Kahn, Randolph A. Measure the Total Cost of Failure. Transform. Nov. 2004.

This is an outstanding article, well worth a read. The concept of measuring the Total Cost of Failure is a very suitable way of approaching compliance-related initiatives. Deciding whether to address compliance-related issues and deploy related technologies along with appropriate procedures and policies in an effort to mitigate risk talks to much, much more than traditional ROI and TCO models address. I'd go as far as saying this is a "must read" from a compliance perspective.