Take the Risk out of ERM and GRC Software
Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data “in the cloud” (a myth we explore below), and fall victim to the common misconception that on-premise GRC tools provide greater flexibility due to the professional services and customizations marketed by those vendors.
Often, companies misinterpret flexibility as the ability to heavily customize a system’s back end with professional services, and subsequently compound this mistake by underestimating the cost, complexity, and time associated with those changes. Real GRC software flexibility, the kind that saves money and provides efficiency, evolves with industry practices while empowering the user to define fields, processes, and workflows so that the program can keep up with their business. Furthermore, software that can produce any necessary GRC report and has customizable GRC dashboards can help your organization achieve future goals.
SaaS ERM and GRC software providers do not charge professional service fees for configuration, customizations, or installation. In fact, if you come across a vendor that charges these fees on an hourly or ongoing basis, it’s a good indication that what you’re buying isn’t true SaaS. Rather, it’s all the disadvantages of a traditional on-premise solution with none of the benefits, and it’s in a data center that you don’t own!
Professional service fees work twofold against the customer. First, they require a large investment to get the product to a point where it’s usable by your employees, which takes at least a year and often more. Second, because these fees offer a huge revenue stream for the vendor, the vendor has no incentive to improve their base product or provide better customer services.
Furthermore, because most of these vendors get nearly all of their revenue upfront from the customer, there is no incentive to provide great customer service. They already have your money, and outside of the small maintenance fees, they often won’t receive more of it unless you require additional professional services.
Worst of all, offering these types of implementations for an entire customer base diverts resources away from the vendor’s ability to innovate and respond to customer needs, and to testing compatibility and an increased cost of ownership. This is why implementation timelines are more than one year for traditional on-premise and hosted solutions, verses the typical 90 day time to value for SaaS offerings.
SaaS vendor business models require vendors to be accountable to their customers over the lifetime of their agreement. SaaS GRC analysis software is subscribed to on a yearly or quarterly basis, so the vendor is only as good as their last 90 days. This subscription model motivates vendors to continue improving their product and respond to customer needs. If for some reason the software or service lags, the customer has few barriers to exit. Hint: if your vendor won’t offer an unconditional satisfaction guarantee, you are not getting a SaaS solution.
Ask these 5 Questions of Customer References when Evaluating an ERM or GRC Software:
1) How much has your organization paid in professional services to your GRC vendor?
2) How long did it take from contract signing to your 1st day of actually using the software in your job?
3) How much internal IT time was needed, and how long did it take to make a change in your configuration?
4) How often are your feature enhancement requests adopted into the core software without any cost to your organization?
5) How many users have actually logged into the system at least once in the past year?