Unified operations centers

Jeffrey Woodward and Mark Naese of Panduit have deployed an innovative UOC at its world headquarters facility

Express the ROI

The ROI must be expressed in the ways that the stakeholders view things. Thus for financial stakeholders, the numbers may at some point need to be expressed as MIRR (Modified Internal Rate of Return) or whatever other formulas are currently in use within the business. Other metrics may be used in other parts of the company. The expression of ROI must be meaningful to each stakeholder. This is a factor that is often not understood and could very well be the factor that elevates an ROI proposal above competing proposals. Understanding and expressing ROI in terms that are meaningful to the business shows that you have a senior understanding of the business and makes your assertions more credible. It also puts you in a position to know what you have to deliver, thus enabling you to actually deliver on what you promise.

Present the ROI Business Case

There should be more than one presentation of the elements of the ROI business case, some for preliminary approvals and stakeholder support, and some for whatever formal approval processes are involved. The previous steps will develop a lot of work product and backup material. That now needs to be distilled down and presented as simply and graphically as possible, so that little to no explanation or discussion is needed for the basic ROI case to be understood. The method of presentation will depend upon the approval processes. Two different types, for example, are the meeting format with verbal discussion and Q&A, or the review committee format, where there is no discussion and submitted materials are utilized for evaluation. Ensuring that key stakeholders are educated in advance can be critical to ensuring an evaluation environment that includes strong support for your ROI case. All ROI presentation materials should be "tested" with people who don't already know the ROI case, to ensure that they communicate as effectively as you want them to. It is irrelevant how well the materials impress you - they have to impress the intended audience.

Achieve, Monitor and Report the ROI Results

The full scope of ROI work is captured in these two phrases: Achieving ROI and Managing ROI. Most practitioners ask about "finding ROI", "selling ROI", "quantifying ROI" and so on. ROI should be an ongoing element of managing operations. What has been invested in, and what it the return from it? This is simply good business management. Thus ensuring that you achieve the ROI case that you have documented on paper requires implementing management controls and metrics so that the approved measures or programs achieve the levels of effectiveness and performance that are required to warrant the investment in them. (You can find 375 security metrics in the book, Measures and Metrics in Corporate Security, by George Campbell, former CSO for Fidelity Investments, and an expert in the field of security-related metrics. See http://tinyurl.com/measures-and-metrics for more information and to download an excerpt from the book.)

The big picture is that ROI is simply one factor in establishing and maintaining a good security program, one that is well-aligned with the business and is known to provide strong business value.

Essential Elements, Business Case and Strategy
By Tom Shircliff and Rob Murchison, Co-founders, Intelligent Buildings, Inc.

Organizational alignment is the reason why most projects, both new and retrofit are not more intelligent or converged. When it's all or nothing in real estate it's generally nothing.

That alignment starts with business strategy, and involves people from all of the areas that have historically worked in silos.
Both Security and IT departments need to work closely with other internal departments such as facilities, finance, HR, planning, purchasing and others. Whose department is it when access controls pull data from an HR database through building systems middleware over a single switched building network and then bills back for afterhours activity? Is it HR, IT, Finance, IT or Security? Who has what role and responsibility, and how does this come together? A sound strategic approach can facilitate collaboration at high levels, and provide a starting point for answering these kinds of questions.