Digital Business Project Risks

Leading IT enterprises are migrating to all sorts of service-based digital business technologies - such as cloud, social media, IoT, mobile, and xaaS. For many organizations there are financial unknowns and risks in migrating to the use of these types of digital business services.

As IT is becoming a services broker (rather than asset owner), we are seeing a large gap in managing digital business service risk – a lack of risk identification, assessment, and management. What is needed is a new risk approach that extends typical IT risk management from considering IT-owned assets to now include IT services.


We see that digital business service risks are different that traditional IT project risks:

Peter Brooks / International Institute of IT Economics

Digital Business Project Risks

We call this new approach the Total Cost of Service–Risk Management. The Total Cost of Service-Risk Management (TCS-R) is the identification, assessment, and visualization of an organization’s service-based systems and project portfolio. TCS-R is aligned with the IT portfolio and project financial management shift to a Total Cost of Service (TCS) concept rather TCO.

As an IT services broker, what risks should you be looking at? Across IT service portfolios we see three major categories: business risk, enterprise risk, and IT service (delivery and support) risk. Many of these risks, particularly business and enterprise risks, are new for CIOs and others expanded from their traditional scope. The following are example of types of IT service broker risks:

  • Compliance

  • Cyber and network security

  • Enterprise Financial

  • Fraud

  • Intellectual Property

  • Legal

  • Privacy

  • Reputational

  • Technology

  • Adoption

  • Market Readiness

  • Material Business Impact

From a financial perspective, the result is that digital business services risks cannot simply be managed by the traditional expected value approach of creating one number that is the sum of the outcome expected costs and benefits times their probabilities. A new approach – the Total Cost of Service-Risk Management – is needed.

The next blog post in this risk series will describe the Total Cost of Service-Risk Management in more detail.

Recent Posts