Manage projects risks in digital transformations effectively

Marc Lahmann Partner and Leader Transformation Assurance, PwC Switzerland 28 May 2019

Programme or project managers regularly grapple with digital transformation risks and challenges. Albeit risks and challenges cannot be entirely avoided, they can be controlled and managed. So, why do project risk management activities often fail in digital transformations? And how can risks be contained and managed?
Digital transformations entail a high level of uncertainty and complexity

Large-scale digital transformation projects come with a high level of uncertainty and complexity and are affected by varying degrees of change in scale and breadth. Therefore, project risk management is the discipline that tackles risk management planning, identification, analysis, response planning, and controls the risk of a project. The objectives of project risk management are to increase the likelihood and impact of positive events, and to decrease the likelihood and impact of negative events in the project, on the other hand.

How effective is your organisation at managing risks on its digital journey?

Source: PwC 2019 Global Risk, Internal Audit and Compliance Survey

‘PwC 2019 Risk in Review Study’ outlines that 76% of business leaders believe that the way their organisation is managing risks on its digital journey is either very effective (20%) or at least somewhat effective (56%). However, it is striking that 48% of the respondents are willing to take more risks than in the past as a result of their organisation’s digital roadmap. Only 9% make a clear statement that they would like to reduce risk in response. For the 48% of respondents, an appropriate method for managing their potentially new risk will be most important if they want to increase their risk exposure. However, with respect to project management we have to classify these risk takers as ‘non-believers’ and ‘believers’. ‘Non-believers’ generally deny that the potential impact of project risk management can be determined, once it has been applied. ‘Believers’, on the other hand, are convinced that risk management has to be done by the book. Reality shows that it is a bit of both.

What impact has your organication's digital roadmap had on its risk appetite?

Source: PwC 2019 Global Risk, Internal Audit and Compliance Survey

Studies have revealed that risk management frequently fails in digital transformations. This failure is often the result of a series of unfortunate events, each event as such is not harmful to the project, although it may be identified as problematic. However, a series of events does have an impact that often is not seen or cannot be gauged and is therefore either not addressed or simply tackled too late. In many cases project plans of digital transformations are set up in an agile way and do not address any unforeseen issues on a digital journey. If feature and scope changes are neither identified nor reflected in the project management plan, the digital transformation will be slowed down as a result of unknown scope items. It will burden the budget more than expected.

In a real-life example, project managers were forced to control and prioritise the backlog manually without defined criteria to manage the backlog prioritisation in single project streams and without having the transparency of the full digital transformation outcome on the value stream and epic level. As a result, the project managers’ energy levels in this particular digital transformation started to flag, and communication was faulty or inexistent. They did not give feedback to the programme manager and their key stakeholders (product owners) upon impact of unforeseen issues and required mitigation actions and support, e.g. a contingency budget or an expected scope reduction on behalf of the sponsor level.

“With companies being increasingly interconnected and smart devices being further developed, new cyber risks will arise. Cyber risks come in many shapes and sizes, and they are evolving rapidly, with the ones we face today being outdated by tomorrow.”

 

Cybersecurity remains a major concern for the majority of companies when they launch new digital projects. According to the PwC 2019 Global Risk Management, Internal Audit & Compliance Study, 51% of those surveyed say cybersecurity is their main concern, ranking far higher than operational or technological risk or confidentiality issues.

This percentage will continue to increase as digitalisation rapidly spreads through the economy. Hand in hand with this development, cyber attacks will multiply at the same speed. Companies will have to step up their efforts if they are to be effectively protected.

Even more so with new cyber risks emerging as companies become more interconnected, but also with the development of smart devices. In fact, it is estimated that by 2020, there will be 200 billion smart devices on Earth:  smartphones, pacemakers, lifts and even toothbrushes... 

Cyber risks come in many shapes and sizes, and they are evolving rapidly, with the ones we face today being outdated by tomorrow. They may stem from social engineering, computer viruses or data leakages.

“With companies being increasingly interconnected and smart devices being further developed, new cyber risks will arise. Cyber risks come in many shapes and sizes, and they are evolving rapidly, with the ones we face today being outdated by tomorrow.”

 

Cybersecurity remains a major concern for the majority of companies when they launch new digital projects. According to the PwC 2019 Global Risk Management, Internal Audit & Compliance Study, 51% of those surveyed say cybersecurity is their main concern, ranking far higher than operational or technological risk or confidentiality issues.

This percentage will continue to increase as digitalisation rapidly spreads through the economy. Hand in hand with this development, cyber attacks will multiply at the same speed. Companies will have to step up their efforts if they are to be effectively protected.

Even more so with new cyber risks emerging as companies become more interconnected, but also with the development of smart devices. In fact, it is estimated that by 2020, there will be 200 billion smart devices on Earth:  smartphones, pacemakers, lifts and even toothbrushes... 

Cyber risks come in many shapes and sizes, and they are evolving rapidly, with the ones we face today being outdated by tomorrow. They may stem from social engineering, computer viruses or data leakages.

Five pitfalls in digital transformation projects

This real-life situation shows how project managers can fail to respond to a sequence of emerging challenges without proper risk management activities and standards in place. As we witness this chain of events very often in digital transformations, we will take a closer look at the five most common project management pitfalls:

  • Lack of methodology
  • Unknown processes, products and technology
  • Complexity
  • Uncertainty
  • Human behaviour and leadership

Lack of methodology

Project managers often do not follow a standard approach or project management methodology such as the PMBOK® Guide, PRINCE2 or even agile methods such as SCRUM and SAFe in digital transformation to identify the symptoms and risks that may entail project failure. The situation described above shows well that they did not adhere to a predefined checklist and procedure (Scope Management, Schedule Management, Change Management, Risk Management). Therefore, they overlooked the suggested sequence of identification, analysis, responses and monitoring risks. When the project ran out of budget, corresponding to the scope increase, no emergency plan was in place that could have prevented the project from failing.

Unknown processes, products and technology

Research outlines that even in IT technology-related projects (that is what digital transformation essentially are) failures mostly relate to processes (45%) and people (43%). Products (8%) and technology (4%) are rarely a core issue. The situation described above was a typical case of wrong staffing with a project manager who could not count on a team with functioning processes to assure communication with stakeholders when in need. The unforeseen changes in scope also hint at a misunderstanding regarding the client/employee journey to baseline the priorities regarding pains and gains in the backlog. 

Complexity

The complexity of emergent issues can quickly turn into a major challenge if a proven method is not in place. It is essential to assess the attendant factors in the areas of organisation and technology on an ongoing basis, which did not happen in the situation described. Once the scope and feature prioritisation no longer worked, scope complexity increased drastically and prevented the key players (project managers) from managing key interdependencies (communicating to key stakeholders).

Uncertainty

Uncertainty arises as a negative consequence for project complexity linked to the duration of the task, cost of a deliverable, scope and quality. As a result of the unexpected scope increase, the digital transformation devoured more budget than planned; a parameter change with interdependencies, which eventually spread throughout the entire system with detrimental effect. However, the sponsor and oversight board were not aware of the problems of the digital transformation project until the very last moment, so they could not initiate the right measures in time.

Human behaviour

The way leaders and participants are interacting and communicating, even if they do so unintentionally, has a direct impact on the probability of success.

This becomes especially evident at increasing levels of complexity and uncertainty, exemplified by the hopeless situation before launching the new product. The project team could have saved the project if they had requested a ‘contingency budget’corresponding with the scope increase. Instead, they failed on a personal level by chit-chatting to the sponsors when the project manager was desperately calling for help.

The aforementioned five influencing factors do not exist or occur in isolation. Instead, it is a question of how they reinforce their dynamics to endanger project success. It is crucial to understand that the mentioned pitfalls can be counteracted with the appropriate level of people experience and the experience with processes, products and technology. The goal is to successfully install a formal project risk management function for which the following three steps are recommended:

  1. A continuous assurance role should be embedded in the programme in which day-to-day challenges are managed, health-checks planned and quick fixes targeted.
  2. Health-checks ensure that programme control is maintained and implementation risks are identified. First, the aspects that can be continued should be determined. Then, key risks for the programme’s success have to be determined, mitigated and tracked.
  3. Deep dive reviews of specific workstreams or risk areas are required to determine what the core issues are and to elaborate individual solution components.
How to control and manage project risks effectively

In response to the problems discussed above, we are now turning to a solution set that we recommend to control and manage project risks effectively in digital transformations.

  • Appropriate use of methods:

A committed and competent project management will decrease hindrances and reduce symptoms and risks for transformation failures.

  • Knowing processes, products and technology:

A positive project outcome must have a clear target operating model with a selection of technologies and a complete set of requirements that should be complemented with a clear business case and benefit analysis.

  • Reduce complexity:

Managing interdependencies and selecting appropriate strategies to address issues is key for the project outcome as the above real-life example has outlined.

  • Manage uncertainty:

Levels of uncertainty have to be understood to control and manage project risks, and leadership styles need to be adapted according to the circumstances.

  • Use competent people:

Strong leadership, clear communication and relevant project experiences will enhance effective project teams and intrinsic motivation.

 

Contact us

Marc Lahmann

Partner and Leader Transformation Assurance, PwC Switzerland

Tel: +41 58 792 27 99

Adrian Stierli

Transformation Assurance, PwC Switzerland

Tel: +41 58 792 21 69

Thomas Parlitz

Transformation Assurance, PwC Switzerland

Tel: +41 58 792 49 23

Luca Degiorgi

Transformation Assurance, PwC Switzerland

Tel: +41 58 792 2572