What this captures
The net is
(audit_saved + risk_mitigation_value) β continuous_control_cost.
Audit labour saved
For each evidence type, Observatory tracks:- Number of automated-evidence records produced
- Estimated manual-collection hours that would have been needed
- Loaded hourly rate for the role that would have collected them
Risk mitigation value
Compliance failures have expected losses. The dashboard estimates two numbers:- Expected loss before Observatory β based on framework severity and your risk-tier mix
- Expected loss after Observatory β same calculation with current gap status
Risk mitigation is the most assumption-heavy part of the calculation. Show it alongside the audit-labour number β the latter is closer to ground truth.
Where this rolls up
Compliance ROI is one of the inputs to the per-project Financial ROI. For projects where compliance work is substantial (banking, insurance, healthcare), itβs typically 15β30% of the total ROI case.Reporting
Two reports executives ask for:- Quarterly audit-labour saved β the audit-hours chart broken out by framework
- Compliance-risk exposure trend β month-over-month change in expected loss
Related resources
Evidence
Where the audit-labour numbers come from.
Compliance
The frameworks that frame the risk-mitigation calculation.

