Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense. Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is this REALLY worth the cost and effort?
In the case of implementing a GRC program using RSA® Archer, the answer is yes!
Over the past 5 years we have engaged three independent assessments of RSA Archer's Return on Investment (ROI).
In November 2014, GRC 20/20 took a look at one of our largest financial institution customers and confirmed that they achieved annual savings in excess of $1.5 million while increasing assessments 317%, without increasing staff.
Finally, in February 2017, IDC completed an independent analysis of a cross-section of RSA Archer customers concluding that the five-year ROI related to their RSA Archer implementation was 496%; with average annual benefits of $4.1 million per organization, or $17,931 per user. That represents a payback period of just 11 months!
The IDC Report attributes RSA Archer's ROI to three factors: improved risk mitigation, greater business productivity, and IT infrastructure cost savings. Your organization's results might vary based on the scope of your program, but you will see the individual breakout for each of the areas IDC identified positive returns:
- Network security breach response
- Disaster recovery management
- Third-party risk management
- Risk management assessments
- Regulatory compliance
Whether you have a small program or a large mature program, it is safe to say you will see significant positive returns on your RSA Archer investment. Don't yet have RSA Archer? Estimate your own ROI.