Author: Craig Stanley
When presented with a choice between two solutions with an obvious difference in cost and value, you should always choose the cheaper one, right? We all know that’s not the case, as it’s just not that simple. In fact, many times the more expensive choice may be the right one when all factors are considered. But it’s important that the cost premium delivers a value that exceeds the cost differential and potential for failure.
The other intangible factors that influence decisions are what can be generalized as “risk.” The major components of risk are: risk exposure, risk tolerance, confidence and trust, probability and chance, and the size of the risk or decision. Counterbalancing risk is return, which is comprised of the same factors, but refers to the ability to achieve value goals. A robust risk analysis establishes a framework for identifying, measuring, evaluating, and objectively comparing these factors.
VMware’s process to analyze risk identifies specific areas of risk, assesses your reaction to the potential for problems to occur and risk tolerance, and computes an inherent risk/return factor that can be applied to the total cost of ownership (TCO). This process is used to create a risk-adjusted TCO by increasing or decreasing the benefit with respect to the perceived risk.
As an IT decision maker, your response to risk is an emotional reaction that influences your decision and even your ability to make a decision. When deciding between two options, the decision you make that will likely deliver the most favorable outcome adheres to three general rules:
- The ratio of the investment to the expected return influences the decision between financial risk and performance risk.
- The level of risk tolerance should exceed the level of risk exposure.
- The upside value potential should exceed the value being put at risk.
In the first rule, your emotional connection to financial and performance risk is evaluated. First, you have consider how the decision will impact you or your organization if the decision turns out to be a bad one.
- What if this doesn’t turn out as expected?
- What if it ends up costing more and taking longer to implement?
- Am I getting locked into something I’ll have trouble getting out of?
As the uncertainty of these types of concerns increase, the likelihood of your decision stalling will increase as well, because it may appear that doing nothing is less risky. But making no decision carries risk exposure as well in terms of lost opportunities and unmitigated risk exposure. This type of risk can be categorized as performance risk as it is associated with the success and probability of failure in the competing solutions.
And, the size of the decision’s cost and the potential revenue or value being put at risk also makes your decision more of an emotional one. This type of risk can be categorized as financial risk, being associated with the ratio of the investment to the outcome. For example, the game of poker is basically the same whether you’re playing a friendly game for pennies or playing with $1,000 chips in Las Vegas. But you play the game very differently when the stakes of losing are significantly higher and, consequently you are less willing to take chances.
If you were presented with an opportunity to make a sizeable return on an investment, but the amount you needed to investment was large, then you might not be inclined to accept the opportunity without much consideration. But if the same situation was presented and you only had to make a very small investment, then you might accept the opportunity immediately.
The second rule of the decision process is that the level of risk that is acceptable to you should be greater than the level of risk you’re being exposed to. Analyzing these risk factors involves:
- Identifying the most comment incident events that might occur
- Determining how each event would impact your decision
- Determining how much risk you can tolerate for each event
- Evaluating the probability of the event occurrence in each of the decision choices
These risk factors are evaluated to arrive at a risk exposure and risk tolerance value for each solution. The gap between the tolerance and exposure is termed “inherent risk.” If this result is negative, then the inherent risk of your decision is unfavorable and indicates that there may be unmitigated risk in the decision since the exposure is greater than what you are willing to accept. Conversely, if the gap is positive, then inherent risk is favorable and suggests opportunity for you to assume some additional risk to gain additional value opportunities. The inherent risk can be applied to the decision investment to create a risk-adjusted investment value.
The third rule of the decision process is that the upside potential should value be placed at risk. The upside potential is based on the value differential between the solutions. The value being placed at risk, or downside, examines the potential losses that could be incurred within the context of the rated risks. Ideally, the former should be greater than the latter.
For example, let’s assume you can make $1,000 performing some task, but if anything goes wrong, you’re out $100,000. Would you take that risk? Probably not, since there’s just not enough profit in that scenario to assume a 100:1 risk, unless you have extreme confidence that you have effectively removed the potential for failure.
These three rules describe results that can be integrated into an overall decision framework that produces a risk-adjusted investment or TCO in an IT decision; a return on risk; and an estimation of value impact.
The risk adjustment is a function of the inherent risk and the investment. When I’m working with IT decision makers, we compare the inherent risk of the decision that’s being evaluated with the competing TCO values to determine a mitigation-versus-value opportunity offset. This offset is applied to the TCO to arrive at a risk adjusted TCO, or a TCO that reflects the impact of the inherent risk. The risk adjusted TCO will reflect an increase or decrease depending on the inherent risk factors.
We can determine the return on risk by the ratio of the upside opportunity to the downside exposure as a function of the inherent risk and the investment ratio. If, as described in the first rule above, the financial risk of your decision is very small, then your return on risk may be largely driven by the inherent risk factors. Otherwise, a large financial risk tends to take precedence over the inherent risk. A positive return on risk suggests the potential for success in your decision is good, while a negative suggests a higher likelihood of failure.
Lastly, we can estimate the overall impact on the value stream by factoring the investment or TCO adjustments within the context of the investment ratio. This result will estimate the potential revenue or budgetary impact you may see of your decision with competing or comparison solutions.
Because the risk analysis process reveals both risk and opportunity, these three results enable you to make a more confident decision. Measuring your emotions and beliefs about one solution versus another helps your decision-making process and removes the fog of uncertainty.
The Accelerate risk analysis methodology described here is straight-forward to use and delivers results that are relevant, accurate, and easy to understand. The results are provided in a format that can be readily shared throughout the enterprise as needed. Applying risk analysis to the public/hybrid cloud decision process and other major IT initiatives will help you gain insight into the risk factors involved for each alternative, quantify the real value of the risk and opportunity, and increase your confidence in the decision.
Learn more in our white paper How Risk Analysis Streamlines Decision Making for Major IT Initiatives
=====
Craig Stanley is the Benchmarking Practice Lead for VMware Accelerate Advisory Services. You can follow him on Twitter @benchmarkguru.
If you’re at VMworld San Francisco tomorrow, stop by the VMware Accelerate Advisory Services demo booth in the Solution Exchange, and meet Craig in person!
Want to continue the conversation with your C-level executive peers? Join our exclusive CxO Corner Facebook page for access to hundreds of verified CxOs sharing ideas around IT Transformation right now by going to CxO Corner and clicking “ask to join group.”
