Ross l Strategic IT Architecture Competency

CREATING A STRATEGIC IT
ARCHITECTURE COMPETENCY:
LEARNING IN STAGES1

Jeanne W. Ross Executive Summary

MIT Center for Information IT architecture is often assumed to follow business strategy, to align IT with the
Systems Research business’s strategic objectives. Increasingly, though, many business strategies
depend on specific underlying IT capabilities. To develop a synergy between
business strategy and IT architecture, firms must develop organizational com-
petencies in IT architecture. My research has identified four IT architectural
stages, each with its own requisite competencies. The “application silo archi-
tecture stage” consists of IT architectures of individual applications. The
“standardized technology architecture stage” has an enterprise-wide IT archi-
tecture that provides efficiencies through technology standardization. The “ra-
tionalized data architecture stage” extends the enterprise-wide IT standards to
data and processes. And the “modular architecture stage” builds onto enter-
prise-wide global standards with loosely coupled IT components to preserve the
global standards while enabling local differences. Each stage demands different
organizational competencies to implement the architecture and prepare the firm
to move to the next stage.2

At United Parcel Services (UPS), strategic planning
involves discussions about the opportunities the firm’s
IT capabilities present. For example, as the Internet
started gaining steam in the mid-1990s, IT executives
noted that UPS’ package tracking capability was eas-
ily transferred to the Web. Later, management ob-
served that package tracking data made new prod-
ucts—like guaranteed delivery—affordable. Package
tracking data also led to the creation of new customer
services, such as allowing a customer’s customers
(package recipients) to view an online summary of
expected delivery times from selected suppliers. These
IT-enabled business opportunities have been unantici-
pated sources of value for UPS. CEO Mike Eskew
calls them “happy surprises.” 12
My research suggests that few firms experience such
“happy surprises.” UPS creates business opportunities
by leveraging its centralized package data, low-cost
processing environment, and integrated core applica-
tions. But most firms’ IT capabilities limit rather than
create new business opportunities. Their limitations
come from their history of applying IT as a response
to specific business needs. The business needs are
isolated and their solutions rarely combine to create a
strategic capability.3 Consequently, when buffeted by
changing market conditions, most firms see their IT
architectures as competitive liabilities.
But that is not always the case. My colleagues and I
have written 40 case studies4 of firms that are evolv-

3
1
Cynthia Beath was the senior editor accepting this article.
2
My thanks to Peter Weill, David Robertson, George Westerman and
Nils Fonstad for their significant contributions to my thinking on IT
architecture. I am particularly indebted to Jack Rockart, John
Mooney, Leslie Willcocks, and Bob Zmud for timely, insightful
4
comments that led to radical revisions. I am grateful to the managers
who participated in this research and shared their experiences and
insights. This research was made possible by the support of CISR
sponsors and especially CISR patron Microsoft Corporation.
Broadbent, M. and Weill, P., "Management by Maxim: How Busi-
ness & IT Managers Can Create IT Infrastructure," Sloan Manage-
ment Review, Spring 1997, pp.77-91, describes how IT infrastruc-
tures result from either maxims, which focus individual IT invest-
ment decisions on the firm’s strategic intent, or deals, which build IT
infrastructure through a series of isolated decisions.
The conceptual framework for this paper resulted from a project with
Peter Weill in 2001 that examined IT architecture through case stud-
ies at 8 global firms. I refined the framework based on several other
research studies, including a project in 2002 with David Robertson,

© 2003 University of Minnesota MIS Quarterly Executive Vol. 2 No. 1 / March 2003 31
Ross l Strategic IT Architecture Competency
ing their IT architectures from sets of isolated solu-
tions to planned capabilities that support their strategic
business processes. This evolution has followed a
learning process. The firms have not derived value
simply by linking IT to their business processes.
Rather, they have learned how to benefit from IT by
developing a competency in creating and evolving an
enterprise IT architecture.
What is an IT Architecture?
The term IT architecture lacks a universally accepted
definition. In fact, the terms architecture and infra-
structure are sometimes used interchangeably, with
architecture seen as the plan for the next infrastruc-
ture. 5 More often, IT architecture refers to a firm’s list
of technology standards. But viewing IT architecture
only as technology standards does not connect it to
business requirements.
The enterprise IT architecture concept, though, does
place technology standards in the context of business
requirements. Consultants and researchers often refer
to an enterprise IT architecture as a kind of city plan
that details policies and standards for the design of
infrastructure technologies, databases, and applica-
tions.6 The city plan concept has given birth to a breed
of IT architects who develop detailed drawings of the
interconnections between processes, infrastructure,
data, and applications.7 However, these detailed draw-
ings often provide only the technologist’s perspective
George Westerman, and Nils Fonstad, which involved 16 case stud-
ies on the relationship between IT architecture and business strategy.
A 2002 project with Cynthia Beath and John Mooney explored 3
new cases on Web services implementations. Between 1998-2003 I
wrote 13 additional case studies that assessed IT architecture in the
context of e-business implementations, ERP implementations, merg-
ers, service level agreements, and IT governance. I am indebted to
all the research colleagues who participated in this research and
shared their insights.
5
Weill, P. and Vitale, M., “What IT Infrastructure Capabilities are
Needed to Implement E-Business Models,” MISQ Executive (1:1),
March 2002, pp. 17-34, define IT infrastructure as the base founda-
tion of budgeted-for IT capabilities (both technical and human)
shared throughout the firm as reliable services, and centrally lo-
cated.
6
Keen, P.G.W., and Cummins, J.J., Networks in Action, Wadsworth,
Belmont, California, 1994, p. 279.
7
Most proposed frameworks link technology to business process (see,
for example, Zachman, J.A., "A Framework for Information Sys-
tems Architecture,” IBM Systems Journal (26, 3), 1987, reprint
G321-5298, and Sowa, J.F. and Zachman, J.A., "Extending and
Formalizing the Framework for Information Systems Architecture."
IBM Systems Journal (31, 3), 1992, reprint G321-5488). However,
these frameworks do not help distinguish the relative importance of
processes. The output of the architecture process is often volumes of
detailed drawings that are overwhelming in their volume and scope.
This output may be the cause or a result of the architecture function
often being buried in lower levels of the IT organization.
32 MIS Quarterly Executive Vol. 2 No. 1 / March 2003
of the relationship between IT and business processes.
The resulting architecture does, indeed, identify the
mass of complex linkages among technology compo-
nents, but it does not highlight the few IT capabilities
critical to enabling the firm’s strategic objectives.8
Accordingly, the city plan metaphor has failed to cap-
ture the strategic potential of enterprise IT architec-
ture.
In some firms the enterprise IT architecture acts as a
tool for aligning IT and business strategy.9 This
alignment focuses on the IT components that enable
critical business processes. Thus, at the enterprise
level, an IT architecture is the organizing logic for
applications, data, and infrastructure technologies, as
captured in a set of policies and technical choices,
intended to enable the firm’s business strategy. Ac-
cordingly, the enterprise architecture implies certain
IT capabilities. These capabilities are the objectives of
the IT architecture, specifying what the architecture
enables the business to do. IT capabilities would in-
clude, for example, being able to access specific data
for new applications, quickly add channels to existing
processes, integrate data from related processes, en-
sure secure processing for electronic transactions,
provide an extended online customer service, or repli-
cate systems in new locations. Rather than develop an
exhaustive list of possible IT capabilities, a well-
designed enterprise IT architecture highlights the IT
capabilities that are most critical to a firm’s strategic
objectives.
What is an IT Architecture
Competency?
A competency in enterprise IT architecture is the abil-
ity of a firm to create a mutually reinforcing pattern of
evolving, tightly aligned business strategy and IT ca-
pabilities. The logical sequence for developing an en-
terprise IT architecture is assumed to be as follows:
1) Define the firm’s strategic objectives.
2) Define key IT capabilities for enabling those ob-
jectives.
8
See Goodhue, D.L., Kirsch, L.J., Quillard, J.A. and Wybo, M.D.,
“Strategic Data Planning: Lessons from the Field,” MIS Quarterly
(16:1), March 1992, pp. 11-34, for a discussion of how detailed
planning of data architecture can overwhelm planners with volume
and cause them to lose focus. The result is little value from architec-
ture activities.
9
For additional discussion of how IT architecture aligns IT with busi-
ness strategy, see Sauer, C. and Willcocks, L.P., “The Evolution of
the Organizational Architect,” Sloan Management Review, Spring
2002, pp 41-49.
© 2003 University of Minnesota

3) Define the policies and technical choices for de-
veloping the IT capabilities.
Completing this sequence is challenging, at each step.
A major difficulty in the first step is obtaining the
firm’s strategic objectives. One firm’s chief architect
described a common scenario among firms trying to
align business strategy and enterprise IT architecture:
So we started working on understanding the
business strategy, and what we discovered
in that process was that they really didn't
have a business strategy. What they had
were a lot of promises. “We are going to
grow. We are going to use branding. We
are going to run our plants more effectively.
We are going to increase our volume.” But
they hadn't figured out exactly how they
were going to do it… And what I said was,
“It is very difficult for me to write an IT
strategy to support your business strategy
when you don't have that defined.”
The second step, defining a set of critical IT capabili-
ties with lasting value, is equally challenging. Once
strategic objectives have been defined, they generally
demand multiple IT capabilities, which are likely to be
interdependent, possibly contradictory, and perhaps
unachievable given the firm’s legacy.
For example, in 1991, John Reid articulated the vision
for Citibank to include continuous innovation, agility
in meeting customer needs, and attention to cost.10
Citibank Asia Pacific pursued this strategy by devel-
oping four IT capabilities: a low-cost, high-volume
processing environment, global look-and-feel to Citi-
bank access points, global accessibility to customer
systems, and electronic access to all customer sys-
tems. But some capabilities were not immediately
achievable. For example, Citi relied on a mainframe to
build its low-cost processing environment. But, at that
time, no mainframe software offered global accessibil-
ity to customer systems. Although the bank ultimately
achieved its targeted capabilities, it could not achieve
them all in the short term.
The third step highlights yet another difficulty in
building IT capabilities. The policies and technical
choices for developing IT capabilities must reflect
organizational realities and thus inevitably require
tradeoffs. Security policies provide a common exam-
10
Details are available in Brand, A., Weill, P., Soh, C. and Periasamy,
P., “Citibank-Asia Pacific: Positioning IT as a Strategic Resource,”
Melbourne Business School, 1999.
© 2003 University of Minnesota
Ross l Strategic IT Architecture Competency
ple of the tradeoffs firms face, as one IT architect de-
scribes:
The security function is working very, very
hard at locking down the corporation so that
we can't be penetrated and put out-of-
business by hackers, viruses, and the like.
But if we really do that job to the extreme,
we can cripple our ability to compete on the
Web.
Thus, the process of developing an enterprise IT archi-
tecture is not as orderly as assumed. More impor-
tantly, defining and developing IT capabilities to sup-
port business strategy is merely a starting point. The
objective is to get to the point where IT capabilities
shape business strategy while business strategy shapes
IT capabilities in response to changing market condi-
tions and organizational realities. To do this the firm
must develop an IT architecture competency to dy-
namically adjust strategies and technologies.
Our case studies illustrate that firms hone their ability
to define and align IT and business strategy by accu-
mulating architecture-related experiences. When used
to enrich organizational learning, these experiences
can create enterprise IT architecture competencies.
Johnson & Johnson offers one example of this cumu-
lative learning process.
An Example of Developing Enterprise IT
Architecture Competencies: Johnson &
Johnson
In 1995 Johnson & Johnson, a respected pharmaceuti-
cal, health care, and medical devices firm, had over
150 operating companies generating total revenues of
approximately $15 billion. Analysts both inside and
outside the firm attributed J&J’s success in large part
to its autonomous management structure, which held
managers accountable for the financial results of their
individual operating companies.11 Despite its virtues,
this decentralized approach frequently left customers
frustrated. Many of them had to deal with multiple
sales calls, multiple invoices, and multiple contracts
with J&J operating companies. They wanted a single
point of contact.
Management vowed to respond by presenting a single
face to its key customers. However, its IT capabilities
11
See Tanouye, E., "Johnson & Johnson Stays Fit by Shuffling Its Mix
of Businesses," Wall Street Journal, December 22, 1992, p. A1; also
Weber, J., "A Big Company That Works," Business Week, May 4,
1992, pp. 124-132; and also Ross, J., “Johnson & Johnson: Building
an Infrastructure for Global Operations,” CISR Working Paper 283,
1995.
MIS Quarterly Executive Vol. 2 No. 1 / March 2003 33
Ross l Strategic IT Architecture Competency
had developed around the decentralized business
model. IT supported the individual needs of the oper-
ating companies, not the demands of global custom-
ers. To meet these new customer demands, senior
management not only needed to implement technol-
ogy that would provide a single view of the customer
but they also needed to reorient everyone in the firm
to think about IT—and organizational—capabilities at
the corporate level as well as the operating company
level. The technology and organizational change ef-
forts proceeded in parallel.
One of the first IT initiatives to align the strategic re-
orientation and a more integrative IT environment was
a series of training sessions for small groups of IT
managers from the various J&J operating companies.
These training sessions, which took place over 18
months, explained the role of IT in enabling the corpo-
rate vision and proposed corporate-wide IT standards.
Early participants thought the idea of corporate stan-
dards was radical and dysfunctional. Participants in
the later sessions, though, arrived for the training al-
ready aware that managers were trying to operate dif-
ferently. They had learned the value of corporate
standards and were looking for ways to facilitate inte-
grated communications across the operating compa-
nies.
An early corporate initiative involved installing a sin-
gle global network and desktop configuration. J&J had
traditionally funded IT initiatives within the operating
companies. Senior management recognized that this
funding model would delay implementation of the
corporate infrastructure, so J&J provided some corpo-
rate funding (with eventual chargeback) to stimulate
the standardization. Through this early infrastructure
initiative, management started to learn how to assess
and fund corporate-wide IT investments.
Over the years, J&J has continued to evolve its enter-
prise IT architecture, reflecting organizational learning
about viable strategies and emerging IT capabilities.
J&J did not dismantle its operating company structure.
Its strategic objectives continue to foster strong oper-
ating companies, while leveraging cross-company
synergies where appropriate. Thus, IT capabilities—
and accompanying policies and technical choices—
must reconcile sometimes competing IT needs. J&J
has also implemented a shared services organization
to introduce the efficiencies of a standardized IT envi-
ronment. It has created committees to establish and
monitor technical standards. New organizational units,
such as sectors, create formal structures that link op-
erating companies that have shared customers and
markets. Some sectors are introducing common sys-
34 MIS Quarterly Executive Vol. 2 No. 1 / March 2003
tems to standardize critical data across their operating
companies. Through these efforts, J&J has evolved its
business strategy, its IT infrastructure, and its technol-
ogy management practices toward a more strategic
enterprise IT architecture competency.
J&J’s journey is not unique. Despite differences in
industry, culture, IT requirements, and organizational
structure, firms attempting to design, implement, and
leverage enterprise IT architectures share common
experiences. I have identified four distinct stages that
capture evolving architectural designs and their chang-
ing strategic implications and managerial demands.
These stages help us understand why firms cannot
simply “declare” that they will use IT strategically.
They must continuously build their competency to do
so.
Four IT Architecture Stages
Firms’ common experiences in evolving their IT ar-
chitectures suggest four distinct stages of increasing
enterprise IT architecture competency. These stages
differ in the logical design of their applications, data,
and infrastructure; the IT capabilities they provide; the
strategic opportunities they present; and the IT man-
agement and governance processes they demand. The
four stages are:
1) An application silo architecture – The architecture
consists of architectures of individual applications
rather than an architecture for the entire enter-
prise;
2) A standardized technology architecture – The IT
architecture becomes enterprise-wide and pro-
vides efficiencies through technology standardiza-
tion and, in most cases, centralization;
3) A rationalized data architecture – The enterprise-
wide IT architecture expands to include
standardization of data and processes;
4) A modular architecture – The architecture builds
onto enterprise-wide global standards with loosely
coupled applications, data, and technology com-
ponents to preserve the global standards while
enabling local differences.
The evidence from my research suggests that firms
can generate significant business value at each stage
when they capitalize on the architecture’s benefits.
Organizational learning at each stage helps them un-
derstand how to realize those benefits and how to po-
sition themselves for the next architectural stage.
© 2003 University of Minnesota

Firms that attempt to skip stages consistently find that
either the benefits are severely delayed or they must
backpedal to acquire the missing organizational com-
petencies. Following are the characteristics of each
stage and their benefits and risks.12
The Application Silo Architecture Stage
Firms in the application silo architecture stage focus
their IT resources on delivering individual applica-
tions. Typically, IT develops or buys an application to
address a specified business need and hosts each ap-
plication on the best available technology platform.
This approach lets them develop superior applications
for IT-enabled processes. But, in most cases, these
processes are limited to a single function or geogra-
phy.
In this stage, firms thus allocate their IT resources
primarily to application development. They might
have a centralized data center for transaction process-
ing, but they have few shared infrastructure services.
And they rarely manage data apart from transactions.
Each new system defines its own data. Firms in the
application silo stage rarely think of an enterprise ar-
chitecture. Business users focus on the value of their
applications—occasionally complaining about high
operations costs. For the most part, the IT unit is re-
sponsible for systems implementations, although
business users are usually expected to generate the
benefits.
Benefits and Risks of the Application Silo Architec-
ture Stage. The strategic goal of the application silo
stage is local optimization. Organizationally, applica-
tions align naturally with the firm’s functional or geo-
graphic structures. The architecture encourages inno-
vation, because it imposes no constraints on develop-
ment. Developers can satisfy end users by pursuing
full functionality without regard to other applications
or organizational units. Consequently, functional,
plant, and geographic managers often respond posi-
tively to applications developed in their silos. Applica-
tion silos can compete for capital funding using simple
cost-benefit analyses. System benefits are predictable
(albeit frequently overstated), and outcomes are meas-
urable.
12
Based on the characteristics described here, I assigned each of our 40
case sites to an architecture stage. My classification put 8 firms in
the application silo stage, 22 in the standardized technology stage,
and 10 in data rationalization. These results might be slightly
skewed to the right relative to the general population. Discussions
with consultants in early 2003 suggest that 80-90% of firms are in
either the application silo or standardized technology stages. I did
not attempt to secure a representative sample in my selection of
firms because my goal was to learn the practices of leading-edge
firms.
© 2003 University of Minnesota
Ross l Strategic IT Architecture Competency
Despite its benefits, the application silo architecture is
largely outdated. Over time, the applications form the
firm’s legacy, which consists of independent applica-
tions on multiple technology platforms with embedded
data. The developers’ freedom to innovate becomes
offset by the difficulty of linking new applications to
related systems. The applications become as much a
burden as a blessing. A plant manager at Dow Corn-
ing, a $2 billion manufacturer of silicon products, de-
scribed the limitations of his firm’s legacy applica-
tions prior to implementing an ERP system:
When I went to the Midland Plant in
1992,…[the legacy] was becoming an enor-
mously ugly patchwork quilt. The systems
wouldn’t talk to each other. Nice functional-
ity, but they wouldn’t talk to each other.
By allowing variety in technology platforms, applica-
tion silos are expensive and difficult to maintain.
More importantly, multiple data definitions make de-
velopment of electronic linkages between related ap-
plications cumbersome. Many IT professionals are
quite adept at making disparate systems look inte-
grated, but the code required to link applications be-
comes increasingly complex and ultimately extends a
new system’s time to market. A systems manager at
an investment bank commented on the complexity of
the code required to link applications: “Everything we
do revolves around straight-through processing with
no manual intervention, but it’s a miracle our systems
work.”
The Standardized Technology
Architecture Stage
The standardized technology architecture stage is the
most common among the forty firms in my sample.
These firms have shifted resources from application
development (in their application silo stage) into a
shared infrastructure. (See Figure 1 for a graphic of
how IT resources are allocated during each stage.)
They have established technology standards to limit
technology choice and reduce the number of platforms
they manage. This standardization also significantly
reduces the number of vendor packages that perform
similar functions. For example, one firm reduced the
number of order management systems from 28 to 4.
Technology standardization, however, does not over-
come the application silo problem of application-
specific data. Firms in this stage do introduce data
warehouses to share access to data, but the transaction
data is still embedded in the individual applications.
MIS Quarterly Executive Vol. 2 No. 1 / March 2003 35
Ross l Strategic IT Architecture Competency
Figure 1: Changing Resource Allocations Across Architecture Stages
Strategic Implications of IT
Local/Functional IT
Optimization Efficiency
Non-core
Business Needs
Local Knowledge
Specific Worker Support
Business
Needs
Core Process
Integration
Technology
Standardization
Data Center
Data Warehouses
Standardized
Application Silo
Technology
Architecture Maturity
Most IT organizations in this standardized technology
stage do conceptualize an enterprise architecture for
the shared infrastructure. Even those that do not con-
ceptualize will often hire an IT architect to lead the
standardization effort. Business managers rarely par-
ticipate in developing the enterprise architecture. They
defer to the IT organization to set the technology poli-
cies and standards. However, senior business manag-
ers are anxious for IT cost savings, so they support the
CIO’s efforts to standardize and centralize infrastruc-
ture technologies by mandating compliance with the
technology standards.
Benefits and Risks of the Standardized Technology
Architecture Stage. The goal of the standardized
technology architecture stage is IT efficiency. Firms
often move to this stage because senior management
believes the IT costs have gotten out of line. Standard-
izing and consolidating technology platforms can lead
to significant cost savings. Several IT managers re-
ported up to 20 percent reductions in their IT opera-
tions costs. Furthermore, by reducing complexity,
technology standardization also increases IT main-
tainability, reliability, and security.
36 MIS Quarterly Executive Vol. 2 No. 1 / March 2003
Process Strategic
Optimization Choices
Local Applications
Customization
Infrastructure
Wired
Business
Core
Data
Shared Product Accessible Core
&/or Customer Data Objects
Data Bases
Rationalized
Modular
Data
One IT architect noted that the standardized technol-
ogy architecture has given him the right to say “no,”
when a vendor product is off-standard. In the past,
every application request resulted in lengthy debates
and fact-finding efforts between IT architects, ven-
dors, and users. The authority to eliminate off-
standard technologies greatly simplifies the lives of
architects and developers.
A key risk of the standardized technology stage,
though, is managerial resistance to both the concept of
standards and, in some cases, the dictatorial approach
used to implement standards. In the silo stage, busi-
ness people would never allow IT’s concerns to con-
strain their business solutions. The migration to a
standardized technology architecture fundamentally
changes firms’ approaches to solutions delivery. In-
stead of defining the solution and looking for the best
technology, firms in this stage negotiate the best pos-
sible solution among the acceptable technology plat-
forms. At first, business unit managers and developers
cling to the belief that business needs should drive
technology choices. For many, their initial encounter
with technology standards is the first time manage-
© 2003 University of Minnesota

ment allows IT, in any way, to shape business deci-
sions.
As the benefits become apparent, though, most man-
agers became resigned to the standards. One CIO
noted that in leading the charge to standardization, he
won over business unit leaders by demonstrating cost
savings:
We’ve had successes where we’ve been able
to reduce people’s costs by bringing in stan-
dardization. That has given us credibility.
Their jaws hit the table when they see the
impact of standardization on their bottom
line.
Although some firms justify technology standards
based on economic arguments, most firms rely on a
senior management mandate that empowers the CIO
to establish and enforce technology standards. This
managerial approach sometimes comes as a culture
shock, as one CIO described:
I come in and I pull every IT resource out of
every closet and every back room. Then I
centralize it. I tell them ahead of time this is
going to hurt, but it will only be temporary. I
have got to bring it all into a central loca-
tion, look at it, and figure out what is there,
what they do, and why they are doing it.
That takes about a year and a half.
The standardized technology stage also introduces
risks in managing the new standardized environment.
For example, firms need a process for recognizing
when a business need justifies an exception to a stan-
dard. In addition, IT managers need to monitor and
periodically upgrade standards to avoid obsolescence.
They have to clarify the costs and benefits of these
upgrades because business unit managers do not want
to pay to replace something that already works.
Firms in the standardized technology stage also face
new challenges in investment decisions. Funding for a
shared infrastructure demands that management con-
sider investments with longer payback periods than
other classes of applications.13 Infrastructure devel-
opment costs lead to frequent debates over funding
13
Weill, P. and Broadbent, M., Leveraging the New Infrastructure,
Harvard Business School Press, Boston, Massachusetts, 1998, lists
four classes of IT investment with differing payback periods. Infra-
structure investments had a slower payback than the three applica-
tion classes. See also Ross, J. and Beath, C.M., “Beyond the Busi-
ness Case: New Approaches to IT Investment,” Sloan Management
Review (43:2), Winter 2002, pp. 51-59 for a discussion of the differ-
ent approaches to applications and infrastructure investment deci-
sions.
© 2003 University of Minnesota
Ross l Strategic IT Architecture Competency
algorithms. Business units have different needs for
shared infrastructure at different points in time. Most
firms want to link funding to value received, but rela-
tive value provided by a shared infrastructure is diffi-
cult to assess.
Managers in firms with standardized technology archi-
tectures have found that, after a few years,14 early bat-
tles and mistakes are forgotten. People no longer ques-
tion the commitment to standards or the sharing of
infrastructure. This evolution positions firms for the
data rationalization stage, where standardization prac-
tices expand to incorporate data and sometimes even
business processes.
The Rationalized Data Architecture
Stage
Firms that have learned how to manage a standardized
set of infrastructure services are positioned to apply
similar discipline to their core data and processes.
Data rationalization refers to distinguishing the subset
of the firm’s data that must be unfailingly timely and
accurate for the firm to consistently meet customer
demands. Standardizing and integrating that critical
data subset stabilizes the firm’s core activities and
increases predictability of outcomes.
In the data rationalization stage, resources are shifted
away from application development and into data
management and infrastructure development. Data
management resources are used to develop centralized
data stores for the data that powers core activities. As
a rule, data embedded in application silos must be ex-
tracted and made easily accessible to all activities that
depend on it. Numerous tools support data rationaliza-
tion, including middleware, ERP, CRM, and internally
developed customer information files or product files,
such as UPS’ package level data file. These tools also
make data available to the applications that need it.
Infrastructure activities in the rationalized data stage
involve integrating the activities of the firm’s core
processes. To retain data integrity while integrating
core process activities, most firms introduce some
process standardization15 because when carried out
14
Managers’ estimates varied from 2 to 6 years for the elapsed time
between starting technology standardization and fully absorbing the
change culturally and technically in their firm.
15
Firms can standardize processes by implementing a single instance of
an application or by implementing multiple instances of the same
application. Similarly, while some manufacturing firms may install
an ERP package to standardize the entire order-to-cash process,
other firms may rely on one module of a customer relationship man-
agement system to limit process standardization to a small set of
functions in their call center. Differing needs determine the extent of
standardization. See Davenport, T.H., Process Innovation: Reengi-
MIS Quarterly Executive Vol. 2 No. 1 / March 2003 37
Ross l Strategic IT Architecture Competency
effectively, process standardization ensures the quality
of the central data stores. As long as the data is reli-
able, core process activities become predictable—a
given input always generates the same output. The
business rules for core processes are thus in effect
“wired” into the firm’s infrastructure. They ensure
consistency in customer response and become the ba-
sis for future innovation.
Appropriately defining the firm’s core processes is
thus critical to creating an effective rationalized data
architecture. Correctly “wiring the core” requires a
dialog between IT and senior business managers to
ensure that the core processes are indeed central to the
organization and that the business rules are stated de-
finitively. At a high level, managers can come to con-
sensus on core processes fairly easily.
For example, at both Air Products and Nestle USA,
management decided to wire the supply chain using
ERP. Both firms defined their business rules and built
those rules into the ERP package. The vendor set up
the package so that data flowed automatically to re-
lated processes. Citibank Asia Pacific established a
core set of standard personal and commercial banking
processes that could be replicated as new banks were
acquired or opened.
In defining a core process, management must deter-
mine which activities are included and which are not.
Management must also be explicit about the data these
activities rely on, and how they share that data. For
example, at Delta Air Lines, management determined
that the firm’s two core processes were customer ex-
perience (reservations, gate check-in, seat assignment,
baggage claim, boarding, rewards miles, etc.) and air-
line operations (allocating resources, loading, flight
departure, flight arrival, unloading aircraft, and clean-
ing aircraft). These two processes relied on 9 data-
bases: customer, maintenance, location, schedule,
equipment, employee, aircraft, supplies, and ticket.
Delta created a layer of middleware that provided a
publish-and-subscribe environment, so that when a
piece of data changed, a message about that change
was sent to all applications that “subscribed” to know-
ing the change. The result was single sources of data
for many systems, which meant that all systems were
simultaneously updated.
Two factors limit which processes and data belong in
the core. First, the business rules for a core process
must be rigid. If the firm envisions regular exceptions,
neering Work through Information Technology, Harvard Business
School Press, Boston, MA, 1993.
38 MIS Quarterly Executive Vol. 2 No. 1 / March 2003
then the process is better suited for customization than
standardization. Second, someone must be account-
able for the data. The predictability of core processes
depends entirely on the quality of the data, so ac-
countability for data must rest with persons who are in
a position to ensure disciplined processes and data
monitoring—i.e, business, not IT, people. One IT
leader described how data ownership shifted with the
implementation of ERP:
Historically within the company, we in IT
owned the data. Not only were we custodi-
ans of it, we were the ones who got beat up
whenever it got corrupted. In today's busi-
ness process environment, the business own-
ers and the process owners are learning that
they really own the data. We in IT can as-
sist them, we can make it available, and we
can set some standards, but they own the
data. There has been little argument on this.
Once we organized around business proc-
esses, they started to realize and recognize
the value of data and the importance that
data plays in this company.
Firms that moved into this third stage put a stake in
the ground with regard to defining the business. Once
wired, changing the business core has become
harder—nearly impossible—while building on that
essence to create new products and services has be-
come easier and faster. Schneider National, a large
trucking firm, wired its operations from dispatch to
delivery. In doing so, the firm can readily add new
services, such as satellite tracking and advance cus-
tomer notification. But this wiring did not position
Schneider to enter the logistics business. Fully aware
of what its architecture did and did not support,
Schneider designed a parallel IT architecture when it
added a logistics business.
Benefits and Risks of the Rationalized Data Archi-
tecture Stage. The rationalized data stage provides
significant business process efficiencies, but the pri-
mary objective of a rationalized data architecture is
process optimization. In particular, implementing a
rationalized data architecture involves embedding core
processes in the firm’s IT infrastructure. They become
part of the definition of the firm. In exchange for tak-
ing the risk of “permanently” wiring core process,
firms gain a platform positioned for innovation.
Extracting data from a firm’s legacy applications is a
nontrivial technical challenge, and thus a risk. More
overwhelming still are the management challenges of
adopting data and process standardization. First, man-
© 2003 University of Minnesota

agement must clearly explain the concept of “core” as
well as the data driving that core. Firms that “get it
right” can then move faster than their competitors.
Dell’s business model offers an example of a firm that
wired its core process to how it planned to do busi-
ness. Many fallen dot-coms did not.
A second risk is an implementation risk. A rational-
ized data architecture requires disciplined processes
and a strong central organization. In many cases, the
data architecture dictates a fundamentally different
way of working. At many firms, standardizing core
business processes has involved ripping away control
of business processes from local business unit leaders.
Business process standardization is thus much harder
to sell to local managers than technology standardiza-
tion. One CIO described the discomfort of installing
ERP and accompanying process standards:
It became very clear that what it was going
to take to do this [implement ERP] was ba-
sically senior executives telling the busi-
nesses they were going to do this. That was
a huge culture change. We're taking the keys
to the car away from you so we can go build
this new car.
This CIO said process standardization was “the most
top-down thing we’ve ever done in this organization.”
Another implementation risk is the risk of taking on
more change than the organization can absorb. For
example, one manager whose firm attempted to jump
from an application silo to a rationalized data architec-
ture through an 18-month ERP implementation said
his firm found the organizational change requirements
overwhelming. “We have exceeded our capacity for
change,” he explained. Firms that move too aggres-
sively to change technology and organizational habits
greatly increase their risk of failure.16
To implement change of this magnitude, senior man-
agement must establish priorities for transforming the
IT architecture. Successful efforts usually involve lev-
eraging existing capabilities while building the most
critical new capabilities. Successful firms focus on a
small set of priorities. As one senior executive de-
scribed her firm’s transformation:
We [senior management] as a team were
committed to the vision and committed to
16
Cohen, W. and Levinthal, D., “Absorptive Capacity: A New Perspec-
tive on Learning and Innovation,” Administrative Science Quarterly
(35:1), 1990, pp.128-152, describe the concept of organizational ca-
pacity for change. The authors note that an “… organization needs
prior related knowledge to assimilate new knowledge” (p. 129).
© 2003 University of Minnesota
Ross l Strategic IT Architecture Competency
each other to do 3 or 4 things very, very well
and not try to do 400 things.
This focus on a small set of priorities is critical be-
cause IT architectural changes demand significant
managerial resources. Senior management commit-
ment to the change effort is important to avoid confu-
sion and resistance. Regardless of the level of com-
mitment, though, change management is always a dif-
ficult task.17
Senior and IT business managers in firms in the ra-
tionalized data stage have learned how to articulate
strategy to define IT capabilities and how to identify
strategic opportunities the IT capabilities create. The
architecture allows the firm to protect its core proc-
esses while identifying opportunities to leverage those
processes. Leveraging a rationalized data architecture
eventually involves moving to a more modular archi-
tecture.
The Modular Architecture Stage
The rationalized data architecture enables process op-
timization through judiciously applied data and proc-
ess standardization. The modular architecture, on the
other hand, enables strategic agility through custom-
ized or reusable modules. These modules extend the
core processes, which have been wired into the infra-
structure during the rationalized data stage. Citibank
Asia Pacific is nearing the modular stage. Its rational-
ized data architecture allows it to quickly implement
its core products (e.g. checking accounts, personal
loans, and credit cards) in banks that it opens in new
countries. Over time, Citi will be able to provide al-
ternative channels and interfaces to its back-end proc-
esses through reusable or locally developed front-end
modules.18
Although no firms in this study have migrated to the
modular stage, those with rationalized data architec-
tures provide insights into the promise they see in
modularity. Top management has seized control of
data and core processes from local managers and has
17
Brown, C.V. and Vessey, I., “Managing the Next Wave of Enterprise
Systems: Leveraging Lessons from ERP Projects,” MISQ Executive
(2:1), 2003, describes the change effort involved in ERP implemen-
tation. ERP implementation is a good example of the change re-
quired in any implementation of a rationalized data architecture. See
also Robey, D., Ross, J.W. and Boudreau, M-C., “Learning to Im-
plement Enterprise Systems: An Exploratory Study of the Dialectics
of Change,” Journal of Management Information Systems (19:1),
Summer 2002, pp. 17-45, for a description of the learning challenges
associated with ERP.
18
See the full case write-up: Brand, A. Weill, P., Soh, C. and Perisamy,
P., “Citibank-Asia Pacific: Positioning IT as a Strategic Resource,”
Melbourne Business School, 1999.
MIS Quarterly Executive Vol. 2 No. 1 / March 2003 39
Ross l Strategic IT Architecture Competency
defined and standardized the core of the business.
With a wired core, IT management can provide agility
in two ways.
The first is to create reusable modules and allow busi-
ness units to select customer-oriented processes from
a menu of options. Web services, for example, offer
modules as reusable business services.19 Firms will be
able to select Web services modules from internal and
external sources.
The second way to provide agility is to give business
units greater discretion in their local processes, as long
as they can connect to the wired core processes. One
financial services institution is experimenting with this
model. To ensure reliable, low-cost processes, man-
agement specified systems to support some back-
office processing. However, management is encourag-
ing local development of new process support sys-
tems, anticipating that some new modules may even-
tually be offered firm-wide. Teaming a standardized
core with localized development can provide rapid
innovation and perhaps lead to reuse of locally-
developed modules.
Modules allow for local customization, but they do
not reduce the need for standardization. The enterprise
architecture for a modular architecture would require
an ongoing dialog between senior management and IT
executives to clarify which processes have one stan-
dard and are required, which processes have multiple
standard versions to provide local choice, and which
processes may be developed in the business units for
maximum local flexibility. To continue to provide all
the benefits of standardization in the rationalized data
stage—efficiency, single face to the customer, and
process integration—modularity architectures extend,
rather than replace, rationalized data architectures.
Because few firms have adopted rationalized data ar-
chitectures and because these data architectures are
difficult to master, only a few modular architectures
may be built in the next few years.
Benefits and Risks of the Modular Architecture
Stage. Modular architectures create the opportunity
for strategic agility. By ensuring the predictability of
core processes, they leverage the firm’s distinctive-
ness. By enabling local customization, they encourage
innovation and customer responsiveness. But to bene-
fit from modular architectures, firms need to learn
how to quickly identify the strategic opportunities that
best leverage their core and then quickly develop or
19
For a description of the potential of Web services, see Hagel, J. and
Brown, J.S., “Your Next IT Strategy,” Harvard Business Review,
October 2001, pp. 105-113.
40 MIS Quarterly Executive Vol. 2 No. 1 / March 2003
reuse modules that extend that core. Reusable modules
will build a thicker, denser core, providing greater
efficiencies while allowing local customization. Cus-
tom modules will allow experiments to respond to
changing market conditions. In the modular stage,
firms will almost certainly reuse their expertise in
process, data, and technology standardization.
The greatest risk in the modular stage is that firms will
rush to introduce modules before they have com-
pletely rationalized their core data. Modules can re-
store the autonomy and innovativeness of the applica-
tion silo stage. But without a solid process base, mod-
ules run the risk of also restoring the anarchy of hun-
dreds of unmanaged applications.
How Organizational Competencies
Change Across the Architecture
Stages
Figure 2 provides a summary of the characteristics and
types of learning in each architecture stage. Each stage
defines a dramatically different relationship between
IT and business executives and between IT architec-
ture and business strategy.
The application silo architecture stage allows an
arms-length relationship between IT architecture and
business strategy. Business people can define strategy
without IT input, and IT can deliver solutions without
understanding the business strategy. A firm can gener-
ate value in the application silo stage and position it-
self for subsequent stages by starting a dialog on IT
value between IT and business managers. Specifically,
IT and business managers can jointly estimate, meas-
ure, and communicate the value of IT-enabled busi-
ness processes. To institutionalize this learning, man-
agement formalizes the use of business cases and post-
implementation reviews.
In the standardized technology architecture stage,
business and IT managers build on their ability to
communicate IT value. They make decisions on IT
standards based on their negotiated understanding of
the impact of IT on business strategy. They also nego-
tiate funding models for the shared infrastructure, in-
cluding replacing and upgrading technologies before
they become obsolete. At this stage, IT and business
managers develop governance structures, such as ex-
ecutive committees, to formalize funding for the
shared infrastructure, both for new infrastructure de-
velopment and replacement (refresh). The executive
committee also debates the appropriate organizational
level for IT standards. Architecture committees, typi-
© 2003 University of Minnesota
 Ross l Strategic IT Architecture Competency

Figure 2: Characteristics of the Architecture Stages

Application Standardized Rationalized

Modular
Silo Technology Data
IT applications Firm-wide IT focused on Modules enable
serve isolated technology wiring core business model
IT Capability
business needs standards process extensions

Technology- Standardization Recognizing Practices

Key
enabled change and exception essence of the facilitating
Management
management management, business reusability
Innovation
refresh
ROI of Reduced IT costs; Improved Speed to market;
Business Case applications interoperability business strategic agility
for IT performance;
integration
Local control Senior Senior Senior mgmt, IT,
Locus of management management, IT, process, and local
Control support of CIO and process leadership
leadership
Estimate, Establish (local/ Determine core Define boundaries
Key measure, regional/ global) processes and for business
Governance communicate standard setting, funding priorities experiments
Issues value exception &
funding processes

cally populated with IT people, establish processes for introduce new governance mechanisms to encourage
developing, monitoring, and granting exceptions to component reuse, and they retain governance mecha-
standards. These governance structures enhance learn- nisms that support funding, standardization, and IT
ing by formalizing the negotiation process. value assessment.

In the rationalized data architecture stage, negotia-
tions become more sophisticated. IT capabilities
shape, as well as respond to, business strategy. IT and
business managers clarify strategic intent, critical IT
capabilities, and the target enterprise architecture.
These discussions eventually produce consensus on
the firm’s core processes and the data that drives
them. The executive committee continues to address
strategic IT prioritization and investment issues. The
firm applies its learning about standards to standardiz-
ing data and processes. Management institutionalizes
learning in governance mechanisms, such as project
prioritization processes.
Finally, the modular architecture stage introduces the
challenges of componentization, customization, stra-
tegic experiments, and reuse. In this stage, IT and
business management apply learning from the earlier
stages to discussions about strategic direction. They
Figure 3 shows how governance mechanisms accumu-
late as firms advance through the four stages. These
governance mechanisms create and track organiza-
tional readiness for the various stages. Technologies,
such as middleware, Web services, and enterprise sys-
tems allow firms to replace huge sections of their ex-
isting uncoordinated architecture with a more capable
architecture. Although firms have transformed their
architectures, they have not been able to benefit from
new technical capabilities until their managerial capa-
bilities catch up. In fact, one CIO noted that his firm
had attempted to leapfrog from an application silo
architecture to a rationalized data architecture by in-
stalling an ERP system. They failed—twice. Two
other firms skipped from application silos to rational-
ized data architectures but took many years to receive
payback on their IT investment. The managers were
not able to internalize the goals and objectives of the
firm’s architecture-related activities.

© 2003 University of Minnesota MIS Quarterly Executive Vol. 2 No. 1 / March 2003 41
Ross l Strategic IT Architecture Competency
Figure 3: Key IT Governance and Management Mechanisms
Strategic Implications of IT
Functional IT
Optimization Efficiency
Business cases
Post implementa-
tion reviews Executive committee
Architecture exception
process
Centralized
infrastructure funding
Infrastructure refresh
process
Process owners
Project prioritization
process
Data standardization
Standardized
Application Silo
Technology
Architecture Maturity
Lessons for Creating a Strategic
IT Architecture Competency
Creating a strategic IT architecture competency is a
long, difficult process. It involves ongoing negotia-
tions about a firm’s business strategy and about how
IT both shapes and responds to that strategy. It also
involves defining a target technology architecture (i.e.
applications, data, and infrastructure technology) and
doggedly pursuing that architecture even when imme-
diate business needs argue for leniency. Another step
in building out a strategic IT architecture involves
identifying the stage that best defines the firm’s archi-
tectural competency. A firm will want to excel both
technically and managerially in that stage. Then, in
many, though not all cases, the firm will want to start
working its way to the next architecture level.
The architecture stages model offers a number of les-
sons:
First, focus architecture efforts on key business proc-
esses. Architecture exercises that attempt to establish
links among applications, data, and infrastructure for
42 MIS Quarterly Executive Vol. 2 No. 1 / March 2003
Process Strategic
Optimization Choices
Mechanisms
for Designing
& Protecting
Architecture
Component funding
process
Component tracking
process
Rationalized
Modular
Data
all of a firm’s business processes will almost certainly
stall. Focus on just the core ones.
Second, don’t skip or rush through stages. Skipping
stages leads to either failures or delayed benefits.
Firms benefit more from making improvements in
their existing stage than from transformational efforts
that abruptly move them into foreign waters.
Third, recognize that complex organizations have
multiple architectures, which may be at different
stages. Like J&J, a firm may have a corporate archi-
tecture, as well as divisional architectures and busi-
ness unit architectures. Because these different archi-
tectures have different objectives, they will likely be
at different stages.
Fourth, institutionalize learning about architecture in
appropriate governance mechanisms. Governance
manages the architecture for value. Without govern-
ance, executives may find themselves with an expen-
sive, but limiting, technology base.
Fifth, continue the dialog. Enterprise IT architecture is
never complete. Ongoing dialog enables management
to continuously zero in on what matters. New people
© 2003 University of Minnesota
 Ross l Strategic IT Architecture Competency

need to understand strategy and IT alignment. Markets

change. Learning and architecture atrophy if ignored.
Any firm can lose its strategic edge if management
does not regularly check its assumptions about its IT
capabilities.

Sixth, keep an architecture capability in-house. The

architecture task is difficult enough that management
might want help. But the negotiations that lead to un-
derstanding the links between business strategy and IT
architecture require a close working relationship be-
tween business and IT.20

The payback for enterprise IT architecture efforts is

strategic alignment between IT and the business.
Alignment will generate a higher return on the firm’s
IT investments and focus the firm’s project portfolio
on initiatives likely to have strategic impact. Ulti-
mately, enterprise architecture leads to “happy sur-
prises.”

About the Author

Dr. Jeanne W. Ross is Principal Research Scientist at
MIT’s Center for Information Systems Research
(CISR) where she lectures, conducts research, and
teaches executive education courses on IT manage-
ment practices. Her work has appeared in Sloan Man-
agement Review, Harvard Business Review, Journal
of Management Information Systems, and MIS Quar-
terly. She is a former associate editor of MIS Quar-
terly and serves as a founding senior editor of MISQ
Executive ([email protected], web.mit.edu/cisr/www/).

20
On the other hand, a number of firms had outsourced significant
numbers of IT services with no apparent impact on the quality of the
architecture.

© 2003 University of Minnesota MIS Quarterly Executive Vol. 2 No. 1 / March 2003 43