One of the ongoing objections in the Security ROI debate revolves around whether reduced costs can drive ROI. If you say no, then no cost center in an enterprise can get ROI – so no non-revenue-generating IT investment can provide ROI (e.g. like an SAP implementation); no legal department can provide ROI; Human Resources, Finance, and a number of other groups are out of luck.
I think you can get ROI from reduced costs – here is the original formula for ROI developed by DuPont at the turn of the 20th century. It pretty clearly has a cost component to it. Now, the question is what to do about revenue. But (gross) revenue ends up being an independent variable and therefore is not impacted by the cost center activity, so it can be held constant across two scenarios that are being compared to determine ROI – existing environment compared to the environment for reduced costs. In the end, the ROI comes from the cost reduction proportional to the new investment costs.
Good question and I love the topic. We used to argue about this at the magazine all the time when coming up with ROI charts.
Reduced costs seems to be often measured in terms of the costs saved from a reduction in manpower. So if a solution reduced a 4 FTE job to a 2 FTE job, then your cost reduction is the salary + benefits of 2 FTE.
It gets even better when you start trying to measure productivity increases as part of an ROI equation…
I guess these things have to be done, but I’m sure glad *I* don’t have to do them.
Lori
Interesting that the original formula included return on investment. ROI is, IMO, not a very good measure. Perhaps because of how it is defined these days. My first blog post discussed these issues:
http://www.wikidsystems.com/WiKIDBlog/1
Perhaps it is time to pick it up again…
nick
From the link:
“What it also illustrates is that, originally, ROI was a measure of return on the total investment in the entire business, not the ROI of a project or a product or a training course or any other isolated aspect of a business.”
That is why calculating “ROI” for buying a security product, HR process improvement, janitor staffing change, etc., is still stupid.
@Richard -
It is certainly reasonable to believe that ROI is not very useful in many circumstances. I submit that in most cases, however, you are not going to have a choice about whether to use it or not – it will be dictated by bosses. In those cases, I don’t think it would be “stupid” I think it would be the intelligent thing to do.
Pete