Quantifying the value of risk management and compliance
Over the years, we have talked with countless clients about “making the business case” for their records management program. Each program is different, but the business cases themselves tend to follow a similar script.
|
Whenever possible, they start with hard-dollar cost savings. Showing a direct impact on the bottom line is the easiest way to obtain approval for the program. If the program reduces inefficiency and increases output, the positive impact on profit makes the business case that much stronger.
Next up are the benefits related to risk management and compliance. Unfortunately, these benefits usually get short-changed in the context of a business case. Yes, they get mentioned, but the discussion is brief and doesn’t include any hard numbers.
This is a missed opportunity, given the fact that reduced risk is often one of the most valuable contributions made by a records management program.
It pays to quantify the value of risk management and compliance
It isn’t easy to attach dollar figures to the value of risk management and compliance, but it can be done and the effort is worth it. The more you quantify their value, the easier it is to obtain approval for your program, and the more your contributions will be valued by the organization.
So how do you start quantifying things? Here are some questions to get you started:
- What fines or penalties would your organization be facing as a result of a records-related security breach? Depending on your jurisdiction, you could be looking at many thousands or even millions of dollars per offense.
- What would lost records mean in the event of legal proceedings? The consequences here could include fines and lost judgments.
- Lost records are one thing, but what about too much documentation with too little organization? These issues can lead to time-consuming and costly legal discovery processes.
- What would judgments of non-compliance mean for your organization’s operations? In many sectors, the inability to demonstrate compliance and meet audit requirements is enough for regulators to suspend operations or transactions. This could lead to lost revenue and poor stock performance, which could seriously harm the company.
- What would be the impact to the brand of a high-profile records-related breach? Depending on your business model and industry, these kinds of issues could have a devastating impact on profits.
Putting some numbers around it After considering these risks, the next step is to think about the potential costs and likelihood of these events occurring. Then, by making a few simple assumptions you can start to calculate your projected savings in terms of hard dollars.
For example, assume your organization faces five lawsuits each year. With the current state of your records, you know that each legal discovery process typically costs $10,000 in legal fees. This adds up to $50,000 in legal discovery fees each year.
So what happens when you implement your proposed program?
Let’s say the efficiencies generated by the program shave 15 percent off the current time required for legal discovery. This adds up to a savings of $7,500 per year ($50,000 x 15%) on legal discovery fees. These simple cost savings are a good start, but what happens when we factor in the value of risk management?
Let’s make a few more assumptions. Let’s say that the organization currently loses 1 in 25 lawsuits due to inadequate documentation, with an average settlement penalty of $200,000. With the proposed improvements to the RM program, let’s assume that the risk of a lost lawsuit is cut in half. This means that in a 10-year period (50 lawsuits), you’ll only pay out $200,000 instead of $400,000. On a pro-rated basis, this amounts to a yearly savings of $20,000.
When we factor this into our business case, it starts to look much more impressive. Instead of talking about a savings of $7,500 per year, the reduced risk of a lawsuit payout boosts our average projected savings to $27,500 per year. That’s quite a significant improvement!
Of course these numbers are for illustration only, but they are in line with real-world examples we encounter all the time. By exploring actual numbers for your own business you can easily make the benefits of risk management and compliance very tangible.
Next Steps