Image via Wikipedia

How to measure ROI

In tight economic times, corporations are constantly seeking ways to reduce costs and increase efficiency. Nevertheless, in the world of information technology it is often necessary to spend money in order to save money. Creating comprehensive corporate portals and building on the tools that support them is a good example of this and as a result, the potential for savings can be enormous. Many large companies have dramatically reduced the cost of printing and distributing reports while at the same time increasing accessibility to information; others have implemented remote information, collaboration and order entry for external sales people and customers.

“Jump on the e-commerce bandwagon or waste away” is a growing trend in the business community. As a result, an ever-growing number of businesses have no idea how to measure their on-line success.

Businesses continue to try to measure their e-commerce / business tool ventures with the traditional sales model of “Return On Investment” (ROI). A successful project is usually one with an ROI of greater than 15 per cent (figure varies from industry to industry).

The dollars-earned portion of the ROI model may include a cushion of estimated dollars to account for non-measurable savings. Unfortunately, most businesses do not allocate a sufficient amount to this figure when evaluating the success or failure of a technology project.

The resulting financial disappointment prevents sufficient funds and resources from being allocated to future and on-going development, and the e-commerce effort begins to languish. This is especially noticeable in the front-end portion of e-commerce, better known as the corporate Web site or Portal.

As the site stagnates and on-line credibility wanes, the site’s earning potential declines and thereby triggers a downward spiral.

Ultimately, those who hold the purse strings want to know one thing: With a low or negative ROI, can e–commerce technology actually be profitable? The simple answer is that it depends on how the revenues and savings generated from a technology project are captured and valued.

Corporations will typically assign a zero value to the revenue generated by the non-commerce portion of a site. Simply put, “We don’t sell anything there, so how can we have revenue?” For the commerce portion, “We sold $X on the Web.” In both scenarios, corporations are excluding a basic revenue source: Customer education and service.

Recent studies show between 50 and 75 per cent of people using the Web do so to gather product information before making major purchases. Without on-line information, the product might not be purchased at the retail level, resulting in lower sales. A value needs to be assigned to the Web site ROI model to account for this un-captured factor. Imagine how many automobiles the big manufactures sell on the Web. The safe guess is zero.

Steps to take when trying to calculate ROI:

Identify your information assets: Assets can be a resource, a product, the networked computing infrastructure, protected health information, or customer or employee data. Losses in the areas of confidentiality, integrity or availability can have a specific dollar value or be intangible, as with loss of reputation.

Identify threats and vulnerabilities: Anything that causes an unwanted outcome is a threat. Threats come in many forms and have varied effects. Earthquakes are threats. Lawsuits are threats. Vulnerabilities and the absence of adequate safeguards are examples of weaknesses.

Do an asset valuation: Once you have identified your assets and the threats and vulnerabilities that beset them, it is important to go through an asset valuation process. Why go full bore on a project to secure an asset that is not of high value to the organization? First, create a matrix and value your assets simply in terms of high, medium and low value to the organization based on your own definitions. For each asset, consider what the total cost, initial and ongoing, is to the organization for the full life cycle of the asset. Second, determine what the value of the asset is in terms of production, R&D and critical to the business model (tangibles and intangibles). Third, answer the question of what the value of the asset is in the marketplace including intellectual property rights.

Once you understand what you have, you need to understand what it would cost the company to lose it vs. what it would cost to safeguard it. There are standard formulas that can be used: For example, the Exposure Factor (EF) for a particular asset is the percentage of loss if an event occurred.

Example: A primary e-commerce portal server is compromised and becomes unavailable. The server has been valued at $10,000. The EF has been deemed to be 75%.

Single Loss Expectancy (SLE) is the specific dollar amount assigned to the event if it occurs.

Asset Value ($) x EF = SLE

Example: The asset valued at $10,000 multiplied by 75% equals $7,500. This is the cost for a single occurrence of the corporate portal being unavailable. Annualized Rate of Occurrence (ARO) is the estimated frequency in which the event could occur.

Example: The ARO has been estimated to be three times per year based on types of vulnerabilities and threats that are known and documented that relate to the type of server. Annualized Loss Expectancy (ALE) is derived by the following formula:

SLE x ARO = ALE

Example: $7,500 x 3 = $22,500. You have a list of assets; you have ranked them according to importance to the organization (qualitatively and quantitatively); you have attached dollar figures to the loss or unavailability of the asset. You begin to understand the risk. There is no fear in these calculations. There is a realization of value and risk. The need to place a priority on technology projects should be clearer.

I am oversimplifying this, but if you can get this far, you will be further than most organizations. The effort involved in pulling this information together takes a corporate   team effort (engineering, marketing, sales, finance, IT, security, executive management, development, production operations). This is not an easy task.

Though designing, building and maintaining a portal and its business tools can easily be done by using solutions such as those provided by STEELMAN Software; the potential for savings also can be enormous, say experts. Yet the majority of companies that install them do not calculate their portal’s ROI.

Portal technology can be compared to a telephone system; in many companies the portal will eventually treat it as part of their infrastructure — no one asks you to justify the ROI of the phone on your desk.

Generally, standard customer protection is actually preventing service companies and their customers from realizing the benefits of the Internet. Concern about information being shared flies in the face of the top e-business goal, which is to improve customer service. Other key goals are to transition more activities to the Internet; build on corporate growth; and become more cost-effective. Despite this, most of the benefits are intangible; however, intangibles can add up to large potential savings for the company. There are three-factor key to success in e-engineering a corporation are:

1. Focus to manage trade-offs between different e-business opportunities and available resources;
2. Innovation to improve the efficiency and effectiveness of business processes and to create improved products and services; and
3. A results-orientation to ensure that e-business conforms to the same ROI hurdles as any other use of capital.

Additionally anything that you can think of in a company that employees accomplish by calling someone else in the company and getting them to provide information services is a perfect target to be replaced with online portal service. For your external customers and partners you can follow what retail companies do, which is not shut their doors just because they have an online purchasing component. When you are dealing with your customers, you want to err on the side of getting their business no matter what, so you cannot really take away your safety net.

Even if we did accept the notion that we could assign quantitative cost-benefit factors to the application of technology and process them to a risk management problem, there is another imperative question — Does the lack of incidents within an organization really constitute an actual return on investment when the “return” does not tangibly increase productivity or revenue, or decrease operating costs or improve efficiency?

One could then argue that opportunity cost was avoided, but not the kind of cost that Information Managers’ manage directly, as they do the hard costs of operations and maintenance. In addition, these types of costs today are not budgeted expenses that were actually saved, and can be reused in the future, in most cases.

In closing, Information Managers’ have been searching for a way to justify new business tools financially for a long time. The ROI and quantitative risk approach is reasonable for a few areas with real cost/benefit and investment data behind it. For other areas, I believe the right equation for now should be

1) totaling cost of ownership;

2) finding ways to blend technology investments more effectively into all areas of the enterprise; and

3) lowering the total costs of running development, production, engineering and operations.

Daniel Brody is the managing director of STEELMAN Software Solutions Inc., a manufacturer specializing in the development, implementation and installation of Oracle-based software products customized exclusively for the steel industry. Contact Daniel at Tel. 416-495-6939, or by e-mail at danielb@esteelman.com.