Home  ›  Blog  ›  TCO Framework
Strategy · TCO · Cost Modelling

A defensible TCO framework — five years, four cost layers.

Total cost of ownership analysis for enterprise software is too often reduced to line-item licence cost plus support, projected flat across five years. The actual TCO for a major vendor relationship runs 2–3x that number once indirect, exit, and risk-adjusted costs are included. The framework below is the model we use across our 340+ engagements to produce TCO numbers that survive board scrutiny and inform negotiation strategy.

Updated: April 2026 Reading time: 12 min Audience: CIO, CFO, Procurement, FinOps
TCO analysis
The four cost layers

Direct, indirect, exit, risk-adjusted — the layers most TCO models miss.

Conventional TCO analyses capture direct cost — licence, support, infrastructure — competently. The gap is in the other three layers, which compound differently and create the surprises that derail multi-year forecasts. The framework that produces defensible numbers covers all four:

  1. Direct cost: licence fees, support fees, infrastructure (cloud or on-premises), and any vendor-billed managed services.
  2. Indirect cost: internal labour, integration cost, training, change management, and consumption of cross-functional capacity.
  3. Exit cost: the cost to leave the platform at end of term — data migration, system retraining, transition support, and the implied option value of staying.
  4. Risk-adjusted cost: the probability-weighted cost of unfavourable events — audit exposure, scope expansion, price uplift overruns, vendor failure.

Why the four-layer model wins

A TCO model that captures only direct cost almost always favours the incumbent vendor in renewal scenarios — the alternative carries higher indirect costs in year one and the model rewards inertia. A four-layer model surfaces the genuine economic question: across five years, with realistic indirect, exit, and risk costs included, which alternative actually costs less? The answer is frequently different.

Building a TCO model for a major decision?

Our TCO framework is open-source within client engagements. The model below is the same one we use.

Contact Us →
Layer one — direct cost

Direct cost — the visible 60%.

Direct cost is what shows up on the vendor invoice. The components and the common errors:

The common error in direct-cost modelling is assuming flat or low uplift; the contractual default is closer to 7–10%, and the compounding effect over five years is material. Use the contractual uplift cap, not a hopeful assumption.

Layer two — indirect cost

Indirect cost — the hidden 25%.

Indirect cost is internal cost to operate and consume the software. The components:

Indirect cost is often 25–40% of total TCO for major vendor relationships. It is the layer that most differs across vendor alternatives (a vendor with weaker UX, harder integrations, or a less mature SAM model can have materially higher indirect cost even at parity direct cost).

Download the License Optimization Toolkit.

The TCO model template, plus optimisation playbooks across the major vendor practices.

Get the toolkit →
Layer three — exit cost

Exit cost — the lock-in tax.

Exit cost is what it would cost to leave the platform at end of term and migrate to an alternative. Most TCO models ignore exit cost entirely, which biases the analysis toward staying. A defensible exit cost model includes:

Exit cost is the "lock-in tax" — the difference between the cost of the relationship if it remains profitable on its own terms and the cost of changing course. Vendors price into the relationship knowing exit cost is high. Quantifying it explicitly is a precondition to using it as a negotiation lever (and to deciding when, despite the lock-in, the alternative is the right call).

Layer four — risk-adjusted cost

Risk-adjusted cost — probability-weighted exposure.

Risk-adjusted cost is the expected cost of unfavourable events over the contract term, probability-weighted. The major components:

Risk-adjusted cost is the layer most affected by contract negotiation. The audit clause, uplift cap, true-up structure, and change-of-control terms each move the probability or magnitude of unfavourable events. A TCO model that captures risk-adjusted cost makes the link between contract negotiation and forward economics explicit.

Building a TCO model for a major decision?

Risk-adjusted cost is the layer where contract negotiation pays back most directly.

Contact Us →

Internal next steps

Three steps make TCO modelling pay back. First, build a standard four-layer TCO template that the procurement and CFO teams agree on. Second, require a TCO update at every major renewal as a precondition to commercial sign-off. Third, build risk-adjusted cost explicitly into the model and link it to specific contract clauses — this is where the negotiation strategy and the financial forecast connect.

FAQ

Common TCO questions.

How much higher is real TCO than direct cost?
Typically 1.5–3x for major vendor relationships, depending on integration complexity, audit history, and contract terms. A 5-year direct cost of $20M frequently sits inside a real TCO of $40M+ once indirect, exit, and risk-adjusted layers are added.
How do we quantify exit cost without doing the migration?
A reference-class estimate from comparable migrations in industry, plus an internal effort estimate from architecture and operations. Exit cost does not need to be precise — directionally accurate is enough to inform decisions.
Should risk-adjusted cost be presented to the board?
Yes, with the methodology explicitly disclosed. Boards understand probability-weighted exposure; concealing the risk layer in a single point estimate misleads the audience the model is built for.
How often should TCO be refreshed?
At every major renewal cycle and at significant scope expansion events. For multi-year contracts, annual refresh is best practice; for stable relationships, every 18–24 months is usually sufficient.

Major investment decision in front of the board?
The TCO model is the document the board will rely on.

Our TCO framework pairs commercial benchmarking with vendor-specific licensing depth. Built to survive board scrutiny.

The Compliance Brief

Weekly compliance intelligence for IT leaders.