Saugatuck-EthicsPoint Research Pape-weblayout-Jan2009-final
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Saugatuck-EthicsPoint Research Pape-weblayout-Jan2009-final

on

  • 618 views

 

Statistics

Views

Total Views
618
Views on SlideShare
618
Embed Views
0

Actions

Likes
0
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Saugatuck-EthicsPoint Research Pape-weblayout-Jan2009-final Document Transcript

  • 1. SaaS vs. On-Premise Solutions: The ROI of Proactive Case Management A research report prepared by: Report development and publication sponsored by:
  • 2. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management TABLE OF CONTENTS Introduction 1 Data Breaches 1 Fraud Losses 2 Three Dimensions of Proactive Case Management 4 ROI Approach – The Model 5 Calculating ROI 8 SaaS Savings 9 The Bottom Line 10 TABLE OF FIGURES Figure 1: The Rising Cost of Data Breaches 2 Sidebar: How Common are Data Breaches? 3 Figure 2: Reported Data Breaches in January 2009 3 Figure 3: Figure 3: From Reactive to Proactive Case Management 4 Figure 4: Costs of Proactive Case Management 5 Figure 5: Time Savings 6 Figure 6: Cost Avoidance 7 Figure 7: Cost Containment 7 Figure 8: Return on Investment 8 Figure 9: SaaS ROI 9 Figure 10: On-premise vs. SaaS Solution Costs 9 About this report Saugatuck Technology Inc. is solely responsible for the content of this report. Unless otherwise cited, all content, including illustrations, research, conclusions, assertions and positions contained in this report were developed by, and are the sole property of, Saugatuck Technology Inc. The development and publication of this report were sponsored by EthicsPoint, Inc. About Saugatuck Technology Saugatuck Technology Inc. provides market strategy consulting and subscription research services to senior executives, information technology vendors, and investors, combining strategy development, business planning, and market intelligence with first-hand research of executive technology buyer trends. Founded in 1999, Saugatuck is headquartered in Westport, Connecticut (USA), with offices in Silicon Valley and in Germany. For more information, go to www.saugatech.com, or call +1.203.454.3900 in the US, or +49.6123.630285 in Germany. Entire contents © 2009 Saugatuck Technology Inc. All rights are reserved. Reproduction of this publication in any form without prior written permission is strictly prohibited. © 2009 Saugatuck Technology Inc. i
  • 3. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management I NTRODUCTION Many organizations have implemented an anonymous hotline service to capture reports of issues and events that violate a written code of conduct. Yet valuable information remains hidden within these organizations, and operational risk re- mains higher than it should. Companies can realize an immediate ROI through pro- active case management of these reported issues and events. Proactive case management goes well beyond utilizing a hotline or web-based re- porting and analyzing issue and event reports in a spreadsheet. Coordinating risk management across legal, HR, finance, IT, and business operations requires a cen- tralized and systematic approach to capturing and processing reports of theft, safety violations, employee misconduct, etc. And building an ethical culture re- quires more than just formalization of policy management and increased employee awareness. However, a comprehensive and proactive case management approach not only helps the organization reduce overall risk – and reduce the costs of ethical and le- gal transgressions – but can also significantly reduce the overall costs of risk man- agement itself. This research paper will identify the benefits and returns on invest- ment from a proactive case management approach driven by a state-of-the-art SaaS solution – including time savings, cost avoidance, cost containment and SaaS-related efficiencies. DATA BREACHES Let’s consider one of the most common categories of preventable incidents that threaten all organizations, large and small: data breach. Over the past few years, according to the Ponemon Institute’s 2007 Annual Survey, the cost of a data breach to organizations rose an estimated 43 percent with an average cost of $197 per compromised record (See Figure 1 below). Included in this figure were costs arising from discovery, response and notification, lost trust of customers and em- ployees, lost employee productivity, additional regulatory fines, damage to reputa- tion, opportunity costs, and other indirect costs. Figure 1 – The Rising Cost of Data Breaches Source: U.S. Cost of a Data Breach: Understanding Financial Impact, Customer Turnover, and Preventative Solutions, Ponemon Institute, 2007 Annual Study Source: Saugatuck Technology Inc Using this average cost figure as an index, a data breach of 250 compromised re- cords would cost approximately $50,000. A data breach of 8,500 records would cost $1.7 million, and data breach of 160,000 records would cost $31.5 million. © 2009 Saugatuck Technology Inc. 1
  • 4. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management Stolen computers left unattended and website hacks account for a large percentage of data breaches. But there are also quite a few inadvertent web postings and email attachments that compromised personal identification information (PII). Consider these examples of preventable data breaches: • At CheckFree, at least 160,000 customers -- and possibly as many as 5,000,000 -- were compromised when criminals seized control of the company's websites and redirected customer traffic to a malicious website hosted in the Ukraine. • An administrative worker at Harris County Hospital District downloaded medi- cal and financial records for 1200 patients with HIV, AIDS and other medical conditions onto a flash drive that was later lost or stolen. • A New Zealand man bought an MP3 player for $18 at an Oklahoma thrift shop and was surprised to find files on the flash drive with the names and personal details of 60 American soldiers. Needless to say, even a very small data breach can have serious consequences, and large and well-known financial institutions with professional security staff can also experience these avoidable compromises. FRAUD LOSSES On December 15, 2008, the U.S. Department of Justice settled its Foreign Corrupt Practices Act case with Siemens paying a fine of $800 million. The SEC had al- leged that Siemens paid out $1.4 billion in bribes to win contracts for medical equipment in China and Southeast Asia, telecommunications networks in Africa, and transit equipment in South America. The Justice Department noted that Sie- mens could have been required to pay up to $2.7 billion, but the penalties were re- duced because of Siemens’ cooperation during the investigation. In addition to the fine, Siemens must submit to anti-corruption compliance monitoring by an inde- pendent firm and remains under investigation for related charges in nearly a dozen other foreign countries. Klaus Kleinfeld, Siemens’ CEO, was forced to resign due to the scandal, and the German courts issued prison sentences to other Siemens executives. In addition to the fines, Siemens spent over $1.1 billion during its own investigation of the charges, including millions in fees to its U.S. attorneys, bring- ing the total cost of the Siemens fraud to nearly $2 billion. While the Siemens fraud is certainly an extreme example, all organizations have some degree of exposure. According to survey participants in the 2008 report of the Association of Certified Fraud Examiners (ACFE), U.S. organizations lose an esti- mated 7 percent of their annual revenues to fraud, and more than one-quarter of those frauds involve losses of at least $1 million. Typical fraud in the ACFE study lasted two years from the time it began until the time it was caught by the victim organization. In 46 percent of the cases these frauds were detected by tips from employees, customers, vendors, and other sources, yet fewer than half (43.5 per- cent) of the companies surveyed had a hotline in place. When hotlines were imple- mented, the median cost of fraud was reduced 60 percent from $250,000 to $100,000. Both data breach and fraud are widespread problems across organizations of all types and sizes. Clearly there are other kinds of exposures, including shrinkage, theft, discriminatory lawsuits, product liability and other class actions, and physical damages to property and equipment through negligence or sabotage. However, the ROI model presented here will focus on just those two types of incidents and the © 2009 Saugatuck Technology Inc. 2
  • 5. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management HOW COMMON ARE DATA BREACHES? Since 2005, the total number of known compromised records is 251,164,141 -- and climbing! And many data breaches are reported as unknown numbers of records exposed. During the month of January 2009 alone, more than 20 such breaches were reported in various news media, including the following: Figure 2: Some Reported Data Breaches Reported in January 2009 # Records Date Case Involved Jan. 2 Merrill Lynch (New York, NY) Unknown Jan. 2 Pepsi Bottling Group (Somers, NY) Unknown Jan. 5 Library of Congress (Washington, DC) 10 Jan. 6 CheckFree Corp. (Atlanta, GA) 5,000,000? Jan.11 University of Rochester (Rochester, NY) 450 Jan.12 Columbus City Schools (Columbus, OH) 100 Jan.13 University of Oregon (Eugene, OR) Unknown Jan.13 Innodata Isogen, Inc.(Hackensack, NJ) Unknown Jan.13 Seventh-Day Adventist Church (Silver Spring, MD) 292 Jan.13 Continental Airlines (Newark, NJ) 230 Jan.13 Blue Ridge Community Action (Morganton, NC) 300 Jan.14 Occidental Petroleum Corporation (Dallas, TX) Unknown Jan.16 Southwestern Oregon Community College (Coos Bay, OR) 200 Jan.19 Forcht Bank (Lexington, KY) 8,500 Jan. 20 Kanawha-Charleston Health Department (Charleston, WV) 11,000 Jan. 20 Heartland Payment Systems (Princeton, NJ) Unknown Jan. 21 Missouri State University (Springfield, MO) 565 Jan. 23 Monster.com (Maynard, MA) Unknown Jan. 26 Madison, WI. Human Resources Department (Madison, WI) 500 Jan. 26 U.S. Army 60 Jan. 27 U.S. Consulate (Jerusalem, Israel) Unknown Jan. 27 Beaumont City (Beaumont, TX) 500 Source: Aggregated and formatted by Saugatuck Technology Inc. from multiple reports © 2009 Saugatuck Technology Inc. 3
  • 6. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management THREE DIMENSIONS OF PROACTIVE CASE MANAGEMENT Let’s take a closer look at how organizations can prevent losses through a proactive case management approach by examining its three dimensions: functionality, or- ganizational span and culture change. Proactive case management is more than just a hotline or contact center, although they are indispensible elements of the required functionality. In addition to a reporting system, proactive case management re- quires analysis and reporting tools that can detect patterns of vulnerability before they result in compromises. And proactive case management also means a consis- tent set of policies and procedures in response to a perceived problem and in the case of a confirmed ethical transgression or system breach. According to noted GRC pundit Michael Rasmussen, “Responsibility for risk and compliance has traditionally been scattered across legal, finance, IT, and business operations. Faced with multiple risk and compliance initiatives scattered across business operations, the burden of risk and compliance has become a widespread business problem.” Proactive case management is an approach that manages risk across departments, geographies, and time periods and recognizes and reduces the incidence of cascading or interdependent patterns of risk through formal organiza- tion-wide, incident-response teams and protocols by incident type. However, attaining proactive case management without organization-wide culture change is impossible. Building a sustainable, secure and ethical culture requires at a minimum: • Mandatory training with emphasis on continued learning • Ongoing awareness campaigns designed to transform organizational culture • Metrics that indicate the degree of progress attained across the organization. • Proactive case management also requires a long-term commitment to culture change with specific plateau targets to consolidate gains and to introduce the next level of advancement (See Figure 3 below). Figure 3: From Reactive to Proactive Case Management Stage 3 - Proactive • Issue and event analysis tools across departments, geographies, time periods • Workflow-driven case Stage 2 - Transitional management review and • Issue and event analysis resolution tools tools (departmental focus) • Dashboards tracking key • Clearly-defined performance indicators (KPI) responsibilities for and incident data Stage 1 - Reactive monitoring potential • Scenario-based simulations • Hotline or contact center exposures to test incident response for incident reporting • Reporting system for protocols • Policies and procedures incidents and all actions • Formal incident response accessible by all via taken toward resolution teams and protocols by central repository • Awareness campaigns incident type • Mandatory training with designed to build a • Post-mortem reviews as input emphasis on continued sustainable, secure and for policy and procedure learning ethical culture modifications Source: Saugatuck Technology Inc. © 2009 Saugatuck Technology Inc. 4
  • 7. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management Building a sustainable, secure and ethical culture may take more time than antici- pated and will require difficult decisions to be made, as well as learning from un- avoidable mistakes. Culture change also requires the unstinting support of the very top of the house to be successful over time. An abandoned or reduced commitment in mid-course not only sub-optimizes the benefits of culture change, but may lead to costly internal conflict. Success in attaining proactive case management requires a significant investment in culture change, and not merely “window dressing.” ROI APPROACH – THE MODEL The return on investment (ROI) calculation is designed for comparison of invest- ment alternatives. The resulting ROI numbers for a number of projects may be compared in order to determine which projects are most likely to generate superior returns. Typically, ROI is the analysis of returns from an upfront capital invest- ment measured against the cash flows that result from it: %ROI = (Returns / Capital Outlay) * 100 However, the approach we take here lays ongoing costs against ongoing returns — %ROI = (Savings / Costs) * 100 — because we are looking at returns from implementing a cloud-based, Software- as-a-Service (SaaS) solution. Moreover, this ROI model considers, on the benefit side, only data breach and fraud. It ignores shrinkage, theft, discriminatory law- suits, product liability and other class actions, and physical damages to property and equipment through negligence or sabotage. As a model, it may be adapted on both the cost and benefits sides to meet the specific needs of any organization. Costs On the cost side (See Figure 4 below), we are considering costs of implementing a hotline or Web contact center for incident reporting plus case management tools as discussed above. Costs included are upfront costs, subscription costs, implementa- tion services costs, and other professional services costs. Figure 4: Costs of Proactive Case Management Year 1 Costs Basic (SMB) Enterprise-wide Hotline/Contact Center plus Case Management • Upfront costs • Subscription costs $5000 - $12,000 $50,000- $160,000 • Implementation services costs • Other professional services costs Organizational Costs • Policy and procedure development • Training $10,000 - $25,000 $150,000 - $250,000 • Awareness campaigns • Part-time and full-time employee costs Total Costs $15,000 - $37,000 $200,000 - $410,000 Year 2 and beyond Basic (SMB) Enterprise-wide Hotline/Contact Center plus Case Management $3000 - $10,000 $50,000 - $150,000 Company Costs $10,000 $150,000 Total Costs $13,000 - $20,000 $200,000 - $300,000 Source: Saugatuck Technology Inc. © 2009 Saugatuck Technology Inc. 5
  • 8. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management We also include organizational costs such as policy and procedure development, training, awareness campaigns, and part-time and full-time employee costs. We have presented the costs as a range for each of two implementation models, a basic or SMB implementation and an enterprise-wide implementation for a large organi- zation. First year costs are assumed to run higher than costs in subsequent years. This ROI model is based upon a 3-year comparison of costs to benefits. Returns Returns from Proactive Case Management are based on three types of savings: time savings, cost avoidance and cost containment. 1. Time Savings: Converting a purely human-intensive and inconsistent process to a consistent process-based approach produces productivity or time-related savings. Common examples of these savings include the following: • Cutting out the time spent managing and reconciling Microsoft Excel TM spreadsheets or multiple databases in multiple organizational units for inci- dent analysis and reporting • When an incident of data breach occurs, the organization must issue formal documentation using the appropriate forms and formats to 41 states; this alone can be very time intensive. 2. Cost Avoidance: Anonymous and formal reporting system makes reporting less a rat session and more a recording of a possible irregularity. Hence, re- porting goes up. And antennae are raised, appropriately, to head off potential messes. Early warning benefits accrue. 3. Cost Containment: A reasonable approach is to accept that things will break, and problems will occur. But well-handled incidents that are recorded, com- municated and managed in a consistent, proactive manner cost, in a word, less. In addition, we will later discuss SaaS-related savings from both TCO and ROI points of view. Clearly, however, in an economic climate in which investment capi- tal is hard to come by, a proactive case management solution that requires no capi- tal expense and fewer IT personnel has significant appeal. Time Savings Figure 5 presents the time savings from a proactive case management solution. Figure 5: Time Savings Time Savings Basic (SMB) Enterprise-wide $2,500 - $18,500 $37,500 – $188,500 Year 1 $10,000 $100,000 $2,500 - $7,500 $37,500 – $112,500 Year 2 $5,000 $75,000 $2,500 - $7,500 $37,500 – $112,500 Year 3 $5,000 $75,000 $7,500 - $33,500 $112,500 - $412,500 Total Savings $20,000 $250,000 Source: Saugatuck Technology Inc. We estimate between 25 percent and 75 percent savings through improved produc- tivity, applied against the organizational costs in Table 2 above. If the range of savings for an SMB implementation is between $2,500 and $18,500, then we might assume a rough midpoint or average time savings in year 1 of $10,000. © 2009 Saugatuck Technology Inc. 6
  • 9. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management In subsequent years, by the same method, $5,000 in time savings – for a total of $20,000 in time savings over the three-year period. For enterprise-wide implemen- tations in large organizations, we estimate the time savings at $250,000 for the three years. Cost Avoidance Cost avoidance savings over the three-year period are presented in Figure 6 below. Figure 6: Cost Avoidance Cost Avoidance – Years 1-3 Basic (SMB) Enterprise-wide Fraud Undetected $250,000 $1,000,000 Savings 75% $187,500 $750,000 Data Breach Prevented $50,000 $1,700,000 Total Savings $237,500 $2,450,000 Source: Saugatuck Technology Inc. Recalling that hotlines alone were shown to reduce the median cost of fraud by 60 percent, we assume that a fully-implemented proactive case management solution would increase that savings to at least 75 percent. More than 25 percent of frauds reported in 2007 involved losses of $1 million and up, but let’s assume that for the SMB the fraud loss would be $250,000 and for a large organization it would be $1 million. A data breach of 250 compromised records would cost an SMB $50,000, and a data breach of 8,500 records would cost a large organization $1.7 million. For this model we assume 1 data breach prevented and 1 fraud detected early dur- ing the 3 years. For the SMB, the fraud savings would thus be $187,500 and the data breach savings $50,000 for a total of $237,500 due to cost avoidance. For the large organization, the total savings due to cost avoidance would be $2,450,000. Cost Containment Cost containment savings arise when a serious problem occurs and is handled well. It is inevitable that serious problems will occur and it is not unreasonable that they would occur at least once over a three-year period. In Figure 7, we present the sav- ings due to cost avoidance over the three-year period. Figure 7: Cost Containment Cost Avoidance – Years 1-3 Basic (SMB) Enterprise-wide Fraud Undetected $250,000 $1,000,000 Savings 75% $187,500 $750,000 Data Breach Prevented $50,000 $1,700,000 Total Savings $237,500 $2,450,000 Source: Saugatuck Technology Inc. The average total cost per reporting company of a data breach occurrence in 2007 was more than $6.3 million per breach, including disruption or loss of business, and over one quarter of frauds exceeded $1 million. This model assumes the po- tential loss due a data breach or fraud occurring once in the three-year span would be $1 million for an SMB and $15 million for a large enterprise, but due to proac- tive case management the actual loss incurred was held to $250,000 at an SMB and $5,000,000 at a large organization. Thus the total savings through cost contain- ment would be $750,000 at the SMB and $10,000,000 at the large organization. © 2009 Saugatuck Technology Inc. 7
  • 10. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management CALCULATING ROI In Figure 8, we combine the savings from all three categories – time savings, cost avoidance, cost containment – and measure the total savings against the total costs for the three-year period. Figure 8: Return on Investment (ROI = Savings / Costs * 100) Savings Years 1-3 Basic (SMB) Enterprise-wide Time Savings $20,000 $250,000 Cost Avoidance $237,000 $2,450,000 Cost Containment $750,000 $10,000,000 Total Savings $1,007,500 $12,700,000 Costs Years 1-3 Basic (SMB) Enterprise-wide Year 1 $37,000 $400,000 Year 2 $20,000 $300,000 Year 3 $20,000 $300,000 Total Costs $77,000 $1,000,000 ROI Basic (SMB) Enterprise-wide Savings/Costs 13.08 12.7 X 100 1308% 1270% Source: Saugatuck Technology Inc. Total savings for the basic implementation at an SMB would be $1,007,500 and for the enterprise-wide implementation at a large organization would be $12,700,000. The total costs for the SMB of $77,000 and for the large organization of $1,000,000 are divided into the total savings and then multiplied by 100 to yield the ROI percentage. ROI for the SMB would be 1308 percent, and for the large organization 1270 percent, in either case a return of approximately thirteen times the costs of the proactive case management solution. Of course, the ROI model here may be adapted to other cost and savings assump- tions. As noted above, we have focused our ROI analysis on data breach and fraud as sources of savings. It should be noted that other sources of savings are possible by avoiding or containing shrinkage, theft, discriminatory lawsuits, product liabil- ity and other class actions, and physical damages to property and equipment through negligence or sabotage. And it is also possible to utilize different sets of cost assumptions, tailored to a specific organization, which may include the use of an on-premise solution with its associated capital outlays — and the ongoing per- sonnel costs to maintain the solution. To adapt the ROI model to an on-premise solution, estimate the 3-year outlays in terms of acquisition and ongoing costs, and apply those to the calculated cost sav- ings. On both the cost and benefits sides, this model may be adapted to meet the specific needs of any organization implementing proactive case management. © 2009 Saugatuck Technology Inc. 8
  • 11. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management SAAS SAVINGS Significant savings accrue from using SaaS rather than an on-premise solution for proactive case management. These savings derive from avoiding upfront capital costs, as well from a reduced need for IT personnel (see Figure 9 below). Figure 9: SaaS ROI Traditional Software License Model SaaS Model in Comparison User ROI User ROI Value Investment Investment Upfront Upfront Cost Disadvantages of On-premise Software Key financial advantages in comparison 1. 12-18 month implementation to traditional software license model: 2. High upfront software license 1. Zero-to-low upfront investment 3. Recurring annual maintenance fees 2. Rapid deployment 4. Hardware and other infrastructure costs 3. Quicker time-to-value realization 5. Scarce technical expertise / ongoing personnel costs Source: TripleTree, LLC and Saugatuck Source: Source: TripleTree, LLC and Saugatuck Technology Inc. Traditional, on-premise solutions can require longer and more costly periods before generating returns, typically a year or more. There are also recurring fees and ongo- ing personnel costs to raise the baseline cost of implementation. In the SaaS model on the right in Figure 9 above, the SaaS advantages are apparent -- a “zero-to-low” upfront investment, more rapid deployment and, consequently, a quicker time to realizing returns from proactive case management. Figure 10 below summarizes the cost comparison between on-premise and SaaS solutions. Figure 10: On-premise vs. SaaS Solution Costs On Premise Software Costs On Demand /SaaS Solution Costs – Software License (CapEx) – Subscription – Hardware/Servers (CapEx) – Premium Storage (option) – Middleware (CapEx) – Premium Support (option) – Conversion Utilities (CapEx) – Implementation – Networking (CapEx) – Configuration/Customization – Storage (CapEx) – Integration – Annual Maintenance – System Testing – Major/Minor Releases – User Training – Implementation – Ongoing User Support – Data Conversion – Vendor Management – Configuration/Customization – Integration Saugatuck Insight: SaaS cuts out capital – System Testing expense, sharply reduces IT costs, shifts – Ongoing IT Support most responsibilities for solutions to the user; – IT Training costs are pay-as-you-go, based on user – User Training needs. Meanwhile, SaaS providers handle – Vendor Management new releases, upgrades, ongoing platform and technology costs. Source: Saugatuck Technology Inc. © 2009 Saugatuck Technology Inc. 9
  • 12. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management On-premise solutions also require significant outlays for annual maintenance, often exceeding 20 percent of software license fees, implementation and integration costs, as well as ongoing system training and support costs. With SaaS solutions, no capital expense is required, no additional costs for annual maintenance fees, and there are far fewer IT-related costs, as the SaaS provider assumes responsibility for the care-and-feeding of the SaaS solution. THE BOTTOM LINE Netting it out, the returns from proactive case management are highly significant from a financial point of view. Today, all organizations large and small may be vulnerable to significant losses from data breach or fraud, from shrinkage, theft, discriminatory lawsuits, product liability and other class actions, and from physical damages to property and equipment through negligence or sabotage. Hotlines are a good first step, but by themselves are insufficient; proactive case management analysis and reporting tools are critical, as are policies and procedures that evolve through experience, and protocols for response to incidents when they do occur. Coordinating risk management across legal, HR, finance, IT, and business opera- tions requires a centralized and systematic approach – with defined roles and re- sponsibilities by organizational unit and in cooperation with a centralized risk man- agement function. Building an ethical culture requires more than just formalization of policy management and training workshops, although those are indispensible. Proactive case management requires a sustained commitment to culture change, but will yield significant cost savings and significant ROI though time savings, cost avoidance, and cost containment. A SaaS solution for proactive case manage- ment provides superior ROI when compared to an on-premise solution due to lower upfront cost, rapid deployment, quicker time to value, no required capital expense, and overall lower IT costs with SaaS. However, whether an on-premise or SaaS solution, proactive case management can lead to a sustainable, secure and ethical culture and provide financially-significant returns on investment. © 2009 Saugatuck Technology Inc. 10
  • 13. February 2009 SaaS vs. On-Premise: The ROI of Proactive Case Management SPONSOR PERSPECTIVE - ETHICSP OINT INC. EthicsPoint is the global leader in hotline and case management solutions, serving over 2000 customers across more than 300 industries. We partner with our clients to help them foster a business culture of integrity and compliance. We help them protect their culture and reputation by automating business processes, from the reporting and identification of issues and events of misconduct, to the sub- sequent investigation, resolution and analysis of these cases. Over 2000 organizations use our telephone hotline, web-based reporting and case management services as a critical component of their overall governance, risk and compliance efforts. © 2009 Saugatuck Technology Inc. 10
  • 14. SAUGATUCK OFFERINGS AND SERVICES Saugatuck Technology is a strategic advisor to senior executives, information technology vendors and investors, providing strategy consulting, subscription research and thought-leadership programs focused on emerging technologies, key business / IT challenges, and effective management strategies. STRATEGIC CONSULTING SERVICES • Market Assessment • Strategy Validation • Opportunity Analysis • Scenario Planning • Competitive Analysis CONTINUOUS RESEARCH SERVICES (CRS) • Subscription access to Saugatuck’s ongoing Research Alerts, QuickTakes, Strategic Perspectives and fact- based and in-depth Research Reports • Research agenda focuses on emerging technologies such as SaaS, Open Source and Virtualization / Utility Computing, as well as disruptive market forces and players at the business process layer THOUGHT-LEADERSHIP PROGRAMS • Custom research programs targeting key technology and business/IT investment decisions of CIOs, CFOs and senior business executives, delivered as research reports, position papers or executive presentations. VALUE-ADDED SERVICES • Competitive and market intelligence • Investment advisory services (M&A support, venture fundraising, due diligence) • Primary and Secondary market research. For more information about this or any other Saugatuck Technology report or service, please reach us through the contact information below To learn more about Saugatuck consulting and research offerings, go to www.saugatech.com or email info@saugatech.com. While there register for our compli- mentary Research Alerts, focused on emerging and dis- ruptive technologies, key business / IT challenges, and effective management strategies. Saugatuck Technology Inc. US Headquarters: Silicon Valley: Germany: Westport, CT 06880 Santa Clara,2009 Saugatuck Technology Inc. © CA Eltville, DE 17 +1.203.454.3900 +1.408.727.9700 +49.6123.630285