The phrase "architecture review board" is one of the more pleasant euphemisms in enterprise IT. The thing it usually describes is a fortnightly meeting attended by people who do not know enough about the decisions in front of them to push back on them, where decks are presented, questions are asked for the form of it, and a stamp is applied. It is governance theatre. Almost everyone in the room knows this. Almost nobody says it. And so the meetings continue, and the decisions that actually deserve scrutiny are made elsewhere — usually in corridors, often by the people not invited to the meeting, and almost always without the discipline the meeting was nominally there to provide.

The instinct most organisations have, when this is pointed out, is to add governance. More reviews. Earlier reviews. Wider participation. A standards document. A checklist. The instinct is exactly wrong. The problem is not too little governance; it is governance spread so thin that none of it bites. The fix is to remove almost all of it — and then to make what remains genuinely strict.

Two decision paths from a single entry point. Left path: broad-shallow governance applies a light review to every decision; result is governance theatre. Right path: narrow-deep governance routes load-bearing decisions to serious review and frees everything else; result is governance that bites.
The problem is rarely too little governance. It is governance spread so thin that none of it bites.

Look at the two pictures. On the left, the typical posture: a uniform light coverage of everything, a gold haze of "we review architecture decisions." Nothing in particular is protected. The CIO can say in a board meeting that all major decisions go through a review process, which is technically true, but no decision is genuinely tested by it. On the right, the same governance budget spent differently: most of the grid is white, untouched by formal review. A few cells — identity, the landing zone, the data architecture, compliance posture — are filled deeply, with proper scrutiny, named owners, and real consequences for being wrong. One cell in between sits at a middle weight: serious but not maximally so. Everything else, freed.

The argument is not against governance. It is for governance that earns its keep. The mistake the broad version makes is treating "review" as a constant intensity applied to many decisions, when it should be a variable intensity concentrated on a few. Five decisions reviewed seriously are worth more than fifty decisions reviewed shallowly — both in what they catch and in what they let through.

Which decisions deserve the heavy review

Three questions are enough to triage almost any decision. They are not original — practitioners have been using variants of them for decades — but stating them clearly is rare, and writing them down where the team can see them is rarer still.

The three-question triage Three questions feeding to either a full review or a light-touch path. QUESTION 01 Is it load-bearing? Will other decisions assume it once it is made? QUESTION 02 Is it irreversible? Or expensive enough to reverse that we should treat it as such? QUESTION 03 Does it cross a boundary? Trust, regulation, residency, contract — a line not yours. YES YES NO NO NO ALL THREE YES FULL REVIEW DOCUMENTED · NAMED OWNER REASONING PRESERVED THIS IS WHERE GOVERNANCE EARNS ITS KEEP light-touch · proceed team-level decision. no committee. a one-line note in the team log. THREE QUESTIONS. SHORT ENOUGH TO MEMORISE. STRICT ENOUGH TO MEAN SOMETHING.
Three questions. Any "no" exits to the light-touch path. The full review is reserved for the decisions that earn it.

Is it load-bearing? Will other decisions, made in the next twelve months, assume this one and build on top of it? Identity decisions are load-bearing in this sense. Data residency decisions are. The choice between a regional and a global operating model is. The colour of a button on an internal portal is not. Most decisions are not load-bearing, and the governance budget is wasted on them. The interesting ones are.

Is it irreversible? Could you change your mind in three months without rebuilding something significant — or is the cost of reversal high enough that you should treat the decision as one-way even if it is technically two-way? The cost-of-change essay is the close cousin of this one: most decisions made early are reversible cheaply, and you should treat them lightly. A small number of decisions are irreversible in any meaningful sense, and they are the ones worth pausing for.

Does it cross a boundary? Does the decision touch a line drawn by someone other than the team making it — a regulator, a contract, a security trust boundary, a data residency rule? Boundary-crossing decisions almost always deserve review, because the team making them does not own the constraints, and getting it wrong has consequences outside the team's control. Decisions that live entirely inside a team's own domain rarely deserve the same treatment.

All three answered yes, the decision goes to a real review — properly attended, properly documented, with a named owner and a written record of why the choice was made. Any answer no, and the decision is light-touch. A team-level decision, a one-line note in the team log, no committee, no approval workflow. The team owns it; the team carries the consequences; the team learns from it.

A governance process that subjects every decision to the same review is a process that treats every decision as equally important. They are not. The whole craft of governance is the discrimination — and most processes refuse to make it.

What the heavy review actually looks like

The full review is not a stamp. It is also not an inquisition. It is a short list of disciplines that, applied to the small number of decisions that deserve them, produce most of the protective value real governance is supposed to deliver. The list is shorter than most architecture review templates and longer than most teams have the patience to maintain. That tension is the point.

A decision under full review has a named owner who is accountable for the choice and present in the room when it is made. Not a committee. A person, with a name and a job title, who will be the one called back if the decision turns out to be wrong. The single biggest failure mode of architecture review is diffusion of responsibility, where a decision is "approved" by a group and therefore owned by nobody. The named-owner discipline prevents this. If no one is willing to put their name to a decision, the decision is not ready for review.

A decision under full review has its reasoning written down, in plain language, in a place the next engineer can find it. Not the slide deck used in the meeting. A paragraph or two, in prose, saying: this was the decision, here are the alternatives that were considered, here is why this one was chosen, here is what we will reconsider it against. The cost of writing this is small. The cost of not writing it is what shows up two years later when an engineer is reverse-engineering an architecture by reading code, trying to tell the deliberate decisions from the accidental ones.

A decision under full review has a defined reversal cost. Sometimes this is a number — what it would take, in time and money, to undo the choice. Sometimes it is a qualitative note — "reversing this would require renegotiating the vendor contract and replatforming the analytics estate." The point is not precision; it is honesty about what is being committed to. A decision whose reversal cost has been named is much harder to make for the wrong reasons.

That is the entire content of a serious review. Three artefacts — owner, reasoning, reversal cost — and the room of people qualified to push back on them. No checklist with seventy items. No PowerPoint template with the company logo in the corner. No "approval" stamp. The review either produced a decision the team is willing to live with, or it surfaced enough doubt that the decision should not yet be made.

What gets stripped away

The reason this version of governance is hard to install is not the heavy reviews. Those are obvious enough once a team commits to them. The hard part is the stripping away — removing the broad, shallow processes that everyone is used to and that everyone feels marginally safer for having. Each of those processes has a quiet constituency: someone whose job is partly defined by running it, someone who has been embarrassed by a past incident and wants assurance it cannot recur, someone who reads governance literature and believes more is better.

The case for stripping away has to be made on the same ground the case for adding more was made on: which decisions are this process actually catching, and which is it actually protecting? If the honest answer is "few of the important ones and none of the dangerous ones," the process is not earning its place. If the answer is "the protection is mainly the appearance of protection, for the benefit of an audit conversation," the process is theatre, and theatre is what is keeping the real reviews from being taken seriously.

A useful exercise: take the existing architecture governance process, list every decision it has approved in the last six months, and ask which of those decisions would have been visibly worse without the process. The list will usually be very short. Not because the people running the process are incompetent — most of them are diligent and well-intentioned — but because the process is structurally unable to protect the decisions it nominally exists to protect. The decisions it does protect are mostly low-stakes, because high-stakes decisions tend to be made under time pressure by senior people who do not wait for the next committee meeting.

The shape worth carrying away

Governance that works has a specific shape, and the shape is uncomfortable. It is strict about a small number of things and almost indifferent about everything else. It refuses to be drawn into approving decisions it cannot meaningfully test. It moves slowly on the decisions that matter, because moving slowly is what makes the review valuable. It moves fast on the decisions that do not, because moving slowly there is what drains the credibility of the slow moves elsewhere. And it is willing to say, in public, that most architecture decisions are fine to make without it, which is the sentence that distinguishes useful governance from theatre.

Most organisations will not adopt this shape. The broad-and-shallow version is easier to defend, and the people running it know it. Saying "we govern every architecture decision" is a defensible position in the meeting. Governing four of them, strictly, is the one that actually works. But the broad-and-shallow version protects nothing important, and the narrow-and-deep version protects almost everything important. The first is comfortable. The second is governance.

If you are reading this with the intention of changing something on Monday, the smallest move worth making is the triage. Pick three live decisions on your team's plate this week and run them through the three questions out loud — load-bearing, irreversible, boundary-crossing. The ones that pass all three get the heavy treatment, with the three artefacts. The ones that do not, you actively refuse to govern. That single act of refusal is what most architecture review boards have never been allowed to do. It is also where calm governance begins.