This discussion will help business administrators and IT teams communicate. IT teams will come to see their work in business terms, and business administrators will be able to look at IT projects in terms of the Return On Investment (ROI). At this early stage I should point out that every business person knows the term ROI - but the techs don't! Because this article is intended for both audiences I will be simplifying terms and issues on both sides as we go.
ROI: Stands for "Return On Investment" and refers to the percentage of profit or revenue generated from a specific activity. This is a key figure in business. If you can show an ROI that is more than the standard interest rate - your boss will probably support the project.
IT: Stands for "Information Technology" which includes all the hardware, software, data, people and policies which make up a functional information system. Generally speaking, IT is intended to support the operations of your business
I will be focusing on the ROI generated by IT security activities, but this is just an example to help us through our discussion. The principals discussed here should be applied to all IT project proposals.
How perspectives have changed
In the past IT security was a topic surrounded by fear, doubt and uncertainty. Basically everything was new including the threats. Today IT security is understood to be mandatory and the consequences are generally acknowledged - even though there is still some degree of misunderstanding.
Types of Analysis
As far as business analysis is concerned, this is going to be a piece of cake. All we have to do is a bit of simple algebra, and the question of what to do will be answered. No debate.
Cost savings through automation
Automation is a form of data security because automation protects the accuracy and integrity of the information. For example, Clear Site business systems handle all of our billing and accounting. We developed these systems in-house in order to save time and money. Our system boils down to something like this…
- We know how many websites are currently on the system.
- We know our prices.
- We know who owns each site.
- THEREFORE we can automate our billing.
- We know who has been billed and who has paid.
- THEREFORE we can automate our accounting.
Ok, maybe it’s a little more complicated than that but here’s my point: with automated billing and automated accounting – how many mistakes do you think there are in our financial records? How much time do you think we spend on book keeping? How much money do we spend on accountant fees?
The ROI of automation can be calculated as follows.
[(Time saved each week) X (weeks per year) X (wages)] – [operating costs]
(setup cost)
ROI on repair process improvements
Investing in better repair options can generate real financial returns. For example, if e-bay goes down for an hour they might loose a million dollars in revenue. If they go down for two hours, then they loose two million in revenue. What if e-bay were to go down for a month? They’d probably never bounce back because the world would find an alternative. Needless-to-say, having rapid repair options is important. A repair option may be as simple as keeping an extra hard drive around, or it may be as expensive as having a repair team on call.
The ROI of any given repair option can be calculated as follows.
[(reduction in cost per breach) X (breaches per year) – (increase in annual repair cost)]
(setup cost)
Cost savings of preventing a breach
Here you can run through a calculation similar to that of ROI on repair process improvements, so rather than sound repetitive, lets inventory the entire business impact of an IT breach.
- Hard costs: equipment replacement and labor, legal liabilities
- Soft costs: foregone revenue, lost customers, brand damage, lost intellectual property
Presenting and justifying the expenditure
In all likelihood it will be a member of an IT team raising proposing the expenditure and trying to justify the expenditure to the boss. So, here are some basics to keep in mind while you are putting your proposal together.
- No technical terms. You must speak to your audience, not wow them with jargon.
- Classify the spending with an analogy from the business world. For example: “Having a back-up server is comparable to having insurance. Yes, you must pay the insurance company premiums but you’ll be glad you did when something goes wrong.”
- Justify your proposal. Use real examples to illustrate the usefulness of your proposed project – something that has happened before or something that is likely to happen.
- Conclude with ROI numbers and a timeline. Note that your boss will want to know how you reached those numbers.
Here are two good rules to follow as you develop your RIO figures. For all the techs reading this, the objective is to find out what percentage of the upfront investment will come back as reduced operating costs or increased revenue each year.
To determin the RIO of a system improvement:
(anticipated annual savings) - (anticipated annual cost)
setup cost
To determin the ROI of a new revenue generating system:
(anticipated annual revenue) - (anticipated annual costs)
setup cost
Financial ROI
In reality, most organizations use one or more “financial metrics” which they refer to individually or collectively as “ROI”. These metrics include:
Payback Period: The amount of time required for the benefits to pay back the cost of the project.
Net Present Value (NPV): The value of future benefits restated in terms of today’s money (ie: reduced by some interest factor).
Internal Rate of Return (IRR): The benefits restated as an interest rate for comparison with bank rates and rates or return on other investments.
You can find out more about these topics through a google search, but if you are able to provide the financial department with the figures I have been discussing - they'll take it from there.
