Many firms have no organization when it comes to development except Code – Test – UAT – Release. Especially in the age of exponentially increasing cybercrime, architectural review, not just code review, is a foundational practice.
Developers that skirt around this step introduce costly and harmful elements into a company’s technology landscape and eventually network backbone. I have seen a lazy approach and avoidance to ARB reviews which ultimately leads to negligence on the part of the developers. Proper phase gates tied to SOW and contract approvals can avoid a disaster in the long run.
Badly constructed and not well thought out design is not just dangerous regarding cybercrime exploits, such as using 3rd party libraries with known vulnerabilities but can cost an untold amount of time and money on fixing a solution that does not fit the environment, is based on old technology, uses vendors that are not financially stable, or introduces a burden of support the company has no skill set in the wings with which to mitigate.
The ARB should be a necessary and welcomed part of the application development process and in the long run is just good common sense.