DigiconAsia finds out the answer from a well-known IT leader in the Middle East.

Digital transformation (DX) is a journey that every company must embark on. However, this journey has proven to be difficult, costly, challenging, and quite risky.

This is why two well-known IT/DX advisors from the Middle East, Ahmad Almulla and Arun Tewary, have launched a book about digital governance that could boost DX success rates in their region.

In an exclusive chat with DigiconAsia, Ahmad Almulla shares some of the book’s ideas with readers here.

DigiconAsia: What made you write this book? What kind of impact can the book make on IT decision-makers?

Ahmad Almulla
Digital Transformation Advisor,
Board member, UAE, Middle East

Ahmad Almulla (AA): To succeed in DX, there are many elements that need to be in place. I have collected the most common reasons for failures and tried to address them in this book by providing a governance framework for addressing those issues.

In my opinion, the top reason for DX failure is the absence of real purpose and vision. Unfortunately, most traditional DX approaches use cost saving as the drive and not value creation — there is a big difference.

Certainly, money is one of the top reasons for DX. Not the budgeted amount as such, but the way budgets are prepared. In many digital journeys, the budget is prepared by looking at DX as a project, which means the budget is done for execution of the project but not for the full cycle of the continual journey.

I am quite sure that if firms put such governance in place, the risk of failure will reduce drastically at least by 80% to 90%.

DigiconAsia: In many organizations, IT heads cannot achieve their goals because of the pressure from their CFOs. Do you agree?

AA: I agree with your statement 100%. The best way to approach this problem is to create awareness. CFOs, by definition, look primarily at the element of cost, and pay little attention to other elements such as process efficiency, customer experience, and so on.

While it is not fair to put all the blame on CFOs, IT heads need to be able to highlight and demonstrate how digital investments bring profound value to the organization.

Having worked in the ME region and having interacted with professionals from other countries, I have seen this problem as one that not only affects my region, but also globally, although I can see variations among organizations within all geographies.

So, the problem is local to organizations and not countries. Having said that, I find more maturity in Europe as opposed to CFO situations in the rest of the world.

DigiconAsia: Do socio-cultural ethos and national identities play a role in DX success rates?

AA: I do not have any statistics in this regard, but generally I find that younger people are more ‘change-ready’ than older ones. Organization culture, however, plays a major role. Therefore, change management is vital for success of any digital initiative especially at board level.

DigiconAsia: You mentioned in your writings that many organizations overspend on cybersecurity. Considering the threats in the current day, is this not warranted? 

AA: To address the cyber threats, you need to put in place many measures. Most of them are not technology related (i.e., policies, awareness, discipline, backup process, risk management approach and others).

Where the overspend comes is in the fact that most organizations think that by throwing money at buying technologies, their organization will be in a better position. However, statistically, over 90% of the threats are internal, and most of those can be addressed by non-technology related measures.

DigiconAsia: When choosing cybersecurity products, many organizations prefer those with certifications or some methodologies touted by research firms. What is your view on this?

AA: Certification against proven standards and frameworks help organizations as they provide a reference point for measurement and benchmarking. Research firms can provide unbiased insights into the usefulness of such standards and frameworks.

However, sometimes, the makers of cybersecurity products may have exclusive intellectual property and information that have yet to receive attention by researchers.

Therefore, while basing decisions on third party independent research agencies is a sound approach, organizations can use a mix of both methods depending on circumstances and diligent product research.