Seven Steps to Achieving High ROI
By Ray Bernard, PSP, CHS-III
In Panduit's new headquarters project, soft and hard ROI elements were examined very closely. One part of the ROI work was to contrast the traditionally separate SOC and NOC functions, with a Unified Operations Center function. Another part had to do their Unified Physical Infrastructure approach as compared to traditional approaches to communications infrastructure. Still another aspect has to do with the interoperability of technologies, such as pushing emergency notification messages to IP telephones. Finally, from a big-picture view, every aspect of the building experience was examined to determine how that experience could be enhanced by the utilization of security and communications technology. From a people, process and technology perspective-all the bases were covered.
All that sounds good in summary, but how does one go about accomplishing the achievement of high ROI? Are there specific actions involved, or is it more a matter of intuition and gut feel for where to look for ROI elements?
Steps to ROI
While experience, intuition and even imagination do play a part, those are best brought into play by following specific steps for progressively building a sound ROI business case. Those steps are:
- Capture the Purpose
- Capture the Costs
- Capture the Benefits
- Analyze the Costs and Benefits
- Express the ROI
- Present the ROI Business Case
- Achieve, Monitor and Report the ROI Results
The first five steps are examined very closely in the linked white paper "Five Steps to Accurate and Compelling ROI" (view or download at http://tinyurl.com/5-steps-to-security-roi). While these steps apply to ROI for any business function or initiative, they are examined here (and in the white paper) with regard to security measures. Each of these seven steps is summarized below.
Capture the Purpose
There is a purpose that is being served by the measures for which the ROI case is being developed. Capturing that purpose involves identifying the stakeholders who benefit directly or indirectly. The purpose (or purposes) must be tied back to strategic objectives at some level to ensure relevance to what the company is trying to accomplish.
Capture the Costs
The costs include both direct and indirect costs, all of which must be identified, and quantified where possible. If the people paying aren't the people directly benefitting, then the business case (and perhaps some aspect of the way the business is organized or operates) needs to be thoroughly examined.
Capture the Benefits
Something that benefits all employees should benefit the entire company in some way, but sometimes in-depth analysis is needed to identify the full scope of the benefits. If the business environment is made noticeably safer, it could become easier for HR to hire qualified people at lower pay levels. Thus the benefit chain can often be found to link to business-building and revenue-generating aspects of the business. (For a close look at such factors see the book Not a Moment to Lose...Influencing Global Security One Community at a Time by Francis D'Addario, a principal of Crime Prevention Associates, Emeritus Faculty member of the Security Executive Council, and former the former vice president of partner and asset protection with Starbucks. For more information see: http://tinyurl.com/not-a-moment-to-lose and download an excerpt from the book.)
Analyze the Costs and Benefits
Cost/Benefit analysis can only be done when the previous steps are fully done. Here is where direct and indirect costs are evaluated, ranked, and prioritized according to business objectives. At each cost or benefit point, the measures under consideration will be competing with other measures for funding. Developing this context for ROI is where most ROI analyses fall short. No matter how good the benefits are or how low the costs are, any ROI case will be competing with other ROI cases on its merits with regard to business benefits, improvements, and return.