Business Case Template

This template can be modified to meet a project’s specific needs.

See sample content in gray. To use: (1). Download template (2). Delete examples (3). Input specific project
information.

Business Case, Problem/Opportunity and Purpose

Provide a description of the business reason for the project, the purpose of the project and opportunity being exploited.

The urgency of go-to-market application development over the past few years has resulted in the failure of applications to
pass security and compliance controls. Although the findings are not critical in nature, there are needs to address and
resolve these issues for improved security and compliance. The continued non-compliance may result in our company
losing government business opportunities in the future.

Executive Summary
This section describes the approach the project will use to address the business problem(s). This includes what the project
will consist of, a general description of how it will be executed and the purpose of it.

The project will address these findings and ensure the applications adhere to the security policies and pass the compliance
audits. The solution approach consists of three parts: (1) improve the application development standards, (2) enforce strict
governance for application development and deployment and (3) integrate security and compliance checks as a
requirement in the stage gate approval process.

Scope Statement
Include the scope of the project.

1. Detail the compliance audit findings.

2. Review and update the application development standards.
3. Review and update the application development and deployment governance process.

Project Goals, Objectives and Benefits

Describe the desired/expected outcomes, positive results, benefits, efficiencies and cost savings of implementing this
project/program in measurable terms if possible.

Business Goal/Objective Description/Measurement

Address compliance audit issues Applications are compliant with the regulatory policies.
Enhanced application development Deployed applications are security aware and compliant with known policies.
Enhanced application governance By shifting compliance, issues are addressed as part of the development process
rather than after the fact.

Strategic Alignment/Critical Reason

Does the project align with any strategies, a mandate or a directive? Or will it add a cost-effective/time-effective efficiency?

Must Do = Requirement must be completed in a specific time frame

Should Do = Requirement will need to be completed, but time frame is not urgent yet

Reason Must Do Should Do Would Like to Do

Strategy
Mandate Applications should be
compliant with the
regulatory policies.
Directive Implement stricter
 application
governance.
Efficiency Create training and awareness
programs.

Compliance
Some projects do not align with a strategic plan but may be needed to be technically compliant. Link to the agency or
vendor that is requiring the compliance and how the project will address this. Example: Microsoft software/operating
systems reaching end of life and no longer supported.

Agency/Vendor Compliance Details

U.S. Government NIST 800-SP-171 Security controls and baseline for software applications

Mandate
Some projects do not align with a strategic plan but may be mandated for legal reasons. Link to the law/ruling and not the
details of how this project will comply with the mandate.

Law/Ruling Mandate Details

U.S. Government NIST-800-53 Mandated security controls and baseline for doing business with federal agencies

Directive
A directive is a command from upper management to implement a project. Provide the name of the the manager making
the directive and the details of his or her directive.

Management Directive Details

Software applications and products are Executive leadership mandated necessary and sufficient controls for applications
security compliant. and products across the enterprise.

Efficiency
How will the project improve efficiency? Are any other factors driving the need for more efficiency?
Issue Being Corrected Efficiency Gained (Details)
IT application compliance Decrease/meet minimum audit findings for compliance

Alternative Analysis
All business problems may be addressed by any number of alternative projects. While the business case is the result of
having selected one such option, a brief summary of considered alternatives should also be included—one of which should
be the status quo or doing nothing. The reasons for not selecting the alternatives should also be included. Include a
proposed solution as the first alternative and the baseline/status quo/as is as the second alternative.

Proposed Solution Reason for Selecting

Obscure the data Least expensive and technically implementable (technical control/solution)
Alternative Option Reason for Not Selecting
Masking Costly and requires masking and unmasking process/algorithm
Alternative Option Reason for Not Selecting
Encryption Very expensive and dependent on third-party tools
 Cost-Benefit Analysis

Total Cost of Ownership

Indicate resources needed, such as hardware and software that may be required to complete this project. Include cost
estimate for each item as applicable. Include the hardware, software, implementation, training, maintenance and DR cost
for five years.

Year 1 Year 2 Year 3 Year 4 Year 5 Total

Hardware/Infrastructure Costs N/A N/A N/A N/A N/A N/A

Software Costs N/A N/A N/A N/A N/A N/A

Operations Costs $300,000 $300,000 $300,000 $300,000 $300,000 $1,500,000

Implementation Costs $100,000 N/A N/A N/A N/A $100,000

Maintenance Costs $50,000 $50,000 $50,000 $50,000 $50,000 $250,000

Cost-Benefit Analysis

Year 1 Year 2 Year 3 Year 4 Year 5 Total

$480,000 $480,000 $480,000 $480,000 $480,000 $2,400,000
Staff Time Saved
Costs Avoidance N/A N/A N/A N/A N/A N/A
Increased Revenue N/A N/A N/A N/A N/A N/A

Financial Benefits N/A N/A N/A N/A N/A N/A

Return on Investment

Total Cost of Ownership $1,850,000

Cost Benefits $2,400,000

ROI: (benefit-cost)/cost 30%

Developed by PMIstandards+ with contributions from Dinah Young, PMP, and Bhanu Viswanadha, PMI-ACP, PMP. ©PROJECT
MANAGEMENT INSTITUTE, INC.