Change management for project ROI and reduced risk

Issue 1 2021 Security Services & Risk Management

Companies that prioritise their employees’ change journeys during digital transformation projects, such as the remote working initiatives seen in 2020, are less exposed to risk and more likely to realise the return on their investments. This is because all change initiatives are people-dependent and rely on people doing their jobs differently to be successful. Neglecting to enable them to do their work within the changed environment can contribute to project failures and, potentially, tech crashes within organisations.

This is according to Charl Ueckermann, Group CEO at AVeS Cyber International, who says that employees’ speed of adoption, usage, participation, and proficiency, influence project success rates significantly.

“Any project or initiative, regardless of whether it is there to drive productivity, improve performance, increase governance or reduce costs, has the potential to impact how the people across an organisation do their work. Likewise, how people perceive changes in their working environment will affect your projects' and initiatives' success rates.

“People are affected by the changes arising from IT projects and implementations. Organisations need to manage the process of change to encourage acceptance of the new ways of working and drive adoption and competent usage in a way that your projects deliver their desired outcomes,” says Ueckermann.

He continues: “As a case in point; when you consider the speed and rate at which organisations set in motion ambitious projects to enable their employees to work from home last year and the fact that not many of them, nor their employees, had ever worked that way before, it is easy to see how neglecting the people-enablement aspect can lead to performance problems, employee disengagement and create predictable business risks.

“It is human nature to resist change, particularly during times of uncertainty, when people naturally seek comfort in familiarity and consistency. We live in volatile, uncertain, complex and ambiguous (VUCA) times, and change is happening all the time. Last year, people had to quickly adapt to using new processes and technologies to work from home. This year, there are likely to be more changes as organisations refine remote working models and implement new ones to accommodate hybrid approaches where employees alternate between the office and home. The overwhelming degree and pace at which our environments are evolving make it necessary for structured processes and frameworks to help people manage change better.”

Change implies risk

There are always risks associated with making any change that impacts the people in a business, including IT projects. For example, when a new IT system is implemented and people don’t use it optimally, it can result in unnecessary costs and cyber risks. Aside from productivity declines that directly influence profitability, there are the costs associated with re-scoping the project, redoing parts of it, delaying it, redesigning workflows and processes, retraining people, and downtime. Incorporating change management into the risk management strategy makes it easier to manage the potential risks associated with the changes being made.

Business value creation is another reason for applying change management. Suppose employees are led to truly realise the value of the new technology and ways of working. In that case, they are more likely to adopt and continue with it, ensuring that organisations get better value from their investments.

“Ownership does not come from forced change (a ‘you cannot’ approach), but from a leadership-facilitated process (a ‘you can’ approach) that guides and inspires change,” says Ueckermann.

Ueckermann continues by saying that change management significantly increases companies' likelihood of meeting their project objectives and achieving ROI. In fact, Prosci (, an independent research company in the field of change management, gathered data over eight years and found that initiatives with excellent change management are six times more likely to meet objectives than those with poor change management.

Degrees of change management

“Change management focuses on helping people affected by a change to evolve how they do their jobs in the changing environment. It should involve leadership, project management teams and employees to ensure that a project, such as an IT investment, meets its objectives. Without everyone working together, IT investments will likely fail to meet their objectives.”

The degree of change management required depends on the company and its readiness for change. Some companies have cultures that nurture adaptability and flexibility, making them more open to change. Others with less flexible and adaptable cultures require a higher, more focused degree of change management.

“Successfully implementing and adapting to a change is not a new goal, yet many companies struggle with achieving it. This has its roots in a poor understanding of the readiness of the company to tolerate change. Before implementing a change that could affect your business's people, it is advisable to complete a readiness assessment and risk analysis to determine the organisation’s appetite for change.

“Analysing the outputs from such assessments will help with developing a customised strategy with the necessary sponsorship, team structure and proactive resistance management to improve the probability of projects’ successes.”

Ueckermann concludes by saying that effective change management helps prevent unnecessary costs and reduce the business risks that can arise if the people side of change is not managed correctly.

“Change management should be seen as a strategy for driving ROI on projects and investments, and importantly, for better risk management. Ultimately, you want to ensure that change is adopted and sustained so that your people can move to a new business as usual.”


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

How to prevent and survive fires
Fire & Safety Security Services & Risk Management
Since its launch in August 2023, Fidelity SecureFire, a division of the Fidelity Services Group, has been making significant strides in revolutionising fire response services in South Africa.

A long career in mining security
Technews Publishing Editor's Choice Security Services & Risk Management Mining (Industry)
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Risk management: There's an app for that
Editor's Choice News & Events Security Services & Risk Management
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Integrated information platform for risk management
Editor's Choice News & Events Security Services & Risk Management
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Global Identity Fraud Report revealing eight-month ‘mega-attack’
Editor's Choice Security Services & Risk Management
AU10TIX recently released its Q4 Global Identity Fraud Report, with the research identifying two never-before-seen attack patterns, with the worst case involving 22 000+ AI-generated variations of a single U.S. passport.

Linking of security officers by security businesses
PSiRA (Private Security Ind. Regulatory Authority) News & Events Security Services & Risk Management
[Sponsored] By law, all security businesses are required to declare their employees to PSiRA so that they can be accounted for administratively. Failure to link employees by security businesses is a contravention of the Code of Conduct and a criminal offence.

AI augmentation in security software
Security Services & Risk Management AI & Data Analytics
The integration of AI technology into security software has been met with resistance. In this, the second of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.