Working with clients in various sectors over the past year, one thing is clear: Transformation is bigger, faster, and more interconnected. Tech, talent, regulation, and operations—it’s hitting at once.
While this can create opportunities, it also heightens many risks, including breakdowns, compliance gaps, data failures, and reputational fallout if business leaders lose control.
Getting a project to go live on-time once defined success. Today, the test is modernizing quickly without compromising trust, compliance, or reporting integrity. Too often, teams aim to reduce controls, only to see them expand, because the downstream impact of early decisions goes unmonitored. This often leads to missed transformation goals—from inefficient use of resources and competing priorities to control failures.
About the Authors
Jill Pavlus, principal of PwC’s Digital Assurance & Transparency practice in Chicago, has 22 years of experience helping organizations build trust in their technology, strengthen governance and controls, and confidently execute complex change. She is currently leading transformation risk initiatives where she is known for guiding clients through the risk and control challenges that emerge during major ERP and business transformations.
Todd Bialick leads PwC’s Digital Assurance & Transparency practice, which specializes in process, risk, and controls. He brings more than 30 years of experience in assurance and professional services and under his leadership, the practice delivers high-quality business process and IT audit services, including SOC reporting, ESG reporting and assurance, data quality, and business and transformation assurance.
The solution? A different kind of leadership. As organizations shape their 2026 priorities, these are the questions each executive team should be asking.
Are we governing transformation as a strategic portfolio—or just delivering projects?
Organizations today rarely conduct one transformation at a time. Cloud, finance, automation, and regulatory efforts often move in parallel, and when they’re managed in silos, they can create system conflicts, duplicate controls, and strain resources. Risks frequently hide between programs: Unnoticed data dependencies, misaligned controls, and overstretched teams. Each initiative may look strong on its own, but collectively they create exposure.
People-related risks evolve just as quickly. When communication lags or roles shift, adoption can drop, knowledge gaps will likely widen, and key talent may exit mid-transformation.
A portfolio view brings these connections into focus. It helps business leaders sequence work, manage cumulative risk, and apply consistent governance and data standards. Business leaders play a key role here, creating visibility across business, technology, and control changes to help reduce conflict, prevent duplication, and keep transformation aligned.
Are we truly aligned on our transformation objectives?
Transformation programs often stumble early because teams launch with untested assumptions. Business leaders may share a vision but hold different expectations for outcomes, governance, risk tolerance, and compliance—gaps that lead to rework, delays, or surprise audit findings.
Fix-it-later thinking frequently backfires as legacy structures and inconsistent definitions may undermine decisions. In tech-led transformations, vague architectural goals can also leave organizations with unsupported systems, scaling constraints, and costly technical debt. Future-state architecture matters as much as business outcomes, too, meaning business leaders need clarity on how systems can scale, enable new models, and avoid risks like obsolescence or brittle integrations.
True alignment goes beyond a kickoff deck. Define expected outcomes and revisit them often as programs evolve to measure success. The same risk applies to process and automation efforts: Automating broken processes often makes inefficiency faster. So, step back, map the full process, clarify the business need, and make sure automation supports a cleaner, scalable future.
Are we identifying and prioritizing risks across the transformation lifecycle?
Many organizations conduct risk assessments, but they often become static documents—while transformation risk continues to evolve. Early design decisions can introduce data or process vulnerabilities; testing and configuration may surface integration issues that threaten reporting reliability or compliance; and during stabilization, capacity constraints or control gaps often emerge.
Data readiness is usually an underestimated risk. Data is often “the long pole in the tent”—the most complex workstream and a meaningful source of downstream disruption. Unvalidated assumptions, missing metadata, and inconsistent structures can stall transformation, delay go-lives, and create financial or regulatory exposure.
Technology and infrastructure decisions also introduce lifecycle risk. Aging architectures, weak scalability planning, single points of failure, and rushed integration workarounds can leave systems fragile when organizations require more resiliency.
The key: Treat risk assessment as a living, cross-functional discipline. Adapt as transformation unfolds.
Do we have governance and controls that allow us to detect issues early—and act quickly?
Weak governance is a consistent and often costly setback. Unclear decisions and limited cross-functional oversight often prevent teams from spotting risks early.
Issues surface quietly at first—drifting data standards, shifting controls, design choices that don’t withstand audit review. Without the right visibility, they come to light once they’ve caused reporting delays or costly rework.
Today’s transformations require a more integrated, proactive governance model. That means engaging compliance, risk, finance, technology, audit, and operations early; using adaptive decision checkpoints embedded in agile delivery that account for regulatory and audit impacts; and setting clear escalation paths so teams can move quickly when issues emerge.
Governance isn’t paperwork; it’s protection—the mechanism that helps keep transformations resilient, auditable, and on course.
Are compliance and regulatory requirements embedded into the transformation, not retrofitted at the end?
One of the most persistent transformation myths is that compliance can be handled at the finish line. But, by the time compliance teams are pulled in, organizations often discover that key elements—data structures, workflow approvals, documentation, or evidence collection—don’t meet regulatory expectations.
Late surprises mean rework, delays, and controls that erase expected efficiency gains. Early compliance involvement helps prevent these issues, and helps make sure the new environment enables both performance and regulatory integrity.
Make compliance a design input, not a checkpoint—so regulatory rigor becomes an enabler of automation, resilience, and competitive advantage, not a drag on transformation.
Transformation is expected to accelerate in 2026. Risks are likely to follow. But with sharper questions, clear alignment, and governance baked in, leaders can drive outcomes that last. Those able to balance bold vision with disciplined execution can shape the future rather than react to it.
No comments yet