If you are making a presentation to your CFO on Security system ROI, first you need to understand how CFOs make decisions about return on investment. In fact, it boils down to just 3 simple concepts:
- Cost of investment
- Yearly return on investment
- Time taken to earn back the invested money
This means that in ANY security ROI presentation, the data needs to be summarized using this simple table:
Proposed Security Solution
|Cost of investment||$ 250 000|
|Yearly return on investment||$ 72 000|
|Time taken to earn back invested money||3.5 years|
Simple, isn’t it? This is is how CFOs consider ROI at the most essential level, so to get your CFO on your side, it is absolutely crucial to base your presentation on this table. On its own, the table will not be enough to convince them; a detailed breakdown of the costs and benefits is also necessary, of course. In addition to this however, in order to to guarantee that your CFO accepts your security proposal, you will have to provide MULTIPLE ALTERNATIVE SCENARIOS.
So for example, if you want to get approval for a CCTV system upgrade from analog cameras to IP cameras, you would have to show the potential cost and benefits of BOTH systems over a fixed time period to prove that your proposal delivers superior return on investment:
Security Option 1: Analog Security System
Security Option 2: IP Surveillance Brand 1
|Security Option 3: IP Surveillance Brand 2|
|Cost of investment||$ 100 000||
$ 200 000
$ 250 000
|Yearly return on investment||$ 20 000||
$ 50 000
$ 72 000
|Time taken to earn back invested money||5 years||4 years||3.5 years|
So there you have it! Just remember: cost of investment, gain from investment and time taken to earn back the cost of investment, plus a presentation that includes multiple security system options. These core concepts are absolutely essential to a successful security ROI presentation.
The next step is to provide a detailed breakdown and explanation of the possible savings in dollars for each scenario. Below are a few examples of the types of savings you can mention:
- Headcount reduction savings - $ 20 000/year
- System downtime savings - $ 30 000/year
- Power usage savings - $5000/year
- Savings through system integration - $17 000/year
(Please note that these numbers are not based on the savings for a real security system; they are included simply to demonstrate the concept of an ROI cost/benefit analysis).
With that in mind, here are a few more basic concepts to bear in mind as you prepare your presentation:
Remember to highlight INDIRECT potential losses as well as direct losses in your ROI presentation.
On the surface, calculating potential losses resulting from a security incident might seem like a fairly straightforward equation: work out the value of protected assets and use this as the figure for potential losses. However, security ROI presentations can be much more effective if you can show the repercussions of these losses for the organization in the following terms:
- Man hours needed for the security team to resolve the situation
- Financial losses owing to disruptions to daily business operations
- Damage to companies’ brand image if the incident is reported in the media
- The perception of your company’s brand among customers and partners and investors after the security incident and the effect this might have on future business
- The time cost of management staff spent to reassure clients, partners and investors that your company is still a reliable business partner
- … and so on.
This is an extremely short list: try to imagine the effects of a security incident as far out as you can. Think of a security incident as a stone being dropped in a pool and creating ripples; if the stone drops how far out would these ripples go?
Also remember that the same applies to total cost of ownership (TCO). As we’ve mentioned before, if you don’t include all the costs of owning a security system for ALL of the scenarios you mention, your presentation won’t be taken seriously…
Remember to mention SYSTEM DOWN TIME REDUCTION and other business benefits of the security system
Similarly to direct and indirect losses, make sure you cover all the indirect BENEFITS of your proposed security system. Reducing system down time is one of the most important areas to focus on as this is one of the key ways in which security operations can affect the daily business of any company.
Also include any positive economic benefits that the security system might bring for the business. This is often easiest for the retail businesses, for example video analytics that can show customer movements in stores and allow store managers to adjust store layout to encourage optimal buyer behaviors. However all security managers need to be constantly on the lookout for ways that effective security systems can maximize operational efficiency and create value for the business that they support.
Include the OPPORTUNITY COSTS of not using the proposed security system in your alternative security scenarios
This point is related to the table featuring multiple scenarios we mentioned earlier. It basically means: include the potential direct and indirect losses that result from not using your proposed security system in the cost calculation for the return on investment of the other security scenarios that you include.
So for example, if you are proposing a security system that eliminates the need for an onsite guards, you should include the total cost of hiring and managing guards in the ROI calculation for the alternative security scenario, in addition to any potential risks to hiring guards such as illness, human accidents, potential criminal behavior, etc. You will find that this changes the perception of your proposed security system’s ROI significantly.
Don’t worry about being SUBJECTIVE!
In an ideal world, ROI presentations would be based on totally objective, evidence-based data. Unfortunately, this is not practical, as the information required to make a decision is often unavailable. When it is time to prepare an ROI presentation, you might not have access to the crime statistics for your type of site, industry and geographical location. At best, you might be able to use data for similar scenarios to assess risk, at worst you may need to take a guess based on your personal judgment.
Remember, there is nothing wrong using your own judgment to calculate risk and estimate costs, in fact it is unavoidable. CFOs expect you to make these calculations based on your insights and experience as a professional security manager. So if you don’t have the information at hand, don’t be afraid to base portions of your ROI presentation on your own guesswork. After all, if ROI presentations were totally objective, they could be done by punching numbers into a computer and security managers wouldn’t need to do them at all!
For more tips on security, follow ICD on our LinkedIn Company Page.