Acessibilidade / Reportar erro

RESILIENCE AND ENTERPRISE ARCHITECTURE IN SMES

ABSTRACT

Considering that SMEs need to embrace the drivers of resilience and that a well-defined and readily available Enterprise Architecture (EA) supports enterprise integration by enabling the common view of business processes, data and systems across the enterprise and its partners, we can say that EA is one of the tracks making resilience predictable and it should support and collaborate with other resilience tracks. However, the EA frameworks do not give relevance to the activities that contribute most to business resilience, so this paper aims to clarify the dimensions and the activities related to the development of an EA and the touching points with other enterprise wide processes in order to guarantee that resilience requirements are met in SMEs. For this I propose an approach of ecological adaptation, and four architectures: business, organizational, information, and technological, although this paper only presents the Business and Organizational Architectures.

Resilience; Enterprise Architecture; Business Architecture; Organizational Architecture

1. INTRODUCTION

Enterprise Architecture (EA) is a complete expression of the enterprise; a master plan which “acts as a collaborative force” between aspects of business planning such as goals, visions, strategies and governance principles; aspects of business operations such as business terms, organization structures, processes and data; aspects of automation such as information systems and databases; and the enabling technological infrastructure of business such as computers, operating systems and networks. EA is the holistic expression of an enterprise’s key strategies in terms of business, applications and technologies, and their impact on its processes and functions.

In this paper I will first present the concept of enterprise resilience from a broad, systems-oriented perspective, the enterprise architecture definition, its schools of thought and dimensions, and an overview of information systems and technologies (IT) that support flexible infrastructures for the EA dimensions. In the second part, I will present the approach, dimensions and activities related to the development of the business and the organizational architectures of the EA, and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in Small and Medium-sized Enterprises (SMEs). Finally, I will present how I will validate the proposal and the conclusion.

2. CONTEXT

Enterprise Resilience

The concept of resilience was first popularized by Holling (1973)Holling, C.S., (1973). Resilience and stability of ecological systems. Annual Review of Ecology and Systematics, 4, 1–23. and his work has formed the foundation for most studies of the concept of ecological resilience, as well as various other forms of resilience. Based on the properties of stability of natural systems, two views were added to the resilience concept, “ecological resilience” and “engineering resilience”, the first focused on efficiency, constancy, and predictability, and the second focused on persistence, change, and unpredictability.

This concept also appears in interdisciplinary areas concerned with complex systems, such as enterprises, critical infrastructure systems and ecosystems, approached as a positive and desirable concept or system characteristic or attribute (Carpenter et al. 2001Carpenter, S., et al., (2001). From metaphor to measurement: resilience of what to what? Ecosystems, 4, 765–781., He 2008He, Y., (2008). A novel approach to emergency management of wireless telecommunication system. Mechanical Engineering, Saskatoon, Saskatchewan, Canada, University of Saskatchewan.).

The organizational literature has also widely used the term resilience as a multifaceted and multidimensional concept (Ponomarov and Holcomb 2009Ponomarov, S.Y. and Holcomb, M.C., 2009. Understanding the concept of supply chain resilience. International Journal of Logistics Management, 20 (1), 124–143.), related to a variety of topics ranging from physical material properties to supply chain management, resulting in a diverse literature base.

In the context of strategic management and strategic change, resilience is the capability to self-renew over time through innovation (Reinmoeller and van Baardwijk 2005Reinmoeller, P., & Van Baardwijk, N. (2005). The link between diversity and resilience. MIT Sloan Management Review, 46(4), 61–65.). Strategic resilience is the ability to dynamically reinvent business models and strategies as circumstances change, requiring alternatives as well as awareness of the ability to create a plethora of new options as compelling alternatives to dying strategies (Hamel and Valikangas 2003Hamel, G.A. and Valikangas, L(2003). The quest for resilience. Harvard Business Review, 81 (9), 52–63.).

In terms of Human Resources Management (HRM), for an organization to be resilient, it needs people who can respond quickly and effectively to change while enduring minimal stress, and it is these positive adaptive capabilities which differentiate the competition. Creating organizational resilience is associated with personnel and management concerns (Mallak 1999Mallak, L., (1999). Toward a theory of organizational resilience. In: Portland International Conference on Technology and Innovation Management. PICMET. Portland, OR: IEEE., Patterson et al. 2007Patterson, E.S., et al., (2007). Collaborative cross-checking to enhance resilience. Cognition, Technology & Work, 9, 155–162., Vogus and Sutcliffe 2007Vogus, T.J. and Sutcliffe, K.M. (2007). Organizational resilience: towards a theory and research age da. IEEE Conference on Systems, Man and Cybernetics, ISIC.) that reside within a self-organizing and learning organization.

Christopher and Peck (2004a)Christopher, M. and Peck, H., (2004a). Building resilient supply chain. International Journal of Logistics Management, 15, 1–13. relate the resilience of an enterprise to the resilience of its supply chain. According to Christopher and Peck (2004a), the interdependencies between the enterprises and their supply chains can be complex and introduce new risks to the enterprise.

In the context of environmental change/disaster management, resilient organizations are able to maintain positive adjustments under challenging conditions, where they actually thrive and become better (Lengnick-Hall et al. 2011Lengnick-Hall, C.A., Beck, T.E., and Lengnick-Hall, M.L. (forthcoming, 2010). Developing a Capacity for Organizational Resilience through Strategic Human Resource Management. Human Resource Management Review, DOI:10.1016/j.hrmr.2010.07.001.) as well as developing organizational systems capable of overcoming this complexity within turbulent environmental conditions (Burnard and Bhamra 2011Burnard, K., & Bhamra, R. (2011). Organisational resilience: Development of a conceptual framework for organizational responses. International Journal of Production Research, 49(18), 5581–5599.). Resilience is an analytical category for building corporate adaptation strategies (Beermann 2011Beermann, M. (2011). Linking corporate climate adaptation strategies with resilience thinking, Journal of Cleaner Production, Volume 19, Issue 8, May 2011, Pages 836–842.), and a solution to organizations facing high levels of threat in all aspects of their operating environment (Sullivan-Taylor and Wilson 2009Sullivan-Taylor, B., & Wilson, D. C. (2009). Managing the threat of terrorism in British travel and leisure organizations. Organization Studies, 30(2–3), 251–276.).

These descriptions of organizational resilience focus predominantly on the behavioral dynamics of the people and organization, but they do not address resilience of the other constituents of an enterprise such as processes, systems, technology and infrastructure. As we have seen in the perspectives examined above, creating resilience relies on perceiving environmental change quickly and implementing adaptive responses early (Weick and Sutcliffe 2001Weick, K.E. and Sutcliffe, K.M., (2001). Managing the unexpected. San Francisco: Jossey-Bass.).

In this paper, I consider ‘resilience’ as an attribute of complex systems and I take a systems-oriented view of enterprise, defining an enterprise as a complex system consisting of people, processes, information systems and technology infrastructure, with the goal of producing goods or services using physical, financial and human resources. Using this holistic lens, we are equally concerned with what lies outside the enterprise as we are with what lies inside the enterprise, so we can best observe how external and internal disruptions occur and how an enterprise can most effectively adapt.

Creating a resilient enterprise is a strategic initiative that changes the way an enterprise operates and increases its competitiveness (Sheffi and Rice, 2005Sheffi, Y. and Rice Jr, J. B. (2005). A supply chain view of the resilient enterprise. MIT Sloan Management Review, 47 (1), 41–48 (2005).). These authors suggest that enterprise resilience can be achieved by reducing vulnerability, by creating redundancy, and by increasing flexibility. They also relate creating redundancy and increasing flexibility to the adaptive capacity, which indicates the ability of the enterprise to bounce back when a disruption occurs.

Enterprise resilience is defined by Gallopin (2006)Gallopin, G.C., (2006). Linkages between vulnerability, resilience, and adaptive capacity. Global Environmental Change, 16, 293–303. as an enterprise’s adaptive capacity and its ability to cope with, adapt to, and recover from a disruption. He states that, in order to adjust to potential risks and tolerate disruptions, enterprises must manage the complexity of their infrastructures. A key to being able to achieve this, and assessing the vulnerabilities embedded within the enterprise elements, is understanding the interrelationships and interdependencies between the business processes, information, and the supporting technologies within the enterprises.

Considering that an effective EA provides the ability to integrate business processes and data across the enterprise, links with external partners, increases agility and flexibility to business change, maximizes the reuse of enterprise models, and offers a common vision to business and technology communities, I can state that EA is one of the tracks making resilience predictable.

Enterprise Architecture

Enterprise architecture (EA) is a high-level definition of the data, applications and technology needed to support the business (Smith et al. 2002Smith, D., et al., (2002). Enterprise integration. Architect (SEI Interactive News), 4Q, 1–14.) that provides a common view of both the primary resources of any enterprise (people, processes and technology), and how they integrate to provide the primary drivers of the enterprise (Anaya 2005). EA brings together the product, process, technology, information and application architectures (Jonkers 2006Jonkers, H.L., et al., (2006). Enterprise architecture: management tool and blueprint for the organization. Information Systems Frontier, 8, 63–66.), and presents the relationship between the elements of the enterprise (Anaya 2005Anaya, V. and Ortiz, A.. (2005). How enterprise architectures can support integration. Interoperability of heterogeneous information systems conference (IHIS’05), Bremen, Germany.).

A well-defined and readily available EA supports enterprise integration by enabling the common view of business processes, data and systems across the enterprise and its partners (Vernadat 1996, Kosanke and Nell 1997Kosanke, K. and Nell, J.G., eds. (1997). Enterprise engineering and integration: building international consensus. Berlin: Springer-Verlag., Bernus et al. 2003Bernus, P., Nemes, L., and Schmidt, G., (2003). Handbook on enterprise architecture. Heidelberg: Springer Verlay., Schekkerman, 2004Schekkerman J. (2004). How to Survive in the Jungle of Enterprise Architecture Frameworks: Creating or Choosing an Enterprise Architecture Framework, Trafford, pp. 89-198., 2005Schekkerman, J., (2005). The Economic Benefits of Enterprise Architecture, Trafford, New Bern, USA.).

The most cited benefits of EA from the literature include: reduced costs, providing a holistic view of the enterprise, improved business-IT alignment, improved change management, improved risk management, improved interoperability and integration, and shortened cycle times.

EA Schools of Thought

Lapalme (Lapalme 2012Lapalme J.(2012) Three Schools of Thought on Enterprise Architecture, IT Pro November/December, http://ComputingNow.computer.org.
http://ComputingNow.computer.org...
) identify three schools of thought regarding EA, each grounded in its own belief system. Consequently, each school has a particular definition of EA, specific concerns and assumptions. Enterprise IT Architecting-EA is about aligning an enterprise’s IT assets (through strategy, design, and management) to effectively execute the business strategy and various operations using proper IT capabilities.

Enterprise Integrating-EA is about designing all facets of the enterprise. The goal is to execute the enterprise’s strategy by maximizing the overall coherency between all of its facets - including IT. This school is grounded in systems thinking, so it approaches enterprise design holistically or systemically.

Enterprise Ecological Adaptation - For this school, EA is about fostering organizational learning by designing all facets of the enterprise—including its relationship to its environment—to enable innovation and system-in-environment adaptation.

EA Dimensions

Addressing the needs of the different stakeholders in a company, EA is decomposed into several dimensions. Thereby, slight differences between the naming and the number of dimensions exist between different EA approaches. The EA modeling language ArchiMate, for instance, defines three layers, i.e., the business, the application and the technology layer (Lankhorst, 2005Lankhorst, M (2005). Enterprise Architecture At Work: Modeling Communications and Analysis, Springer-Verlag, Berlin, Germany.). Similarly, DoDAF is decomposed into an operational view, a systems and services view, as well as a technical standard view (DoDAF 2013, Minoli 2008Minoli, D.(2008). Enterprise Architecture A to Z: Frameworks, Business Process Modeling, SOA, and Infrastructure Technology, Auerbach Publications., Schekkerman, 2004Schekkerman J. (2004). How to Survive in the Jungle of Enterprise Architecture Frameworks: Creating or Choosing an Enterprise Architecture Framework, Trafford, pp. 89-198.). Zachman (2010)Zachman, J.(2010). The Zachman Framework™ Evolution , http://www.zachmaninternational.com/index.php/thezachman-framework.
http://www.zachmaninternational.com/inde...
differentiates between a contextual, conceptual, logical, physical, and detailed representation view. TOGAF is divided into the four dimensions of business, application, data, and technology architecture (The Open Group, 2013The Open Group: The Open Group Architecture Framework version 9.1, Enterprise Edition (TOGAF 9.1) (2013). http://www.opengroup.org/architecture/togaf/
http://www.opengroup.org/architecture/to...
).

Information Systems and Technologies

A key to being able to achieve enterprise resilience, and assessing the vulnerabilities embedded within the enterprise elements, is understanding the interrelationships and interdependencies between the business processes, information, and the supporting technologies within the enterprises. Enterprise resilience requires interoperability and integration between the process, systems, and underlying technology across business partners.

EA is the organizing logic for business processes and IT infrastructure, reflecting the integration and standardization requirements of the company’s operating model (Ross et al. 2006Ross, J. W., Weill Peter, Robertson D. (2006), Enterprise Architecture as Strategy, Harvard Business School Press, Boston, Massachusetts.). Understanding the interrelationships and interdependencies between business processes, information, and supporting technologies within the enterprises is very important. The effective use of enterprise systems can provide timely information and faster decision-making abilities that result in increased flexibility, agility and adaptability (De Leeuw and Volberda 1996De Leeuw, A. and Volberda, H., (1996). On the concept of flexibility: a dual control perspective. Omega International Journal of Management Science, 24, 121–139., Fiksel 2006bFiksel, J., (2006b). Sustainability and resilience: toward a systems approach. Sustainability:Science, Practice, and Policy, 2, 14–21., Helaakoski et al. 2007Helaakoski, H., Iskanius, P., and Peltomaa, I., (2007). Agent-based architecture for virtual enterprises to support agility. In: L. Camarinha-Matos, et al., eds. IFIP International Federation for Information Processing, Volume 243, Establishing the foundation of collaborative networks. Boston: Springer, 299–306., Haimes et al. 2008).

A Service Oriented Architecture approach (SOA) will enable flexible systems to be built, thus implementing changing business processes quickly, making extensive use of reusable components, and increasing interoperability, business and technology domain alignment, return on investment, and organizational agility. Cloud Computing is the computational paradigm that offers a scalable infrastructure and capabilities available as services. Cloud Computing paradigm will allow computing resources to be available when needed, offering agility, innovation, scalability and simplicity. In this way, these technologies can contribute to enterprise resilience because they allow flexible systems and scalable infrastructures to be built. They also favor the interoperability and integration between the process, systems, and underlying technology across business partners.

Service Oriented Architecture

Service Oriented Architecture (SOA) is a technology initiative which requires a software architecture approach where the basic element of design and development is a service (Kumar et al., 2007). SOA and services provide the means to achieve real business agility, which can take two forms: the ability to change the business processes to satisfy market demand, as well as that of clients, and reduce costs; and the ability to perform business processes, or launch new processes, products and service more rapidly. Agility and speed are both tangible benefits of migration to SOA and to reusable services. If an approach to SOA and services is adopted, business software systems are disassociated from the enterprise processes through the use of business services. SOA simplifies the development of enterprise applications as modular, reusable business services that are easily integrated, changed and maintained.

Cloud Computing

There are many definitions for cloud computing. A widely accepted definition is given by Mell and Grance (2011)Mell, P. and Grance, T.(2011). The NIST Definition of Cloud Computing, National Institute of Standarts and Technology (2011). http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
http://csrc.nist.gov/publications/nistpu...
at the National Institute of Standards and Technology who define cloud computing to be “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly supplied and released with minimal management effort or service provider interaction”.

The major benefit of Cloud Computing is the flexibility as the cloud provider might offer a choice among a number of computing and storage resource configurations at different capabilities and costs, and the cloud costumer will have to adjust his or her requirements to fit one of those models.

Resilience is achieved through the availability of multiple redundant resources and locations. Moreover, disaster recovery and business continuity planning are inherent in using the provider’s cloud computing platforms.

3. RESILIENCE AND ENTERPRISE ARCHITECTURE IN SMES

There are a number of definitions of what constitutes an SME. One is that SMEs are “enterprises which employ fewer than 250 staff and which have an annual turnover not exceeding 50 million euro, and/or an annual balance sheet total not exceeding 43 million euro” (Article 2 of the Annex of Recommendation 2003/361/EC). SMEs in Europe contribute to economic development by virtue of their sheer numbers and increasing share in employment and gross domestic product (GDP) (Van Gils 2005Van Gils, A.(2005). Management and governance in Dutch SMEs. European Management Journal, 23 (5), 583., Mikhailitchenko and Lundstrom 2006Mikhailitchenko, A. and Lundstrom, W.J.(2006): Inter-organizational relationship strategies and management styles in SMEs - The US-China-Russia study. Leadership and Organization Development Journal, 27 (6), 428–448.).

In order to build sustainable SMEs, resilience as a concept becomes critical (Sheffi 2005Sheffi, Y.(2005). The resilient enterprise: overcoming vulnerability for competitive advantage. Cambridge, MA: MIT Press., 2006, Moore and Manring 2009Moore, S.B. and Manring, S.L(2009) Strategy development in small and medium sized enterprises for sustainability and increased value creation. Journal of Cleaner Production, 17, 276–282.), and perhaps the essence of sustainability is resilience, the ability to resist disorder (Gunderson, 2002Gunderson, L.H. and Pritchard, L.J., eds., (2002). Resilience and the behaviour of large-scale systems. Washington DC: Island Press.). Therefore, a sustainable economy should be based on a dynamic world view in which growth and change are inevitable for SMEs (Starr et al. 2003Starr, R., Newfrock, J., and Delurey, M. (2003). Enterprise resilience: managing risk in the networked economy. Strategy and Business, 30 (1), 1–150. http://www.strategy-business.com.
http://www.strategy-business.com...
, Christopher and Peck 2004) and SMEs need to embrace the drivers of resilience gracefully (Blackhurst et al. 2005Blackhurst, J., Craighead, C. W., Elkins D., and Handfield, R. B. (2005). An empirically derived agenda of critical research issues for managing supply-chain disruptions. International Journal of Production Research, 43 (19), 4067–4081., Sheffi and Rice 2005Sheffi, Y. and Rice Jr, J. B. (2005). A supply chain view of the resilient enterprise. MIT Sloan Management Review, 47 (1), 41–48 (2005)., Bergman et al. 2006Bergman, J., et al. (2006). Managing the exploration of new operational and strategic activities using the scenario method - assessing future capabilities in the field of electricity distribution industry. International Journal of Production Research, 104, 46–61., Tompkins 2007Tompkins, J. A. (2007). 4 Steps to business resilience. Industrial Management, 49 (4), 14–18., Cascio 2009Cascio, J.: The next big thing: resilience. Foreign Policy [online]. Washington, DC (2009) Available from: http://www.foreignpolicy.com/articles/2009/04/15/the_next_big_thing_resilience.
http://www.foreignpolicy.com/articles/20...
).

Considering that SMEs need to embrace the drivers of resilience and that a well-defined and readily available Enterprise Architecture supports enterprise integration by enabling the common view of business processes, data and systems across the enterprise and its partners (Vernadat 1996, Kosanke and Nell 1997Kosanke, K. and Nell, J.G., eds. (1997). Enterprise engineering and integration: building international consensus. Berlin: Springer-Verlag., Bernus et al. 2003Bernus, P., Nemes, L., and Schmidt, G., (2003). Handbook on enterprise architecture. Heidelberg: Springer Verlay.), I can say that EA is one of the tracks making resilience predictable, and it should support and collaborate with other resilience tracks. However, the EA frameworks do not give relevance to the activities that contribute most to business resilience. Therefore, this paper aims to clarify the dimensions and the activities related to the development of an EA and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in SMEs. For this, I present a proposal supported in four main dimensions, as well as an approach to, and a number of domain activities for, the development of Business and Organizational Architectures.

Dimensions

Addressing the needs of the different stakeholders in an enterprise, EA is decomposed into several dimensions: business, organization, information and technology (Hoogervorst 2009Hoogervorst J. A.(2009), Enterprise Governance and Enterprise Engineering, Springer, 209-301.). Associated with these domains are four architectures:

  • Business - This domain is concerned with the enterprise function, having to do with topics such as products and services, customers and the interaction/relationship with them, the economic model underlying the business, and the relationships with the environment (sales channels, market, competitors, milieu, and stakeholders). The business architecture guides the way the business domain is to be exploited and explored.

  • Organization–The organization domain has to do with the internal arrangement of the enterprise, for example with processes, employee behavior, enterprise culture, management/ leadership practices, and various structures and systems.

  • Information - Information is a crucial factor within both the business and organization design domain. Many informational aspects play a role here, such as the structure and quality of information, the management of information (gathering, storage, distribution), and the utilization of information. The information design domain also has to do with the enterprise construction. Information architecture guides the way information (or better, ‘data’) must be used and handled. So, its principles might concern the handling of customer and supplier data, or the way operational systems update informational systems. It is to be noted that information architecture differs from IT architecture.

  • Technology - Technology is essential for business, organizational and information systems support, as well as for future enterprise development. Technology is, thus, an important part of the enterprise construction. Therefore, for every technology, there is an associated architecture, guiding its design.

In this study I consider a separation between business and organization architectures, followed by two other architectures, Information Architecture and Technology Architecture. These are generally proposed by all the EA frameworks, and I propose applying an enterprise security approach through all the development phases of the architectures, as shown in Figure 1.

Figure 1
: EA Dimensions

Approach

A systemic approach alone is not sufficient for enterprise design (Lapalme 2012Lapalme J.(2012) Three Schools of Thought on Enterprise Architecture, IT Pro November/December, http://ComputingNow.computer.org.
http://ComputingNow.computer.org...
); it is necessary to achieve environmental and enterprise co-evolution by purposefully changing the environment, systematically designing the enterprise as well as its relationship to its environment. The key assumptions are that the environment can be changed, and that system-in-environment co-evolution is essential for strategy elaboration, and organizational coherency is necessary for effective strategy execution. Thus, for the Business and Organizational Architectures of EA, the enterprise architect must be able to foster sense-making and transformation processes within the organization, which lead to learning.

Of the four architectures mentioned in 3.1 above - business, organizational, information, and technological, I will present the activities related to the development of Business Architecture and Organizational Architecture, and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in SMEs.

Development of Business Architecture

The first is Business Architecture, and the activities related to its development are: strategic agility, business imperatives via SOA, and contextual security architecture.

Development of Strategic Agility

The concept of agility emerged to address how companies can operate and grow in environments characterized by turbulence. Instead of being limited to acting in a responsiveness mode, the agility concept aims to encourage businesses to be forward thinking or proactive in their approach to the marketplace. Given the greater flexibility of the SME form, the adoption of an agile approach makes good sense. Developing proactive strategies favors a ‘top-down’ approach, whereby strategic thinking and planning act as a prime means to compliment operational capabilities. The tendency is for SMEs to behave reactively as opposed to proactively. I suggest using the framework proposed by Ismail (Ismael et al. 2006, 2011) that takes as a starting-point the fact that the adoption of a strategic approach is correlated with improved performance, and that SMEs are at a distinct disadvantage in turbulent environments where little or no strategic planning capability exists. The approach builds on the premise that resilience occurs as a result of the implementation of both operational and strategic capabilities. Prior to undertaking a strategic analysis, the portfolios of products and services are examined with regard to financial contributions and perceived avenues for growth. All manner of activities that make a company’s offerings attractive to both customers and the company are also examined. The top-down strategic framework is detailed in the following steps: 1- understanding differentiation factors for the industry; 2- examining industry trends and impacts; 3- positioning versus competitive strengths and weaknesses; 4- the setting of targets and selection of growth options; 5- assessment and prioritization of growth options; 6- development of growth plans; and 7- implementation and review.

Development of Business Imperatives to SOA

Business imperatives are what motivate a business to seek a new way of achieving business agility and IT flexibility via SOA (Marks and Bell 2006Marks E., Bell M. (2006) Service Oriented Architecture: A Planning and Implementation Guide For Business And Technology. New Jersey. Wiley.). Business imperatives help galvanize the demand for a different model of IT delivery based on business services – in other words, SOA. To the identification of SOA imperatives I will add these activities: assess external environment, review current business/organization strategy and business/operating model, review IT strategy and IT operating model, understand market position and market segments (where appropriate), understand customers and customers segments, know products and services that serve customers, understand current and planned business initiatives, and identify core business activities by business units. By adopting an SOA approach and implementing it using supporting technologies, companies can build flexible systems that implement changing business processes quickly, and make extensive use of reusable components. Increased interoperability, increased business and technology domain alignment, increased return on investment, and increased organizational agility are all benefits of the SOA approach (Bieberstein et al. 2006Bieberstein N., Bose S., Fiammante M., Jones K., and Shah R (2006). Service Oriented Architecture (SOA) Compass – Business Value, Planning, and Enterprise Roadmap: IBM Press, published by Pearson plc.).

Definition of Contextual Security Architecture

True business resilience starts with understanding exactly what a business with strategic agility needs in order to survive unexpected events and plan ahead for challenges that could come at any time. Whether an event is IT related, business related, or a natural disaster, there will always be challenges to overcome. If there are resilience strategy plans for these events, the actual impact to a business can be reduced. Business security embraces three major areas: information security; business continuity; and physical and environmental security.

One of the important quality aspects of an enterprise architecture is the risk regarding information security, and the way this can be managed. It is the common experience of many corporate organizations that information security solutions are often designed, acquired, and installed on a tactical basis. In this process there is no opportunity to consider the strategic dimension, and the result is that the organization builds up a mixture of technical solutions on an ad hoc basis, each independently designed and specified, and with no guarantee that they will be compatible and interoperable.

To create a description of the business context in which secure systems must be designed, built and operate, I propose using a business view such as in “SABSA” methodology (Sherwood 2005Sherwood, J., Clark, A., & Lynas, D (2005). Enterprise Security Architecture: A Business-Driven Approach. CMP Books.), which is concerned with: the business; its assets to be protected (brand, reputation, etc.) and the business needs for information security (security as a business enabler, secure electronic business, operational continuity and stability, compliance with the law, etc.); the business risks expressed in terms of business opportunities and the threats to business assets; the business processes that require security; the organizational aspects of business security; the business geography; the business time-dependencies.

I chose to use SABSA because it is a methodology which is business-driven for developing risk-driven enterprise information security and information assurance architectures, and for delivering security infrastructure solutions that support critical business.

Development of Organizational Architecture

The second is Organizational Architecture and the activities related to its development are: a strategy for improving supply chain resilience, analysis of human involvement in organizations, creating an agile organizational structure, SOA value analysis, cloud computing value analysis, and definition of a conceptual security architecture.

Development of a Strategy for improving Supply Chain Resilience

Strategic resilience imperatives call for supply chains to be less brittle and more adaptable to change through (1) supply chain design, (2) focus on business process management to enhance capabilities across the supply chain, (3) visibility of demand and supply throughout the supply chain, (4) supplier and customer relationship management, and (5) infusing a culture of resilience (Wisdomnet 2006Wisdomnet, (2006). Managing Supply Chain Risk: Building in Resilience and Preparing for Disruption. http://www.wisdomnet.net.
http://www.wisdomnet.net...
). Petit (Petit et al. 2010, 2013) identify a research gap in linking vulnerabilities and threats to the strategies to overcome them. Resilience was proposed to consist of two constructs: vulnerabilities (turbulence, deliberate threats, external pressures, resource limits, sensitivity, connectivity and supplier/customer disruptions), which are fundamental factors that make an enterprise susceptible to disruptions; and capabilities (flexibility in sourcing, flexibility in order fulfillment, capacity, efficiency, visibility, adaptability, anticipation, recovery, dispersion, collaboration, organization, market position, security and financial strength), which are attributes that enable an enterprise to anticipate and overcome disruptions. Pettit (Petit et al. 2010, 2013) further develop the vulnerability and capability constructs to include 21 factors comprised of 111 sub-factors. To measure the current state of a supply chain’s resilience, to identify links between vulnerabilities and capabilities to achieve balanced resilience and, finally, to examine the relationship between resilience and performance, I will use the measurement instrument SCRAM (Supply Chain Resilience Assessment and Management (Petit et al, 2013).

Analysis of Human Involvement within Organizations

Resilient SMEs should also possess the resilient qualities of human beings because one cannot separate a business from the people forming and operating it. Four important traits for resilience are: flexibility, motivation, perseverance and optimism. The review of literature allowed us to identify and summarize the most important attributes of the agile workforce. Based on the models of Griffin and Hesketh (Griffin and Hesketh 2003Griffin, B. and Hesketh, B.(2003): Adaptable behaviours for successful work and career adjustment’, Australian Journal of Psychology, vol 55, no 2, pp 65 – 73.) and Dyer and Shafer (Dyer and Shafer 2003Dyer, L. and Shafer, R (2003). Dynamic organizations: Achieving marketplace and organizational agility with people. In R. S. Peterson & E.A. Mannix (eds). Leading and Managing People in the Dynamic Organization. Mahwah, NJ: Lawrence Erlbaum Associates: 7-40.), the attributes of the agile workforce were grouped into three dimensions: proactivity, additivity and resilience. Resilience describes the ability to function efficiently under stress and despite changing environment, or when applied strategies have not succeeded. The following traits belong to this dimension: (1) positive attitude to changes, new ideas, and technology; and (2) tolerance of uncertain and unexpected situations, and differences in opinions.

Creating an Agile Organizational Structure

An organization needs to be designed to consistently implement business model recommendations without negatively impacting productivity. Consistently analyzing an organization’s design to ensure that there is the capacity and capability to absorb iterative change is a process. The key to this process is to realize that an organization’s design is comprised of multiple components that are symbiotic and need to be analyzed as a whole: reporting relationships reflected on an organization chart, organizational roles/responsibilities, performance measures, work group design and integrating mechanisms.

SOA Value Analysis

SOA value analysis helps identify focus areas for SOA initiatives by identifying business and process domains of particular interest for business improvement efforts. Once there is some definition of scope for the initial SOA efforts, the process of services identification can proceed (Mark and Bell 2006). The architect should consider the following artifacts which are particularly important for SOA because they contribute to the definition of SOA building blocks: Business Service Interaction Diagram, Business Process Diagram, Business Services Catalog, Business Services/Location Catalog, Event/Process Catalog, Contract/Service Quality Catalog, Business Service Interaction Matrix, Business Service/Information Matrix, and an Information Component Model.

Cloud Computing Value Analysis

Cloud computing is becoming a game changer for SMEs by offering scalable infrastructure and capabilities available as services. It is a paradigm where computing resources are available when needed, and payment for their use is made in much the same way as for household utilities. When selecting cloud service providers, the IT organizations of SMEs need to develop proper security policies and procedures, and they need to utilize these guidelines when evaluating cloud service providers (Williams 2010Williams, M. I, (2010). Quick start guide to cloud computing: moving your business into the cloud, Kogan Page Limited.). It is, however, not always the right solution, and there are several forms of cloud computing which have different advantages in different situations. The cloud buyers’ decision tree (Skilton and Gordon 2010Skilton M., Gordon P.(2010). Cloud Buyers’ Decision Tree, Document No.: W107, Published by The Open Group.) can help to determine whether to use cloud computing, whether a public or private cloud is appropriate, and whether IaaS, PaaS, or SaaS cloud offerings would best meet certain business and technical requirements.

Definition of a Conceptual Security Architecture

Conceptual security architecture defines the principles and fundamental concepts that guide the selection and organization of the logical and physical elements at the lower layers of abstraction of the security architecture (Sherwood 2005Sherwood, J., Clark, A., & Lynas, D (2005). Enterprise Security Architecture: A Business-Driven Approach. CMP Books.). These include: what you want to protect, expressed in the “SABSA” methodology in terms of Business Attributes; why the protection is important, in terms of control and enablement objectives; how you want to achieve the protection, in terms of high-level technical and management security strategies and a process-mapping framework through which to describe business processes; where you want to achieve the protection conceptualized in terms of a security domains framework; when the protection is relevant, expressed in terms of a business time-management framework; who is involved in security management, in terms of roles and responsibilities and the type of business trust that exists between the parties, including asset owners, custodians and users, and service providers and service customers.

4. PROPOSAL VALIDATION

To validate this proposal I will use the case study methodology (Yin 2005Yin, R. (2005). Estudo de Caso. Planejamento e Métodos. Porto Alegre: Bookman.), considering two cases in construction companies; one with successful internationalization, and resilient in the context of crisis in Portugal, and the other less successful in the same context. I selected the construction sector in which there was progressive growth between 1990 and the early 2000s, followed by a period of stagnation with a growing deficit and an excess of supply from the industry, leading to a significant reduction in turnover. However, worldwide strong growth has been registered in the construction sector, with major investments in infrastructure and real estate (Baganha 2002Baganha, M. (2002). The civil construction sector and public works in Portugal: 1990-2000. International Migration Review, Vol. 34., p. 1302-1306, Faculdade de Economia da Universidade de Coimbra.). The case study to be conducted in the two construction companies will be explanatory. It seeks information that enables the establishment of cause-effect relationships between the activities proposed in the development of business and organization architectures of an EA, and enterprise resilience from a broad, systems-oriented perspective. Among the tools for data collection we will use a questionnaire, as well as document sources from the companies. In addition to the aforementioned collection tools, we will conduct semi-structured interviews individually with the various stakeholders, as well as group interview.

5. CONCLUSION

Based on the importance of enterprise resilience for SMEs, this paper clarified the dimensions and the activities related to the development of an EA, and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in SMEs. The paper focused on Business and Organizational Architectures, and their respective developmental strategies. A set of tools was also proposed that will allow the topics considered to be evaluated in terms of their effectiveness for organizational resilience.

This proposal differs from other EA frameworks which do not give relevance to the activities that contribute most to business resilience, particularly in SMEs, through the following:

  • Using several dimensions, since they consider Business Architecture and the separate Organizational Architecture, which do not happen in other EA frameworks and methodologies since they usually only consider Business Architecture; in Business Architecture I give relevance to the following activity: the development of strategic agility, in Organizational Architecture I give consideration to these activities: the development of a strategy for improving supply chain resilience, the analysis of human involvement within organization, and the creation of an agile organizational structure;

  • Taking an approach of ecological adaptation. This is because the systemic approach alone is not sufficient for enterprise design; it is necessary to achieve environmental and enterprise co-evolution by purposefully changing the environment, systematically designing the enterprise as well as its relationship to its environment;

  • Using an SOA approach to support Business Architecture and Organizational Architecture, identifying the business imperatives, and implementing the approach using supporting technologies in information and technology architectures, as well as cloud computing, by offering scalable infrastructure and capabilities as services;

  • Applying an enterprise security approach through all the EA development phases, in Business Architecture I emphasize the activity of defining contextual security architecture, while in Organizational Architecture I give relevance to the definition of a conceptual security architecture.

REFERENCES

  • Anaya, V. and Ortiz, A.. (2005). How enterprise architectures can support integration. Interoperability of heterogeneous information systems conference (IHIS’05), Bremen, Germany.
  • Baganha, M. (2002). The civil construction sector and public works in Portugal: 1990-2000. International Migration Review, Vol. 34., p. 1302-1306, Faculdade de Economia da Universidade de Coimbra.
  • Beermann, M. (2011). Linking corporate climate adaptation strategies with resilience thinking, Journal of Cleaner Production, Volume 19, Issue 8, May 2011, Pages 836–842.
  • Bergman, J., et al. (2006). Managing the exploration of new operational and strategic activities using the scenario method - assessing future capabilities in the field of electricity distribution industry. International Journal of Production Research, 104, 46–61.
  • Bernus, P., Nemes, L., and Schmidt, G., (2003). Handbook on enterprise architecture. Heidelberg: Springer Verlay.
  • Bieberstein N., Bose S., Fiammante M., Jones K., and Shah R (2006). Service Oriented Architecture (SOA) Compass – Business Value, Planning, and Enterprise Roadmap: IBM Press, published by Pearson plc.
  • Blackhurst, J., Craighead, C. W., Elkins D., and Handfield, R. B. (2005). An empirically derived agenda of critical research issues for managing supply-chain disruptions. International Journal of Production Research, 43 (19), 4067–4081.
  • Burnard, K., & Bhamra, R. (2011). Organisational resilience: Development of a conceptual framework for organizational responses. International Journal of Production Research, 49(18), 5581–5599.
  • Carpenter, S., et al., (2001). From metaphor to measurement: resilience of what to what? Ecosystems, 4, 765–781.
  • Cascio, J.: The next big thing: resilience. Foreign Policy [online]. Washington, DC (2009) Available from: http://www.foreignpolicy.com/articles/2009/04/15/the_next_big_thing_resilience.
    » http://www.foreignpolicy.com/articles/2009/04/15/the_next_big_thing_resilience
  • Christopher, M. and Peck, H., (2004a). Building resilient supply chain. International Journal of Logistics Management, 15, 1–13.
  • Crichton, M. T., Ramsay, C. G., Kelly, T. and Street, D (2009).: Enhancing Organizational Resilience Through Emergency Planning: Learnings from Cross-Sectoral Lessons, Journal of Contingencies and Crisis Management, vol. 17, no. 1, pp. 24-37.
  • De Leeuw, A. and Volberda, H., (1996). On the concept of flexibility: a dual control perspective. Omega International Journal of Management Science, 24, 121–139.
  • Deloitte/Aneop. (2009). O Poder da Construção em Portugal - Impactos 2009/10. Deloitte/Aneop, Lisboa.
  • Department of Defense: The DoDAF Architecture Framework Version 2.02 (2013). http://dodcio.defense.gov/dodaf20aspx
    » http://dodcio.defense.gov/dodaf20aspx
  • Dyer, L. and Shafer, R (2003). Dynamic organizations: Achieving marketplace and organizational agility with people. In R. S. Peterson & E.A. Mannix (eds). Leading and Managing People in the Dynamic Organization. Mahwah, NJ: Lawrence Erlbaum Associates: 7-40.
  • Fiksel, J., (2006b). Sustainability and resilience: toward a systems approach. Sustainability:Science, Practice, and Policy, 2, 14–21.
  • Gallopin, G.C., (2006). Linkages between vulnerability, resilience, and adaptive capacity. Global Environmental Change, 16, 293–303.
  • Griffin, B. and Hesketh, B.(2003): Adaptable behaviours for successful work and career adjustment’, Australian Journal of Psychology, vol 55, no 2, pp 65 – 73.
  • Gunderson, L.H. and Pritchard, L.J., eds., (2002). Resilience and the behaviour of large-scale systems. Washington DC: Island Press.
  • Hoogervorst J. A.(2009), Enterprise Governance and Enterprise Engineering, Springer, 209-301.
  • Hamel, G.A. and Valikangas, L(2003). The quest for resilience. Harvard Business Review, 81 (9), 52–63.
  • He, Y., (2008). A novel approach to emergency management of wireless telecommunication system. Mechanical Engineering, Saskatoon, Saskatchewan, Canada, University of Saskatchewan.
  • Helaakoski, H., Iskanius, P., and Peltomaa, I., (2007). Agent-based architecture for virtual enterprises to support agility. In: L. Camarinha-Matos, et al., eds. IFIP International Federation for Information Processing, Volume 243, Establishing the foundation of collaborative networks. Boston: Springer, 299–306.
  • Holling, C.S. (1996) Engineering resilience versus ecological resilience. In: P.C. Schulze, ed. Engineering within ecological constraints. Washington, DC: National Academy of Engineering, 31–43.
  • Holling, C.S.(2001). Understanding the complexity of economic, ecological, and social systems. Ecosystems, 4 (5), 390–405.
  • Holling, C.S., (1973). Resilience and stability of ecological systems. Annual Review of Ecology and Systematics, 4, 1–23.
  • Ismail, H.S. ,Snowden S. P., Poolton J., Reid I. R., Arokiam I. C. (2006) Agile manufacturing framework and practice. International Journal of Agile Systems and Management, 1 (1), 11–28.
  • Ismail H. S., Jenny Poolton J., and Sharifi H.(2011). The role of agile strategic capabilities in achieving resilience in manufacturing-based small companies, International Journal of Production Research, 49:18, 5469-5487. To link to this article: http://dx.doi.org/10.108/00207543.2011.563833.
    » https://doi.org/10.108/00207543.2011.563833
  • Jonkers, H.L., et al., (2006). Enterprise architecture: management tool and blueprint for the organization. Information Systems Frontier, 8, 63–66.
  • Kosanke, K., Vernadat, F., and Zelm, M., (1999). CIMOSA: enterprise engineering and integration. Computers in Industry, 40, 83–97.
  • Kosanke, K. and Nell, J.G., eds. (1997). Enterprise engineering and integration: building international consensus. Berlin: Springer-Verlag.
  • Kuhnle, H. and Wagenhaus, G., (2005). Extended enterprise architectures (E2A) – towards a powerful mode of production. Networks and Virtual Organizations Forum (VE-Forum.org).
  • Lankhorst, M (2005). Enterprise Architecture At Work: Modeling Communications and Analysis, Springer-Verlag, Berlin, Germany.
  • Lankhorst, M.M., (2004). Enterprise architecture modelling – the issue of integration. Advanced Engineering Informatics, 18, 205–216.
  • Lapalme J.(2012) Three Schools of Thought on Enterprise Architecture, IT Pro November/December, http://ComputingNow.computer.org.
    » http://ComputingNow.computer.org
  • Lengnick-Hall, C.A., Beck, T.E., and Lengnick-Hall, M.L. (forthcoming, 2010). Developing a Capacity for Organizational Resilience through Strategic Human Resource Management. Human Resource Management Review, DOI:10.1016/j.hrmr.2010.07.001.
  • Mallak, L., (1999). Toward a theory of organizational resilience. In: Portland International Conference on Technology and Innovation Management. PICMET. Portland, OR: IEEE.
  • Marks E., Bell M. (2006) Service Oriented Architecture: A Planning and Implementation Guide For Business And Technology. New Jersey. Wiley.
  • McManus, S., et al., (2008). Facilitated process for improving organizational resilience. Natural Hazards Review, 9, 81–90.
  • Mell, P. and Grance, T.(2011). The NIST Definition of Cloud Computing, National Institute of Standarts and Technology (2011). http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
    » http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  • Minoli, D.(2008). Enterprise Architecture A to Z: Frameworks, Business Process Modeling, SOA, and Infrastructure Technology, Auerbach Publications.
  • Mikhailitchenko, A. and Lundstrom, W.J.(2006): Inter-organizational relationship strategies and management styles in SMEs - The US-China-Russia study. Leadership and Organization Development Journal, 27 (6), 428–448.
  • Moore, S.B. and Manring, S.L(2009) Strategy development in small and medium sized enterprises for sustainability and increased value creation. Journal of Cleaner Production, 17, 276–282.
  • Patterson, E.S., et al., (2007). Collaborative cross-checking to enhance resilience. Cognition, Technology & Work, 9, 155–162.
  • Pettit T. J., Fiksel J., and Croxton K.(2010). Ensuring Supply Chain Resilience: Development of a Conceptual Framework. Journal of Business Logistics, 31(1):1-21.
  • Pettit T. J., Croxton K. L, and Fiksel J.(2013). Ensuring Supply Chain Resilience: Development and Implementation of an Assessement Tool, Journal of Business Logistics, 34(1):46-76.
  • Ponomarov, S.Y. and Holcomb, M.C., 2009. Understanding the concept of supply chain resilience. International Journal of Logistics Management, 20 (1), 124–143.
  • Presley, A., et al., (2001). Engineering the virtual enterprise: an architecture-driven modeling approach. International Journal of Flexible Manufacturing Systems, 13, 145–162.
  • Reinmoeller, P., & Van Baardwijk, N. (2005). The link between diversity and resilience. MIT Sloan Management Review, 46(4), 61–65.
  • Ross, J. W., Weill Peter, Robertson D. (2006), Enterprise Architecture as Strategy, Harvard Business School Press, Boston, Massachusetts.
  • Schekkerman J. (2004). How to Survive in the Jungle of Enterprise Architecture Frameworks: Creating or Choosing an Enterprise Architecture Framework, Trafford, pp. 89-198.
  • Schekkerman, J., (2005). The Economic Benefits of Enterprise Architecture, Trafford, New Bern, USA.
  • Schekkerman, J. (2006). Trends in Enterprise Architecture - How are Organizations Progressing? Web-form Based Survey 2005. Retrieved August 15, 2006, from:http://www.enterprisearchitecture.info/Images/EA%20Survey/Enterprise%20Architecture%20Survey%202005%20IFEAD%20v10.pdf
    » http://www.enterprisearchitecture.info/Images/EA%20Survey/Enterprise%20Architecture%20Survey%202005%20IFEAD%20v10.pdf
  • Scott, M., et al., (2006.) CONFERENCEXP: an enabling technology for organizational resilience. In: B. Donnellan, et al., eds. The transfer and diffusion of information technology for organizational resilience. Boston: Springer.
  • Sheffi, Y.(2005). The resilient enterprise: overcoming vulnerability for competitive advantage. Cambridge, MA: MIT Press.
  • Sheffi, Y. and Rice Jr, J. B. (2005). A supply chain view of the resilient enterprise. MIT Sloan Management Review, 47 (1), 41–48 (2005).
  • Sherwood, J., Clark, A., & Lynas, D (2005). Enterprise Security Architecture: A Business-Driven Approach. CMP Books.
  • Skilton M., Gordon P.(2010). Cloud Buyers’ Decision Tree, Document No.: W107, Published by The Open Group.
  • Smith, D., et al., (2002). Enterprise integration. Architect (SEI Interactive News), 4Q, 1–14.
  • Starr, R., Newfrock, J., and Delurey, M. (2003). Enterprise resilience: managing risk in the networked economy. Strategy and Business, 30 (1), 1–150. http://www.strategy-business.com.
    » http://www.strategy-business.com
  • Sullivan-Taylor, B., & Wilson, D. C. (2009). Managing the threat of terrorism in British travel and leisure organizations. Organization Studies, 30(2–3), 251–276.
  • Sutcliffe, K. and Vogus, T., eds., (2003). Organizing for resilience. San Francisco: Berrett- Koehler.
  • The Open Group: The Open Group Architecture Framework version 9.1, Enterprise Edition (TOGAF 9.1) (2013). http://www.opengroup.org/architecture/togaf/
    » http://www.opengroup.org/architecture/togaf/
  • Tompkins, J. A. (2007). 4 Steps to business resilience. Industrial Management, 49 (4), 14–18.
  • Yin, R. (2005). Estudo de Caso. Planejamento e Métodos. Porto Alegre: Bookman.
  • Van Gils, A.(2005). Management and governance in Dutch SMEs. European Management Journal, 23 (5), 583.
  • Vernadat, F.B., (2007). Interoperable enterprise systems: Principles, concepts, and methods. Annual Reviews in Control, 31, 137–145.
  • Vogus, T.J. and Sutcliffe, K.M. (2007). Organizational resilience: towards a theory and research age da. IEEE Conference on Systems, Man and Cybernetics, ISIC.
  • Weick, K.E. and Sutcliffe, K.M., (2001). Managing the unexpected. San Francisco: Jossey-Bass.
  • Williams, M. I, (2010). Quick start guide to cloud computing: moving your business into the cloud, Kogan Page Limited.
  • Wisdomnet, (2006). Managing Supply Chain Risk: Building in Resilience and Preparing for Disruption. http://www.wisdomnet.net.
    » http://www.wisdomnet.net
  • Zachman, J.(2010). The Zachman Framework™ Evolution , http://www.zachmaninternational.com/index.php/thezachman-framework.
    » http://www.zachmaninternational.com/index.php/thezachman-framework

Publication Dates

  • Publication in this collection
    Dec 2015

History

  • Accepted
    05 Sept 2015
  • Accepted
    09 Nov 2015
TECSI Laboratório de Tecnologia e Sistemas de Informação - FEA/USP Av. Prof. Luciano Gualberto, 908 FEA 3, 05508-900 - São Paulo/SP Brasil, Tel.: +55 11 2648 6389, +55 11 2648 6364 - São Paulo - SP - Brazil
E-mail: jistemusp@gmail.com