Transformation Risk insights series

Are you really in control? Three questions about program governance and delivery risk

8 minute read
August 15, 2025

Transformations rarely happen in isolation — and managing multiple initiatives at once introduces serious risk. This content series explores how taking a portfolio-wide approach can help organizations align transformation efforts, reduce risk and drive meaningful outcomes across business, tech and controls.

Organizations are doubling down on transformation: large-scale ERP or technology platform implementations, post-merger integration and carve-outs, data and mainframe modernization, new product development, digital operating model redesigns, supply chain restructurings, shared service rollouts, regulatory-driven changes, and most recently enterprise-wide AI and automation adoption, just to name a few.

That’s … a lot. But transformation leaders like you know that all programs share a common thread — they depend on disciplined governance and delivery to mitigate risk and deliver value.

Yet many organizations still underestimate just how critical and complex it is to design and implement strong governance and delivery models — or overestimate their ability to make adjustments downstream. In PwC’s 2025 Digital Trends in Operations Survey, 92% of respondents told us that their tech investments haven’t fully delivered the expected results. Even leading companies can treat governance frameworks as check-the-box exercises, without considering their specific needs or unique corporate culture.

Here’s the reality: Projects don’t fail at the end — they fail at the beginning.

Poor program governance or weak delivery mechanisms can introduce cost overruns, missed deadlines, operational disruption, compliance issues and inefficiencies — all of which erode value and damage trust. And once a program spirals off track, it’s almost impossible to deliver the expected business outcomes on time and under budget.

Don’t wait to take on these governance and delivery risks.

"Early investment in governance and delivery rigor isn’t a cost — it’s a multiplier. Get it right up front and you compound value all the way to successful outcomes."

– Gary Harvett,Managing Director, Digital Assurance & Transparency, PwC US

What are the most pressing program governance and delivery risks today?

Generally, program governance and delivery risks stem from a lack of alignment on outcomes, accountability, transparency and agility. To manage program risk, you'll need to balance all four. Let's take a look at each.

Generic business cases — Even well-executed programs can fail to deliver if they aren't aligned with your organization’s strategic objectives. Too often, initiatives are approved based on legacy priorities or simple, siloed business cases. Without a clear link to enterprise goals and a clear plan for tracking ROI, programs can drift out of alignment with business priorities. And without a governance mechanism to regularly test and reinforce strategic fit, you risk investing in programs that deliver outputs, but not impact.
Lack of stakeholder alignment and engagement — From IT and operations to legal, finance, frontline employees and external partners, governance models need to include structured stakeholder engagement strategies that define who needs to be informed, consulted or empowered at every phase. Without early and sustained alignment, competing interests and mismatched expectations can derail delivery. Decision paralysis, resistance to change and last-minute objections become more likely, delaying timelines and eroding trust.

Ambiguous decision making — Unclear governance structures (roles, responsibilities, escalation paths) can mean decisions become delayed, redundant or inconsistent. Lack of clarity can also lead to missed dependencies, conflicting priorities, and scope creep. How often do you feel like a project has “too many cooks” slowing down momentum or bypassing controls?
Absence of an empowered project sponsor — Sponsors aren’t just figureheads. They’re accountable for ensuring a program delivers its intended value, drives alignment across leadership and receives the attention, funding and support to succeed. When sponsors disengage, overextend or lack authority, programs suffer. Indecision. Poor stakeholder engagement. Lack of focus. An effective sponsor is a champion, decision-maker and issue escalator who anchors the program to overall business strategy.

Inadequate risk and issue management — Transformation programs often leave delivery risks unaddressed until they create problems. (Think: competing priorities, resource gaps or vendor underperformance.) For example, governance models that lack real-time risk monitoring can fail to link program decisions to risk exposure, which can delay escalation and make remediation feel more like you’re constantly putting out fires. Neglecting risks related to interdependencies across your concurrent projects is also a common oversight, leading to misaligned timelines and resource conflicts — ultimately jeopardizing the delivery and integration of multiple programs and your strategic portfolio objectives.
Poorly integrated delivery models — In complex programs, siloed teams (IT, operations, change management, data, risk & compliance, vendors, etc.) often operate independently. Without integrated planning and delivery practices, fragmentation can lead to misaligned goals, inconsistent quality and duplicated efforts — driving up costs and complexity.

Failure to adapt governance as the program evolves — Governance structures that worked during initial phases may not be as effective when a program scales, pivots or encounters roadblocks. Sticking rigidly to outdated steering models can stall progress or constrain innovation. Effective governance is dynamic.
Overreliance on external providers without proper oversight — Third-party system integrators, SaaS vendors and offshore delivery teams often drive your day-to-day execution. But without strong oversight, they open you to risk from underperformance, compliance gaps or misalignment with business objectives. Handing over too much control without visibility can jeopardize outcomes — especially when contract incentives are tied to ticking milestone boxes rather than delivering meaningful progress or tangible business value.
Misaligned or insufficient resource allocation — Programs often launch with optimistic resourcing assumptions, only to later experience delivery delays due to bandwidth constraints, competing priorities or insufficient capabilities in key roles. Governance needs to account not just for funding, but for sustained, committed human capital. Without active resource planning and load balancing across your portfolio, you may find yourself stuck in a cycle of rework, overextension and burnout.

What can I do to help reduce governance and delivery risks right now?

Depending on your strategic goal, there are a number of measures you can take to reduce governance and delivery risks. Before you begin, you’ll want to build a strong foundation for governance. You’ll also want to prioritize actions that drive value and outcomes. Throughout, make sure you’re enabling transparency and insights.

Build or revisit your governance model to confirm it's outcome-focused and flexible. Define roles and responsibilities clearly — especially decision rights at different levels (steering committee, program board, delivery teams). Align incentives with program milestones and value realization. Establish a single source of truth for decisions, documentation and escalations. If your organization has multiple concurrent programs, consider standing up a portfolio governance board to drive coordination, manage interdependencies and align decisions with enterprise strategy.
Develop a robust program management office (PMO) to provide structure, discipline and oversight. A well-run PMO drives consistency in reporting, risk management, dependency mapping and stakeholder engagement. It also enforces governance routines, facilitates alignment across teams, and aids timely decision-making. Without this backbone, programs often lack the visibility and agility needed to respond to evolving priorities and risks.
Define a quality, scalable software development lifecycle (SDLC). Whether you’re deploying custom applications, integrating platforms, or configuring off-the-shelf solutions, a clear and enforceable SDLC should be non-negotiable. Define development standards, testing protocols, release management criteria and change control processes — focusing on quality at every step. Embed security, regulatory compliance, and performance considerations into each SDLC phase, not just at the end, so that defects and risks are caught early and resolved quickly.
Establish clearly defined quality gates at key phases of your program lifecycle, like design completion, test readiness, deployment planning and go-live. These checkpoints help make sure critical risks have been addressed, stakeholder approvals are secured, and key deliverables meet predefined standards before progressing. Quality gates aren’t compliance hurdles — they’re an opportunity to course-correct, reinforce accountability and create shared understanding of readiness criteria. They embed discipline and reduce the risk of costly rework or surprises later in the program.

Challenge your operating model and whether your delivery approach (Agile, Waterfall, hybrid) matches your business context. Are you enabling or hindering outcomes? Are you applying controls in the right places or adding layers of red tape that slow progress? For programs with heavy external provider involvement, assess contract structures and KPIs. Are vendors measured by the value they deliver or just by activity metrics? And are you getting the transparency and responsiveness you need from them?
Build a value realization office (VRO) to focus on delivering outcomes, not just milestones. A VRO can track whether promised business value — cost savings, revenue uplift, efficiency gains, customer experience improvements — is actually being delivered throughout your transformation lifecycle. Your VRO should work with your PMO and business sponsors to monitor value delivery, adjust as needed and maintain a line-of-sight to strategic objectives.
Manage impacts to people by making sure employees at all levels are prepared, engaged and aligned throughout transformation. Use leadership alignment, stakeholder engagement, impact assessments, training and communications to help your teams adopt new ways of working and mitigate resistance. You can better sustain long-term adoption through champions, tracking adoption metrics and providing post-go-live support.
Formalize vendor management in large transformations to avoid cost overruns, missed SLAs and diluted accountability. Third parties are often embedded into delivery teams, which makes oversight essential. Establish a vendor management function with clear responsibilities for performance monitoring, issue escalation, compliance oversight, and commercial management. Contract terms should be aligned to business outcomes — not just time and materials. Include routine performance scorecards, delivery quality reviews, and shared governance forums.

Increase delivery transparency with integrated dashboards that provide real-time visibility into timelines, risks, costs, resource allocations and value realization across workstreams. These aren’t just status reports: They’re governance tools for proactive issue and risk tracking. Foster a culture of candid reporting: Teams need to feel safe and empowered to flag concerns early.
Manage your resources proactively, especially your biggest asset: people. A resource management capability can give you real-time visibility into who’s assigned where, their availability and their workload — helping to align critical tasks with the right individuals based on capacity and skill. Prioritize the most critical initiatives. Monitor for overutilization to prevent burnout, loss of quality and declining morale. Rebalance resources based on evolving risks and priorities to help make sure the right skills are available when and where you need them most.

Where can I get help?

PwC helps organizations build resilient governance, sharpen delivery execution and manage transformation risks with confidence.

Transformation risk assessments
Whether you’re just starting to gauge your organization’s readiness, are mid-transformation or are getting ready to go-live, PwC can help assess your program and broader portfolio transformation risks. We provide insights on leading practices, perspectives on risks and recommendations so you can better navigate your transformation journey. This can include how you evaluate project ROI, portfolio and program governance processes, delivery approach and plans, internal reporting, staffing plans and vendor management, support plans and other related delivery or solution risks that could impact your desired transformation outcomes.

Program governance and delivery remediation
Need hands-on help? When you need it most, PwC works alongside you to respond to and remediate transformation risk issues so you can get your project back on track. We assist with implementing sustainable solutions so you can strengthen your processes and controls and reduce your risk exposure.

Transformation can’t succeed without strong program governance and disciplined delivery. With the right structures, tools and support, you can steer even the most complex programs toward success — avoiding surprises, accelerating outcomes and building trust at every stage.

Digital Assurance and Transparency

Powering digital progress through trust

Transformation risk insights series

Contact us

Gary Harvett

Managing Director, Transformation Assurance, PwC US

Jim Willis

Managing Director, PwC US

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.