[photonbucket]

> Why would anyone review a design/ architecture after it's already been built?

Many reasons. They might not have known it was being built, or they might disapprove of how it's turned out compared to initial presentation, or there might have been a shift in priority making the current project not a good fit.

[kjs3]

Or in my world, "We skated around the security/risk review by claiming it is a low-risk application [no PII data, not customer facing, only a PoC, etc], but now we're doing all of those things. The auditors caught on to us and are saying we have to have a review by security. It's already in production so we're not changing a thing. You guys figure out how to make the auditors happy since we won't be held accountable.". Good times.

[SilasX]

A special case of, "I got all the glory for doing the easy part, you get to take the hard part."