> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance ROI

> Quantify audit-labour savings and risk reduction from automated governance and evidence collection.

Compliance ROI is the half of the AI investment case that usually gets left off the slide. The cost of audits, evidence gathering, and regulatory response is real — and automating it has measurable financial impact.

***

## What this captures

| Component                   | What it measures                                                                          |
| --------------------------- | ----------------------------------------------------------------------------------------- |
| **Audit labour saved**      | Hours that would have been spent gathering evidence manually, now produced automatically. |
| **Response time reduction** | Time-to-respond to a regulator or auditor, before vs after.                               |
| **Risk mitigation value**   | Expected loss from a compliance failure × probability reduction.                          |
| **Continuous-control cost** | Cost of automated control evaluation — usually small.                                     |

The net is `(audit_saved + risk_mitigation_value) − continuous_control_cost`.

***

## Audit labour saved

For each evidence type, Observatory tracks:

* Number of automated-evidence records produced
* Estimated manual-collection hours that would have been needed
* Loaded hourly rate for the role that would have collected them

Multiplied together, this is the audit-labour saved per period.

Default assumptions (configurable):

| Evidence type                   | Estimated manual hours per record      |
| ------------------------------- | -------------------------------------- |
| Run-based evidence              | 0.10                                   |
| Policy evaluation evidence      | 0.05                                   |
| Alert-event evidence            | 0.25                                   |
| Manual evidence (your reviewer) | Not automated — these still cost time. |

***

## Risk mitigation value

Compliance failures have expected losses. The dashboard estimates two numbers:

* **Expected loss before Observatory** — based on framework severity and your risk-tier mix
* **Expected loss after Observatory** — same calculation with current gap status

The difference is the risk mitigation value attributed to Observatory's compliance work.

<Info>
  Risk mitigation is the most assumption-heavy part of the calculation. Show it alongside the audit-labour number — the latter is closer to ground truth.
</Info>

***

## Where this rolls up

Compliance ROI is one of the inputs to the per-project [Financial ROI](./financial-roi). For projects where compliance work is substantial (banking, insurance, healthcare), it's typically 15–30% of the total ROI case.

***

## Reporting

Two reports executives ask for:

* **Quarterly audit-labour saved** — the audit-hours chart broken out by framework
* **Compliance-risk exposure trend** — month-over-month change in expected loss

Both export to PDF and CSV from **ROI → Compliance**.

***

## Related resources

<CardGroup cols={2}>
  <Card title="Evidence" icon="folder-open" href="../governance/evidence">
    Where the audit-labour numbers come from.
  </Card>

  <Card title="Compliance" icon="circle-check" href="../compliance/overview">
    The frameworks that frame the risk-mitigation calculation.
  </Card>
</CardGroup>