Core system transformation: What boards need to govern when "budget and milestones" are no longer enough

Many boards experience a familiar frustration when overseeing core system transformation programmes: they receive updates on budget, timeline, and milestones, but lack insights on a more fundamental question–are we building the right foundation, at the right level of risk, with a realistic path to value? This gap is rarely a governance failure. More often, it is a communication problem: complex programmes are typically reported through simplified, aggregate indicators that are easy to measure but insufficient for effective management.

Recent research on IT governance highlights a related issue: in many organisations, boards delegate IT governance responsibilities to management or specialised committees. While this delegation is common, it can create blind spots precisely at times when technology is no longer just a support function but a core driver of business strategy, competitiveness, and growth¹. 

Below, we present a board-focused perspective on what makes core system transformation structurally different–and suggest practical governance actions that help boards maintain control without micromanaging.

Why governance of core transformation is structurally difficult

1) Core transformation is not a technology programme: it is an operating model reset 

Core transformation reshapes processes, roles, controls, data definitions, and decision rights. In other words, the new platform serves as an enabler of these changes, while the success of the transformation–and the achievement of planned business outcomes–depends on how effectively the operating model is redesigned and adopted.

Deloitte’s work on legacy modernisation frames modernisation as a combination of rethinking processes, re-engineering the digital core, and re-imagining business capabilities–typically with AI acting as an accelerator of change. The critical implication for boards: value does not come from the new platform alone, but from the business changes that the platform makes possible². 

2) The most expensive risks sit in the ’white spaces’ 

The largest overruns and delays rarely come from defects within the system itself. Instead, they arise from mismatches between different workstreams, for example, when product ambitions exceed platform capabilities, when data quality falls short of reporting requirements, when vendor deliveries are not aligned with internal readiness, or when the organisation’s capacity for change is overwhelmed by ongoing business-as-usual demands. These gaps, often referred to as ‘white spaces’, can compound and escalate risks if not properly managed.

Boards that track just milestone completion may miss the build-up of these compounding risks. 

Established research on large, complex projects highlights how optimism bias and systematic underestimation of risk can lead to persistent cost overruns and benefit shortfalls–unless governance explicitly addresses these issues early in the programme lifecycle³.

3) Traditional status reporting can create false reassurance 

A programme can be given a ’green light’ on hitting project deliverables while falling short on value, quality, readiness, and control design. Conversely, it can be given a ’red light’ for being behind schedule–even when management is making sensible trade-offs, such as prioritising the correction of data foundations early rather than rushing unfinished functionality into production.

Boards need transparency on the trade-offs and the evidence behind them–not just simple traffic lights. 

How size and geography shape governance in core transformation

Size and geographical presence are fundamental factors influencing the governance of core system transformations.

Larger insurers typically face greater complexity due to their multiple business units, diverse product lines, and extensive legacy systems. This scale of complexity demands more formal governance structures, segmented reporting, and broader board involvement to monitoring a wide range of risks and ensure coordination across the organisation. 

In contrast, smaller insurers usually have simpler structures and more focused transformation programmes, allowing boards to engage more directly with specific risks and readiness factors relevant to their scale. 

Geographical footprint adds another layer of complexity: insurers operating across multiple countries must balance the need for global consistency in strategy, architecture, and controls with local flexibility to comply with varied regulatory and market requirements. This necessitates governance frameworks that support regional reporting and strong coordination to align global and local priorities without sacrificing agility. 

Conversely, insurers focused on a single market benefit from more specialised governance tailored to local regulations, customer expectations, and operational risks. 

Together, size and geography not only shape the complexity and structure of governance but also influence the nature of risks boards monitor and the evidence they require to guide the transformation effectively. 

A board-ready oversight model: Five shifts that improve governance

Shift 1: From ’project approval’ to a living business case

Boards should insist on a clear and evolving business case for investing in core transformation–one that is explicit, testable, and regularly updated–not a one-time document that becomes politically untouchable after approval.

At minimum, the board should see and continue to review:

• Value case (cost, growth, risk, resilience) with assumptions and sensitivities 

• Strategic options (including what is intentionally not being done) 

• Non-negotiables (e.g., regulatory reporting continuity, operational resilience, cyber posture) 

• Decision points (where the board must choose, not merely ’note’) 

This keeps the board in its proper role: governing direction, risk appetite, and accountability for outcomes–without involvement in day-to-day delivery. The Deloitte Governance Framework is one practical reference point for structuring this governance boundary and improving effectiveness⁴. 

Shift 2: From ’milestones’ to evidence of business readiness 

A core transformation succeeds or fails at the moment of cutover, when the business takes ownership of the new platform. Boards should therefore request reporting that include proof of readiness, not just progress updates.

Board-friendly evidence of readiness typically covers: 

• End-to-end process validation in realistic scenarios (not isolated demos) 

• Data readiness: clear definition, reconciliation, and governance of critical data–such as customer records, policy details, and claims information.
• Control readiness: key controls designed and tested for the new environment 

• Cutover preparedness: rehearsals, fallback strategy, and resilience testing 

• People readiness: capacity, skills, and adoption plans for impacted roles. 
   

Shift 3: From ’vendor delivery’ to integrated accountability 

Core transformations often fail when accountability is outsourced. Boards should look for a governance structure where the business, IT, risk, finance, and operations functions share responsibility–and where escalation paths are clear and used. 

A simple but powerful board requirement should be a single, visible integrated plan that unifies technology delivery, business change and adoption, data migration and quality, controls and compliance readiness, as well as operational resilience and service continuity. 

If such an integrated plan does not exist–or lacks credibility–boards should assume the transformation programme is likely to deviate gradually from its intended goals.

Shift 4: From status updates to decision-grade questions 

Boards do not need more presentation slides. They need answers to questions that provide clarity. 

A practical set of board questions might be:

1. What must happen for this programme to succeed–and what evidence do we have that it is happening? 
2. Where are we simplifying (product, process, architecture), and what is the trade-off? 
3. Which risks are we accepting, mitigating, or transferring–and what are the reasons? 
4. What is our lock-in exposure (commercial, technical, skills), and what is the plan to manage it? 
5. How are we protecting customer experience and operational resilience during the transition? 
6. What decisions in the next 90 days could materially change cost, timeline, or value? 

Deloitte’s board-focused “Tech questions for the board’s agenda” series is a useful reference for shaping these conversations⁵. 

Shift 5: From ’Big Bang optimism’ to controlled value release 

Even when the final cutover is a major event, boards should advocate for a delivery approach that reduces risk and increases learning over time. What to look for: 

• A clear roadmap that delivers usable business capabilities in stages–not just technical components
• Explicit data migration and reconciliation strategy with measurable quality gates, to ensure data accuracy and integrity at each stage of the rollout.

• A clear connection between each release and specific business outcomes–such as cost savings, shorter cycle times, or improved service quality–enabling meaningful assessment of progress.
• Transparent go / no-go criteria tied to readiness evidence, enabling informed choices about whether to proceed with each release or pause to address issues.
   

The hidden board risk: Transforming the core while the world changes

Core transformation is happening while developments in AI, cyber risk, regulatory expectations, and talent constraints intensify. This increases the board’s governance burden: the core transformation is no longer only about replacing legacy; it is increasingly the platform decision that determines whether advanced capabilities can be deployed safely, compliantly, and at scale. 

Deloitte Switzerland’s Insurance Tech Trends 2025 underlines how fast technology forces are evolving in the industry, and why resilient, scalable foundations are a precondition for sustainable value creation⁶.

A pragmatic governance setup for Swiss boards 

Three mechanisms often improve governance quality. First, a board-level ‘transformation oversight cadence’ involving regular deep-dive sessions–typically quarterly–focused on key decisions and evidence, complemented by concise interim updates to keep the board informed between meetings. Second, independent assurance with a defined scope, providing periodic reviews on critical areas such as the integrity of the value case, readiness evidence, data and control quality, and cutover preparedness. Third, a clear escalation protocol with predefined thresholds that require board attention, for example, significant scope changes, repeated vendor underperformance, gaps in control readiness, or risks to operational resilience.

From a Swiss governance perspective, Deloitte’s publication on future trends in corporate governance (with an audit committee focus) offers valuable insights into why increasing uncertainty, complexity, and competing priorities heighten oversight demands–and outlines practical steps boards can take to address these challenges⁷. 

Closing thought: The board’s real job is to govern the trade-offs 

Core system transformation is a long journey through uncertainty. The most effective boards do not attempt to run the programme. They insist on decision-quality transparency: what trade-offs are being made, why are they  justified, and what is the  evidence that supports them? 

If board dialogue moves from “Are we on budget and on time?” to “Are we building a business that will still work–and win–after the cutover?”, governance shifts from reactive supervision to strategic oversight. In an industry where trust, resilience and operational excellence are existential, the shift provides not just good governance: it delivers competitive advantage.

Authors

• Dr. Marcel Thom, Partner, Insurance Lead Switzerland
• Maddalena Fusco, Manager, Technology & Transformation
• Martin Gertsch, Director, Technology & Transformation
• Stefan Hobi, Senior Manager, Technology & Transformation