Conservative estimates of governance, risk and compliance software implementations place the cost at either $200,000 or 50% of total licensing costs, whichever is greater. Even when initial costs are low, many vendors make up for apparent price reductions with professional services, or customizations, required to make the product work. Professional services are so ingrained in the software landscape that many organizations now consider them a necessary evil if they are to reap the benefits of GRC.
But you shouldn’t be paying for them.
Professional services are the number-one reason prospective customers tell us they’re unhappy with their current vendor, and are a huge contributing factor to awful customer satisfaction scores in recent studies of top GRC vendors.
Moreover, professional services put the onus for success on the customer. Can’t figure out how to run a report? Don’t worry; for $20,000, the vendor will generate it for you. Need to make changes to the workflow you first designed upon implementation? That’s not a problem – all it will cost is money.
Worse than the hidden fees vendors build into their business models is the effect professional services have on the products themselves. By charging for professional services, the vendor creates a revenue stream that typically accounts for 50% of its annual revenue. Naturally, this discourages ease-of-use improvements. There’s no incentive to make reports easy to generate, or workflows easy to edit, if the vendor can charge you for those customizations.
This inherent flaw with professional services affects the top criteria that businesses outline when selecting their GRC solutions:
- Ease of use
Why do so many companies, as evidenced by the bleak customer satisfaction rates for top GRC vendors, continue to make this mistake?
First, many organizations don’t realize there are alternatives. True software-as-a-service (SaaS) vendors will never charge professional services. Customizations aren’t a source of revenue for SaaS GRC vendors, so the incentive is to make a flexible, easy-to-use product that can be configured by a single business administrator rather than a team of IT professionals.
Second, GRC vendors have created an awfully confusing market for buyers. Terms like SaaS, Hosted, and On-Premise are easily confused, as are the benefits associated with each. The solution to finding the right service is to ask if the vendor will charge for professional services. If the answer is yes, you’re not subscribing to a true SaaS product. You are, however, subscribing to annual professional-service costs that are both large and hidden!
Third, “professional services” means unique, custom code for every customer. That slows down innovation, since each release needs to be tested against all existing professional-service work. Upgrades take 6 months to implement, and vendors’ development budgets support multiple old versions of the product rather than future innovations.
These costs, of course, get passed back down to the customer in the form of professional-service fees! It’s a vicious circle that can only be fixed by selecting a true SaaS vendor. Simple SaaS doesn’t charge extra fees, whether for professional services, reporting, or anything else. Period.
It’s that simple. Buyer beware.
Some organizations can afford the time and money necessary to make GRC tools a palatable investment (even with costly professional services), but those companies tend to look more like the Bank of America’s of the world than they do the Fortune 5 million. For most of us, it doesn’t make sense to pay a dime for professional services.
Professional services ruin budgets. Once the non-SaaS product is in place, it needs to evolve; that’s when hidden fees appear. They discourage enhancements that would make the product flexible and easy to use. They generate revenue for the vendor, but from services that should be complimentary with any solution. Only true SaaS vendors will readily give a money-back satisfaction guarantee, with no additional fees of any kind.