How to Make the Business Case for a Compliance Management System

You know that your compliance team needs an automated compliance management system. Your current homegrown system of spreadsheets, file shares, and Word documents just isn’t cutting it, and the bandages holding it all together are starting to fall off.

But you’ve got to get executive approval. Your CFO and CEO are holding the purse strings, and you need to make a strong business case for the purchase.

The way most compliance managers make a business case is usually the worst way to approach it:

• Listing the amazing features of a compliance management system.
• Praising the advanced technology.
• Going into the weeds about the demands and difficulties of compliance management.
• Talking about the benefits you’ll personally gain.

Compliance managers often strike out with the CFO because they present all the great reasons that appeal to a compliance manager, not an executive. Your CFO doesn’t say no because they don’t want to help you, but because they simply don’t see the business case for a compliance management system.

To get your executives to loosen the purse strings, you need to think like an executive, not a compliance manager. You must present to your leaders things that will appeal to them — reasons THEY (not you) want to make the purchase.

You can get your executives to approve the purchase of a compliance management system by seeing the world through their eyes. Truth be told, once you successfully step into their shoes, it’ll usually be easier to get that sign-off than you ever expected.

Here’s what you need to know about making a successful business case to your CEO and CFO.

This guide will give you the basics of PCI and help you figure out how to make your certification journey as simple as possible.

They’re busy

Executives are juggling a lot and they don’t have time to get down into the minutia of details. They have to make calls for the good of the business and move on.

Your CEO is constantly thinking about getting things done, making sales, increasing revenue and profitability. They’re continually multitasking and switching focus from one urgent task to the next.

Your CFO has to balance risk and reward, while keeping the company in the black — and more in the black than the year before.

Interruptions aren’t just annoying, they’re threats to the work of keeping the business on track. So if you want to be heard, your request needs to hit four targets:

• Be highly relevant to their priorities — why should they care?
• Be as short as possible — trim the fat, cut to the chase
• Be clearly communicated — think in bullet points, not paragraphs
• Be easily actionable — ask them for one specific decision or outcome

They’re Looking for Business Benefits

The job of an executive is to build the business. They care about the high level vision and mission of the organization and achieving the production and financial goals for the year. Every decision they make has to help the business achieve those priorities, not compete against them.

Part of the game for the CFO is to find a way to make sure all the numbers are black on the right-hand side of the ledger. Every time they have to spend money, they see it as a threat to that delicate balance. So the typical challenge question they ask themselves is, “How can we avoid spending this money?”

Let’s say the phone system is old and needs to be upgraded. Replacements will marginally help employees to do their jobs better — but if it requires a $100k investment, you can forget it. There are better things to spend money on.

On the other hand, if your executives can see material business benefits of making an investment, you have a legitimate shot at winning the approval.

Discover 4 Meaningful Business Benefits You’ll Get with TCT Portal

They Need to Reduce Risk

CFOs hate risk — especially financial risk. The basic premise of their job is to minimize risk for the company. And because spending money inherently introduces risk, it will always be treated with hesitance and suspicion.

To a CFO, spending money unnecessarily is like restricting your company’s air supply. To get your spending request approved, help them see that a compliance management system will actually reduce net risk and create new business benefits for your organization.

Hiring the right C3PAO is only one small piece of successfully navigating the Cybersecurity Maturity Model Certification. Get fully equipped with TCT’s online guide to CMMC.

They Want the ROI

In the end, your CEO and CFO will want to see hard numbers. The bottom line for them is one question: What is the quantifiable return on investment (ROI) of an automated compliance management system in a reasonable period of time?

ROI can come in any number of forms — including profitability, reduced employee turnover, increased sales, efficiency, and productivity. The key is to show how the business will do better or be stronger, in quantifiable terms. It’s all about the numbers.

It’s easy to be cynical about reducing your sanity down to a number, but to your CEO and CFO, that number tells a story. Don’t think of it as evidence that they don’t care about the quality of your work life. Instead, the numbers bring clarity to their decision making. A two percent increase in quality isn’t the same as a 20 percent increase. Executives want to find solutions that give the biggest bang for the buck.

Fortunately, TCT’s automated compliance management system can deliver plenty of ROI to satisfy your CFO. Here’s how to do that.

Know the numbers

First, do some research on your current compliance scenario and compile numbers for the following (do some educated ballparking if you need to):

• Number of compliance team members
• Average monetized hourly cost of team members to your company, including taxes and benefits
• Total man-hours of compliance-related work per year (break the numbers into the initial phases during kickoff/spin up, initial data gathering, and the final push to compliance — then extrapolate to annual effort, to cover operational compliance time across your team)
• Cost of a compliance management system

Now you’re ready to calculate ROI for a compliance management system. For the purposes of discussion, we’ll use numbers that are typical for TCT Portal.

Calculate the efficiency ROI

Let’s say you have a team of six, and that your compliance management engagement takes 2,000 man-hours per year. TCT Portal typically saves companies about 25% of their time in the first year, and 65% in following years. You can calculate expected time savings for your company using our ROI calculator.

If your situation is like most of our clients’, you could expect to recover 500 man-hours of work in the first year alone, and 1,300 each year after that. That’s essentially a full fiscal quarter in Year One. Imagine what your team could do if it had an extra quarter in the year to work with.

Run the financial ROI

Now let’s assume that your compliance team is earning an average monetization of $45 per hour, including taxes and benefits. At 2,000 hours per year, your CFO is spending just over $90k annually on compliance — in labor alone.

An efficiency savings of 25% in the first year translates to $22,500, and in following years you could see cost savings of $58,000. Factor in the cost of TCT Portal (starting at $3,000 per year) and that’s your financial ROI.

In other words, simply by purchasing TCT Portal, your CFO could increase your company’s profits by more than $58,000 after the first year.

Related: How TCT Portal Makes Your Company More Profitable

But there are other business benefits as well.

Consider other ROIs

The efficiency and financial savings that a compliance management system creates can open the door for additional returns on investment. For example:

• Improving efficiency may relieve you of the need to hire additional staff to support the workload. That’s a savings of additional labor costs.
• The additional profitability can be invested into other areas of the business: new product development, hiring key personnel, upgrading technologies, providing raises or bonuses, or other strategic initiatives.
• More efficiency means less overtime, which means your cost savings could be even higher than estimated.
• More efficiency also means less stress. Your people won’t burn out as easily, and will be less likely to quit. Happier employees also translates to greater productivity in other areas.

Mention your cyber liability insurance

Your company is willingly paying into cyber liability insurance every year. Assuming you haven’t had to file a claim, you’re faithfully paying into it — but the insurance isn’t providing you any dividends. It’s just sitting on standby as an emergency parachute, and may never be used.

Unlike a compliance management system, your insurance is doing nothing real, and making no real difference in your day-by-day work. It isn’t increasing efficiency or improving your operations in any way.

If your company is willing to pay into cyber liability insurance with no promise of benefit, why not invest into a compliance management system that makes a promise of actual net gains? Better yet, one that helps to proactively protect the organization?

Get the Go-ahead from Your CFO and CEO

Follow these best practices, and you’ll convincingly show your executives that a compliance management system won’t simply make your life easier — it will save your business time, reduce costs, and provide real business benefits to the organization.

Help your executives look past the bare costs of a compliance management system. Show them the gains that are to be had with a compliance management system, and you’ll win the purchase approval.