getty-images-IIdBO9jzHNo-unsplashNick Denning, CEO of IT consultancy Diegesis, is a veteran of multiple transformation projects. Here he shares his thoughts on calculating the risks of replacing tried and tested technology in IT migration projects.

Where to start in identifying risks?

Any business activity has risk associated with it. We assess risk by considering the probability that a particular thing will happen and the impact if it does. The issue is then to calculate the appetite for risk. Despite the potential for things to go wrong, an organisation with corporate knowledge embedded in proven business practices and delivered by trained and well-managed people, knows how to deliver work involving significant risk with the confidence of a successful outcome.

If an organisation can demonstrate its understanding of risk and management strategies, it can be trusted to deliver on time and to budget.

Usually, a win-win results because of transparency in identifying and pricing in the additional risk activities. Success and reward are driven by delivering to plan. An organisation’s “appetite for risk” describes its desire to take on risky projects because it is confident of delivering more reliably than its competitors.

Classifying risks

Risk can be categorised into classes. Some risks relate to an ability to deliver a desired outcome and depend directly on the competency to manage the risk. Other risks are external and often beyond our control. Examples include changes to interest rates, the emergence of a new competitor, extreme weather events such as flooding, or external cyber security attacks.

Risk can also be classified as operational or project risk. Operational risk typically relates to processes such as cyber security, an accident, a process mistake or fraud by staff. We should expect such risks and use our skills to minimise the number of occurrences and the impact of each. For example, to ensure an incident does not stop production.

Project risk typically relates to specific activities, perhaps things that only happen once. We can plan around that activity and remove the risk when the activity has been successfully delivered. Data transformation projects are material examples of projects involving substantial risk. That’s because, within an organisation, they are infrequent, and the project management skills needed in-house to successfully pilot such important programmes may not exist.

Risks specific to IT migration projects

There are several typical IT migration projects. For example, moving key business systems from on-premise to the cloud. It could also be migrating from one application, which is bespoke or from a trusted vendor, to another application from a new provider. Such fundamental changes can affect the running of core business processes. These changes may be performed decades apart, so management experience from previous projects has often been lost.

It takes more than pure project management skills i.e. setting up, running, monitoring and keeping the project on time and within budget. IT migration projects also need people who can understand the current and desired future states. This can be a tall order because legacy technologies used to run the business may have few remaining experts in the workforce. Additionally, the ‘To Be’ state may feature cutting-edge technology needing new skills that are often in high demand and which are expensive and hard to find.

Take input from across the business

Migration projects should not be considered purely the realm of IT. They often cover the mission-critical systems which enable the business to run its core operations. Project delays or failure could risk revenue, profits, contractual and legal obligations, reputation and brand value. Worst case, they could risk the survival of the whole enterprise.

Identifying as many potential risks as possible, which might relate to the type of IT migration project being planned, is important. It will be most successful if a wide range of perspectives from across the business is sought, for example, finance, human resources and production. End users, partners, suppliers and major customers could also provide valuable input.

IT risks – one major risk category

Typically for IT migration projects, technology-related risks will provide one of the most important categories for in-depth consideration. Risks will likely include data, hardware, software, the technology platform and IT personnel.

Often the driver for an IT migration project is that the current system is outdated or underperforming. Unfortunately, these imperatives also lead to some of the most severe risks for migration projects. As legacy systems age, the employees who understand how they work, their history, how potential catastrophes in the past were averted etc., become rarer, indispensable and probably more expensive.

Such employees are vital to keeping the current applications and the business running. At the same time, they document the ‘AS IS’ state. It indicates which data, processes and interfaces need to be replaced and improved upon by the new system. This reliance on a small pool of ‘experts’ can bring its own risks as the employees inflate their perceived value or may be lost to early retirement.

Business risks

Beyond the pure IT-related risks are wider business and timing risks which could also have significant impacts. How critical is the IT system to running core business processes? Will the migration project coincide with critical business events like year-end, peak sales periods or planned mergers and acquisitions?

What would the business impacts be if key project milestones or go-live dates were missed? There may only be a single window of opportunity to get the project done. Or if an implementation date is missed, the whole project might have to be delayed, maybe for as long as a year, until timing criteria are met again. The most successful packaged software salespeople have often been the ones to identify customers’ ‘burning platforms’ and exploit these for commercial gain.

The fabled ‘Y2K bug’, which drove many migrations from in-house written software to third-party packages, is probably the greatest example of a ‘burning platform’. Projects had to be completed by December 31st, 1999. There was no opportunity for delay. Likewise, legislation changes can provide immovable deadlines for project delivery.

Consider wider risks

Recent experiences due to COVID and the invasion of Ukraine indicate that additional risks could originate from geopolitical events affecting the global economy. It’s worth scanning further than your immediate horizon for such ‘black swans’. Many third parties publish annual global risk lists, such as the World Economic Forum (WEF) and investment advisors like Blackrock.

An example from Blackrock’s latest Top 10 Global Risks list is the IT impact of rising tensions between the US and China. It might mean some technologies rapidly disappear. Huawei’s removal as a potential provider springs to mind. The UK government has ruled that the vendor’s technology must be removed from 5G networks by 2027. The banning of TikTok provides another example. Could other vendors and solutions be banned if tensions with China continue to increase?

The rise of AI solutions such as ChatGPT and Bard are great examples of technology disruptors which appear rapidly from left field. Such solutions, seemingly from nowhere, could start dominating IT investment thinking, raise questions on existing projects and introduce new risks.

The tipping point for cloud migration?

A Time magazine article from October 2022 reports that the Taiwan Semiconductor Manufacturing Company (TSMC) is the world’s largest producer of semiconductors that power phones, computers, and data centres.

The story highlights that “TSMC has around 55% of the global market for contract chip fabrication, far above OPEC’s 40% market share for oil. And unlike the oil market, where each barrel is more or less the same, there are vast differences between types of chip.” Increasing tensions between China and Taiwan could reduce chip availability and dislocate the global economy.

Global risks such as these should not derail IT migration projects, but research into their likelihood might change the timing of elements of the project. New kit could be ordered much earlier or from different sources to increase the certainty that it will be available when needed. Hardware availability risks might even become the impetus to make the IT migration project about moving to the cloud rather than just switching from one in-house system to another.

How Diegesis can help

Diegesis is a UK-based business technology and IT systems integration company. We bring over 30 years of experience in data management across both public and private sectors to data migration projects.

Our experienced consulting team combines expertise in legacy technologies such as Ingres, Informix and Db2 with the latest practices in developing and deploying solutions on Amazon AWS, Microsoft Azure and Google GCP cloud platforms.

For more information visit:

Diegesis LogoDiegesis is a business technology and IT systems integration company that specialises in delivering outcomes using RDBMS, integration and data analytics technology. The company has a proven track record delivering successful projects that provide tangible business value to large and mid-size organisations through the effective combination of people, process and technology. Diegesis specialises in helping organisations to release the hidden knowledge and wisdom from within their entire range of diverse sources of information (documents, emails, core business systems and applications, databases, intranet, internet and presentations) to support swift and effective decision-making.  For more information, visit


Please enter your comment!
Please enter your name here