The Total Economic Impact Of ACL

Transcription

1 A Forrester Total Economic Impact Study Commissioned By ACL September 2018 The Total Economic Impact Of ACL Cost Savings And Business Benefits Enabled By ACL For A Financial Services Organization For Compliance Management

2 Table Of Contents Executive Summary 1 Key Findings 2 TEI Framework And Methodology 4 The ACL Customer Journey 5 Interviewed Organization 5 Key Challenges 5 Solution Requirements 6 Key Results 6 Financial Analysis 7 Compliance Team Hiring Cost Avoidance 7 Third-Party Compliance Software And Services Cost Savings 8 Regulatory Assessment Team Efficiency 9 Reduced Risk Exposure Due To Reduced Fines And Better Decisions With More Organized Information In ACL 10 Unquantified Benefits 11 Flexibility 11 Annual ACL License Costs 13 Annual Organization Resource Costs To Manage ACL 13 Implementation Costs 14 Financial Summary 15 ACL: Overview 16 Appendix A: Total Economic Impact 17 Total Economic Impact Approach 17 Appendix B: Endnotes 18 Project Leader: Sean Owens DISCLOSURES Readers should be aware of the following: This study is commissioned by ACL and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis. Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the report to determine the appropriateness of an investment in ACL. ACL reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester s findings or obscure the meaning of the study. ACL provided the customer name for the interview but did not participate in the interview.

3 Executive Summary Benefits And Costs Avoided annual resource costs: $135,000 to $405,000 per year Avoided third-party compliance software and services costs: $213,000 to $284,000 per year New annual income attributed to improved decisions with better data visibility: $100,000 per year Powered by data automation, ACL helps organizations gain better business visibility and improve real-time decision insights. Its solutions provide governance, risk, and compliance (GRC) management software for: assessing strategic risk; executing risk mitigation and assurance activities; achieving control and compliance objectives; continuously monitoring data and operational processes; automating the review and feedback workflow loop on emerging issues and incidents; and creating reports on net risk, compliance, and corporate performance. ACL commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying ACL software. The purpose of this study, the sixth TEI in a series of case studies focused on individual organizations for ACL, is to provide readers with a framework to evaluate the potential financial impact of the ACL platform on their organizations, particularly for compliance management and reporting. To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed a current ACL customer: a midsize international financial services organization headquartered in the US with more than four years of experience with the ACL solution. Compliance management should be a priority for any business especially for financial services organizations due to increased government and other regulatory scrutiny. Eighty-seven percent of respondents in Forrester Analytics Global Business Technographics Security Survey, 2017, cited adopting a GRC platform as a priority they need to work on, are already working on, or have already completed (see Figure 1). 1 The compliance review team at the interviewed financial services organization saw an opportunity to improve its compliance management process and increase team efficiency by automating many aspects of the compliance life cycle. Compliance management activities, such as developing and sharing process standards and managing compliance reviews and communication, were very time-consuming not only for internal resources but also for the affected business groups. The financial services organization felt it should be able to: Speed up compliance process documentation creation and review cycles with compliance mapping. Replace its incumbent compliance software and services solution to reduce and avoid costs. Eliminate process inefficiencies. Shorten compliance reviews with tools that collect information and organize compliance data and documentation. Maintain compliance requirements and quality standards. Free up time for other business opportunities. Avoid added resource costs related to regulatory audit response. With ACL, the financial services organization replaced an inefficient and costly incumbent solution, improved compliance efficiency, avoided or 1 The Total Economic Impact Of ACL

4 ROI 550% Total Benefits $1.7 million Total Costs $261,000 NPV $1.4 million delayed planned compliance team hiring, and reduced time spent by employees in supporting regulatory audits. Key Findings Quantified benefits. The following risk-adjusted quantified benefits are based on business and process metrics provided by the company interviewed: Avoided salaries and hiring costs for four resources, totaling $135,000 to $405,000 per year. With ACL deployed, the compliance team can manage regulatory obligations more efficiently and reduce the compliance burden for other teams. Without the efficiency and automation made possible by ACL, this would require at least four more full-time employees on the team (including the hiring costs to recruit and train them) by the end of the three-year investment window. Avoided third-party software and services costs with ACL, adding up to $213,000 to $284,000 per year. By licensing ACL, the team could replace the previous compliance management solution that was both more expensive and delivered fewer features. The team also eliminated other labor-intensive, spreadsheet-based processes. Regulatory-related assessment efficiencies adding up to a PV of $82,466. In addition to avoided labor costs, the team can conduct compliance assessments more efficiently, with ACL Compliance Maps that enable more organized process documentation, quick access to review status and results, and a more effective compliance management workflow. In ACL, information is more organized and easier for users to access; the system also makes it possible to more efficiently interact and share results with stakeholders (e.g., operations teams, internal and external audit teams, regulators, etc.). Reduced risk exposure, adding up to an estimated $100,000 per year. With ACL, the compliance team and other business leaders can quickly and easily access compliance performance reports and find specific information as needed, which means the right people can answer process-related questions more quickly and accurately 2 The Total Economic Impact Of ACL

5 Benefits (Three-Year) $724.5K $640.6K $248.7K $82.5K Compliance team hiring cost avoidance Third-party compliance software and services cost savings Regulatory assessment team efficiency Reduced risk exposure due to reduced fines and better decisions with more organized information in ACL whether asked by a business colleague, company executive, or outside auditor. For the organization, this translates to preventing issues that would have taken time to resolve, results in better stakeholder engagement, and helps avoid regulatory penalties and fines. Unquantified benefits. The financial services organization expects other significant positive benefits: Compliance information and data quality. An ACL deployment clearly improves process efficiency. Being able to reference measurable and specific compliance information can mean significant benefits for other teams in the organization as they work toward business goals and interact with regulatory advisors and auditors. Continuous monitoring. The financial services organization plans to implement continuous monitoring with ACL Analytics Exchange, which will provide even greater automation and benefits, including more efficient reporting and new business opportunities. Costs. The financial services organization experiences the following riskadjusted costs: Recurring annual subscription costs of $35,000 to $90,000. Resource costs of $16,000 to $24,000 per year. Deployment and implementation resource costs of $48,000, including planning, implementation, and training. Forrester s interview with an ACL customer and subsequent financial analysis found that the financial services organization experiences riskadjusted, three-year present value benefits of nearly $1.7 million versus costs of about $261,000 over three years, adding up to a net present value (NPV) of more than $1.4 million and an ROI of 550%. 3 The Total Economic Impact Of ACL

6 TEI Framework And Methodology From the information provided in the interview, Forrester has constructed a Total Economic Impact (TEI) framework for those organizations considering implementing ACL. The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that ACL can have on an organization. Specifically: The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders. DUE DILIGENCE Interviewed ACL stakeholders and Forrester analysts to gather data relative to ACL. CUSTOMER INTERVIEW Interviewed an organization using ACL to obtain data with respect to costs, benefits, and risks. FINANCIAL FRAMEWORK MODELING Constructed a financial model representative of the interview using the TEI methodology, and risk-adjusted the financial model based on issues and concerns of the interviewed organization. CASE STUDY WRITING Employed four fundamental elements of TEI in modeling ACL s impact: benefits, costs, flexibility, and risks. Given the increasing sophistication that enterprises have regarding ROI analyses related to IT investments, Forrester s TEI methodology serves to provide a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology. 4 The Total Economic Impact Of ACL

7 The ACL Customer Journey BEFORE AND AFTER THE ACL INVESTMENT Interviewed Organization For this study, Forrester interviewed the chief compliance officer (CCO) of a current ACL customer, a US-based online brokerage that uses ACL to manage compliance and compliance reporting. The financial services organization employs 10 people on the compliance team, has about 500 total employees, and has an annual revenue of $250 million. Key Challenges Compliance reviews and management processes were costly, time-consuming, and increasingly complicated. With respect to the previous solution, the CCO for the financial services organization said, Our system was not scalable for our regulatory environment with so many rules changing in it. The challenge was not just keeping up with the current compliance management and review workload, but also ensuring that compliance was in line with the latest rules and regulatory guidelines. The compliance team was seen as large enough already. With 10 people, the compliance team would face an uphill battle for headcount and budget to grow; making the existing team more efficient would be a preferred, and easier, investment approval. It s a heavily regulated environment with many changes to manage each year, said the CCO. The old system and the way we did things just became unmanageable. There was so much hard work to do that major rule or requirement changes that impacted compliance would mean I would have to add personnel, and I definitely didn t want to do that. The financial services organization spent too much on software and services. The incumbent solution was expensive and still resulted in many compliance processes managed with spreadsheets and network folders. It really didn t make the job any more efficient. It just became a tool for case management, which is not what we were looking for, remarked the CCO. Third-party regulatory assessments were costly and timeconsuming. As an online brokerage, the financial services organization faced government and other regulatory audits each year. Rules and regulations are updated annually, and existing compliance information and data could be difficult to assess. We are audited every year by at least two or three major regulators, not to mention our own internal and external auditors for financial statements, said the CCO. Now we have one person managing each audit, instead of three. Inefficient compliance monitoring left the organization exposed to additional risk. If compliance reporting remained difficult and less scalable and flexible, incorrect or slow information could lead to business or regulatory issues. One of the benefits of ACL is the visibility. It s tough to say we are fully compliant with all of our requirements but I could easily picture that a year from now we could have been faced with potential issues. Switching to ACL essentially stops us from experiencing a problem, explained the CCO. Major rule or requirement changes would mean I would have to add personnel. Chief compliance officer, financial services organization [Our previous solution] didn t make the job any more efficient. Chief compliance officer, financial services organization Switching to ACL essentially stops us from experiencing a problem. Chief compliance officer, financial services organization 5 The Total Economic Impact Of ACL

8 Solution Requirements The interviewed organization searched for a solution that could: Replace the current expensive and limited compliance management solution. Not only did the organization want to replace its expensive incumbent solution, it wanted to find a solution with even more features and capabilities. Keep up with rule and regulatory changes. The organization wanted a more scalable and flexible solution to meet the needs of a growing business and a continually updated regulatory environment. Streamline internal processes and tracking. The organization looked for a solution that wouldn t cause additional burden by creating extra work outside the system using spreadsheets or network shares. Open new business opportunities. The organization wanted to improve relationships with regulators and auditors by being more efficient with better-organized data and information. It also hoped to use that information to identify issues and opportunities more quickly. After exploring several solutions, the financial services organization chose ACL as its GRC platform to meet these business requirements. The CCO told Forrester: ACL is better; it is more scalable and efficient. I really need things to be super flexible so that I can adjust them to all of our tasks and not just some of the things we do. The compliance and risk management teams have deployed ACL to document, manage, track and report on compliance performance, achieve better business process alignment, keep up to date with regulatory compliance requirements, and avoid business risks related to audit failures, regulatory noncompliance, and resulting business disruptions. Key Results Forrester organized and articulated the business value of implementing ACL as the financial services organization s primary GRC solution. Benefits, cost metrics, and financial results follow Forrester Consulting s TEI framework as well as Forrester Research s recent Build The Business Case For GRC report. 2 ACL benefits include: More efficient compliance management processes. The organization can centralize and cross-reference regulatory rules and requirements with internal process documents and process reporting, complete compliance review tasks more efficiently and at a higher quality, and respond to audit and regulatory requests more quickly. Avoided compliance team headcount. The organization can manage a larger volume of compliance activities without having to bring on planned new hires. The organization had planned to recruit and hire four new compliance managers to meet growth and added complexity. But, at least for the first three years, the organization can forego the cost of these hires, avoiding salary and recruiting costs. Software and services cost savings. The organization can reduce and avoid licensing costs for the previous compliance management solution and avoid additional software and services costs. Better business decision making. Organization execs can make better decisions, identify and react to issues, take advantage of opportunities, and avoid risk or added costs. I feel a lot more confident when faced with questions from executives about our current business model or about exploring new opportunities, said the CCO. Key metrics before ACL: 10 compliance professionals on the team Planning to hire four more $250,000 annual cost for complete compliance management across multiple solutions ACL is better; it is more scalable and efficient. Chief compliance officer, financial services organization 6 The Total Economic Impact Of ACL

9 Financial Analysis QUANTIFIED BENEFIT AND COST DATA Total Benefits REF. BENEFIT YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT VALUE Atr Compliance team hiring cost avoidance $135,000 $360,000 $405,000 $900,000 $724,530 Btr Third-party compliance software and services cost savings $212,625 $283,500 $283,500 $779,625 $640,591 Ctr Regulatory assessment team efficiency $14,616 $43,846 $43,846 $102,308 $82,466 Dtr Reduced risk exposure due to reduced fines and better decisions with more organized information in ACL $100,000 $100,000 $100,000 $300,000 $248,685 Total benefits (risk-adjusted) $462,241 $787,346 $832,346 $2,081,933 $1,696,272 Compliance Team Hiring Cost Avoidance The financial services organization s compliance department includes 10 compliance professionals. These professionals must continually review and assess many tasks and processes throughout the organization to ensure that outcomes and documentation align to current regulatory standards. Before ACL, compliance review was a slower, more task-intensive process that required input in the compliance management system as well as other spreadsheets and files in network folders. If we stayed with the old system, we would have needed to hire four more people, easily, said the CCO. Of particular benefit is ACL s Compliance Maps feature. We have to demonstrate assurance with all those different rules and regulations. We map all of our compliance requirements to the controls and processes that we have documented, said the CCO. And, as ACL adds new content and new products, we can move more processes over. We already moved over regulatory change management and written supervisory procedure reviews. When I test controls and process results to check on our compliance, the reports are automatically done. Everyone keeps Compliance Maps updated to make sure new regulations and process changes are tracked, the CCO continued. With ACL deployed, the financial services organization can map specific rules and regulations to process documentation and process reporting. With this preparation and automation, compliance reviews are much more efficient, and information is easier to find after completion. The organization estimates: To meet current workload expectations over the next three years, prior to ACL, the team would have needed at least four more full-time employees to be added to the existing 10 compliance professionals, most likely through outside hiring. With ACL, those hires are avoided or at least delayed until after Year 3 due to the easier compliance management tools, Compliance Maps, and other efficiencies enabled by ACL. The table above shows the total of all benefits across the four areas listed below, as well as present values (PVs) discounted at 10%. Over three years, the financial services organization expects risk-adjusted total benefits to be a PV of nearly $1.7 million. We map all of our compliance requirements to the controls and processes that we have documented. Chief compliance officer, financial services organization 7 The Total Economic Impact Of ACL

10 Thousands The organization would have hired one FTE in Year 1, mainly because the first-year implementation starts with a smaller set of processes. The team would have hired two more FTEs in Year 2 and one more in Year 3. The average fully burdened salary for each hire is $100,000. For a professional position such as a compliance professional, recruiting, hiring, and training costs can be as much as 1x salary, if not higher. For this analysis, Forrester uses a conservative recruiting, hiring, and training cost of $50,000 per hire. For the compliance review team, this results in measurable benefits, particularly related to compliance efficiency: Compliance reviews are more efficient and can be completed more quickly and with less employee task time. Reporting and communication are more up to date and easier to access, especially with Compliance Maps. A rule or regulation is linked to the process document with process metrics also available, so checking compliance results is convenient and reporting is streamlined. Continued improvements to the ACL GRC platform, plus expansion of the solution to include ACL Analytics Exchange with real-time monitoring and alerts, will provide even greater value in years two and three and beyond. The cost savings of avoiding four compliance team admins and managers is estimated to be $150,000 to $450,000 each year. Given that time savings or salary averages may be overestimated, Forrester has applied a 10% risk adjustment, leading to risk-adjusted annual benefits of $135,000 in Year 1, $360,000 in Year 2, and $405,000 in Year 3 for a three-year PV of $724,530. Compliance Team Hiring Cost Avoidance: Calculation Table REF. METRIC CALC. YEAR 1 YEAR 2 YEAR 3 A1 Planned compliance team hires avoided A2 A3 A4 Cumulative compliance team avoided hires Average compliance professional annual salary Average compliance professional avoided hiring costs (per hire) Third-Party Compliance Software And Services Cost Savings The previous compliance management solution was expensive and provided fewer features. It really didn t make the job any more efficient. It just became a tool for case management, said the CCO for the financial services organization. ACL meets the organization s needs and has allowed the organization to eliminate these other costs, including $250,000 for the incumbent compliance management solution and $65,000 for extra software tools and services (because the compliance 8 The Total Economic Impact Of ACL $100,000 $100,000 $100,000 $50,000 $50,000 $50,000 At Compliance team hiring cost avoidance A1*A4+A2*A3 $150,000 $400,000 $450,000 Atr Risk adjustment 10% Compliance team hiring cost avoidance (risk-adjusted) Three-Year Benefit Summary $900 $800 $700 $600 $500 $400 $300 $200 $100 $0 Year 1 Year 2 Year 3 New income as a result of better decisions with more organized info in ACL Regulatory Audit Response Team Efficiency Third-Party Compliance Software And Services Cost Savings Compliance Team Hiring Cost Avoidance $135,000 $360,000 $405,000

11 management solution didn t deliver all the features the organization needed; it had to add more). Overall, the team estimates it can reduce software costs by up to $315,000 per year (with some overlap in the first year as the organization implemented ACL). Since there is a risk that software and services costs may be overestimated, Forrester adjusted this benefit downward by 10%, yielding an annual benefit of $212,625 to $283,500. Over the three-year analysis period, the risk-adjusted, three-year present value is $640,591. Impact risk is the risk that the business or technology needs of the organization may not be met by the investment in ACL, resulting in lower overall total benefits. The greater the uncertainty, the wider the potential range of outcomes for benefit estimates. Third-Party Compliance Software And Services Cost Savings: Calculation Table REF. METRIC CALC. YEAR 1 YEAR 2 YEAR 3 B1 B2 B3 Bt Btr Previous compliance management tool annual license costs Other compliance-related software cost avoidance Percentage of third-party costs avoided with ACL Third-party compliance software and services cost savings Risk adjustment 10% Third-party compliance software and services cost savings (risk-adjusted) $250,000 $250,000 $250,000 $65,000 $65,000 $65,000 75% 100% 100% (B1+B2)*B3 $236,250 $315,000 $315,000 $212,625 $283,500 $283,500 Regulatory Assessment Team Efficiency The financial services organization has several business units that support the overall focus as an online brokerage. As such, government agencies, self-regulatory organizations, third-party auditors, internal teams, and other authoritative bodies enforce several rules and regulations. From a regulatory standpoint, there are 17 bodies, not including state regulators, we have to comply with, said the CCO. Managing and demonstrating compliance for all these rules and regulatory bodies is already time-consuming; annual evaluations with the previous system would require a lot more time and resources. Showing process management documentation and demonstrating compliance for the Commodity Futures Trading Commission (CFTC) or Financial Industry Regulatory Authority (FINRA) is a large task. For example, FINRA 3120 requires supervisory control and review of internal policies and procedures for financial services organizations. 3 But it is easier to manage and more efficient when most or all of the necessary documents are already stored and organized within ACL information collected with Compliance Maps illustrates the linkages between external rules and internal policies that can be shared easily with internal stakeholders and auditors when needed. Now, when an assessment is initiated, just one compliance professional must manage it instead of the three people it took previously. With ACL deployed, the financial services organization expects to complete assessment tasks more quickly while also providing better documentation and more data and sharing compliance team resources in more review situations. The management of these processes really shows the power of ACL Compliance Maps, said the CCO. Benefits include: More efficient assessments. Only one compliance professional must support these assessments, instead of three, as an additional efficiency benefit to the avoided hires discussed above. 9 The Total Economic Impact Of ACL

12 Improved relationships with regulators. More efficient compliance reporting can improve the relationship with auditors. The organization has already seen even more improved relationships with auditors and regulators in what can often be an adversarial relationship. Forrester uses the same average annual salary for a compliance professional. Regulatory Assessment Team Efficiency: Calculation Table REF. METRIC CALC. YEAR 1 YEAR 2 YEAR 3 C1 Number of regulatory assessments per year now managed with ACL, on average C2 Average assessment duration (weeks) C3 FTEs involved before ACL C4 FTEs involved with ACL C5 Percentage of work time for FTEs involved in assessment 20% 20% 20% C6 Average compliance professional annual salary $100,000 $100,000 $100,000 Ct Regulatory assessment team efficiency (C3-C4)*C5*C2 *40*C6/2080*C1 $15,385 $46,154 $46,154 Ctr Risk adjustment 5% Regulatory assessment response team efficiency (risk-adjusted) $14,616 $43,846 $43,846 Because salary or time savings may be overestimated, Forrester riskadjusted this benefit downward by 5%. Over the three-year analysis period, the risk-adjusted, three-year present value of this benefit is $82,466. Reduced Risk Exposure Due To Reduced Fines And Better Decisions With More Organized Information In ACL With ACL deployed, managers and executives across departments and teams at the financial services organization can work faster or better and can: Act more quickly to respond to or avoid business issues. Avoid or mitigate costly mistakes that could lead to regulatory fines and penalties. ACL, along with improved processes implemented by the compliance team, have helped avoid costly issues. Even before ACL, the CCO implemented best practices to mitigate risk: We didn t have problems because we tried to have a little foresight. But switching to ACL greatly reduces the risk of us having a problem in the future. Although there are many influences and activities that can increase or decrease organizational income, Forrester believes the following is a credible approximation of ACL s impact on reducing the financial services organization s risk exposure related to compliance management: 10 The Total Economic Impact Of ACL

13 Total annual revenue of $250 million across all operations. While annual business growth is expected, for simplicity this is not included, to focus on the benefits impact of ACL. Reduction in costs estimated at 0.05% (that is, 1/20th of 1%) of revenue through process improvements and cost savings identified after more efficient, higher-quality, and better-organized compliance management with ACL. Revenue or the impact of ACL may be overestimated. To account for these risks, Forrester adjusted this benefit downward by 20%, for a riskadjusted, three-year present value of $248,685. Reduced Risk Exposure Due To Reduced Fines And Better Decisions With More Organized Information In ACL: Calculation Table REF. METRIC CALC. YEAR 1 YEAR 2 YEAR 3 D1 Total annual revenue $250M $250M $250M D2 Dt Reduced risk exposure (as a percentage of revenue) estimated as a result of ACL Reduced risk exposure due to reduced fines and better decisions with more organized information in ACL 0.05% 0.05% 0.05% D1*D2 $125,000 $125,000 $125,000 Dtr Risk adjustment 20% Reduced risk exposure due to reduced fines and better decisions with more organized information in ACL (risk-adjusted) $100,000 $100,000 $100,000 Unquantified Benefits Improved compliance review quality and depth. Compliance management quality improvement is apparent in the ability to quickly locate a rule, a process, and the compliance results data all within ACL. The financial services organization hopes to further measure the improvement in compliance review quality in more detail (via participant feedback surveys, continuous monitoring, and other data). Strategic agility to take advantage of new business opportunities. Improved compliance management processes have delivered new business options and opportunities. The organization had some responsibilities within the commodities business outsourced to another broker in the past. With ACL, the CCO could confidently affirm that the compliance team can manage this additional responsibility. The organization has also added more services related to cryptocurrencies and has made and considered several acquisitions all of which also require compliance reviews, which the compliance team can now more expediently handle. Regulatory requirements are much easier to integrate with ACL, said the CCO. So when I m asked whether we can provide compliance support for new business opportunities, I know I can manage it [with ACL]. Flexibility The value of flexibility is clearly unique to each customer, and the measure of its value varies from organization to organization. There are multiple scenarios in which a customer might choose to implement ACL and later realize additional uses and business opportunities. For the financial services organization, this includes the following: 11 The Total Economic Impact Of ACL

14 Continuous monitoring will improve tracking and reduce exception reviews. The financial services organization plans to implement continuous monitoring with ACL Analytics Exchange, which will provide even greater automation, resulting in further benefits and efficiencies. For example, the compliance management team reviews data logs and materials where available, but also assesses compliance by sending out surveys to employees asking them to share information on process steps and completion. Continuous monitoring will provide more efficient and more accurate data collection for reporting and use in new business opportunities. The CCO sees the potential for significant exception review time savings. The team spends an estimated 25 total hours per month on these tasks, which adds up to nearly $15,000 per year that can be avoided by using information based on monitored results, not surveys and interviews that need to be double-checked. Right now, we review several exception reports. We spend a lot of time on these because of the research that s required after you receive the report, said the CCO. The organization expects it can reduce or completely avoid this time with continuous monitoring. It will be a big, big win for us, continued the CCO. Additional regulatory risk reduction will enable more business opportunities and reduce risks. The financial services organization has a high standard for compliance management and has a good relationship with regulators, but there is always a chance this could change due to many external or internal influences. With ACL, the organization can reduce risk, especially if it expands its ACL implementation to include real-time monitoring. This expansion can reduce the chance of major compliance issues that could lead to fines or impact business operations. Flexibility would be quantified when evaluated as part of a specific project (described in more detail in Appendix A). Flexibility, as defined by TEI, represents an investment in additional capacity or capability that could be turned into business benefit for a future additional investment. This provides an organization with the "right" or the ability to engage in future initiatives but not the obligation to do so. 12 The Total Economic Impact Of ACL

15 Total Costs REF. COST INITIAL YEAR 1 YEAR 2 YEAR 3 TOTAL Etr Annual ACL license costs PRESENT VALUE $0 $35,000 $75,000 $90,000 $200,000 $161,420 Ftr Annual organization resource costs to manage ACL $0 $15,750 $23,625 $23,625 $63,000 $51,593 Gtr Implementation costs $48,025 $0 $0 $0 $48,025 $48,025 Total costs (riskadjusted) $48,025 $50,750 $98,625 $113,625 $311,025 $261,038 Annual ACL License Costs Annual costs are primarily split into two categories: Annual ACL subscription costs. An additional ACL subscription fee for regulatory compliance content and templates. ACL subscription costs are estimated to be $35,000 for the first year, when the compliance team are the only advanced users, and $75,000 per year after the first year as additional users, including business managers and executives, are included in the license plan. In ACL s solution package, prepared content is a newer available service where ACL reviews and organizes financial standards and regulations, and customers, such as the financial organization, can use this content to more efficiently prepare Compliance Maps and other process documentation. The table above shows the total of all costs across the areas listed below, as well as present values (PVs) discounted at 10%. Over three years, the financial services organization expects risk-adjusted total costs to be a PV of about $261,038. Annual ACL License Costs: Calculation Table REF. METRIC CALC. INITIAL YEAR 1 YEAR 2 YEAR 3 E1 Annual ACL license costs $35,000 $75,000 $75,000 E2 ACL content $15,000 Et Annual ACL license costs E1+E2 $0 $35,000 $75,000 $90,000 Etr Risk adjustment 0% Annual ACL license costs (riskadjusted) $0 $35,000 $75,000 $90,000 The financial services organization estimates ongoing costs are $35,000 to $90,000 per year for a risk-adjusted, three-year present value of $161,420. Annual Organization Resource Costs To Manage ACL Annual internal resource costs are minimal. One employee needs to allocate 10% to 15% of their time supporting ACL updating Compliance Maps, answering questions, providing a training overview for new employees, etc. Using the standard compliance professional salary, with a 5% risk adjustment applied to allow for underestimation, the financial services 13 The Total Economic Impact Of ACL

16 organization estimates ongoing resource costs are $15,750 to $23,625 per year for a risk-adjusted, three-year present value of $51,593. Annual Organization Resource Costs To Manage ACL: Calculation Table REF. METRIC CALC. INITIAL YEAR 1 YEAR 2 YEAR 3 F1 Employees involved in ACL management F2 F3 Ft Ftr New task time required to manage ACL (hours per week per FTE) Average compliance professional salary Annual organization resource costs to manage ACL Risk adjustment 5% Annual organization resource costs to manage ACL (risk-adjusted) F1*F2* F3/2080* $100,000 $100,000 $100,000 $0 $15,000 $22,500 $22,500 $0 $15,750 $23,625 $23,625 Implementation Costs To implement ACL, the financial services organization s compliance team was able to get ACL up and running in about three months, though some training and change management time was also included to ensure all business employees were ramped up at the same time. The financial services organization estimates: About 16 weeks of data migration, template and report setup, and new process documentation for three people who dedicated about onequarter of their time to this project. About $15,000 of ACL consulting to provide support, training, and expertise during setup. Forrester risk-adjusted implementation costs by 5% to allow for underestimated time requirements, amounting to a risk-adjusted initial cost of $48,025. Implementation risk is the risk that a proposed investment in ACL may deviate from the original or expected requirements, resulting in higher costs than anticipated. The greater the uncertainty, the wider the potential range of outcomes for cost estimates. Implementation Costs: Calculation Table REF. METRIC CALC. INITIAL YEAR 1 YEAR 2 YEAR 3 G1 Implementation time (weeks) 16 G2 FTEs involved in implementation 3 G3 G4 Percentage of time spent on implementation Average compliance implementation team salary 33.3% $100,000 G5 Additional ACL consulting services $15,000 Gt Gtr Implementation costs Risk adjustment 5% Implementation costs (riskadjusted) G1*40*G2*G3*( G4/2080)+G5 $45,738 $0 $0 $0 $48,025 $0 $0 $0 14 The Total Economic Impact Of ACL

17 Financial Summary CONSOLIDATED THREE-YEAR RISK-ADJUSTED METRICS Cash Flow Chart (Risk-Adjusted) Total costs Total benefits The financial results calculated in the Benefits and Costs sections can be used to determine the ROI and NPV for the organization s investment in ACL. Forrester assumes a yearly discount rate of 10% for this analysis. Cumulative net benefits Cash flows $2.0 M $1.5 M $1.0 M $0.5 M -$0.5 M Initial Year 1 Year 2 Year 3 These risk-adjusted ROI and NPV values are determined by applying risk-adjustment factors to the unadjusted results in each benefit and cost section. Cash Flow Table (Risk-Adjusted) INITIAL YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT VALUE Total costs ($48,025) ($50,750) ($98,625) ($113,625) ($311,025) ($261,038) Total benefits $0 $462,241 $787,346 $832,346 $2,081,933 $1,696,272 Net benefits ($48,025) $411,491 $688,721 $718,721 $1,770,908 $1,435,234 ROI 550% 15 The Total Economic Impact Of ACL

18 ACL: Overview The following information is provided by ACL. Forrester has not validated any claims and does not endorse ACL or its offerings. ACL Services provides GRC technology solutions to approximately 7,100 supported customers from nearly 140 countries around the world, including close to 90% of the Fortune 500 list companies. Founded in 1987 and headquartered in Vancouver, Canada, ACL employs approximately 300 professionals across the globe, with offices in North America, Europe, and Asia. ACL s integrated family of products including a cloud-based GRC solution and data analytics products supports all key components of the GRC process and is designed to integrate risk management activities between all levels of the organization, from the C-suite to frontline audit and risk professionals to the business managers they interact with. Through a combination of software tools and related domain content, accumulated over nearly 30 years of experience, ACL provides the software solutions that enable risk management professionals to identify and mitigate risk, protect company profits, and improve business performance by: APPROACHING RISK MANAGEMENT INTELLIGENTLY IN ALIGNMENT WITH STRATEGIC OBJECTIVES ACL software provides users with an integrated platform for assessing risk, managing projects, continuously monitoring transactional data, and collaborating with the business to create better visibility and reporting of organizational risk performance. Using ACL, risk management professionals can provide risk intelligence to their organizations by linking strategic risks to enterprise objectives and centrally tracking their risk events. Executives can gain visibility into strategic risk performance with one-click reports and dashboards that indicate significant movements in their risk environment. PROVIDING ACTIONABLE DATA-DRIVEN INSIGHTS AND DECISION SUPPORT FOR EXECUTIVE MANAGEMENT ACL is the only GRC platform vendor with the integrated ability to collect data from any enterprise data source, transform it in any way necessary, exercise powerful analytic capability (ranging from deep data mining to predictive analysis), and visualize it in an interactive format for powerful storytelling. Furthermore, ACL is the only vendor that integrates the results of such "data-driven" capability directly into the GRC management process, thereby enabling GRC professionals to objectively track those risks that affect their organization the most, provide real-time assurance on the degree to which risks have ben mitigated, and trigger appropriate corrective actions. It s the data-driven risk management solution. FOCUSING ON WHAT MATTERS WITH A MODERN, COLLABORATIVE RISK MANAGEMENT AND DATA ANALYTICS PLATFORM The broad landscape of risk management and electronic work paper platforms is largely built on legacy technology by vendors with antiquated approaches to software development. This created an opportunity for ACL to put the customer back at the center of the software design process by focusing on user interface (UI) design and user experience first. ACL UIs are beautiful, simple, and easy to use, leading to rapid customer adoption. This customer experience aspect of ACL is difficult for competitors to match. ACL s intuitive design and user interface enables GRC professionals to easily facilitate communication between team members and business owners, send notifications for incident analysis and remediation, perform risk assessment surveys, and manage attestations. In addition, social collaboration capabilities allow users to seamlessly manage workflow and content, author and approve documents, store supporting evidence, and perform risk mitigation action planning. REALIZING VALUE QUICKLY Leveraging true software-as-a-service (SaaS) delivery along with a simple design and mobile app capability, ACL solutions deliver value in two to three months of implementation (not six months or one to two years down the road after a lengthy customization process). Moreover, customers can access online self-help resources and quick-start guides to start onboarding quickly and evolve to full GRC process automation. SUPPORTING A VARIETY OF USE CASES ACL technology was architected to accommodate a variety of GRC use cases with domain-specific support. ACL uses a domain model architecture, a one objective, risk, and control -oriented framework that spans across different use cases. Customers are able to leverage a fully integrated platform that not only provides flexibility across various use cases but also future proofs their technology choice when partnering with ACL. Learn more about ACL s integrated family of products at 16 The Total Economic Impact Of ACL

19 Appendix A: Total Economic Impact Total Economic Impact is a methodology developed by Forrester Research that enhances a company s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders. Total Economic Impact Approach PRESENT VALUE (PV) The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows. solution. Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization. Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated. Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on triangular distribution. NET PRESENT VALUE (NPV) The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made, unless other projects have higher NPVs. RETURN ON INVESTMENT (ROI) A project s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs. DISCOUNT RATE The interest rate used in cash flow analysis to take into account the time value of money. Forrester assumes a yearly discount rate of 10% for this analysis. Organizations typically use discount rates between 8% and 16%. The initial investment column contains costs incurred at time 0 or at the beginning of Year 1 that are not discounted. All other cash flows in years 1 through 3 are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur. PAYBACK PERIOD The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost. 17 The Total Economic Impact Of ACL

20 Appendix B: Endnotes 1 Source: Forrester Analytics Global Business Technographics Security Survey, Source: Build The Business Case For GRC, Forrester Research, Inc., February 14, Source: FINRA ( rbid=2403&element_id=11346). 18 The Total Economic Impact Of ACL