Strategy

Risk & Dependencies

Integration hotspots, dependency chains, and the risk heatmap. Identifies where transformation risk is concentrated and what mitigations are in place.

DraftUpdated 15 Mar 2026

Why this matters

Risk visibility determines whether the programme mobilises with appropriate safeguards. Unidentified dependencies are the primary cause of programme delay in transformation initiatives.

What this informs

Migration sequencing, contingency planning, and Phase 1 scope constraints. Every critical risk maps to a decision or deliverable dependency.

What remains unresolved

Cost estimation risk cannot be fully assessed until future-state scenario is selected. China regulatory timeline carries external dependency.

Total Risks

Critical

High

Domains Affected

Mitigations Defined

Risk Heatmap

RSK-002

RSK-001

RSK-003RSK-005

RSK-007

RSK-006

RSK-004

RSK-008

Impact (vertical) x Likelihood (horizontal) Critical (≥16) High (9-15) Medium (4-8)

Risk Register

RSK-001

Legacy integration brittleness during migration

20In progress

Facade layer isolates new components. Incremental migration with rollback capability at each stage. Integration test suite before each cutover.

IntegrationArchitecture LeadI5 x L4

RSK-007

Dealer network adoption lag for new service interfaces

16Draft

Progressive rollout by region. Dealer feedback loop built into Phase 1. Training programme. Dual-interface period during transition.

OrganisationalProgram ManagerI4 x L4

RSK-002

Data sovereignty non-compliance in China operations

15Decision needed

Parallel China architecture track. Independent data storage. Legal review of all cross-border data flows. ICP licensing ahead of deployment.

RegulatoryRegional ArchitectI5 x L3

RSK-008

Cost estimation accuracy for future-state scenarios

15Blocked

Order-of-magnitude ranges, not point estimates. Scenario-based costing. Vendor pricing validated against reference implementations. Contingency buffer defined.

GovernanceProgram ManagerI3 x L5

RSK-003

Vendor lock-in through monolithic platform selection

12Under review

Composable architecture preference. API-first contracts. Avoid proprietary data formats. Exit cost analysis in vendor evaluation.

StrategyEnterprise ArchitectI4 x L3

RSK-004

Organisational resistance to domain-driven boundaries

12In progress

Stakeholder alignment workshops. Domain ownership mapped to existing reporting lines where possible. Executive sponsorship for boundary changes.

OrganisationalProgram ManagerI3 x L4

RSK-005

SAP upgrade cycle misalignment with migration timeline

12Draft

Early alignment with SAP team on upgrade roadmap. Integration layer absorbs API version changes. Feature-flag migration phases around SAP releases.

IntegrationSolution ArchitectI4 x L3

RSK-006

Insufficient observability in transitional architecture

9In progress

Observability as day-one requirement. OpenTelemetry standard. Monitoring dashboard for all integration touchpoints. Alert thresholds defined before go-live.

OperationsArchitecture LeadI3 x L3

Key Blockers

Legacy integration cutover sequence undefined

blocking

Cannot begin migration without validated system interaction map and rollback procedures.

China CAC assessment timeline

at-risk

45–60 working day lead time. Must be initiated before Phase 1 planning is finalised.

Cost estimation blocked by scenario selection

blocking

Order-of-magnitude estimates require scenario lock. Steering committee decision prerequisite.

Architecture Diagrams

Integration Dependency Chain

Shows cascading dependencies between systems and the impact of failure at each integration point.

Draft

Architecture Lead

Data Flow Reliability Map

Data freshness, sync frequency, and reliability indicators across all integration paths.

Draft

Solution Architect

Decision Layer

Decisions Supported

ADR-001 (strangler-fig), ADR-005 (observability). Risk profile supports incremental migration over big-bang.

Dependencies

Depends on DEL-001 (Current-State). Feeds into DEL-006 (Deprecation) and Phase 1 contingency planning.

Next Actions

Complete dependency chain diagram. Validate mitigation owners. Quantify cost-of-delay for top 3 risks.

Confidence

Medium — all risks identified and scored. Mitigation activation depends on decisions not yet resolved.

← Future-State Scenarios

All outputs Next

Platform Deprecation→