The Open Group OGEA-103 TOGAF Enterprise Architecture Combined Part 1 and Part 2 Exam Exam Practice Test

The Business Value Assessment Technique is a technique that can be used to estimate and compare the business value of the projects and project increments that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. The business value is the measure of the benefits or advantages that the project or project increment delivers to the business, such as increased revenue, reduced costs, improved quality, or enhanced customer satisfaction1

The steps for applying the Business Value Assessment Technique are:

Identify the criteria and factors that are relevant to the business value assessment, such as costs, benefits, risks, and opportunities. The criteria and factors should be aligned with the business goals and drivers that motivate the architecture work, and the stakeholder requirements and concerns that influence the architecture work.

Assign weights and scores to the criteria and factors, using various methods, such as expert judgment, historical data, or analytical models. The weights and scores should reflect the importance and performance of the criteria and factors, and the trade-offs and preferences of the stakeholders.

Calculate the business value for each project or project increment, using various techniques, such as net present value, return on investment, or balanced scorecard. The business value should indicate the expected or actual outcomes and impacts of the project or project increment on the business.

Prioritize the implementation projects and project increments, based on the business value and other considerations, such as dependencies, resources, or risks. The prioritization should determine the order or sequence of the projects and project increments, and the allocation and utilization of the resources.

Therefore, the best answer is C, because it describes the next steps for the migration planning, which are the activities that support the transition from the Baseline Architecture to the Target Architecture. The answer covers the Business Value Assessment Technique, which is relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 28: Business Value Assessment Technique : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks

In TOGAF, creating a Business Scenario is a foundational step in defining and understanding the business problem, especially for complex transformations involving multiple stakeholders andsystems, such as in this scenario. This method aligns with Phase A (Architecture Vision) of the TOGAF Architecture Development Method (ADM). Here’s why this approach is the most effective:

Understanding Business Requirements:A Business Scenario provides a structured way to capture and analyze the business requirements, stakeholder concerns, and the contextual elements related to the problem. In this scenario, the company faces challenges in integrating newly acquired companies with existing operations, which includes complex stakeholder concerns across different functional areas. Developing a Business Scenario allows the EA team to break down these complexities into identifiable and manageable parts.

Risk Evaluation and Management:By using the Business Scenario approach, the EA team can not only define the requirements but also assess associated risks systematically. TOGAF emphasizes the importance of risk management through identifying potential risks, evaluating their impact, and defining strategies for handling these risks. The process includes assessing how risks can be avoided, transferred, or reduced—a necessary step in large-scale transformations to ensure that risks are proactively managed.

Residual Risks and Governance:Any risks that cannot be fully resolved should be identified as residual risks and escalated to the Architecture Board, which is aligned with TOGAF’s governance approach. The Architecture Board’s role in TOGAF is to provide oversight and make critical decisions on risks that exceed the control of the EA team. This ensures that unresolved risks are managed at the appropriate level of the organization.

Alignment with TOGAF ADM Phases:The Business Scenario approach directly aligns with the Preliminary and Architecture Vision phases of the TOGAF ADM, which focuses on establishing a baseline understanding of the business context and the strategic transformation required. The detailed understanding of requirements, stakeholder concerns, and risks identified here will guide the subsequent phases of the ADM, including Business Architecture and Information Systems Architecture.

TOGAF Reference (Section 2.6, ADM Techniques):TOGAF provides guidelines on the creation of Business Scenarios as part of ADM Techniques, highlighting the importance of defining a business problem comprehensively to ensure successful transformation. This method includes identification of stakeholders, business requirements, and associated risks, which aligns well with the company's need for strategic and systematic integration of new business units.

By utilizing a Business Scenario, the EA team ensures that all aspects of the transformation are well understood, risks are identified early, and residual risks are managed effectively, aligning with the company's strategic objectives and the TOGAF framework’s guidance on risk management and stakeholder alignment.

The scenario clearly states that:

The overall objective is known,

BUT the EA team is expected to define the scope, shared vision, and requirements,

The company uses an iterative approach,

The CEO wants repurpose and reuse rather than replace,

This is a major strategic shift (new markets, new products, new crop mix).

According to the TOGAF standard, when the problem must be understood, and scope, vision, and requirements are not yet defined, the correct starting point is Phase A: Architecture Vision, using an iteration cycle.

This is also consistent with the “baseline-first” approach recommended in the TOGAF Series Guides for situations where:

the business direction is known but high-level,

detailed impacts must be discovered,

and the organization wants to reuse existing capabilities rather than replace them.

Option B is the only answer that:

Begins by understanding the problem,

Defines the structure of the change,

Uses iteration cycles starting with a baseline-first approach,

Leads into transition planning,

Supports clarification of the shared vision and requirements,

Fits the CIO’s instruction to “define the scope, shared vision, and requirements.”

This matches exactly what TOGAF prescribes in early-cycle Architecture Vision and initial iterations.

The correct answer is C, as it aligns with the TOGAF ADM approach and best practices for organizing architecture work in a phased and structured manner.

Analysis of the Correct Answer (Option C):

Identifying Projects, Dependencies, and Synergies

The scenario describes a phased approach to vehicle development over five years.

Identifying dependencies ensures a logical and structured rollout of technology and business capabilities.

Developing High-Level Architecture Descriptions

Since Business Architecture is already defined, it is now time to develop high-level descriptions of Information Systems and Technology Architectures.

TOGAF emphasizes incremental and iterative refinement, meaning that starting with high-level descriptions is a logical first step.

Determining Workload and Resource Allocation

TOGAF ADM Phase B, C, and D involve creating architecture descriptions.

Understanding how much work is required ensures efficient resource planning and allocation.

Identifying Reference Architectures and Building Blocks

Using reference architectures and reusable architecture building blocks (ABBs) is a key best practice in TOGAF.

This enables efficiency and consistency in architecture development.

Evaluating Costs, Risks, and Feasibility

TOGAF emphasizes a risk-aware approach to enterprise architecture.

Documenting options, risks, and control measures ensures feasibility before execution.

Why Other Options Are Incorrect?

Option A: Initiating ADM Phase A Again

Incorrect because the scenario states that the Architecture Vision has already been completed.

Phase A is used for initial vision-setting, but at this point, the focus is on executing defined architectures.

Option B: Researching Data Companies for Target Architecture Development

Incorrect because the focus should be on defining internal architectures rather than external research.

While benchmarking best practices can be useful, it is not the primary activity at this stage.

Option D: Studying Other Companies and Performing Readiness Assessment

Incorrect because the focus should be on leveraging the organization's existing architecture and resources.

Solution provider readiness assessments are typically part of procurement, not enterprise architecture development.

Comprehensive and Detailed Explanation From Exact Extract (150–250 words):

Option C is the best answer because it directly aligns with the most critical concerns expressed in the scenario and maps precisely to the example Architecture Principles defined in the TOGAF standard.

The principle Common Vocabulary and Data Definitions is essential in a healthcare environment where standardized medical coding, shared electronic health records, and cross-provider data exchange are core operational requirements. Without consistent data definitions, AI-based solutions would misinterpret clinical information, leading to unsafe or incorrect outcomes.

Data Security is one of the most fundamental principles in regulated industries such as healthcare. The scenario explicitly highlights privacy, prevention of data breaches, system availability, and protection of life-critical systems. This principle ensures confidentiality, integrity, and availability of patient data, all of which are non-negotiable constraints for architecture work in this context.

Requirements-Based Change ensures that architectural decisions are driven by clearly defined business and clinical requirements rather than technology trends alone. This is particularly important for AI initiatives, where stakeholder concerns emphasize patient outcomes, life-critical timing, and minimal disruption. This principle ensures that AI adoption is justified, traceable, and aligned with healthcare priorities.

The other options either focus too broadly on governance, enterprise-wide benefit, or general accessibility, and do not sufficiently address the clinical safety, data integrity, and requirements-driven nature of the project. Therefore, Option C best reflects TOGAF guidance for this scenario.

You are asked to identify the most relevant Architecture Principles, besides Business Continuity, that apply to a rapid merger, where:

Back-office and store management systems will be consolidated

Duplicate applications will be eliminated

Innovation must remain fast

Customer experience must remain uninterrupted

Combined enterprise value is the priority

TOGAF’s example Architecture Principles include four main categories:

Business Principles

Data Principles

Application Principles

Technology Principles

Option D contains the principles that best support the specific needs of the merger as described.

✔ Why Option D is correct

1. Service Orientation (Business Principle)

This principle states that architecture should be organized around services, enabling flexibility, loose coupling, and ease of integration.

For the merger:

Integrating two companies’ store systems, mobile apps, and inventory platforms requires modular, interoperable services.

Service orientation directly supports the requirement that innovation must not slow down.

It allows systems to be merged with minimal disruption.

This principle supports fast integration + ongoing innovation — exactly what stakeholders demand.

2. Maximize Benefit to the Enterprise (Business Principle)

This principle ensures decisions are made from an enterprise-wide (not departmental or local) perspective.

In the scenario:

Two companies are merging.

Decisions must prioritize combined enterprise value, not local optimizations by either company.

System consolidation and elimination of duplicates requires an enterprise-first mindset.

This principle aligns perfectly with a merger that aims to unify operations and reduce redundancy.

3. Common Use Applications (Application Principle)

This is one of the MOST relevant principles in any merger.

TOGAF defines this principle as:

“Applications should be shared across the enterprise and not duplicated.”

In the scenario:

Back-office systems and store management tools must be consolidated.

Duplicate applications are explicitly to be reduced.

One main system will be used across stores.

This principle directly matches the merger's objectives.

✔ Summary

Option D contains the three principles that best support:

A major merger

System consolidation

Reduction of duplication

Enterprise-wide benefit

Flexible, service-oriented integration

Continued innovation

Therefore, Option D is the most appropriate selection according to TOGAF’s example Architecture Principles.

Option D most precisely reflects the TOGAF example Architecture Principles and aligns directly with the explicit constraints described in the scenario.

The healthcare environment described is highly regulated, data-sensitive, and operationally life-critical. The principle Common Vocabulary and Data Definitions is fundamental because the organization shares electronic health records across providers and relies on standardized medical coding. For AI-based systems to function correctly and safely, consistent interpretation of clinical data across divisions is mandatory.

The principle Data Security directly addresses the requirements for privacy, prevention of breaches, regulatory compliance, integrity of patient records, and continuous availability of systems that support life-critical operations. In healthcare, availability is not merely operational—it is safety-related.

The principle Requirements-Based Change ensures that architecture decisions are driven by validated business and clinical requirements. The scenario clearly emphasizes patient outcomes, life-critical timing, and minimal disruption. This principle ensures AI adoption is justified by measurable clinical and business needs rather than by competitive pressure alone.

The other options contain partially relevant principles but do not collectively address clinical data consistency, regulatory protection, safety, and requirement traceability as comprehensively as Option D.

Therefore, according to TOGAF Architecture Principles guidance, Option D is the best answer.

Option C aligns best with TOGAF Phase F: Migration Planning, which deals with developing a detailed Implementation and Migration Plan, ensuring alignment with other enterprise frameworks, and assigning business value to work packages and projects.

???? TOGAF Phase F Activities (from the standard):

Confirm Management Framework Interactions:

Per TOGAF, Phase F ensures that the migration planning is aligned with the business planning, portfolio/project management, and operations management frameworks used by the enterprise (which are mentioned in the scenario).

TOGAF emphasizes coordination between EA and other enterprise governance processes.

Prioritize Projects:

TOGAF recommends using business value, resource availability, and strategic alignment to prioritize the various work packages and projects for implementation.

This is directly referenced in option C: "assign a business value to each project, considering the available resources and how well they align with the strategy."

Update Roadmaps and Implementation Plan:

After coordination and prioritization, the Architecture Roadmap and the Implementation and Migration Plan are updated.

This is essential before formal governance (Phase G).

❌ Why the Other Options Are Incorrect:

A: Incorrect focus on updating the Architecture Definition Document and lessons learned.

The Architecture Definition Document is mostly finalized in Phases B–E.

Lessons learned and governance modeling are more relevant to Phase G (Implementation Governance) and Phase H (Architecture Change Management), not Phase F.

B: Although it mentions the Business Value Assessment Technique (a valid tool in TOGAF), it includes Architecture Definition Increments Table, which is not a standard TOGAF artifact.

Also, "document the lessons learned" is premature in Phase F; these are more applicable in Phase H.

D: Focuses on Compliance Assessment, which is part of Phase G (Implementation Governance), not Phase F.

Changing performance requirements based on monitoring tools is handled during operations and change management, not during migration planning.

???? Source References from TOGAF:

TOGAF 9.2 – Section 11.3 (Phase F: Migration Planning)

"Activities include confirming the enterprise's capability for transition, prioritizing projects, identifying dependencies and resource availability, and co-ordinating with other management frameworks."

TOGAF 9.2 – Section 11.4 Outputs:

Architecture Roadmap (updated)

Implementation and Migration Plan (updated)

Business Value Assessment

Consolidated Gaps, Solutions, and Dependencies

In the context of the TOGAF standard, stakeholder management and addressing stakeholder concerns are critical components, especially for high-impact initiatives like adopting an AI-first approach. Here’s why the selected answer aligns best with TOGAF principles and the scenario:

Stakeholder Analysis and Engagement:Conducting a stakeholder analysis is essential as it helps identify and document the concerns, issues, and cultural factors influencing each stakeholder group. This aligns with TOGAF’s emphasis on understanding and managing stakeholder concerns, particularly in the Preliminary and Architecture Vision phases of the ADM (Architecture Development Method). Since the scenario highlights diverse concerns about AI, understanding each group's unique perspective will help the EA team tailor the architecture to address these effectively.

Architecture Vision Document:By documenting these concerns in the Architecture Vision document, the EA team can provide a clear, high-level representation of how AI will be adopted, its benefits, and how it addresses specific stakeholder concerns. This is critical for communicating the intent and value of the AI-first approach in a way that aligns with the agency's strategic goals, including addressing apprehensions about job security, skill development, and cyber resilience.

Risk Management and Architecture Requirements Specification:TOGAF highlights the importance of identifying and managing risks early in the process. By documenting the requirements related to risk in the Architecture Requirements Specification, the EA team ensures that these concerns are formally integrated into the architecture and addressed throughout the ADM phases. Regular assessments and feedback loops will provide a mechanism for continual risk monitoring and adjustment as the AI-first initiative progresses.

Alignment with TOGAF’s ADM Phases:The approach specified aligns with TOGAF’s guidance on managing risk and stakeholder concerns during the early ADM phases, specifically Architecture Vision and Requirements Management. In these phases, the framework emphasizes identifying and addressing risks associated with stakeholders' concerns to build a resilient and widely accepted architecture.

Reference to TOGAF Stakeholder Management Techniques:TOGAF’s stakeholder management techniques underscore the importance of understanding and addressing stakeholder needs as a foundational step. This involves assessing the influence and interest of various stakeholders and integrating their views into architectural development, ensuring that the architecture aligns with both business goals and operational realities.

In conclusion, by conducting a thorough stakeholder analysis and documenting concerns in both the Architecture Vision and Architecture Requirements Specification, the EA team can ensure that stakeholder concerns are addressed, that the architecture supports AI adoption effectively, and that potential risks are managed proactively. This approach will foster acceptance among stakeholders and ensure that the architecture aligns with the agency’s strategic goals and risk management requirements as recommended by TOGAF.

In TOGAF, when an enterprise undergoes a significant strategic shift—particularly one initiated by executive leadership without a clearly defined scope, vision, or objectives—the correct starting point is always Phase A: Architecture Vision, and only after a formal Request for Architecture Work is created or updated. The scenario explicitly states that the CEO has approved a request for architecture change but has not defined scope, constraints, or direction. This aligns precisely with TOGAF guidance that Phase A must establish the high-level vision, stakeholder concerns, business drivers, and initial requirements before moving into the detailed architecture development phases (B, C, D).

Answer choice C reflects this: it requires producing a new Request for Architecture Work and developing a new Architecture Vision, which is the foundational step for any enterprise-wide transformational effort. TOGAF also requires application of the trade-off method to balance stakeholder needs in the Vision phase before detailed architectures are designed.

Choices A and D incorrectly assume architecture definition can begin without a clear approved vision. Choice B focuses solely on Technology Architecture, which contradicts TOGAF’s requirement that Business Architecture must lead the effort during major transformation.

Thus, the only answer compliant with TOGAF ADM is C.

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

The correct answer is B, as it aligns with TOGAF's stakeholder management approach, ensuring that stakeholder concerns are captured and addressed iteratively throughout the architecture development process.

Analysis of the Correct Answer (Option B):

Stakeholder Analysis and Mapping

The scenario highlights that top managers and staff are worried about the changes AI will bring.

TOGAF recommends stakeholder analysis early in the ADM process to ensure that concerns, expectations, and risks are documented.

Creating a Stakeholder Map groups stakeholders by common concerns, allowing architects to develop tailored viewpoints.

Recording Concerns in the Architecture Vision Document

The Architecture Vision (ADM Phase A) serves as a high-level guiding document.

Capturing stakeholder concerns in the Vision document ensures alignment between business goals and technology implementation.

Iterative Development and Regular Feedback

The scenario describes an AI-powered system with major business impacts, so incremental validation is necessary.

TOGAF emphasizes progressive development to manage risk and validate requirements continuously.

Regular feedback loops help mitigate resistance from top managers and staff.

Why Other Options Are Incorrect?

Option A: Creating Models for Business, Application, and Technology Architectures

Incorrect because while compliance is important, it does not address stakeholder concerns directly.

The scenario is about ensuring buy-in from top managers and employees, not just regulatory compliance.

Option C: Using Uniform Business Models Across AI Projects

Incorrect because a one-size-fits-all model does not allow for regional and functional differences within the company.

The scenario emphasizes the need to address specific concerns of top managers and different locations, which requires stakeholder-specific customization.

Option D: Creating a Communications Plan

Incorrect because communication alone does not resolve stakeholder concerns.

While communication is useful, the architecture development process should include stakeholder engagement and progressive validation, not just reporting.

In this scenario, the enterprise is undergoing significant transformation due to a merger and the adoption of new technology (hand-held devices). Several key principles from TOGAF's ADM Techniques—particularly those focused on promoting enterprise-wide standardization, adaptability, and data utilization—are pertinent here:

Maximize Benefit to the Enterprise:This principle emphasizes that all architectural decisions should deliver maximum business value. Given that the company is integrating systems to cut costs and improve offerings, maximizing the benefit is crucial. Ensuring that the EA efforts align with enterprise-wide benefits supports the goal of optimizing costs and enhancing offerings, which aligns with the CEO’s vision for the merger.

Common Use Applications:Standardizing applications across the merged entity will be essential to achieve cost savings and to simplify operations. The goal of reducing the number of applications fits with this principle, ensuring that reusable and widely adopted applications support business functions across the organization. Adopting this principle will also aid in harmonizing the systems from both organizations and avoiding unnecessary diversity.

Data is an Asset:Data plays a central role in the company's operations, especially with the use of AI-driven inventory management and the integration of systems. Treating data as an asset is essential for reliable and accurate decision-making. This principle ensures that data is viewed as a critical enterprise resource and is managed with care, maintaining integrity, accuracy, and value.

Responsive Change Management:The organization’s ability to adapt quickly and effectively to changes, such as integrating new handheld devices and merging systems, is essential. This principle will facilitate the smooth transition required for integrating the new handheld devices and the merger-related system updates while minimizing disruption to store operations.

Technology Independence:Since the enterprise will likely encounter varied technologies from the merger, it is crucial to maintain flexibility. This principle advocates for using technology solutions that are adaptable and not bound to a single vendor or specific technology. This ensures that the enterprise can integrate various technological components from both organizations and evolve with minimal constraints.

These principles align well with TOGAF's broader recommendations for guiding architectural changes, as found in Section 2.6 of the TOGAF ADM Techniques. They ensure that the EA practice is aligned with business objectives while maintaining flexibility, data integrity, and a focus on enterprise-wide benefits. These guiding principles are critical for the successful execution of the integration and adoption of new technologies while achieving cost efficiencies and improving service delivery.

For reference, TOGAF's ADM Techniques highlight the importance of architectural principles in guiding transformational initiatives, ensuring that decisions are made consistently across the enterprise. Each principle supports organizational agility, system integration, and the efficient use of technology resources, all of which are vital for the enterprise's stated objectives.

Option C most accurately reflects the TOGAF standard’s guidance on Architecture Contracts and Architecture Governance during implementation (Phase G).

The Architecture Contract in TOGAF formalizes the agreement between the architecture function and the implementation organization. It must clearly define objectives, performance measures, deliverables, quality criteria, risks, and acceptance terms. This ensures consistent quality and traceability across distributed implementations, which directly addresses the Chief Engineer’s concern about inconsistent deployment across multiple plants.

TOGAF further requires architecture compliance reviews at defined checkpoints to verify conformance to the Architecture Definition. Any deviations must be formally reviewed by the Architecture Board. If justified, a dispensation may be granted; however, this must follow a governed process, not informal adjustment.

For third-party suppliers, TOGAF states that contracts must be legally enforceable to ensure compliance. Additionally, governance frameworks should include a dispute resolution mechanism to manage disagreements not resolved through compliance review.

Options A and B omit structured compliance review scheduling and formal governance rigor. Option D incorrectly suggests modifying the Architecture Definition through a new Request for Architecture Work, which is not required for local dispensations.

Therefore, according to TOGAF Architecture Governance guidance, Option C is the best answer.

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The agency is initiating a strategic “AI-first” plan to transform processes using AI and improve efficiency while ensuring service improvements for citizens. Several stakeholder concerns have been raised, such as:

Job security for employees.

Skill development for adapting to new technologies.

Cybersecurity and resilience risks due to reliance on digital platforms.

TOGAF emphasizes the importance of stakeholder management, communication, and risk management to ensure successful adoption and implementation of new architecture. These concerns need to be addressed methodically by gathering requirements, analyzing stakeholder positions, and ensuring proper communication of risks and benefits.

Option Analysis

Option A:

Strengths:

Proposes creating an Organization Map to identify the links between different parts of the agency and the impact of the strategic change.

Suggests holding stakeholder meetings to address concerns.

Includes managing risks as part of Security Architecture development.

Weaknesses:

Focusing solely on creating business models and teaching stakeholders how to interpret them does not directly address cultural and positional concerns about job loss, skill development, and security.

Risk management is addressed as part of Security Architecture development but lacks broader integration into stakeholder requirements.

Conclusion: Incorrect, as it fails to systematically document stakeholder concerns and map them into requirements and architecture decisions.

Option B:

Strengths:

Highlights the importance of formal stakeholder identification and creating a Communication Plan.

Suggests addressing stakeholder concerns through communication and risk management.

Weaknesses:

Does not go into detail on analyzing stakeholder concerns, cultural positions, or specific requirements.

Lacks the inclusion of stakeholder feedback in architecture artifacts like the Architecture Vision or Requirements Specification, which are critical TOGAF outputs.

Conclusion: Incorrect, as it does not include a systematic and structured approach for stakeholder analysis and integration into architecture deliverables.

Option C:

Strengths:

Emphasizes conducting a thorough stakeholder analysis to document concerns, positions, and cultural factors, which aligns with TOGAF’s approach in Phase A (Architecture Vision).

Ensures stakeholder views and requirements are recorded in the Architecture Vision document and reflected in the Architecture Requirements Specification.

Includes continuous assessment and feedback, ensuring concerns are addressed and risks managed effectively.

Aligns with TOGAF's principle of involving stakeholders in architecture development to ensure alignment and success.

Weaknesses:

Could further detail how risk management is included across all phases, but this is implied through integration into the Architecture Requirements Specification.

Conclusion: Correct, as it provides a structured and detailed approach for addressing stakeholder concerns and managing risks within TOGAF’s framework.

Option D:

Strengths:

Suggests categorizing stakeholders into groups and creating models for each category.

Proposes arranging meetings to verify that concerns have been addressed.

Includes risk management as part of the process.

Weaknesses:

Dividing stakeholders into generic categories (e.g., corporate functions, project team) may not adequately capture specific cultural factors and concerns raised in the scenario.

Lacks integration of stakeholder feedback into architecture deliverables such as the Architecture Vision and Architecture Requirements Specification.

Conclusion: Incorrect, as it provides a generalized and less targeted approach to stakeholder concerns compared to Option C.

TOGAF References

Stakeholder Management (Phase A): TOGAF emphasizes analyzing stakeholders’ positions, concerns, and issues to shape architecture development and communication (TOGAF 9.2, Section 24.2).

Architecture Vision: Captures high-level requirements and stakeholder views to ensure alignment with business goals (TOGAF 9.2, Section 6.2).

Architecture Requirements Specification: Records detailed requirements, including those related to risk management, to guide the development of target architectures (TOGAF 9.2, Section 35.5).

Iterative Feedback: Regular assessments and feedback loops are critical to ensure stakeholder concerns are addressed effectively throughout the ADM cycle.

By selecting Option C, the approach adheres to TOGAF's principles of stakeholder analysis, communication, and integration of concerns into architecture development.

A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create work packages for an incremental rollout of the architecture. A work package is a set of actions or tasks that are required to implement a specific part of the architecture. A work packagecan be associated with one or more Architecture Building Blocks (ABBs) or Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. A work package can also be associated with one or more Capability Increments, which are defined, discrete portions of the overall capability that deliver business value. A Capability Increment can be realized by one or more Transition Architectures, which are intermediate states of the architecture that enable the transition from the Baseline Architecture to the Target Architecture123

The steps for creating work packages using this technique are:

For each gap between the Baseline Architecture and the Target Architecture, identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. A gap is a difference or deficiency in the current state of the architecture that needs to be addressed by the future state of the architecture. A solution is a way of resolving a gap by implementing one or more ABBs or SBBs.

Group similar solutions together to define the work packages. Similar solutions are those that have common characteristics, such as functionality, technology, vendor, or location.

Identify dependencies between work packages, such as logical, temporal, or resource dependencies. Dependencies indicate the order or priority of the work packages, and the constraints or risks that may affect their implementation.

Regroup the work packages into a set of Capability Increments to transition to the Target Architecture. Capability Increments should be defined based on the business value, effort, and risk associated with each work package, and the schedule and objectives of the clinical trials. Capability Increments should also be aligned with the Architecture Vision and the Architecture Principles.

Document the work packages and the Capability Increments in an Architecture Definition Increments Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability Increments. The table also shows the dependencies, assumptions, and issues related to each work package and Capability Increment.

Therefore, the best answer is B, because it describes the approach to identify the work packages for an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and Dependencies Matrix as a planning tool.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Gap Analysis 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 31: Architecture Change Management : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles

The Chief Engineer is concerned that implementation across multiple plants and mixed teams (internal + contractors) may be inconsistent and of poor quality.

The question asks: How should Architecture Contracts be used to address this concern according to the TOGAF standard?

TOGAF states that an Architecture Contract must:

Define obligations of both architecture and implementation organizations

Specify metrics, measures, acceptance criteria, and success factors

Identify risks and mitigation

Support Architecture Governance through compliance reviews

Apply to BOTH internal teams and external suppliers (external contracts must be legally enforceable)

Option C is the only one that correctly reflects these TOGAF requirements.

✔ Why Option C is correct

1. Architecture Contracts must specify goals, measures, acceptance terms, and risks

TOGAF explicitly states that Architecture Contracts should include:

Statement of Architecture Work

Performance metrics and measures

Acceptance criteria

Risks and issues

Compliance and conformance requirements

Option C includes all of these.

2. Third-party contracts must be legally enforceable

True — TOGAF states that when external suppliers are involved, Architecture Contracts often take the form of legally binding contracts.

Option C:

“Third-party contracts must be legally enforceable.”

Correct.

3. Compliance reviews must be scheduled

TOGAF’s Architecture Governance Framework prescribes scheduled Architecture Compliance Reviews to ensure that implementation conforms to the Architecture Contract.

Option C:

“establish a schedule of compliance reviews at key points”

Correct — this directly addresses the Chief Engineer’s concern about consistency and quality.

4. Deviations must be reviewed by the Architecture Board and any dispensations should be time-bound

TOGAF allows dispensations but requires:

Formal review

Approval by the Architecture Board

Time-bound accommodations rather than permanent exceptions

Option C includes exactly this guidance.

The Target Architecture is a description of the future state of the architecture that addresses the business goals and drivers, and satisfies the stakeholder requirements and concerns. The Target Architecture is developed through the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture. The Target Architecture is typically divided into four domains: Business, Data, Application, and Technology. The Target Architecture also includes a roadmap for change, which defines the Transition Architectures, the Capability Increments, and the work packages that enable the transition from the Baseline Architecture to the Target Architecture12

The best answer is B, because it describes the approach that should be taken to determine and organize the work to deliver the requested architectures, which are the Information Systems and Technology Architectures. The answer covers the following steps:

Refer to the end-to-end Target Architecture for guidance and direction. The end-to-end Target Architecture provides the overall vision, scope, and objectives of the architecture work, and the alignment with the business strategy and goals. The end-to-end Target Architecture also provides the high-level definitions and principles for the four architecture domains, and the roadmap for change that outlines the major milestones and deliverables.

Identify projects, dependencies and synergies, then prioritize before initiating the projects. Projects are the units of work that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. Dependencies are the relationships and constraints that affect the order or priority of the projects, such as logical, temporal, or resource dependencies. Synergies are the benefits or advantages that result from the combination or coordination of the projects, such as cost savings, efficiency gains, or innovation opportunities. Prioritization is the process of ranking the projects according to their importance, urgency, or value, and assigning resources and schedules accordingly.

Develop high-level architecture descriptions. High-level architecture descriptions are the outputs of the architecture development phases (B, C, and D) of the ADM cycle, which describe the Business, Data, Application, and Technology Architectures in terms of the Architecture Building Blocks (ABBs) and the Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. High-level architecture descriptions also include the Architecture Views, which are representations of the system of interest from the perspective of one or more stakeholders and their concerns.

For each project, estimate effort size, identify reference architectures, and candidate building blocks. Effort size is the measure of the amount of work, time, or resources required to complete a project. Effort size can be estimated using various techniques, such as analogy, expert judgment, parametric, or bottom-up. Reference architectures are standardized architectures that provide a common framework and vocabulary for a specific domain or industry. Reference architectures can be used as a source of best practices, patterns, and models for the architecture development. Candidate building blocks are the potential ABBs or SBBs that can be used to implement the architecture. Candidate building blocks can be identified from the Architecture Repository, which is a collection of architecture assets, such as models, patterns, principles, standards, and guidelines.

Identify the resource needs considering cost and value. Resource needs are the specifications and criteria that define the acceptable level and quality of the resources required to complete the project, such as human, financial, physical, or technological resources. Resource needs can be identified by analyzing the scope, complexity, and dependencies of the project, and the availability, capability, and suitability of the resources. Cost and value are the factors that influence the allocation and utilization of the resources, such as the budget, the return on investment, the benefits, or the risks.

Document options, risks, and controls to enable viability analysis and trade-off with the stakeholders. Options are the alternative ways of achieving the project objectives, such as different solutions, technologies, vendors, or approaches. Risks are the effects of uncertainty on the project objectives, such as threats or opportunities. Controls are the measures or actions that are taken to prevent, reduce, or mitigate the risks, such as policies, procedures, or standards. Viability analysis is the process of evaluating and comparing the options, risks, and controls, and determining the feasibility, suitability, and desirability of each option. Trade-off is the decision outcome that balances and reconciles the multiple, often conflicting, requirements and concerns of the stakeholders, and ensures alignment with the Architecture Vision and the Architecture Principles.

 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 5: Introduction to the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 19: Phase B: Business Architecture : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 20: Phase C: Information Systems Architectures : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 46: Tools for Architecture Development : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework,Chapter 47: Architecture Board : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 48: Architecture Compliance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 49: Architecture Contract : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 51: Architecture Maturity Models : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 52: Architecture Skills Framework

In TOGAF, when customer needs are unclear or misaligned with the existing architectural direction, the correct approach is to return to the Business Architecture. The Business Architecture phase (ADM Phase B) is responsible for understanding stakeholders, customer segments, business processes, value streams, motivations, and expected outcomes. Since the scenario identifies low engagement, poor adoption, and missed revenue targets, the breakdown is not in technology or application capabilities—it is a business misalignment.

Option B correctly focuses on revisiting and refining the target Business Architecture, including identifying customer groups, their interests, costs to serve them, and expected revenue streams. This aligns with TOGAF guidance that Business Architecture must define value propositions and customer value streams before other architecture domains can be effectively adjusted. The use of value stream mapping is entirely appropriate within Business Architecture development, as it provides a structured way to analyze customer value and identify what changes are necessary to meet business goals.

Options A and D prematurely focus on application or baseline gap analysis, which would not resolve a fundamental misunderstanding of customer needs. Option C expands into a full ADM cycle, which is unnecessary at this stage because the primary issue is misalignment, not architectural completeness.

In TOGAF, the process of breaking down an initiative into work packages must be grounded in a structured evaluation of gaps, solutions, dependencies, constraints, and implementation factors. Option B precisely follows this guidance. It begins by producing an Implementation Factor Catalog, which is a TOGAF artifact used to record business, technical, regulatory, organizational, and risk considerations that influence implementation. This is especially relevant in the scenario because clinical trials operate under strict regulatory controls, highly sensitive data, and complex coordination across multiple research sites.

Next, Option B calls for creating a gap matrix comparing baseline and target architectures across domains. For each gap, TOGAF requires classification of solution approaches: new development, purchased solution, or reuse of existing components. This aligns directly with the Solutions Continuum and the practice of forming Solution Building Blocks. Grouping similar activities into work packages is also textbook ADM practice, ensuring traceability from architecture gaps into actionable implementation components.

Furthermore, Option B incorporates dependencies analysis and restructures work packages into Capability Increments, which is the TOGAF-recommended method for incremental delivery and Transition Architectures. This matches the scenario's requirement for gradual rollout to minimize disruption to ongoing clinical trials.

Thus, Option B fully reflects the TOGAF standard for structured work package definition.

The question asks:

“What steps would you take to strengthen the current architecture to improve data protection?”

This requires understanding how TOGAF handles:

Business continuity requirements

Gap analysis in existing architecture

Architecture change requests

Triggering a new ADM cycle

Governance via the Architecture Board

Option C is the only answer that aligns correctly with TOGAF’s formal Architecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.

✅ Why Option C Is Correct

✔ 1. Starts with identifying business continuity requirements

TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.

✔ 2. Analyzes the current architecture for gaps

Gap analysis is a required step in:

Phase B (Business Architecture)

Phase C (Data/Application Architecture)

Phase D (Technology Architecture)

It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.

✔ 3. Creates a Change Request

In TOGAF, if gaps or new risks require architectural enhancements, a formal Change Request is submitted. This is a mandatory TOGAF mechanism.

✔ 4. Architecture Board evaluates the Change Request

The Architecture Board approves major changes before a new cycle starts — exactly as described in option C.

✔ 5. Initiates a new ADM cycle with a RfAW

TOGAF explicitly states:

A new or major architecture change requires a Request for Architecture Work before beginning a new ADM cycle.

Option C follows this sequencing precisely:

Identify requirements → analyze gaps → issue change request → Architecture Board approval → create RfAW → start new ADM cycle.

This is textbook TOGAF.

❌ Why the Other Options Are Incorrect

A – Too narrow and focuses only on Technology Architecture

The problem spans business continuity, data protection, and enterprise-wide readiness — not just infrastructure.

Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.

Incorrectly reduces ransomware mitigation to technology controls.

B – Architecture Compliance Review is inappropriate here

A Compliance Review is used to:

Ensure implementation conforms to architectureNot to:

Identify new risks

Strengthen the architecture

Conduct gap analysisThis option is misusing the review process.

D – Supplier-driven, not TOGAF-driven

Involves contacting suppliers prematurely — not aligned with TOGAF’s architecture-first methodology.

Does not involve Architecture Board approval before pursuing solutions.

Jumps into solutioning before architectural approval.

???? Relevant TOGAF References

Phase H: Architecture Change Management

Manage changes

Evaluate impacts

Generate change requests

Architecture Board Roles

Approves Change Requests

Governs new ADM cycles

Request for Architecture Work

Used to formally launch a new ADM cycle

Context of the Scenario

The organization is currently in the Migration Planning phase, which corresponds to Phase F of the TOGAF ADM (Architecture Development Method). The key activities for this phase involve:

Evaluating dependencies and impacts on other organizational frameworks.

Aligning the roadmap and migration plan with strategic objectives and available resources.

Addressing the risks of transitioning from the current architecture to the target architecture using a phased approach.

The deliverables (Architecture Roadmap, Capability Assessment, etc.) and assessments (Gap Analysis, Risk Assessment, Transformation Readiness) have already been developed. The next step is to refine and finalize the migration planning.

Option Analysis

Option A:

While updating the Architecture Definition Document could ensure alignment, this step was completed in earlier phases (B, C, D). At this stage, further changes to the architecture must go through a formal governance review, and applying lessons learned without review contradicts TOGAF principles.

Producing an Implementation Governance Model is more relevant in Phase G (Implementation Governance), not in Phase F.

Conclusion: Incorrect, as it suggests revisiting earlier steps and does not align with the current phase.

Option B:

Conducting Compliance Assessments ensures the architecture is implemented correctly, but this is a task for Phase G (Implementation Governance) after migration planning has been finalized and implementation begins.

Deployment of monitoring tools is also part of implementation and governance activities, not migration planning.

Conclusion: Incorrect, as it focuses on tasks belonging to a later phase.

Option C:

Examining how the Implementation and Migration Plan affects other organizational frameworks is critical in Phase F, as TOGAF emphasizes alignment with business planning, project/portfolio management, and operations management.

Assigning business value to each project ensures prioritization and optimal allocation of resources.

Updating the Architecture Roadmap and the Implementation and Migration Plan based on this analysis ensures strategic alignment and readiness for implementation.

Conclusion: Correct, as it addresses the key objectives of the Migration Planning phase comprehensively.

Option D:

Applying the Business Value Assessment Technique is valid for prioritizing initiatives but is a limited aspect of Migration Planning.

Planning Transition Architecture phases and documenting lessons learned are valid, but this does not address broader organizational impacts or dependencies as effectively as Option C.

Conclusion: Narrow focus; less comprehensive than Option C.

References to TOGAF

Phase F (Migration Planning): The focus is on aligning the migration plan with business objectives, considering organizational dependencies, and prioritizing projects (TOGAF 9.2, Chapter 12).

Architecture Roadmap and Implementation Plan: Updated to reflect changes in priorities and alignment with business frameworks (TOGAF 9.2, Section 12.4).

Framework Integration: Collaboration with other frameworks (e.g., business planning, portfolio management) ensures alignment across the organization (TOGAF 9.2, Section 6.5.2).

Business Value Assessment Technique: Used to prioritize initiatives based on return on investment and performance criteria (TOGAF 9.2, Section 24.4).

Key aspects of the scenario:

Business Objective:

A merger is happening to combine offerings, reduce costs, and achieve operational efficiency.

The goal includes fully integrating retail operations and systems, replacing duplicated systems, and reducing the number of applications used.

Technological Improvements:

A central AI-based inventory system is in place.

Hand-held devices for stores have improved customer and staff satisfaction and increased efficiency.

Scope of Architecture Work:

Integrating the merged systems.

Managing retail architecture to optimize operations.

TOGAF Alignment:

TOGAF principles aim to ensure the architecture supports business transformation effectively while aligning with governance and best practices.

Best answer analysis:

Option 1:

Maximize Benefit to the Enterprise: Aligns with the merger goals of cost reduction and efficiency.

Common Use Applications: Matches the goal to reduce duplicated systems.

Data is an Asset: Central AI system depends on accurate and reliable data.

Responsive Change Management: Necessary to support the transition and manage organizational impacts.

Technology Independence: Encourages selecting flexible, scalable solutions post-merger.

This option comprehensively aligns with the scenario.

Option 2:

Control Technical Diversity: Important but less emphasized than cost reduction and application unification.

Interoperability: Relevant, but less critical compared to principles addressing business value.

Data is an Asset: Relevant.

Data is Shared: Implied in centralized inventory but not directly stated.

Business Continuity: Important but not the main focus here.

This option partially fits but lacks emphasis on business outcomes.

Option 3:

Common Vocabulary and Data Definitions: Indirectly helpful but not central to the transformation.

Compliance with the Law: Always critical, but no explicit legal issues are mentioned.

Requirements-Based Change: General principle but not transformation-specific.

Responsive Change Management: Relevant.

Data Security: Important but not a central concern in the scenario.

This option focuses more on governance and less on merger goals.

Option 4:

Common Use Applications: Relevant to reducing duplicate systems.

Data is an Asset: Relevant.

Data is Accessible: Fits with AI system and handheld devices but is a subset of "Data is an Asset."

Ease of Use: Relevant to handheld devices but not a core transformation principle.

Business Continuity: Important but secondary to cost and efficiency.

This option focuses more on usability and accessibility rather than transformation objectives.

At this stage in the scenario:

A strategic architecture has been completed.

All divisions have completed their Architecture Definition Documents.

Work packages have been defined.

Transition Architectures between Baseline and Target are already identified.

A draft roadmap exists for a multi-year phased migration.

You are now asked to plan the next steps for the migration, which aligns exactly with TOGAF ADM Phase F: Implementation and Migration Planning.

In Phase F, TOGAF prescribes the following key activities:

Evaluate and prioritize projects and work packages

Determine business value, cost, risk, dependencies

Confirm Transition Architectures and sequencing

Update and finalize the Implementation & Migration Plan

Option B is the ONLY answer that correctly follows these required TOGAF steps.

✔ Why Option B is correct

Option B states:

“Estimate the business value for each project by applying the Business Value Assessment Technique … to prioritize the migration projects.”✔ This is a TOGAF-recommended technique specifically for Phase F to evaluate and prioritize transformations using value, risk, and ROI.

“Confirm and plan a series of Transition Architecture phases … using a table of Architecture Definition Increments.”✔ Exactly aligned with TOGAF:

Transition Architectures were identified earlier.

In Phase F, they must be confirmed, sequenced, and documented.

“Update the Implementation and Migration Plan.”✔ This is the required output of ADM Phase F.✔ At this point, the plan must be validated and finalized based on value and prioritization.

Thus, Option B directly matches TOGAF’s prescribed migration planning process.

✘ Why the other options are incorrect

A – Incorrect

Suggests finalizing Architecture Definition documentation—this was already completed by each division.

Introduces an “Implementation Governance Model,” which is not a TOGAF artifact at this stage.

Focuses on lessons learned BEFORE execution, which is not appropriate for migration planning.

C – Incorrect

Focuses only on project selection and resource assignment.

Does not use TOGAF techniques for value/risk evaluation.

Does not reference Transition Architectures, which are central in the scenario.

Oversimplifies Implementation & Migration Planning to resource scheduling.

D – Incorrect

Compliance Assessments occur DURING execution, not before migration planning.

At this stage, no implementation has started, so compliance reviews are premature.

Adjusting performance requirements now has no alignment with TOGAF’s ADM sequence.

In this scenario, the strategic architecture is already complete and approved, and the sponsors now want assurance about risks before approving the detailed Implementation & Migration Plan. According to TOGAF, this work occurs in Phase E: Opportunities & Solutions and Phase F: Implementation & Migration, where a key activity is performing Business Transformation Readiness Assessment and Risk Assessment before finalizing the roadmap and migration plan.

Option C aligns exactly with TOGAF guidance for this stage:

Why Option C is correct

1. It starts with assessing organizational readiness for change

TOGAF Phase E requires evaluation of Business Transformation Readiness, addressing:

Organizational capability

Cultural readiness

Skills and capacity

Sponsorship and governance

This is exactly what Option C describes:

“assess how ready the organization is to change.”

This directly responds to the concern in the scenario that “most senior leaders feel the operations need to be more efficient” and that “significant changes are necessary.”

2. It includes identification and classification of risks

TOGAF requires performing a Risk Assessment before migration planning, ensuring risks are categorized, documented, and mitigation strategies defined.

Option C includes:

“identification and classification of the risks … together with an approach to mitigate the risks.”

This is precisely what the sponsors requested: clear management of risks before approving migration planning.

3. It ties risk, dependencies, and gaps directly into the Implementation & Migration Plan

TOGAF requires identifying:

Dependencies between work packages

Gaps between baseline and target

Required actions to improve readiness

Work package sequencing

Option C states:

“identifying dependencies between the set of changes, including gaps and work packages… identifying improvement actions to be worked into the Implementation and Migration Plan.”

This matches TOGAF Phase E and F activities exactly.

4. It evaluates business value, effort, and risk for each transformation

The scenario involves three distinct transformations, and sponsors want assurance of value delivery. TOGAF Phase F includes Consolidated Gaps, Solutions, and Dependencies and migration prioritization based on value, cost, and risk.

Option C states:

“The business value, effort, and risk associated for each transformation should then be identified and documented.”

This is directly aligned to the TOGAF-required migration prioritization criteria.

Why the other options are incorrect

A – Focuses on gap analysis only

Gap analysis was performed during Phases B–D, and while relevant, Option A does not emphasize risk, readiness, or assurance—key concerns of the scenario.

B – Misrepresents TOGAF (organizational requirements matrix is not a formal TOGAF artifact)

Also, it incorrectly focuses on aligning change with the operating model, which TOGAF does not prescribe as the primary risk-mitigation activity.

D – Focuses on architectural alternatives; the target architecture is already approved

The scenario states the strategic architecture is complete and approved—there is no need to revisit alternatives. This is misaligned with the starting point of the question.

Conclusion

Option C is the only answer that conducts:

Business transformation readiness assessment

Risk identification and mitigation

Dependencies, gaps, and work package analysis

Integration of risks and improvement actions into migration planning

This matches precisely what TOGAF expects at this stage and what the sponsors requested.