"The Winning Business Case: how to create a compelling conceptual, analytical and pitch model that your audience will love" is a free eBook from OCEG - more than 20,000 words of advice about generating and pitching a business case for investment in some sort of risk-based project or initiative.
The Open Compliance and Ethics Group identifies as:
"a global nonprofit think tank that helps organizations reliably achieve objectives, address uncertainty and act with integrity ... We inform, empower, and help advance our 85,000+ members on governance, risk management, and compliance (GRC). Independent of specific professions, we provide content, best practices, education, and certifications to drive leadership and business strategy through the application of the OCEG GRC Capability Model™ and Principled Performance®. An OCEG differentiator, Principled Performance enables the reliable achievement of objectives while addressing uncertainty and acting with integrity. Our members include c-suite, executive, management, and other professionals from small and midsize businesses, international corporations, nonprofits, and government agencies. Founded in 2002, OCEG has locations around the globe."
The eBook lays out and explains 15 activities or steps in the process. The sequence and of course the details within each step may vary according to circumstances but it's a comprehensive, well-written document, worth studying if you need to justify investment in risk or security management projects or related areas such as compliance, assurance, cybersecurity, business continuity and ISO27k.
With some adjustments, the process could also be valuable for operational budgets too: securing next year's budget for a business department or function is similar to getting approval for a project, especially if management takes a longer-term, strategic view rather than being solely annual in focus.
Thinking more broadly still, it could be useful for other kinds of proposal, such as when bidding for consultancy work. Maybe if prospective clients had a better appreciation of the effort it takes to prepare bids and proposals for them, they might be more inclined to engage with suppliers like us to discuss and clarify both their requirements and the offer on the table, rather than clamming-up so rudely!
It's quite a lot to read and comes across as a little theoretical in places, as if the authors are recounting techniques picked up from an MBA course or business textbook, but that's just my impression and may simply reflect the authors' style. This caught my beady eye for example:
"Uncertainty is not the same as risk. Risks can be calculated; uncertainty can’t. For example the risk that your next coin-flip will be heads is 50-50. On the other hand, what are the odds that regulators will overhaul their treatment of your industry in the next 20 years? Instinct might suggest an overhaul will probably happen, but you can’t model the chances of specific outcomes over that long a period. It’s uncertain."
I disagree with the assertion that "risks can be calculated [whereas] uncertainty can't", but if that's how they choose to distinguish and use the terms here, fair enough. At least they have offered definitions.
I particularly appreciate the advice to do the legwork, contacting, explaining and discussing the proposal with individuals who will in due course make the final decision in a forthcoming board or executive committee meeting. That's a trick I've learnt the hard way over the years but I seldom see it suggested in print. Writing a sound business case, proposal, business plan, budget request etc. is only half the battle. Influencers and decision makers need to be persuaded and convinced to support - or at least not block - the proposal, which takes time and effort, mostly one-on-one. Appreciating that 'socialising' our proposals is a worthwhile if not necessary part of the process is a good start for those of us who over-rely on formal proposals and rational arguments based on facts and models, ignoring the emotional and personal aspects at our peril.