Why most IT consulting engagements disappoint
A senior IT decision-maker recently described to us the sequence: a glossy proposal, a confident assessment phase, a 60-page strategy deck — and then nothing. Six months later, the team was still where they started, just with a thinner budget. This pattern is common enough in Saudi Arabia that “IT consulting” has become a slightly loaded phrase among CFOs.
The problem is rarely with consulting itself. It’s with the selection process. Most organisations evaluate IT consulting firms on the wrong axes — proposal aesthetics, brand recognition, day-rate — and ignore the questions that actually predict whether the engagement will produce business results. Before you sign your next IT consulting agreement in the Kingdom, work through these seven questions.
Question 1 — Have they delivered in your specific sector?
Cross-industry consulting expertise is a marketing claim more often than an operational reality. The patterns that matter in Saudi banking under SAMA differ fundamentally from the patterns that matter in hospitality, healthcare, or manufacturing. A consultant who has spent five years optimising bank infrastructure brings a sharper eye to your specific problems than one with broad-but-thin experience across ten industries.
Ask for three named engagements in your sector, ideally in KSA, with the names of the senior consultants who actually delivered them. Ask if you can speak to one client reference. The pushback you receive — or the absence of it — will tell you what you need to know.
Question 2 — Do they hold KSA presence and Saudi-aware certifications?
Remote-first consulting from Dubai, Cairo, or India can work for technology selection. It rarely works for compliance, change management, or transformation requiring stakeholder time on the ground in Riyadh, Jeddah, and Dammam. The organisations that have worked best with us as consulting partners are the ones who insisted we have engineers physically in the Kingdom, not just on Zoom.
The certification layer matters too. NCA Essential Cybersecurity Controls (ECC) implementation requires specific framework familiarity. SAMA Cyber Security Framework experience is non-substitutable for financial services. PMP-certified project managers working on Saudi business hours, with native or fluent Arabic, reduce friction in stakeholder meetings.
Question 3 — Will they put their roadmap in writing — and stand behind it?
Verbal recommendations are easy. Written roadmaps with named owners, time-boxed milestones, and explicit assumptions are the deliverable that matters. Ask any prospective consultant to share a redacted sample roadmap from a comparable engagement. Look for: explicit baseline assumptions, sequenced quarterly milestones, dependency mapping, and a budget range for each phase. If what you get back is a colourful mind-map with no numbers, escalate the question.
Question 4 — How do they handle vendor neutrality?
Many KSA IT consultancies are also resellers. There’s nothing wrong with that — you often want a partner who can both recommend and implement. But you do want to know how they manage the conflict of interest. Direct questions: “Do you have margin disclosure?” “How do you handle situations where the right answer is a vendor you don’t represent?” “Can you share a recent recommendation that lost you reseller margin?” The answers will tell you whether you’re hiring a consultant or a sales pipeline.
Question 5 — What’s their NCA / SAMA framework experience?
Compliance is increasingly the binding constraint on IT decisions in the Kingdom. NCA ECC is now mandatory for in-scope organisations and enforced. SAMA’s Cyber Security Framework controls financial services. Healthcare faces evolving data-residency requirements. A consultant who can articulate how a roadmap recommendation maps to specific control families — by reference, not just buzzword — will save you weeks of remediation work later.
Ask for a sample gap analysis they’ve produced against ECC. Look for: control-by-control granularity, evidence requirements, and remediation effort estimates that distinguish between “policy gap” and “technical implementation gap”.
Question 6 — Will they engage past the deck?
The biggest IT consulting failure mode in our experience is the “strategy hand-off cliff” — the consultant delivers the document, runs the executive presentation, and disappears. Six weeks later, the implementation team is asking questions nobody can answer because the consultants who built the assumptions have moved on.
Ask explicitly: “What does post-strategy engagement look like? Will the same consultants who built the roadmap be available during the first 90 days of execution?” The right answer is usually a defined retainer or implementation phase with the same team. If the answer is “we hand off to your internal team and step away”, price the rework into your budget.
Question 7 — How is the engagement priced — and what’s NOT included?
Fixed-fee engagements with explicit scope are nearly always the right model for an IT consulting deliverable. Time-and-materials engagements should be reserved for genuinely open-ended discovery. Beware of any pricing model where small scope changes trigger large change orders — a sign the consultant is incentivised to expand rather than deliver.
Ask for a written breakdown: what’s in scope, what’s explicitly out of scope, what triggers a change order, and what’s the typical change-order range. Compare this against two or three other proposals. The patterns will become clear.
The takeaway
The right IT consulting partner is closer to a business outcome than a deliverable. Run prospective consultants through these seven questions and you’ll filter out the ones who won’t deliver business results — saving yourself a six-figure mistake.
If you’d like to walk through these questions specifically about your environment, book a free 30-minute discovery call and we’ll be honest about whether Unifiedway IT consulting is the right fit, or whether you’d be better served by a focused cyber security assessment, a cloud migration project, or managed IT support instead.
