Great article, Nicole! Even if your client doesn't use ROI to inform their decision, it's great to have for your own purposes. It becomes so much easier to justify your fee/job/project when you can show that your previous work had an ROI of 800%.
Some other things to consider:
- people don't tend to make mistakes when they're not working, you'll probably want to exclude holidays/vacation from any calculations based on hours/days/weeks of work
- don't forget to plan for maintenance/obsolescence: it's harder to attain (and maintain) a positive ROI if your course is only current for a year as compared to a course that stays relevant for a decade
- as your audience increases, so does the potential ROI (think economies of scale). For example, a 5% cost savings for each of 5 employees may not be worth your effort, but the same 5% across 5 million employees adds up to "real money"
Andrew, you bring up a good point. When you're dealing with potential gains/losses it gets trickier. Without getting too bogged down in the math (that's what actuaries are for), I suppose you could look at the average cost of a breach in terms of settlements, fines, lost business and reputation damage.
If you've had incidents in the past (hopefully you haven't!), you could use those numbers, e.g. "Last year, breaches involving mishandling of personal info cost us $5M."