Architecture Board and decision rights

G21I defines the Architecture Board as the governance body responsible for reviewing and maintaining the overall coherence of the architecture. The key word in that definition is coherence. The board exists to protect the enterprise from decisions that would create cross-enterprise divergence, not from every local design choice.

G21I positions the Architecture Board as the primary governance forum for architecture decisions. It is not the only governance forum in the enterprise, and it should not try to be. Investment decisions belong to investment committees. Technical design decisions within a bounded solution belong to solution architects and delivery teams. The Architecture Board owns the decisions that sit between those levels: choices that affect enterprise direction, cross-domain coherence, and the integrity of the architecture roadmap.

G21I recommends that the Architecture Board includes representation from business, technology, delivery, and architecture functions. The rationale is that architecture decisions affect all four areas, and a board without business or delivery representation will make decisions that those groups do not recognise or respect.

A practical board composition for a medium-to-large enterprise typically includes the following roles.

• Chair (typically chief architect or CTO). Responsible for agenda, decision recording, and ensuring the board remains selective.
• Business representatives. Senior business leaders or business architects who can assess whether architecture decisions align with business strategy and priorities.
• Domain architects. Architects responsible for specific domains (business, data, application, technology) who bring domain expertise to cross-cutting decisions.
• Delivery or programme representatives. Programme managers or delivery leads who can assess whether architecture decisions are deliverable and can identify downstream impact.
• Technology leadership. CTO or technology director representation to connect architecture decisions to technology strategy, platform choices, and operational constraints.
• Security and risk representation. In regulated enterprises, a cyber or risk representative ensures that architecture decisions are assessed against security and resilience requirements.

The board should be small enough to make decisions (typically 6 to 10 members) and senior enough that its decisions carry authority. A board with 25 members is a committee, not a decision forum.

The board's remit should be explicit and bounded. G21I identifies several categories of decision that typically belong at board level.

Target-state and transition decisions. Choices that define or change the enterprise direction, transition-state acceptance criteria, or the integrity of the roadmap.

Material exceptions and dispensations. Deviations from the target architecture that could create future divergence, resilience weakness, or cross-enterprise cost if approved casually. Module 54 covers the compliance and waiver process in detail.

Cross-domain integration decisions. Choices where two or more architectural domains intersect and no single domain architect has sufficient authority to resolve the conflict alone.

Release conditions with enterprise consequence. Moments where the enterprise needs to know whether the next transition step is safe enough and aligned enough to proceed.

Principle interpretation and precedent. Situations where applying an architecture principle to a specific case requires interpretation that will set precedent for future decisions.

Equally important is what the board should not own. Routine design decisions within a single domain, minor configuration choices, and operational incidents should not reach the board. If they do, the board becomes the bottleneck described in the opening story.

Decision rights are the explicit assignment of authority to decide specific types of question. They answer the question: who is authorised to make this decision, and under what conditions must it be escalated?

Without explicit decision rights, every governance interaction becomes a negotiation. Delivery teams do not know which decisions need board review. Domain architects do not know which decisions they can make locally. The board does not know which items deserve its attention. The result is the pattern from the opening story: everything comes to the board, little gets decided, and delivery teams learn to route around the process.

A practical decision-rights matrix assigns each category of decision to one of three levels.

• Board decides. The Architecture Board has authority to approve, reject, or conditionally approve. Examples: target-state changes, major exceptions, cross-domain integration conflicts, release conditions with enterprise consequence.
• Domain architect decides, board is informed. The domain architect has authority to make the decision within defined boundaries. The board receives a summary for awareness and can intervene only if the decision crosses the board-level threshold. Examples: domain-specific design choices, minor deviations with bounded impact.
• Delivery team decides within guardrails. The delivery team makes the decision within published principles, standards, and patterns. No escalation is required unless the decision falls outside the guardrails. Examples: technology configuration within approved platforms, UI design choices, implementation sequencing within an approved work package.

This three-level structure is simple but powerful. It means delivery teams can predict which decisions need board review, domain architects know their authority boundaries, and the board reserves its time for decisions that genuinely need enterprise-level attention.

The board's meeting cadence should match the enterprise's decision pace. Too frequent and the board becomes a status meeting. Too infrequent and decisions queue up, creating delay that delivery teams resent.

For most medium-to-large enterprises, a fortnightly cadence works well. The standing agenda should be structured to protect decision time.

1. Decision items (60% of time). Items that require a board decision. Each item has a named proposer, a decision paper circulated in advance, and a clear question for the board to answer.
2. Exception review (20% of time). Active exceptions and dispensations. The board reviews status, expiry dates, and compensating controls. Any exception approaching its expiry without resolution is escalated.
3. Information items (15% of time). Domain architect decisions reported for board awareness. The board can escalate any item to decision status if it identifies a cross-enterprise concern.
4. Forward look (5% of time). Upcoming decisions that will need board attention in the next 4 to 8 weeks, allowing members to prepare.

The chair's most important discipline is protecting decision time. If information items expand to consume the meeting, the board becomes a briefing forum rather than a decision body.

Signs the board is reviewing too much. Decision items routinely carry over between meetings because there is not enough time. Delivery teams reclassify work to avoid triggering board review. The board rarely says "this is not a board-level item" and returns it to the appropriate level. Board meetings feel like status updates rather than decision sessions.

Signs the board is reviewing too little. Cross-domain divergence is discovered months after the fact. Major exceptions are handled informally without board awareness. Delivery teams make enterprise-level choices without realising they have crossed a decision-rights boundary. The board meets infrequently and struggles to find agenda items.

Both patterns indicate a decision-rights problem. The remedy is not more or fewer meetings but clearer boundaries about what belongs at each decision level.

London's Architecture Board is designed around the G21I framework with explicit decision rights tailored to a regulated utility context.

Composition (8 members)

• Chief architect (chair)
• Head of customer operations (business)
• Head of network operations (business)
• Data governance lead
• Chief information security officer
• Programme director (delivery)
• Technology director
• Regulatory affairs representative

Decision rights

• Board decides: target-state changes affecting more than one domain, transition-state acceptance, exceptions with cross-domain impact, release conditions for enterprise milestones, principle interpretation precedents.
• Domain architect decides, board informed: domain-specific design choices within approved target state, minor deviations with compensating controls in place, technology selection within approved platform catalogue.
• Delivery team decides within guardrails: implementation sequencing within approved work packages, configuration choices within approved platforms, local user-interface design.

Meeting cadence

Fortnightly, 90 minutes. Decision papers circulated 48 hours in advance. Decision log published within 24 hours of each meeting. Escalation to the investment committee when a decision has budgetary consequence above the architecture authority threshold.

Regulatory interface

Because London operates under Ofgem regulation, the board's decision log feeds into regulatory submissions. Architecture decisions that affect the ED3 business plan, data publication obligations, or cyber resilience commitments are tagged for regulatory traceability. The regulatory affairs representative ensures this traceability is maintained.