Governance, Risk and Compliance

The ROI That Comes from Understanding Risks or Managing Compliance Requirements

June 9, 2015

Return on investment is a key metric for any company – the bigger the return on the dollars spent, the more profit a company is driving. Usually, this is measured when a good plan is deployed, with companies spending money first in an effort to recoup these costs later on down the line.

With risk assessment, however, ROI can be more difficult to manage. Rather than assessing ROI by money earned, companies evaluate it by money saved. Risk management ROI is best described by analyst Elaine M. Hall as “the ratio of savings to cost that indicates the value of performing risk management.”

This cost-benefit analysis makes up the core of risk management ROI. The cost of a successful program is the total expenditure of resources on various risk assessment and control programs. If a risk management process is spread over a variety of programs, then the ROI can be measured in time saved, with the savings stemming from the time, money and staff not spent on these programs.

Resources invested into risk management aren’t necessarily exclusive to money, either, and that’s an important distinction to make. Management meetings, the cost of reporting risk information, the necessary staff to develop and execute risk action plans – these are all finite company resources and need to be taken into account when trying to determine ROI.

While determining ROI for risk assessment is different than other business processes, the objective remains the same: To convey to project managers that an investment was well worth the time and resources it monopolized. Without ROI data for risk projects, senior managers would be forced to rely on program managers and their word. While deception would not be an issue for most companies, it’s frequently difficult to assess something as complex as risk management using only perception.

In fact, ROI can actually build trust within a company. Trust will eventually erode over time. However, if audit committees can show their work has tangible benefits, then companies will be more likely to support their decisions. This is why ROI is so pivotal to both successful companies and audit plans.

“The business case for risk management is based on cost-benefit analysis. Cumulating the cost of risk management is a simple task. However, quantifying the benefit can be difficult due to uncertainty inherent in risk,” Hall concludes.

How Software Helps you Measure ROI 

Using risk management software makes it even easier to measure the ROI of your efforts. Beyond the dollars saved by avoiding negative events, software can automate tedious and time-consuming tasks, resulting in significant time savings. Resolver has created a Time Savings Calculator, to help you compare the time spent on risk management using ERM software vs manual processes.

Click here to download the calculator and see for yourself how many hours, weeks or even months of time you can save by using software to automate risk management.

About the Author


Discover Resolver's Software

Incident Management Software

Protect your organization and prove your security team’s value with Resolver’s Incident Management application. Improve data capture, increase operational efficiency, and generate actionable insights, so you can stop chasing incidents and start getting ahead of them.

Enterprise Risk Management Software

Provide your organization’s board and senior leaders a top-down, strategic perspective of risks on the horizon. Manage risk holistically and proactively to increase the likelihood your business will achieve its core objectives.

Regulatory Compliance Software

Save time by monitoring all regulatory compliance activities, providing insights into key risk areas, and then focusing resources on addressing regulatory concerns.