As any specialised tech lawyer or technology consultant will tell you, digital transformation projects are not for the faint of heart.

The more innovative and untested the technology solutions are, and the more those solutions will radically transform your business, the higher the risk is of project failure.

Over the last ten years, there have been hundreds of news reports of failed digital transformation projects. There are now so many documented failures, no organisation can say they haven’t been warned.

The May 16 article in The Economist, titled “Why so many IT projects go so horribly wrong” is no exception.

Citing research published by an Oxford professor, the article points out that IT projects have unique risk management challenges.

That research discloses that the mean cost overrun for 20 per cent of all IT projects is 450 per cent, and that those risks exist because “IT projects reach deep into organisations, which means tech neophytes often call the shots”.

The neophyte risk rings true because very few IT executives will oversee more than just a few critical transformative projects in their entire career.

The many documented failures of transformative projects are exactly why a 36-page chapter of my 2021 book concerning IT project best practices is titled “Why Technology Projects Fail: Lessons Learned”, and why the next chapter in the book is titled “Dear IT Executive: Let’s Put The Lessons Learned Into Practice”.

Considering that there are so many digital transformation projects now being either considered or under way in Bermuda, including some highly innovative AI projects, The Economist’s article was a good reminder to flag a few common pitfalls to reduce project risk.

The most serious risk of digital transformation failure is not that project problems will cause project abandonment.

The real project risk to be managed is that the project will not achieve its organisation’s definition of transformative success, including: being on time; being on budget; materially achieving the desired operational functionality; ensuring mechanisms of performance verification; ensuring responsive and effective performance remediation; and achieving acceptable standards of security and operational resiliency.

One of the most common and serious mistakes that contributes to digital transformation failure arises when the proposed business innovations, including the desired operational outcomes, are not well defined as performance specifications, service levels and key performance indicators.

That mistake often occurs when transformative projects do not “separate design from build”, as separate and distinct phases of project implementation.

Practically speaking, organisations must first have a clear understanding of the house they want to build before they can select the technology that is best suited to deliver those innovative outcomes.

Since all digital transformation projects involve the procurement of either (or both) technology goods or services, it is essential that organisations manage risk with focused contracts that contain:

• Terms for the commercial allocation of risk that are consistent with industry accepted commercial norms and practices. Off-the-shelf vendor contracts very rarely meet those criteria

• Covenants concerning the vendor’s project expertise, experience, qualified personnel and professional qualifications that reflect the findings of rigorous vendor due diligence

• A detailed technology solution definition so that both parties understand the required functionality of the procured solution

• Provisions that separate business innovative process design services from all technology build services to permit key performance indicators and “value for money” verification

• Provisions to ensure ongoing performance monitoring and verification, including effective service remediation

• Day-to-day dispute or misunderstanding resolution mechanisms

• Adequate technology support, update, enhancement, new release and maintenance provisions

• Solution specifications to ensure enterprise interoperability, connectivity and compatibility, especially where digital solutions meet legacy systems

•Terms to satisfy the organisation’s legal and regulatory requirements for cybersecurity, privacy, operational resilience and business continuity, outsourcing risk management and governance compliance

In fact, given the large number of publications about digital transformation, including essential AI contract terms and conditions, the abject failure of organisations to contractually consider all of those risk management issues may constitute some degree of malfeasance or misconduct by those who are managing those projects.

As I suggest in my 2021 book, digital transformation projects are like icebergs: only 10 per cent of the project risk is visible to inexperienced executives and the other 90 per cent of project risk, which can sink any digital transformation project, lurks below the surface.

Remember my book’s chapter nine title: “Dear IT Executive: Let’s Put The Lessons Learned Into Practice”.

• Duncan Card is a partner at Appleby who specialises in IT and outsourcing contracts, privacy law and cybersecurity compliance in Bermuda. A copy of this column can be obtained on the Appleby website atwww.applebyglobal.com. This column should not be used as a substitute for professional legal advice. Before proceeding with any matters discussed here, consult a lawyer