SS

While this may not be possible for some Type I providers it is best practice as demonstrated by their peers elsewhere. Type I providers should engage their customers in dialogue on compensation for risks within the framework of corporate policy .

When it is not possible to account for the burden of risks in pricing of services, as in the case of some Type I providers, it should nevertheless be highlighted for the customer . Customers compensate for risks also by assuring patterns and periods of demand that mitigate the risk of investments made by the provider in offering a catalogue of services.

Figure 9.4 Risks flow both ways

This is particularly a concern for Type I providers who work with limited options in terms of market spaces, choice of customers and pricing freedom. The infrastructure must also be adaptive enough to support the differences among the business infrastructure and operative environment s of several customers. Cost s are a matter of fact while pricing is a matter of policy. Therefore service provider s should have adequate controls to safeguard their interests in the long term, while continuing to support their customers flexibly through a wide range of scenarios.

On one hand, service providers must be sure that the compensation is complete and commensurate. On the other hand, the case they make should be reasonable. They have to take into account, for example, that certain returns on investments are not immediate but distributed over the lifetime of services and service assets. The risks they assume with new services and customers often pay off in the form of demand from other customers (from economies of scale ) and demand for other services (from economies of scope ).

Additions or changes to the Customer Portfolio should be preceded by an evaluation of risks that the service provider is willing to assume on behalf of the customer (Figure 9.5). Customers are similarly interested in filtering risks from service providers to an acceptable level. Risk Analysis and Risk management should be applied to the Service Pipeline and Service Catalogue to identify, contain and mitigate risks within the Lifecycle phase.

Figure 9.5 Risk management plays a crucial role in service management

Case example 15 (solution): A strategy for service risks

The service provider assures a minimum level of system availability in the event of a system failure . Though call centre services remained functional, the degradation in performance had a severe effect on the performance of business unit outcomes.

Besides protecting against system failures, there is a need to protect against service performance degradation, for instance, by isolating the business unit operations from the risks in its service provider operations. This can be done, for example, by dynamically routing callers to an alternative service unit with identical call centre service capabilities. The stand-by service unit is owned by the service provider or by a third-party service unit.

9.5.3 Service provider risks

Risk s for service providers arise when uncertainty originating in the customer’s business combines with uncertainty in their operations to have an adverse impact across the Service Lifecycle . Risk s materialize in various forms such as technical problems, loss of control in operations, breaches in information security, delays in launching services, failure to comply with regulations, and financial short-falls. The exposure to risks and resulting damages are measured in financial terms and in terms of the loss of goodwill among customers, supplier s and partners. While financial losses are undesirable it is at least possible to account for them and write them off against gains elsewhere. It is harder to measure or recover the loss of goodwill in terms of reputation, customer confidence and credibility with prospects. However, financial measures are easier to understand and communicate across organizational boundaries and cultures. To the extent possible, it is useful to communicate losses in financial terms, which are then used as indicators rather than direct measures.

Service provider risks vary by types of providers. The risk management plans and budget s of business units may cover their Type I providers. Type II providers operating with a market-based model assume a larger set of risks but stand to benefit accordingly. They assume risks similar to Type III providers in terms of marketing, new service development , financial liability and exposure to market-based competition. However, they distribute the risks across a larger customer base across the enterprise. They also have greater autonomy in managing the risks since they provide services on more commercial terms than Type I providers.

9.5.4 Contract risks

Customer s depend on contract s as a means of implementing their own business strategy and achieving specific objective s, and as a means of allocating and managing most, if not all, operational risks associated with the business outcomes.43 The concept of ‘ contract ’ includes formal, legally binding contract s as well as less formal agreement s between business units and internal groups and function s. Risk s that threaten the ability of the service provider to deliver on contractual commitments are strategic risks because they jeopardize not only operations in the present but also the confidence customers will place in the future. For example, failure to increase the capacity of highly leveraged assets such as infrastructure impacts a wide range of contractual commitments. Infrastructure is a strategic asset , and risks that impair such assets are strategic risks.

Risks are associated with contracts and span the Service Lifecycle . They are identified and assigned to role s and responsibilities within the functions and processes of the Lifecycle . This ensures that the risk s are placed in context and tackled with the right set of capabilities within the organization. The impact of the risks and the underlying threat s and vulnerabilities may not be limited to any particular function of process (Figure 9.6). The customer does not discriminate between the origins of risks. Coordination is necessary across the Lifecycle to manage risk.

Figure 9.6 Contracts portfolios translate into a set of risks to be managed

The set of risks to be managed depends on the commitments, contained in the Contract Portfolio , which define the design requirement s and operational requirements to be realized through Service Model s and Service Operation Plans. The combination of the two complementary sets of requirements determines the risks to be managed. Service Transition is instrumental in identifying risks in contractual commitments. The risk management is applied from the period before the commitments are made, through Service Design , until the commitments are fulfilled through Service Operation. Design risks arise from the failures or shortcomings in converting requirements into attributes of services and service models. Operational risks arise from technical and administrative failures in supporting the service model in operation . Together they determine a superset of risks to be managed actively across the Lifecycle.