The Winning Business Case method details straightforward iterative steps to create and deliver a compelling business case for your risk-related projects.
Using this method helps other executives (the board, the executive management review committee, or peer executives across the enterprise) understand that your risk-related initiative supports and furthers core business objectives, and helps to change the misconception that risk initiatives are only “cost centers.”
As risk, compliance, audit, and IT security leaders, we’ve heard it before:
- “You’re not running a P&L.”
- “You don’t generate revenue for the company.”
- “Your function is a cost center.”
- “We want to meet regulatory requirements at minimum cost.”
- “Your program is simply not a priority that we want to invest in right now.”
- “Your terminology sounds like alphabet soup: FEC, SEC, BSA, OCC, AML, KYC, FRB, FINRA, CMP, FDIC, BASEL I, BASEL II.”
Give such baked-in perceptions — or more accurately, misperceptions — how do you get senior management to understand the value of your risk or governance program, project, or infrastructure?
More importantly, how do you get them to care enough to fund them?
Knowing “What” is necessary to do the right thing is only half of the job. The other half involves communicating the “Why & How”
- Why are risk, compliance, audit, and IT security initiatives critical to the company’s brand perception and overall success?
- Why should senior decision makers view your work as an integral, value-add component of their business strategy?
- Why should they should listen to you and invest purposefully in your budget – now and in the future?
- How will we get all of this done?
Building a compelling business case to overcome these challenges and express the importance of risk-related work may seem daunting. But if your program is worth implementing, your position is worth voicing.