional manufacturing sites, specialty biotech startups. Each acquisition brought promising molecules, talented scientists, and its own IT landscape.
There were:
- Three ERP systems across different countries
- Two separate clinical data management platforms
- Multiple identity directories
- Conflicting integration patterns
- Overlapping SaaS subscriptions
- No authoritative enterprise architecture repository
On paper, there was an EA team. In practice, architecture was advisory.
The trigger event came during a regulatory submission. Data lineage inconsistencies between laboratory systems and reporting tools delayed approval. Investigations showed that integration shortcuts had been taken in a local project years earlier. integration architecture diagram
The board asked one question:
"Who approved this architecture?"
There was no documented answer.
That moment marked the beginning of true Enterprise Architecture Governance. Sparx EA best practices
What EA Governance Really Is
EA governance is not documentation. It is not modeling. It is not a technology catalog. ArchiMate for architecture governance
It is a decision framework.
EA governance defines:
- Who makes architectural decisions
- Which decisions require oversight
- How standards are enforced
- How risks are escalated
- How architecture aligns with strategy
- How traceability is maintained
In a regulated pharmaceutical context, architecture must withstand inspection.
Without governance, architecture becomes accidental. And accidental architecture becomes operational risk.
The EA Governance Checklist
The transformation was structured around eight governance domains.
1. Governance Structure & Decision Rights
Checklist
- Formal Architecture Board with executive sponsorship
- Written charter defining mandate and scope
- Documented RACI for architectural decisions
- Domain architect roles formally assigned
- Defined quorum and voting model
- Escalation mechanism to CIO/CTO
Impact
Architecture moved from optional advice to institutional authority.
2. Architecture Principles & Standards Enforcement
Checklist
- Clear enterprise architecture principles
- Approved technology standards catalog
- Lifecycle states (strategic, tactical, tolerated, sunset)
- Decommission roadmap for legacy systems
- Mandatory alignment between project design and reference architectures
Impact
Standards became investment constraints, not suggestions.
3. Architecture Review Lifecycle
Checklist
- Defined Architecture Review Board stages
- Mandatory review before funding approval
- Standard submission templates
- Risk-based review intensity
- Exception documentation process
- Decision log with audit trace
Projects submitted:
- Capability impact mapping
- System context diagrams
- Data classification mapping
- Integration architecture
- Security controls
- Regulatory impact statement
Governance became structured without becoming bureaucratic.
4. Data Governance Integration
Checklist
- Enterprise data ownership model
- Data steward assignment
- Data lineage documentation standards
- Master data governance integration
- Metadata repository alignment
- Audit-ready lineage traceability
Data accountability became explicit and defensible.
5. Portfolio & Investment Governance
Checklist
- Architecture validation before business case approval
- Capability-based investment planning
- Redundancy analysis during budgeting
- Technical debt tracking
- Architecture roadmap alignment
Architecture began influencing money---and therefore behavior.
6. Compliance & Risk Alignment
Checklist
- GxP impact assessment integrated into reviews
- Security risk assessment embedded
- Disaster recovery validation included
- Audit trail of architecture decisions
- Change traceability from requirement to infrastructure
Architecture artifacts became part of audit evidence.
7. Tooling & Repository Discipline
Checklist
- Central EA repository
- Version-controlled architecture artifacts
- Linkage between requirements and systems
- Integration/API catalog
- Regular model consistency reviews
Architecture became institutional knowledge.
8. Metrics & Continuous Improvement
Checklist
- \% of projects reviewed before funding
- \% technology standard compliance
- Application redundancy reduction
- Technical debt trend
- Average review cycle time
- Number of architectural exceptions
Architecture shifted from subjective to measurable.
Tangible Outcomes
Within 18 months:
- 22% reduction in application redundancy
- Reduced audit findings
- Improved integration consistency
- Faster review stabilization
- Improved executive confidence
Most importantly, architecture gained institutional legitimacy.
Final Reflection
EA governance is not about control.
It is about:
- Making architectural decisions explicit
- Reducing systemic risk
- Aligning technology to strategy
- Protecting regulatory integrity
- Preventing accidental complexity
If architecture decisions are not governed, they are accidental.
And accidental architecture becomes enterprise risk.
For expert guidance on enterprise architecture, explore our TOGAF training, ArchiMate training, Sparx EA training, and consulting services. Get in touch.
Governance that accelerates rather than blocks
Architecture governance adds value when it prevents costly mistakes ā duplicate technology purchases, incompatible integration patterns, non-compliant data handling. It destroys value when it becomes a bottleneck that slows delivery without proportional risk reduction. The difference is speed and proportionality. modeling integration architecture with ArchiMate
Implement tiered governance: low-risk changes (adding an optional field to an API, deploying a patch, updating documentation) are auto-approved through automated checks. Medium-risk changes (new service deployment, technology adoption within approved categories, non-breaking API changes) get 48-hour review by the assigned architect. High-risk changes (new technology category, breaking API changes affecting multiple consumers, cross-domain data access) get full Architecture Review Board discussion at the next scheduled meeting. application cooperation diagram
Measure governance effectiveness quarterly: review turnaround time (target: under 48 hours for medium-risk), bypass rate (teams making changes without review ā indicates governance is too slow), and decision quality (percentage of decisions that hold versus require reversal within 6 months).
Frequently Asked Questions
What is architecture governance in enterprise architecture?
Architecture governance is the set of practices, processes, and standards that ensure architecture decisions are consistent, traceable, and aligned to organisational strategy. It typically includes an Architecture Review Board (ARB), architecture principles, modeling standards, and compliance checking.
How does ArchiMate support architecture governance?
ArchiMate supports governance by providing a standard language that makes architecture proposals comparable and reviewable. Governance decisions, architecture principles, and compliance requirements can be modeled as Motivation layer elements and traced to the architectural elements they constrain.
What are architecture principles and how are they modeled?
Architecture principles are fundamental rules that guide architecture decisions. In ArchiMate, they are modeled in the Motivation layer as Principle elements, often linked to Goals and Drivers that justify them, and connected via Influence relationships to the constraints they impose on design decisions.