Key Assumptions and Analysis Issues

A clear statement of the assumed values of key sets of parameters underlying the analysis is vital to understanding how the analysis was conducted. Documenting the assumptions and the rationale behind the setting of the assumed values of these key sets of parameters is necessary to ensure that: (1) all costs are discounted to an equivalent time basis for purpose of comparison; and (2) readers can follow the flow of the analysis, gain insights useful for their own applications, and reproduce our results.

Finally, there is the “analysis issue” concerned with the treatment of uncertainty. This analysis issue provides the necessary “direct” linkage between the baseline analysis and the sensitivity analysis. It is crucial in measuring how variations about the baseline input values affect the economic outcome measures. Dealing with uncertainty is the core concept in structuring the sensitivity analysis.

3.3.1 Key Assumptions

The assumptions covered in this section focus on the setting of the assumed values of the following key sets of parameters: (1) the base year; (2) the starting and ending points in the study period; and (3) the discount rate. The base year establishes the anchor point for all cost calculations. The starting and ending points in the study period define both the scope of the study period—those years over which costs are tabulated—and the length of the study period—a key parameter in the AIRR calculation. Because cash flows are distributed throughout the study period, the choice of the discount rate is of central importance to the analysis.

32

A risk mitigation plan is usually composed of a combination of mitigation strategies. A well-chosen combination of mitigation strategies enables them to complement and reinforce each other, producing a more robust risk mitigation plan. The use of both engineering alternatives (e.g., strengthening portions of the exterior envelope) and management practices (e.g., limiting vehicle access to the site) in the data center renovation is an example of such a combination. Engineering alternatives and management practices differ in two key ways. First, engineering alternatives, once put in place, can be expected to remain in place for an extended period of time. Engineering alternatives are thus long-term investments. Second, management practices can be varied over the project life cycle. Management practices are thus capable of responding to changing conditions, giving them more of a short-term investment perspective.

The base year for computing life-cycle costs is 2003. There are two reasons why 2003 was selected as the base year.

(1) 2003 reflects heightened awareness to security-related problems. Since the September 11th attacks, a number of efforts have been launched to strengthen the nation’s defenses against future terrorist attacks.33

(2) 2003 is a year for which construction industry cost data are available. The use of historic/industry cost data is desirable because this study employs constant dollar estimates for all costs.

The study period begins in 2003 and ends in 2027. Thus, the length of the study period is 25 years. A study period of 25 years is often used in both private sector and public sector life-cycle cost analyses. Any costs that occur after 2027 are not included. Two factors were instrumental in determining the beginning and end of the study period.

(1) The study period begins in 2003, since it reflects both heightened awareness to security-related issues and is grounded in the present.

(2) The end of the study period is 2027. By 2027, we can expect significant and fundamental changes in our nation’s response to threats from terrorism.

The baseline analysis uses a real discount rate of 4 % to convert dollar amounts to present values. A 4 % real discount rate is used because it is appropriate for both private sector and public sector security-related investments.

The discount rate also figures prominently in the sensitivity analysis. Generally, both private sector and public sector investment decisions benefit from a critical analysis of the impact of changing the discount rate on project outcomes. For public sector projects, OMB recommends that separate analyses be used to evaluate the sensitivity of key economic measures to variations in the discount rate.34 The sensitivity analysis presented in Chapter 5 evaluates the implications of raising the discount rate to 8 % or lowering the discount rate to 0 %. The 0 % to 8 % range of values for the real discount rate was chosen to bracket the historical values of real Treasury interest rates. These rates are periodically updated by OMB and published in Appendix C of OMB Circular A-94; they apply to government lease-purchase and cost-effectiveness analyses. All values of the discount rate used in this report are real rates, since constant dollar estimates of costs are used.

33

Interested readers are referred to the report on critical infrastructures (Executive Office of the President. 2003. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. Washington, DC: The White House.) and the Committee on Science and Technology for Countering Terrorism report (National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press.) for recommendations on how to strengthen the nation’s defenses against future terrorist attacks.

34

Executive Office of the President. 1992. OMB Circular A-94. Washington, DC: Office of Management and Budget.

3.3.2 Analysis Issues

Two types of analyses are employed to evaluate the merits of the Proposed Alternative vis-à-vis the Base Case. First, a baseline analysis is performed in which all values are fixed. Second, a sensitivity analysis is performed in which a number of variables are allowed to vary in combination according to an experimental design.

The two generic types of analysis are designed to complement and reinforce each other. The baseline analysis serves as a reference point for the sensitivity analysis. The sensitivity analysis uses the same data and assumptions as the baseline analysis for its starting point.

A goal of this case study is to illustrate how to combine the results of the two generic types of analysis to provide decision makers with the basis for generating a risk mitigation plan that responds to the potential for future cyber and CBRE attacks in a financially responsible manner. Creating a risk mitigation plan involves choices among investment alternatives. An investment alternative is comprised of a combination of any number of engineering alternatives, management practices, and financial mechanisms. Each investment alternative has a well-defined set of costs associated with it which must be estimated, discounted to a present value, and evaluated. The baseline analysis establishes the frame of reference for the economic evaluation by rank ordering the investment alternatives from lowest life-cycle cost to highest life-cycle cost. The investment alternative with the lowest life-cycle cost is the most cost-effective alternative. The sensitivity analysis provides the means for evaluating financial risks associated with a wide variety of project-related costs. The sensitivity analysis enables the decision maker to evaluate the conditions under which other investment alternatives might result in lower life-cycle costs vis-à-vis the “most cost-effective alternative” identified in the baseline analysis. Together the baseline analysis and the sensitivity analysis provide the necessary insights to produce the risk mitigation plan.

4 Baseline Analysis

The baseline analysis presented in this chapter is the reference point from which the Base Case is compared with the Proposed Alternative. The chapter begins with a description of the cost items entering into the analysis. Information is presented on renovation costs, service life estimates, and estimates of operations, maintenance, and repair expenditures. Attack scenarios are also presented. These scenarios include probabilities of each attack outcome and its associated costs. Emphasis is then shifted to how the cost items are modeled and analyzed via the cost-accounting framework. Summary information is then presented to demonstrate how life-cycle cost analysis facilitates the identification of a cost-effective risk mitigation plan. Life-cycle cost information is supplemented with additional economic measures to demonstrate new insights provided by these measures. The chapter concludes with a discussion of how the baseline analysis links to the software product.