A Few Tips on Writing Winning Letter Proposals

Previous page
Table of content
Next page


Here are a few suggestions to improve the effectiveness of your letter proposals:

  1. Don't let the tone become too stuffy. For some reason, people lapse into a pompous tone when writing business letters and proposals. You'll sound more sincere, maintain a level of rapport, and produce more readable proposals if you simplify the tone. Avoid long sentences and inflated language. Use the customer's name throughout the letter. Refer to the customer as "you," not "it" or "they."

  2. Similarly, don't let your legal department include language that will alarm or offend your customer. The corporate attorneys have the mission of keeping your company out of trouble. Unfortunately, that sometimes leads them to do things that violate common sense. For example, I have seen letter proposals (and cover letters for formal proposals) that included paragraphs saying, "Nothing in this proposal should be construed as a binding promise to deliver nor a commitment to any particular schedule or pricing, until such time as customer has executed a purchase order and/or agreed in writing to contractual terms." What an exercise in dissembling! If you read that, would you want to bother reading the rest of the proposal? No, me neither. You can find a positive way to make that kind of statement or can include it as a separate attachment of terms and conditions, but putting it on the first page of your letter proposal is a bad tactical mistake.

  3. Avoid the clich s of business writing. Avoid the hackneyed openings and closing that your reader has probably seen a hundred times before. In particular, avoid clich d openings such as, "I would like to take this opportunity to thank you for considering the enclosed proposal ... blah, blah, blah." Other clich openings that need to be retired:

    • "Pursuant to your request, we are submitting our recommendation ..."

    • "Attached please find ..."

      Get to the point.

  4. Use a strong close. Avoid the clich d, all-purpose closing that everybody uses: "If you have any questions, please feel free to call." That's been done to death. So bury it. Don't ever use it again. I know it's easy, and I know everyone does it, but think about what it says: Basically, it tells the reader, "Look, I know I don't write very well. I always confuse people. So if I've confused you, don't worry about it. Give me a call and together we'll figure out what I was trying to say." Also, notice that if you use that closing, you have turned over control of the sales process to the customer. Your job is to sit by the phone and wait until the customer comes up with a question. What a lousy way to end your proposal!

    To close effectively, ask for the business. Set a date when you will contact the customer to discuss next steps, or express eagerness to win the contract and deliver the solution. Return to your primary value proposition: financial gain, improved quality, infrastructure improvements, risk avoidance, competitive advantage, or whatever you have chosen. Tell the reader what he or she must do to gain this advantage. Return to the benefits of taking action. And make the action something that's easy to do—the easier the better.

    Finally, close with confidence. Avoid expressions like "I hope that" and "If it would be all right." When you have said what you wanted to say and have asked the customer for appropriate action—stop. Figure 11-1 shows a sample letter proposal.

    start figure

    [Date]

    Ms. Jane Woods
    Sr. Vice President
    Information Systems
    Diston Drugs Corporation
    8333 Dairy Creek Road
    San Francisco, CA 94133

    Dear Ms. Woods,

    Thank you for meeting with us and helping us understand the Diston Corporation security infrastructure in greater depth. Based on our meetings with you and your staff, we propose to conduct a security review of your environment, develop IS security checklists, and develop an overall information security plan. Our approach is based on our understanding of your needs and on Waugh Security's experience with similar clients in the retail industry. As you requested, we have made the project's scope and pricing scalable.

    Understanding Your Security Needs

    Because of numerous mergers and consolidations during the past three years, Diston's environment has become complex to manage. Although this has affected every aspect of the firm's operations, from corporate headquarters down to the store level, one of the most challenging areas has been information security:

    • Because you have inherited a variety of legacy systems, Diston is currently utilizing a variety of computing platforms, including DEC, HP, IBM, and Tandem, and a variety of operating systems, including Netware, UNIX, and VM.

    • In addition, the corporation communicates through an extensive network which includes external connections to wide area networks, virtual private networks, and the Internet.

    • Departments throughout the corporation, regional offices, and retail outlets in widely dispersed locations currently all have different security policies, different procedures for managing each system, and different understandings of security requirements across the business units.

    Key Goals and Objectives

    Your goal is to standardize security within the corporation and to develop a program that will give you more proactive control of your systems and operating environments. In addition, you want to establish a blueprint for a security organization that will keep the corporation's systems as secure as possible and to develop plans for anticipating future security requirements. A related goal is to make sure your overall security environment remains current as requirements evolve.

    Based on the figures you provided us and on information obtained from previous security assessments we have conducted, we estimate that Diston will see cost savings from increased efficiency of more than $500,000 a year. More significantly, through threat reduction and enhanced security procedures, the company will avoid information losses valued at more than $2 million annually and will reduce fraud by an expected 35 percent. These figures are based on estimates derived from experience with other firms in the retail space. We will calculate actual risk avoidance values for Diston Drugs as part of our deliverables.

    From an execution standpoint, the key objectives of this project are to:

    • Conduct a comprehensive security review of your environment

    • Develop checklists to ensure consistent application of security procedures

    • Develop a plan for implementing recommendations resulting from the review

    Project Scope and Deliverables

    Diston relies on the availability and integrity of your business application systems and network to operate more than five hundred retail outlets throughout North America. Proper measures must be taken to protect the sensitive information that is passed from these systems throughout the Diston network. Waugh Security will help Diston identify risks in the environment and then recommend controls to mitigate these security exposures.

    The project will include the following activities:

    1. Conduct a Security Review. This review will include an assessment of:

      • Security processes (e.g., auditing, event escalation, user administration, etc.)

      • UNIX and Novell server operating systems

      • Windows and NT workstations

      • Network security provisions

        • dial-up security

        • routers, intelligent hubs

        • security of network management and network monitoring systems

        • external connection security

      To complete this review, Waugh Security will utilize automated security assessment tools, including special tools for NT and UNIX. Due to the short project time frame, we will not assess each system in the environment, but will look at a representative sample of high-priority systems. This will include five UNIX systems at headquarters and five Novell file servers. We will also assess points of entry into the network, including dial-up and external connections. These entry points exist at headquarters, stores, and the data center. Interviews, documentation reviews, and on-site tours will be critical to the security review. Areas that are out-of-scope of this review include the Lexington mainframe operating system, the Internet connection via QwikLink, application security controls, and the operating system of the in-store processor systems.

      At the conclusion of this review, Waugh Security will provide Diston with a report detailing security strengths and weaknesses. This report will also prioritize recommendations for improving security, and will quantify to the extent possible the risks associated with not implementing the recommendations.

    2. Create a Data Inventory. We will conduct a high-level inventory of the types of data in the Diston network and will document the current controls and risks for each data type. This inventory will help spot areas of weakness, where additional controls are necessary to protect sensitive data.

    3. Analyze Roles and Responsibilities Within the Security Organization. As Diston begins to formalize a security organization, the entire corporation needs to understand the roles within the security organization and each member's responsibilities. This analysis will serve as a blueprint for building the security organization and assuring its effective integration into the corporation structure as a whole. We will also include a job description for an Information Security Officer, which will help ensure that you hire an individual with the correct skills.

    4. Develop Checklists of Best Practice in Security Procedures. Waugh Security will develop security checklists for Diston covering the following areas:

      • Novell Netware

      • UNIX

      • External access (firewalls, gateways, dial-up, etc.)

      • Network (routers, network administration, encryption, etc.)

      • PCs (Windows 3.1 and NT)

      • System audits

      • Virus control

      • Security provisions appropriate for generic applications

      The Diston IS team can then tailor these checklists further to bring common controls to the entire Diston environment.

    Deliverables for this project will include:

    • High-level data inventory detailing controls and risks

    • A report itemizing current security strengths and weaknesses

    • Recommendations for mitigating current weaknesses and a quantification of the risks of not taking action

    • A cost/benefit matrix for implementing the security recommendations and identifying key tasks, benefits, and representative implementation costs

    • Recommendations for establishing the Security Organization with an analysis of roles and responsibilities

    • Security checklists for your major systems, including Novell Netware, UNIX, external access, network, PCs, system audit, virus control, application security

    • A presentation to Diston management of our findings and recommendations

    • Project working papers

    Project Methodology, Staffing and Schedule

    • Methodology. Waugh Security has developed a unique methodology for managing security reviews. This methodology, which we call Professional Review of Information Security Matters (PRISM), has been recognized by independent, third-party evaluators as the most effective process of its kind in the industry. The advantage to Diston of the PRISM methodology is that it will save you time and money while assuring you of a thorough review and complete set of actionable recommendations.

      Our process will begin with an assessment of Diston's current procedures and security gaps. During this phase we will interview key personnel, review current security documentation, conduct onsite assessments at headquarters and key retail stores, and use automated security assessment tools to probe the Diston environment. From this assessment, Waugh Security will document the strengths and weaknesses in each area we assess. We will then develop recommendations to improve security controls and will quantify the risks associated with not acting on the recommendations.

    • Staffing. To complete this project in the timeframe you indicated was necessary (i.e., before June 1), we will assign a three-person core project team. In addition, we will need the full-time participation of Charles Vincent, Diston IS quality assurance manager.

      The Waugh team will be led by Richard Hsiung. Dr. Hsiung will participate on a part-time basis, providing technology oversight. Dr. Hsiung is the senior manager of Waugh Security's Infrastructure Assessment Group (IAG). He has more than twenty years' experience in developing systems solutions to real-world problems. In particular, he is recognized as an expert on information security and authentication issues and was a senior member of the U.S. government's task force on Public Key Infrastructure issues for corporate security.

      H. William Jones will serve as project manager. He will provide the day-to-day supervision of the Diston security assessment project. Mr. Jones has extensive experience in strategic planning of information management systems for retail and manufacturing environments. He most recently had the lead role in developing e-commerce strategies for one of Waugh Security's largest retail clients, Heartland Clothing Inc. We have attached a case study reviewing this project.

      Clark Johnson will complete the Waugh Security team. Mr. Johnson will oversee assessment activities, will gather data from the automated tools, and will conduct interviews with Diston managers and employees. Mr. Johnson is an IAG technology specialist with more than five years' experience in using security assessment tools and conducting assessment activities.

      In addition to Mr. Vincent, other Diston personnel will be required to participate in this project as described in the attached description of project assumptions. Given the short timeframe of this project, timely participation of Diston personnel will be critical to its success.

    • Schedule. Based on the scope, approach, and staffing described above, as well as the attached Project Assumptions document, we estimate this project will require five weeks to complete. We are prepared to begin on April 13 and to complete the work no later than May 23. The chart below outlines the project phases and work. We have attached a project plan that describes the phases, tasks, and resources for this project in more detail.

    We propose the following project timeline:

    click to expand

    Estimated Project Fees and Expenses

    We estimate our professional fees will be $182,000. Travel and living expenses and appropriate out-of-pocket expenses will be additional. Based on our preliminary estimate of cost savings from enhanced efficiency, this project will pay for itself within the first six months. If you factor in risk minimization and avoidance of loss, the payback is even faster.

    We will submit an invoice to you at the end of each month for fees and expenses incurred during that month. If circumstances suggest that the scope of our work will change from what we have described in this letter, we will obtain your written approval prior to incurring fees in excess of those noted above.

    I will call you on Wednesday, March 28, to discuss the next steps. We look forward to working with you to create a more secure environment at Diston Drugs and to preserve the information assets that are such a vital part of the corporation's capital.

    Very truly yours,

    Jeffrey Christiansen

    Vice President

    Waugh Security

    Attachments:

    1. Project assumptions

    2. Project plan and GANTT chart

    3. Case study: Assessment of Information Security Vulnerabilities for Heartland Clothing

    4. Waugh Security standard business terms

    end figure

    Figure 11-1: Sample Letter Proposal.



Previous page
Table of content
Next page
Persuasive Business Proposals. Writing to Win More Customers, Clients, and Contracts
Persuasive Business Proposals: Writing to Win More Customers, Clients, and Contracts
ISBN: 0814471536
EAN: 2147483647
Year: 2004
Pages: 130
Authors: Tom Sant
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Information Dashboard Design: The Effective Visual Communication of Data
Special Edition Using Crystal Reports 10
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy