I'm writing a business case memo to replace most of the cameras in both of my buildings. They are all 10 years old. They mostly work ok, very few issues. But the way I see it, replacing them all now in a planned way will prevent them all crapping the bed in rapid succession when they do start failing. That is one business case. Secondly, going from mjpeg to h.264 decreases storage and bandwidth resources. Thirdly, the image quality of cameras today compared with 10 years ago is much better, along with other features, analytics, and compatibilities for convergence with other physical security systems. This is a data center and office space environment.
What about audit compliance? Doesn't SOC and/or SOX and/or PCI require some sort of ongoing due dilligence to keep your surveillance systems up to date and spiffy? My buildings are audited for those things, although I'm not involved in that process. If so... that's really all I would need. A one sentence business case.