When IT concepts become a risk – Why reviews and project management need to be rethought

IT architecture under pressure

The focus is on IT-related roles such as IT architects, project managers, application managers or enterprise architects and, last but not least, developers. They are responsible for the quality and consistency of technical IT concepts – and therefore also for their regulatory compliance.

Especially in highly regulated industries such as banking, this responsibility is associated with high requirements: DORA, GDPR, MaRisk or BAIT are not abstract concepts, but a daily reality. Their role is central to a consistent enterprise architecture.

When the review process becomes a bottleneck

The symptoms are similar in many companies – and they are measurable:

• Project delays because IT concepts are reviewed too late or not at all. Close dovetailing with project management is essential here.
• High manual effort: Three person-days (including feedback loops) per concept and reviewer are not uncommon – with a scope of approx. 50 pages.
• Inconsistent evaluations, as different reviewers work with different standards. Incorrect requirements that later lead to software errors – with exponentially increasing costs.
• Shortage of experts: “We don’t have anyone who can check it right now” is a common phrase.
• Uncertainty regarding regulatory conformity, for example with new requirements such as DORA. This applies in particular to aspects of compliance and IT governance.

Between aspiration and reality

The discrepancy between the demand for structured, compliant IT concepts and the available resources often leads to inefficient, difficult to scale architecture reviews in IT departments. Despite established standards, manual review processes are reaching their limits, while regulatory pressure and the speed of innovation are constantly increasing.

Many IT architects use architecture frameworks such as arc42 to document and evaluate their IT concepts in a structured manner. These frameworks provide a standardized basis for architecture reviews and promote the traceability of technical decisions.

The target image: AI-supported automation as the key to scaling

An ideal target state would be an IT architecture process that is supported by intelligent automation – especially in the architecture review.

Instead of manual checks, AI-supported systems take over the analysis of IT concepts, detect inconsistencies, evaluate regulatory requirements and suggest optimization potential. These systems work with pre-trained models that take into account the aforementioned templates such as arc42 as well as regulatory requirements such as DORA or GDPR and continuously learn.

This results in a review process that is:

• consistent and comprehensible,
• available at all times – independent of individual experts,
• standardized and compliant and
• significantly more efficient than today’s manual processes.

The role of the experts changes: they validate the results, train the systems further and concentrate on particularly complex cases.

This turns a bottleneck process into a scalable quality instrument – and IT governance into an intelligent, learning control mechanism.

AI as the key to resilient IT governance

At a time when banks are increasingly reliant on digital processes, the quality of technical IT concepts is becoming a strategic success factor. Automation through artificial intelligence is becoming increasingly important in this context: it enables architecture reviews to be carried out in a scalable, consistent and compliant manner – regardless of individual availability or manual capacity.

AI-supported systems analyze IT concepts, identify regulatory gaps and support IT governance with data-based recommendations. This turns a bottleneck process into an intelligent control mechanism that not only creates efficiency, but also strengthens resilience and the ability to innovate.

By automating routine architecture reviews, experts are relieved and gain time for strategically important, complex tasks.