Boards must govern digital transformation initiatives as strategic investments rather than isolated technology projects.
When it comes to digital maturity and capability—does your organisation coddiwomple? The term means “to travel purposefully toward an unknown destination, possibly meandering”.
While few organisations would admit to meandering, many struggle to clearly define their ultimate objectives for digital transformation and capability.
A digital strategy is an important starting point. It should articulate the outcomes sought and guide investment decisions. However, many digital strategies lack the clarity required to align investments with organisational objectives and effectively call out and manage risk.
This article highlights the five key risks boards must be alert to when overseeing digital transformation initiatives.
RISK 1 – Lack of clear measurable benefits
Benefits management has a profound impact on the success of IT and digital transformation projects. Yet it is often poorly executed — or neglected altogether. Most organisations identify benefits during business case development, but stop there, rather than actively managing those benefits through project implementation and beyond.
Effective benefits management requires systematic planning, tracking, and realisation across the investment lifecycle:
- Identifying benefits during business case development and project design.
- Planning for benefit realisation during project execution and implementation.
- Measuring, monitoring, and refining benefits realisation post-implementation (for the life of the investment)
Forecasting the impact of digital investments can be complex.
Many benefits are intangible, long-term, or enable other strategic objectives rather than producing immediate outcomes. Cultural change, innovation, improved knowledge sharing, or enhanced customer experience may not translate easily into traditional financial metrics.
Ultimately, benefits management is often the Achilles’ heel of digital transformation.
The greater the ongoing effort invested in managing benefits, the higher the likelihood of delivering lasting business value.
RISK 2 – Poor data hygiene
High-quality, well-managed data is the foundation of successful digital transformation.
Reliable data enables informed decisions, intelligent automation and the generation of actionable business insights. Poor data quality, on the other hand, undermines analytics, decisions, efficiency, and overall transformation outcomes.
Effective data management requires a disciplined approach to defining, organising, governing, and securing data across the organisation. As AI and advanced analytics become embedded in digital assets and infrastructure, the need for accurate, complete, and timely data is more critical than ever.
Many large organisations struggle with complex data architectures, leading to data and process duplication, inconsistent “sources of truth,” and data quality issues.
The old saying still holds – garbage in, garbage out.
RISK 3 – Data privacy and cybersecurity
Digital transformation often increases the volume and sensitivity of personal data collected and managed. Boards must ensure the organisation maintains strict oversight of what personal data it collects, how it is used, and how long it is retained.
Evolving privacy regulations and the growing sophistication of cyber threats heighten this risk.
AI-driven tools now assist both defenders and attackers — especially in social engineering and data exploitation. Relying on deidentified data for maintaining privacy and minimising the impact of a data breach is now also problematic given AI’s ability to analyse large volumes of data.
Organisations should satisfy themselves that deidentified data is not capable of reidentification.
Every major IT system that accesses or processes personal data should undergo a privacy impact assessment. Regularly review what data is collected, its purpose, and its retention timeframe.
Strong governance in these areas not only maintains compliance but also protects stakeholder trust.
RISK 4 – Misaligned or ill-prepared workforce
Digital transformation is equally a people transformation. A workforce lacking in digital literacy and technical or adaptive skills can severely undermine change efforts.
Essential capabilities now include data analytics, data management, digital literacy, and familiarity with technologies such as AI and cloud computing. At the same time, soft skills—adaptability, collaboration, and communication—are vital for cultural and behavioural change.
Workforce misalignment often occurs when staff do not understand the goals of transformation or their role within it.
Without clear communication and engagement, employees may resist change or disengage altogether. Leaders should invest in workforce development and take the time to explain why the changes are happening and what the changes mean for individuals.
In major transformations, empathy matters.
Change is personal, it’s not just business.
Related
RISK 5 – Unproven solution/vendor efficacy
Boards must carefully assess their organisation’s risk appetite when adopting new digital solutions. The decision to be an early adopter versus a fast follower carries very different implications.
Unproven solutions — especially those lacking real-world validation in the relevant sector — can introduce performance, integration, and functionality risks. Engaging vendors without relevant industry experience compounds these risks, often resulting in misaligned expectations, compliance gaps, and project overruns.
Governance oversight should focus on:
- Rigorous vendor due diligence;
- Evidence of sector-relevant experience;
- Pilot testing and phased rollouts;
- Clear key performance indicators (KPIs).
Inadequate vendor selection and unproven solutions can escalate costs, delay outcomes, and damage organisational reputation.
Boards play a critical role in ensuring robust vendor assessment processes that emphasise proven capability, solution resilience, and sector understanding.
Summary
Boards must govern digital transformation initiatives as strategic investments rather than isolated technology projects.
This requires disciplined oversight of benefits realisation, data governance, workforce readiness, and vendor management, while maintaining stakeholder trust and ensuring compliance throughout all transformation activities.
Having a strong awareness of these risks empowers boards to ask the right questions about digital transformation and exercise effective stewardship over the substantial investments involved.
Boards should continuously monitor the risks discussed to ensure that digital transformation initiatives remain aligned with strategic objectives and comply with relevant regulatory and statutory requirements. This ongoing vigilance also enhances the likelihood of successful change management, helping digital transformation become an integral part of the organisation’s culture.
This approach to digital transformation risk supports robust governance and fosters a sustainable digital transformation journey that delivers lasting value and resilience for the organisation.
Dr Malcolm Thatcher is a digital executive, author and advisor. He is the former chief technology officer of the Australian Digital Health Agency. He is the founder of the Strategance Group.
This article was first published on Dr Thatcher’s LinkedIn profile. Read the original here.