RSA | How to measure ROI

Return on investment in RSA Archer implementations

Lokesh Ramani

Lokesh Ramani

Managing Director, Cyber Security, KPMG US

+1 206-913-4491

Return on investment (ROI) is a common financial metric used to evaluate the value derived from an investment to determine where and how an organization is spending their resources. It often forms the basis for initial or follow-up decisions to implement GRC programs on RSA Archer, and as such, needs to be a critical part of your planning and execution model.

For GRC implementations, common metrics used to measure ROI are:

  • Product licenses
  • Professional services for tool implementations
  • Ongoing tool administration
  • Training and awareness
  • Savings through operational efficiencies
  • Labor cost savings
  • Regulatory savings
  • Legacy tools savings

Key considerations

  • Evaluate the ROI on a reoccurring basis before, throughout, and after the program implementation by collecting customer feedback and analyzing predefined KPIs.
  • Make cost and benefit projections at least three years out to come up with benefits that are comparable to costs to build a well-rounded long-term business case.
  • Baseline projected savings considering organizational culture and how quickly the end users can adopt new programs and solutions.
  • Identify champions that use and promote system adoption and will serve as a valuable feedback loop.
  • Don’t overlook the strategic costs to guide the organizational roles and responsibilities, training and awareness, process improvements, and other elements that are critical for a successful GRC implementation.
  • Don’t lose focus on the vision of what GRC can offer to your organization over time.