Introducing the total cost of service-risk management (TCS-R)
October 6, 2015 Peter Brooks CIO

Introducing the total cost of service-risk management (TCS-R)

Leading IT enterprises are migrating to all sorts of service-based digital business technologies, such as cloud, social media, Internet of Things (IoT), mobile, and xaaS. For many organizations, there are financial unknowns and risks in migrating to the use of these types of digital business services.

As IT is becoming a services broker (rather than asset owner), we are seeing a large gap in managing digital business service risk — a lack of risk identification, assessment, and management. What is needed is a new risk approach that extends typical IT risk management from considering IT-owned assets to including IT services.


We see that digital business service risks are different that traditional IT project risks:

Digital business project risks

The new approach to risk management is aligned with the IT portfolio and project financial management shift to a total cost of service (TCS) concept rather a total cost of ownership (TCO). We call this new approach to IT service broker risk management: the total cost of service–risk management (TCS-R). The TCS-R is the identification, assessment, visualization, and management of an organization’s service-based systems and project portfolio.

As an IT services broker, what risks should you be looking at? Across IT service portfolios, we see three major categories: business risk, enterprise risk, and IT service (delivery and support) risk. Many of these risks, particularly business and enterprise risks, are new for CIOs and others expanded their traditional scope.  The following are types of IT-as-a-service-broker — TCS — risks:

  • compliance
  • cyber and network security
  • enterprise Financial
  • fraud
  • intellectual property
  • legal
  • privacy
  • reputational
  • technology
  • adoption
  • market readiness
  • material business impact

From a financial perspective, the result is that digital business services risks cannot simply be managed by the traditionally expected value approach of creating one number that is the sum of the outcome expected costs and benefits times their probabilities. A new approach — the TCS-R — is needed.


This article was written by Peter Brooks from CIO and was legally licensed through the NewsCred publisher network.

You might also like