ITIL / ITSM

Brief Explanation on ITIL Risks

Risks like costs come in two varieties.

  1. The risks that are imposed on the consumer and
  2. The risks that are taken away.

Landscaping your massive garden is a good example to drive the concept.

There is a possibility that the landscaping machines could go down during the job. This would essentially delay the outcome that you wish to be achieved. In other words, landscaping job may not end as per the agreed timelines. That’s a risk which is possibly imposed on the consumer.

Now let’s discuss the risks that are removed from the consumer’s end. Let’s say, some machines malfunction causing an accident which causes harm to the people carrying out a service. You may have guessed that such accidents at a workplace could invite lawsuits especially if the employees do not sign a liability release agreement. You are the customer. You have paid for a service and the risks that come with the job are not owned by you. It is owned by the landscaping company. Any accidents would be the company’s liability and not the customer’s – as per the agreement that you have signed. Therefore, these risks are removed from the consumer’s end and is managed by the service provider – in this case, the landscaping company.

The official definition of risk reads:

A possible event that could cause harm or loss, or make it more difficult to achieve objectives. Can also be defined as uncertainty of outcome, and can be used in the context of measuring the probability of positive outcomes as well as negative outcomes.

It is expected that the majority of the risks are owned by the service provider and not passed onto the customer. The customer may face delivery risks and the possible outcomes that are a resultant of the delivery but the inherent risks of a service should be owned by the service provider.

In fact, the identification and definition of risks and its mitigation is a collaboration job. It works through:

  1. The service provider and customer working closely in defining the risks and its mitigation actions. This is possible if the expected outcomes are well understood by both the parties.
  2. The customer needs to share the critical success factors with the service provider so that the service provider can build sufficient backups to mitigate this risk. For example, if an internet connection is at the heart of a customer’s service outcome, then the service provider might draw parallel fibre connections to the customer’s property to ensure that a failover line picks up if the primary goes down.
  3. The customer must place the service provider in the best position to deliver a service. If the customer does not share the entire information, the service provider may not be in the position to deal with the risks that may crop up. For example, if a customer is adding more employees to the organization on a weekly basis, this information must be shared with the service provider as and when the decision is made. This will help the service provider estimate the required internet bandwidth and take necessary actions before the onboarding of new employees. Today, service providers are no longer called as service providers, but rather partners. They are brought closer to the customer organization, so put them in the best possible position to support the customer organization.
Affected 
outcomes 
introduced 
Risks 
introduced 
Value 
Supported 
outcomes 
Costs 
removed 
Risks 
removed

Going back to the graphic of a value balance, value is greater when the expected outcomes are achieved and, when the costs and risks are removed from the customer’s end.

Related Articles

Defining ITIL Value: Utility and Warranty [VIDEO]

Abhinav Krishna Kaiser

Understanding ITIL Service Offerings

Abhinav Krishna Kaiser

Brief Summary on ITIL Costs

Abhinav Krishna Kaiser

The Best Explanation of ITIL Value with Examples

Abhinav Krishna Kaiser

Video: Best Explanation of Products and Services with Real Life Examples

Abhinav Krishna Kaiser

What are ITIL Organizations

Abhinav Krishna Kaiser

Leave a Comment