Alfredo C. Saad works in the Audit, Compliance and Risk Management department of IBM, with 43 years of experience in information technology. He graduated in Electronics Engineering and holds a Master of Sciences degree in Electrical Engineering. He became member of TLC-BR in 2013. The Mini Paper Series is a biweekly publication of the TLC-BR and sign electronically and receive future editions, please send an email to tlcbr@br.ibm.com. The TLC-BR is the representation of IBM Academy of Technology in Brazil.

Mini Paper Series Year 8

October, 2013 - NO 195

Transforming Risks Into Deal Opportunities

Alfredo C. Saad

The concept of risk has emerged in the transition from

the Middle Ages to the Modern Ages, throughout the

sixteenth and seventeenth centuries. Until then, despite

the remarkable progress already achieved in other human

knowledge fields, no one dared to challenge the counsel

of the gods, who seemed to determine future events. This

fact meant that the observed events were simply

associated with good or bad luck. An entrenched

fatalistic view prevented people to even imagine the

possibility of actions that would increase the likelihood

of favorable events or decrease the likelihood of adverse

events.

The innovative air brought by the Renaissance made the

thinkers challenge this fear of the future, leading them to

develop and refine quantitative methods that anticipated

several future scenarios in opposition to the unique

scenario imposed by destiny. One of the first milestones

was the solution proposed by Pascal and Fermat in 1654,

about the enigma of betting division in gambling. That’s

when the Probability Theory foundations, key to the

concept of risk, appeared.

Thereafter, the newly created perspective made it

possible, during the eighteenth century, numerous

applications in different areas, such as the population life

expectancy calculations and the improvement of

insurance calculation for sea travel .

The constant development of quantitative methods

brought, already in the Contemporary Age, these

applications to the corporate world. Texts written by

Knight in 1921 (Risk, Uncertainty and Profit) and

Kolmogorov in 1933 (Fundamentals of Probability

Theory), as well as the Game Theory, developed by von

Neumann in 1926 are the basis for the modern evolution

of the theme. Among the areas addressed since then,

may be cited the decisions relating to mergers and

acquisitions, investment decisions and macro-economic

studies.

The evolution of the discipline of risk management

allowed us to identify four different ways to react to a

risk, namely: accept, transfer, mitigate or avoid the risk.

There is, however, a fifth, innovative way, to react: to

transform the risk into a deal opportunity.

An example of application of this concept can be seen in

contracts of IT outsourcing services. Typically, the

client hires the service provider to operate the IT

environment of its organization with quality levels pre-

defined in the contract, which ensures that any failures

will not significantly impact the customer's business.

In this scenario, a relevant part of the service provider's

activity is the continuous effort to identify and address

vulnerabilities in the operated IT environment and that

could affect the client activities.

It is well known that cultivating the customer perception

that the provider acts proactively towards the

identification of potential risk factors to its business will

significantly increase their willingness to hire new

services.

Moreover, the recommended treatment for identified

vulnerabilities often requires taking actions that are

outside the scope of contracted services.

This scenario features the fifth way to react to an

identified risk: the generation of a new deal opportunity

by expanding the scope of the contracted services, with

the purpose of eliminating or at least mitigating factors

that put the customer's business at risk.

The ongoing exercise of such proactive attitude of the

provider consolidates, in the customer perception, the

idea that the provider is able to add a significant value,

by ensuring that their own business is protected by an

effective IT risk management . This value largely

surpasses the strict commercial limits of the signed

contract, creating a mutual trust link, valuable to both

parties and that can generate partnership actions in areas

not previously explored or foreseen.