How to Choose ERM and GRC Software: SaaS vs On-Premise?

Steven Minsky | Jan. 13, 2015

One of the most frequently cited differences between Software-as-a-Service (SaaS) and On-Premise installations is the degree of flexibility between each type of solution. With SaaS solutions on the rise for GRC reporting and Risk Management Software, more and more organizations are realizing that everything they thought they understood about the differences between SaaS and On-Premise is wrong. So what can we learn from their mistakes?

A Conflict of Interest

On-Premise vendors make about 50% of their revenue from professional services. Your company pays for unique code to develop a platform that will work for you, but that unique code introduces a huge burden on your program.

When new practices are introduced, the vendor has to come back for more custom code, and – here’s the key – they have to do that for every customer just like you. Costs are exacerbated by the need to test any changes against previous customizations for backwards compatibility. Why would an On-Premise solution develop a flexible platform when it’s in their own self-interest to develop highly customized (e.g. costly) systems? These costs are passed along to customers in the form of professional services, and that lose-lose proposition is driving customers to SaaS solution.

Professional Services vs Self-Service

Contrast that with SaaS vendors. True SaaS vendors are supporting what amounts to one configurable product, and their customers are typically paying a quarterly subscription. With customers never locked in longer than the next 90 days, and without professional services or customization fees as a revenue stream, SaaS vendors must focus on ease-of-use, and end-user configurability. Without this focus on customer satisfaction, customers will have no incentive to continue their subscriptions.

The alignment of vendor and customer priorities produces three critical advantages for SaaS customers:

  • A more flexible, easy-to-use platform that doesn’t require customization through professional services.
  • Cost savings for the customer and a more transparent fee structure.
  • A platform that never becomes obsolete, and updates frequently to accommodate industry trends.

Flexibility: Perception vs Reality

The perception of SaaS systems is that while they’re faster to implement and more cost effective, they are not flexible enough to accommodate organizations with complex business process structures or unique requirements.

That’s a common refrain reiterated by traditional, hosted solutions, who frame the customization as a characterization of their solution by saying, “It’s not complicated, it’s robust.”

The reality is that by demanding professional services to meet unique requirements, the customer is actually losing flexibility. Think back three years ago. How many times has your specific department changed its way of operating? None at all? Congratulations on working in Print Journalism!

Every organization has constant change. On-Premise solutions capitalize on this change by requiring professional services, but these changes take months, even years to implement. These configurations also cost money, so you’ll need a change order and some level of management approval to get what you need.

SaaS solutions are afforded no such luxury. For SaaS vendors, changing business processes are not drivers of revenue, flexibility is what drives new revenue. The ability for customers to easily and efficiently configure the solution themselves to meet new requirements allows a SaaS vendor to make existing customers happy, and meet the needs of a business environment ripe with change.

So, which five questions should you ask customer references when evaluating a software?

1) How much has your organization paid in professional services to your GRC vendor?
2) How long did it take from contract signing to your 1st day of actually using the software in your job?
3) How long did it take to make a change in your configuration?
4) How often are feature enhancement releases made to the core software?
5) How many users have actually logged in at least once in the past year?

LogicManager ERM Consulting Provided By Advisory Analysts

Take on SaaS

Hear how our customers are using our SaaS solution to improve their risk program here!

2018-03-05T13:18:54+00:00

About the Author:

Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky