Creating & Measuring ROI
Mar 1, 2005 12:00 PM
by MICHAEL FICKES
When a corporate marketing team develops a program to sell widgets to a new market, team members present the case for the program to executive management using hard numbers. If the numbers make sense, the team receives a budget allocation ¡ª often, just enough to test the concept. The team implements the test by developing marketing and sales strategies, tallying revenues produced by the test, and comparing costs with revenues. If revenues exceed costs by, say, 20 percent or more, the program might roll out. If returns are below, say, 10 percent, it will die. Measured ROI decides the case.
Longstanding corporate programs receive the same kind of evaluation every year. And a program that generated 20 percent returns in the past but has fallen into decline, will inevitably be scrapped when ROI falls below acceptable levels.
What does this mean to a security director?
"You must have a clear vision of how your company can measure the financial impact of security expenditures," says Jay Pinkert, director of marketing programs and communications for GE Security in Austin, Texas. "The dirty secret of security ROI is that we can figure out what to measure, but we don't measure it. Instead of saying what the number is, we say only that there are some savings."
Pinkert and other observers say that security programs can produce a measurable ROI by pursuing one or more of four goals:
Suppose a retail chain suffers regular shrinkage losses of 5 percent. Surveillance cameras monitoring sales floors, stock areas and warehouses can reduce incidents of shoplifting and employee theft. If the dollar amount of avoided losses covers the cost of cameras, the monitoring station and a security officer to review video when inventory goes missing, the program might produce an acceptable ROI.
But what is an acceptable ROI? What is unacceptable? Someone has to look and see. Do the savings compare favorably with costs? If the security system costs $10,000 to buy and install in a store, and the savings average $2,000 per year, it will take five years to pay for the system. Is this a good deal or not? If the camera system lasts 10 years, it might be a good deal. But what if the store closes after six years? Maybe some stores in a chain need this kind of support, while others do not. What if the security director developed a CCTV program that rotated through stores as needed, moving on to other stores as problems are resolved?
Measuring ROI and building a case for security requires security directors to think like business managers in marketing, production and other revenue-producing departments that create programs and measure their value to the corporation.
Successful business executives do not wait for ROI opportunities. They manufacture programs that generate ROI where no opportunities seem to exist. Wal-Mart became the biggest corporation in the world by finding opportunities to use technology to cut costs in the supply chain, the system that delivers products from factory to warehouse to store. While other retailers were not looking, Wal-Mart improved productivity in its supply chain, reduced costs, undercut retail prices across the market and generated a huge ROI.
Advancing security technology also offers productivity opportunities. "Moving to digital video recorders from video cassette recorders reduces hours and money spent reviewing tapes, maintaining mechanical systems and buying tapes," says Christopher Grniet, vice president of Kroll Inc., New York. "Guard tour systems that record when patrolling officers pass not only help supervise officers, they also provide a tool to manage time more efficiently. Broader deployment of CCTV enables fewer officers to patrol buildings from monitoring stations."
Pinkert recommends thinking outside the boundaries of traditional security. "Figure out a way to use CCTV to reduce staffing for night deliveries," he says. "With an intelligent CCTV system, the company might not have to assign extra people to the loading dock to watch who comes and goes."
Imaginative security directors can build business cases by testing concepts and running numbers on how technology can make security and other corporate operations more productive. When technology can help a corporate employee do the work of two, three or four people, it is possible to make an ROI case.
"You can also look at physical and logical security as a continuum," Pinkert says. "If you eliminate separate infrastructures for information technology (IT) and security, you can make more efficient technology investments."
Pinkert suggests, for example, cross-training staff to monitor both IT and physical security systems. "Why not combine these functions?" he asks. "As security technology becomes more digital, it will become an extension of the IT world."
Preventing hackers from stealing intellectual property and keeping viruses from interrupting the flow of work offer measurable financial benefits to corporations. How much does network security hardware and software cost? What is the value of preventing five hours of network downtime every month?
A physical security director might assess the value of implementing employee violence prevention programs in the same way. What does it cost when a violent incident interrupts productivity?
Security implementations do not always offer clear-cut paths to ROI. "It becomes murky when you think about employee safety," says John Moss, president and CEO of S2 Security Corp., Wellesley, Mass. "Creating a safe environment for employees to walk to their cars in the parking lot at night does not produce ROI. This is insurance or risk management. When a business grows to a certain size, insurance become a cost of doing business. If you do not buy the insurance, you can be sued."
Kroll's Grniet adds that protecting employees can go beyond risk management and approach ROI. "Ensuring a safe, comfortable working environment for employees speaks to the idea of business continuity," he says.
In the end, creating ROI with security is an imaginative undertaking. Security directors can find opportunities by studying company operations ¡ª by becoming part of the company's business enterprise.
"Forward-thinking security directors can redefine their role in the corporate structure by thinking about and measuring the financial value of security technology to a company," Pinkert says. "If they don't, they run the risk of turning their destiny over to someone else."
SHARE YOUR STORY¡
This page offers an opportunity for readers to share management lessons they have learned and to provide other helpful information to their peers in the industry. To offer suggestions, or to contribute to this page, contact Larry Anderson at (770) 618-0118 or e-mail firstname.lastname@example.org