This is the third and final installment in a series on how business architecture can be used to catalyze, embed and enforce key sustainability, legal and ethical considerations into an organization’s DNA. In this StraightTalk post, we explore how organizations can leverage business architecture to ensure ethical decision-making and actions. 

What are ethics again?

Ethics is defined as “a moral philosophy or code of morals practiced by a person or group of people.”¹ An example of ethics is a Code of Conduct established by an organization.

The purpose of ethics then is to “define acceptable human behavior through knowing the types of actions, its consequences, and the limits of both humans and actions, as well as their acceptability.”²

So, if we extend this concept, business ethics are moral principles that guide the way an organization behaves (that applies to all types of organizations: for-profit, non-profit and governmental). And business ethics are the focus of this StraightTalk. Business ethics (a.k.a. corporate ethics) is “a form of applied ethics or professional ethics, that examines ethical principles and moral or ethical problems that can arise in a business environment.”³

Ethics help an organization to distinguish between “right” and “wrong,” and make good choices.

Is that all there is to it?

While ethics guide organizations to make the “right choices,” (which is not easy or obvious in all cases), there is a bigger picture here. For example, in our digital world where people are deciding how to use artificial intelligence (AI), Technological Social Responsibility (TSR) requires organizations to create “a conscious alignment between short- and medium-term business goals and longer-term societal ones.”⁴ From a bigger lens, there is Corporate Social Responsibility (CSR), and the even bigger lens of sustainability as an underlying mindset and way of working. (Check out Part 1 of this series on business architecture + sustainability for more.)

So, ethics might keep us out of trouble, but we should all be considering the bigger picture of how the decisions we make and the actions we take today will affect each other and generations to come, across the globe.

How can business architecture help organizations with ethical decision-making and actions?

First, let’s remember why business architecture is so useful for embedding concepts like ethics (and compliance and sustainability) into an organization’s DNA.

• One. Business architecture is big picture and it’s all about the business. Business architecture is the one set of enterprise-wide blueprints an organization has, which are agreed-upon across business units, truly business-focused and intentionally high-level-so-we-can-see-the-forest-from-the-trees.
• Two. Business architecture brings people together. Business architecture gives everyone a shared vocabulary and mental model of what the organization does. Concepts like ethics, compliance and sustainability (among others like transformation and innovation) require a way to collaborate and share responsibility across business units. An organization’s business architecture transcends business units and helps everyone to coordinate and ensure that important things like ethics are embedded and considered in the right places, at the right times, with the right people.
• Three. Business architecture is the great connector. With capabilities and value streams, in particular, they provide one common, enterprise-wide framework (that everyone agreed to!), which we can hang everything off of. It gives us repeatable, defensible knowledge of the end-to-end traceability between everything. For example, as organizations leverage artificial intelligence, let’s think about the increasing need to know, prove and govern the algorithms in place — and within a business context. As illustrated below, we could readily identify the traceability related to an algorithm like the business capability it is enables (e.g. Agreement Eligibility Determination), the value stream(s) in which it is used for delivering value (Acquire Product), the business unit(s) involved (Group Sales), the ethics, policies and rules that guide it (Non-Discrimination Policy), and the technology in which it resides (Sales System). (More on business architecture as a connector here in Post No. 53.)

P.S. If you’re new to business architecture, StraightTalk has you covered. Start with Posts No. 1 (what), No. 2 (why) and No. 3 (more on why). To learn a bit more about how it’s created, check out Posts No. 17, No. 18 and No. 51. And for a bit more on how to use it, see Posts No. 55 and 56. 

Details, details.

Following on from the overall concepts above, here are just a few ways in which business architecture – and business architects – can help their organizations with ethics:

• Ethical Decision-Making — Business architecture/architects can enable good decision-making by helping leaders and other people within the organization to understand the big picture as well as the potential impacts and implications of their direction and decisions. In addition, business architecture/architects can also help leaders with TSR so they can make the appropriate balance between short- and medium-term business goals versus longer-term ones for the organization and society. Business architecture/architects can also help to pinpoint where ethics apply within the organization (in business language) as well as identify any ethics gaps and facilitate their closure.
• Ethics Transparency — Business architecture/architects can track and demonstrate where ethics and policies are applied within a business context – now super important in our digital world. (Refer to the diagram above.)
• Ethics Consideration and Enforcement — Business architecture/architects facilitate consideration for relevant ethics and policies, and within a business context. An organization’s business architecture acts like a fabric that weaves concepts together, so it ensures that ethical considerations are always brought to the forefront in the right conversations, with the right people, and at the right time. For example, anytime a capability (or value stream) is touched related to any initiative or change, the corresponding ethics are considered. If applicable, business architects can also raise potential ethics concerns in a fact-based manner. In addition, business architects can help to integrate ethics implementation plans (e.g., a workforce development strategy) into strategy execution, and ensure they harmonize with other initiatives. This is of course because business architecture plays a critical role as a bridge between strategy and execution. It ensures that new initiatives are scoped and sequenced holistically and that they are coordinated with any existing initiatives. (More on business architecture’s role in strategy execution here in Posts No. 3, No. 50 and No. 9.)
• Ethics Leadership – Finally, business architects can expand and inspire an organization’s view of ethics to a greater responsibility around TSR, CSR and sustainability. They can also lead by example by creating and adhering to their own Code of Ethics.

Here is a handy diagram that summarizes all of that.

Are you saying we should have ethics for ourselves as business architects?

Yes. Going a little bit meta here. As a profession, all enterprise architects including business architects, should work towards creating an ethical profession and reflect on how we contribute to the bigger picture in business and society.

Paul Preiss, CEO and Founder of Iasa Global, is a leader in thought and action on this topic (and many others) and what it takes to formalize architecture as a profession. Check out one of his articles here on The Pathway to Ethical Architecture where he lays out critical steps we could take to create an ethical profession. Also, see the proposed Code of Ethics for certified architects as a starting point as well.

What next?

Seek out the people within your organization who are responsible for ethics (they may not all be readily obvious). Let them know how you can help make their jobs easier based on the ideas above and of course all of your own.

Identify current or emerging gaps where ethics are needed within your organization (especially as it increasingly leverages technology) and lead the conversations to ensure that the right things are done both now and in the future. Let them know how you can help.  

Care about this topic, keep learning and take action. Because our world and generations to come really need you to. It’s not just up to “leaders.” You can lead from any position. Start with yours.

Walk the talk and inspire others. Write your own Code of Ethics for the business/enterprise architect role in your organization, share it, follow it, and be accountable to it. Start a conversation about a shared global Code of Ethics for business/enterprise architects.

More Good Stuff

Can Artificial Intelligence Help Society As Much As It Helps Business? (McKinsey): On the concept of embracing Technological Social Responsibility (TSR) as a new business imperative for the AI era.

Center For Humane Technology (website): A fantastic set of resources and perspectives to help us keep humanity first with our technological advancements. For example, check out this video of Tristan Harris giving testimony at a United States Senate Hearing On Persuasive Technology. 

Towards An Ethics of Artificial Intelligence (UN Chronicle): “AI is humanity’s new frontier. Once this boundary is crossed, AI will lead to a new form of human civilization…While AI is an astonishing asset for the responsible development of our societies, it also gives rise to major ethical issues. How can we ensure that algorithms do not infringe fundamental human rights – from privacy and data confidentiality to freedom of choice and freedom of conscience? Can freedom of action be guaranteed when our desires are anticipated and guided? How can we ensure that social and cultural stereotypes are not replicated in AI programming, notably when it comes to gender discrimination? Can these circuits be duplicated? Can values be programmed, and by whom? How can we ensure accountability when decisions and actions are fully automated? How do we make sure that no one – wherever they are in the world – is deprived of the benefits of these technologies? How do we ensure that AI is developed in a transparent way, so that global citizens, whose lives it affects, have a say in its development?”  What should the role of the United Nations be related to the ethics of artificial intelligence?

President Barack Obama on How Artificial Intelligence Will Affect Jobs (Wired): A video interview with Barack Obama on AI and how societies can adapt.

How Do You Govern Machines That Can Learn? Policymakers Are Trying to Figure That Out. (New York Times): “Regulation is coming. That’s a good thing.” And policymakers are now trying to get their arms around it.

Business Ethics (website): The magazine of corporate responsibility with loads of great resources.

Tech For Good: Using Technology to Smooth Disruption and Improve Well-Being (McKinsey): How technology can be used to improve key areas of well-being.

The Pathway to Ethical Architecture (Paul Preiss): Just in case you missed it above, this article lays out critical steps we could take to create an ethical architecture profession.

Brave New World of Digital Ethics: Who’s Deciding Our Technology Rules? (Voice America Broadcast): Interviews with futurists Frank Diana, John H. Shannon, Dan Wellers and others on digital ethics and the larger questions of how we should employ technology, what risks new technology may bring, and what the arrival of these new futures means to us as humans.

Creating Ethical Cultures In Business (TED Talk): An important TED talk by Brooke Deterline on finding the courage and skills to act on our values in the face of fear when it really matters.

---

Citations

¹ Your Dictionary: www.yourdictionary.com/ethics

² Quora: www.quora.com/What-is-the-purpose-of-ethics

³ Wikipedia: en.wikipedia.org/wiki/Business_ethics

⁴ McKinsey: www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/can-artificial-intelligence-help-society-as-much-as-it-helps-business

In our StraightTalk three-part series, we examine how business architecture can be used to catalyze, embed and enforce key sustainability, legal and ethical considerations into an organization’s DNA. In this post, our second installment, we’ll explore how organizations can leverage business architecture to enable policy making and compliance.

First things, first. What’s a policy?

We’ll refer to a policy in an all-encompassing way as the BIZBOK^® Guide does, which simplifies the discussion and raises it up a level. The BIZBOK^® Guide defines a policy as “A course or principle of action adopted or proposed by a government, party, business, or individual.”

This means that policies may be external, such as laws, regulations, industry agreements, treaties, etc. Or, they may be internal, such as internal policies, procedures and so forth. What is considered external and internal in this case is framed from the perspective of a specific organization. Of course, organizations such as governmental bodies that make policy will have another perspective on this, but business architecture can help in each case.

So then, how can business architecture help?

Compliance and ethical thinking should be embedded into the DNA of an organization and will ultimately improve business performance from the bigger picture perspective. (Just like sustainable thinking should be embedded, as we looked at in Post No. 58.) As a Reuter’s article entitled, “Putting Policies Into Place: Seven Principles of Policymaking Practice,” (7 November 2018) points out:

If policies and procedures are to be an effective part of the governance, they have to be part of the DNA of the firm, part of what we hear referred to as ‘the culture of compliance’, or the ‘risk management culture.’ Culture has to come from the top; it has to radiate from the centre out.”

So, let’s revisit why business architecture – the one set of enterprise-wide blueprints an organization has which are agreed-upon across business units, truly business-focused and high-level-so-we-can-see-the-forest-from-the-trees – can be so useful for embedding policies and compliance thinking into an organization.

• First, business architecture is all about transparency. The entire point of it is to give everyone the same view of what the organization does. And, as part of that transparency, business architecture shows the traceability between everything, like which capabilities are affected by which policies, or which business units have which policies, or which processes and systems are currently supporting which policies. And much more.
• Second, business architecture brings people together. Effective policy management requires a shared responsibility across an organization – across reporting levels, across teams, across geographies. An organization’s business architecture transcends business units and helps everyone to coordinate by seeing what they do that is the same or similar, and where they intersect.
• And one more thing, business architecture is the great connector. That makes it super useful as a structure to ensure important things like policies are embedded and considered in the right places, at the right times, with the right people. With capabilities and value streams in particular, they provide one common, enterprise-wide framework (that everyone agreed to!) which we can hang everything off of. So for a capability like Customer Information Management, we can get a birds-eye view of everything related to it: like what policies apply, what business information is required, which business units and stakeholders are involved, what products are enabled, and what current strategies and initiatives are in play. (More on business architecture as a connector here in Post No. 53.)

P.S. If you’re new to business architecture, StraightTalk has you covered. Start with Posts No. 1 (what), No. 2 (why) and No. 3 (more on why). To learn a bit more about how it’s created, check out Posts No. 17, No. 18 and No. 51. And for a bit more on how to use it, see Posts No. 55 and 56.

Sounds great. Give me some examples.

Here are a few examples of how business architecture can help with policy making and compliance.

• Identifying Applicable Policies – Consulting the business architecture knowledgebase provides a methodical approach for identifying relevant policies and making sure there are no gaps in knowing what applies, to whom and where. For example, an organization’s capabilities can serve as a focal point for identifying policies such as information privacy or anti-spam policies for the Customer Information Management and Partner Information Management capabilities, or identifying policies related to the security of credit, debit and cash card transactions for the Payment Management capability. Other aspects of the business architecture can serve as a focal point for this type of policy identification and gap analysis as well, such as stakeholders, products, value streams and information.
• Developing Policies – Business architecture can be used to assess the impact of a proposed or finalized policy – comprehensively, quickly, with confidence. No more archeology exercises to gather the people and assess the systems in a lengthy and error-prone process to answer the question. Capabilities and value streams provide the focal point for the impact assessment and connect to every other aspect of the business and technology environment. Just think how useful this is when an organization is trying to assess the impact of a new law or regulation proposed by a governmental body in order to help inform and shape the final direction. Or, to assess the impact of a newly published regulation with which they need to comply. Or, to assess the impact of an internal policy, procedure or process before it’s created.
• Translating and Documenting Policies – Policies can be cataloged at a high level, in plain language in the business architecture knowledgebase and connected to any other aspect of the business and technology environment. This does not take the place of any repositories that house the policy details, but rather makes the bigger picture information accessible to everyone, and within a shared, relevant business context. In addition, as policies are translated, policy impact assessments may be performed as well as risk assessments, especially to identify the big-ticket items which require even more focus. An organization’s business architecture can be used for both, as described in the bullet above. Business architecture not only identifies the comprehensive set of impacts, but it can also provide a methodical way to assess the business impact and breadth of coverage associated with policies, based on the capabilities they are related to. This can be a very helpful input to risk assessment analysis and decision-making. (Check out Post No. 28 for more on business architecture metrics.)
• Implementing and Communicating Policies – As policies are implemented, business architecture can track the interrelationships among policies. For example, within the business architecture knowledgebase, external policies like regulations can be related to the internal policies that implement them. Or related policies across business units, regions, and so forth can be connected to ensure consistency in implementation and stakeholder communication as well as coordination on any changes later. And of course, business architecture is a shining star when it comes to translating policy-related changes into action in a coordinated way across an entire organization. Business architecture plays a critical role as a bridge between strategy and execution by ensuring that initiatives are scoped and sequenced holistically to implement policies and that they are coordinated with any existing initiatives. (More on business architecture’s role in strategy execution here in Posts No. 3, No. 50 and No. 9.)
• Following and Monitoring Policies – Business architecture may be used to demonstrate end-to-end traceability from policies to capabilities, business units and value streams – with the ability to drill down to the relevant processes and systems that implement them. This is invaluable for internal and external audits and to demonstrate compliance with policies. Not only is the information available for the entire enterprise-wide scope, but it has business context and exists at a high level so that the big picture can be assessed first and details like processes or system applications can be targeted when needed. (Much easier than the needle-in-a-haystack method.) An organization’s business architecture also acts like a fabric that weaves concepts together, so it ensures that policy consideration and compliance is always brought to the forefront in the right conversations – and without someone from the compliance team having to be involved to personally remind everyone. This ensures that the appropriate policies are identified anytime a capability (or value stream) is touched related to any initiative or change, within third party agreements, or even during due diligence for joint ventures or mergers and acquisitions.

Here’s a handy diagram to summarize all of that.

What next?

Seek out the people within your organization who are responsible for policy making and compliance. Anyone that has a role related to any of the aspects described in this post could benefit. We recommend that you consider targeting certain areas like legal, compliance or audit. Let them know how you can help make their jobs easier and you might find yourself with some new friends.

More Good Stuff…

Business Architecture In Action For Risk and Compliance Management — How Business Architecture Helps Organizations Identify and React to Risk and Compliance Challenges (S2E StraightTalk): More straight talk on this topic.

Business Architecture Policy Mapping Content (BIZBOK^® Guide): Check out Section 2.9 in the BIZBOK^® Guide (Business Architecture Guild^® membership required) for the official word on the how-to map policies and cross-map them to other business architecture perspectives.

Business Architecture Policy Mapping: Little Understood, But Highly Critical  (Business Architecture Guild^® webinar): A webinar that summarizes policy mapping and its usage. (Business Architecture Guild^® membership required.)

Risk and Compliance Transparency With Business Architecture (Guild Council of Executive Advisors): The deck from a talk and panel by the GCEA during the 2019 Guild Business Architecture Innovation Summit.

Compliance Week website: A goldmine of resources related to compliance topics.

OCEG website: OCEG is a non-profit think tank that is dedicated to achieving a world where every organization and every person strives to achieve objectives, address uncertainty and act with integrity. They call this approach to business, and to life, Principled Performance. Another goldmine of resources related to governance, risk and compliance (GRC).

Building World-Class Ethics and Compliance Programs (Deloitte): A useful report on the topic.

What Really Motivates People To Be Honest In Business (TED Talk): An interesting and important TED talk by Economist Alexander Wagner on why large corporations commit fraud and a look at the economics, ethics and psychology of doing the right thing.