by Peter Brooks

Introducing the total cost of service-risk management (TCS-R)

Sep 16, 2015
Risk Management

As IT becomes a digital business service broker rather than an owner of technology assets, traditional risk management techniques need to be extended.

Leading IT enterprises are migrating to all sorts of service-based digital business technologies, such as cloud, social media, Internet of Things (IoT), mobile, and xaaS. For many organizations there are financial unknowns and risks in migrating to the use of these types of digital business services.

As IT is becoming a services broker (rather than asset owner), we are seeing a large gap in managing digital business service risk — a lack of risk identification, assessment, and management. What is needed is a new risk approach that extends typical IT risk management from considering IT-owned assets to including IT services.


We see that digital business service risks are different that traditional IT project risks:

digital_business_risks Peter Brooks / International Institute of IT Economics

Digital business project risks

The new approach to risk management is aligned with the IT portfolio and project financial management shift to a total cost of service (TCS) concept rather total cost of ownership (TCO). We call this new approach to IT service broker risk management: the total cost of service–risk management (TCS-R). The TCS-R is the identification, assessment, visualization, and management of an organization’s service-based systems and project portfolio.

As an IT services broker, what risks should you be looking at? Across IT service portfolios we see three major categories: business risk, enterprise risk, and IT service (delivery and support) risk. Many of these risks, particularly business and enterprise risks, are new for CIOs and others expanded from their traditional scope.  The following are types of IT-as-a-service-broker — TCS — risks:

  • compliance
  • cyber and network security
  • enterprise Financial
  • fraud
  • intellectual property
  • legal
  • privacy
  • reputational
  • technology
  • adoption
  • market readiness
  • material business impact

From a financial perspective, the result is that digital business services risks cannot simply be managed by the traditional expected value approach of creating one number that is the sum of the outcome expected costs and benefits times their probabilities. A new approach — the TCS-R — is needed.

The next blog post in this risk series will describe TCS-R in more detail.