As IT becomes a digital business service broker rather than an owner of technology assets, traditional risk management techniques need to be extended. Leading IT enterprises are migrating to all sorts of service-based digital business technologies, such as cloud, social media, Internet of Things (IoT), mobile, and xaaS. For many organizations there are financial unknowns and risks in migrating to the use of these types of digital business services. As IT is becoming a services broker (rather than asset owner), we are seeing a large gap in managing digital business service risk — a lack of risk identification, assessment, and management. What is needed is a new risk approach that extends typical IT risk management from considering IT-owned assets to including IT services. Why? We see that digital business service risks are different that traditional IT project risks: Peter Brooks / International Institute of IT Economics Digital business project risks The new approach to risk management is aligned with the IT portfolio and project financial management shift to a total cost of service (TCS) concept rather total cost of ownership (TCO). We call this new approach to IT service broker risk management: the total cost of service–risk management (TCS-R). The TCS-R is the identification, assessment, visualization, and management of an organization’s service-based systems and project portfolio. As an IT services broker, what risks should you be looking at? Across IT service portfolios we see three major categories: business risk, enterprise risk, and IT service (delivery and support) risk. Many of these risks, particularly business and enterprise risks, are new for CIOs and others expanded from their traditional scope. The following are types of IT-as-a-service-broker — TCS — risks: compliance cyber and network security enterprise Financial fraud intellectual property legal privacy reputational technology adoption market readiness material business impact From a financial perspective, the result is that digital business services risks cannot simply be managed by the traditional expected value approach of creating one number that is the sum of the outcome expected costs and benefits times their probabilities. A new approach — the TCS-R — is needed. The next blog post in this risk series will describe TCS-R in more detail. Related content tip How To Manage Digital Business Risks By Peter Brooks Dec 01, 2015 6 mins E-commerce Software Risk Management Social Networking Apps opinion TCO is so 1990s: Say hello to TCS (Total Cost of Services) The market money is in IT services. Are you ready to understand the cost of your services? By Bill Kirwin Jun 05, 2015 7 mins IT Leadership analysis Trip report from the 2015 ITFMA conference There is a cadre of IT practitioners with the souls of money managers. These are the beleaguered people that manage the messy business of IT. I recently addressed a conference of these folks, and this is my trip report. By Bill Kirwin May 26, 2015 6 mins CIO ITIL IT Skills opinion Social Media Marketing ROI – The Business Value of Friends, Followers and Connections What is the ROI of social media digital marketing? The author performed extensive research on the topic to provide recommendations for CIOs and IT organizations on how to get involved with their companies' social media and digital marketing init By Peter Brooks Oct 02, 2014 5 mins CIO Social Networking Apps IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe