An interesting post for anyone talking internally with their team on building a homegrown solution versus purchasing a solution to streamline Third-Party Risk Management. Of course, it's written from the perspective of a software vendor (that's what we do) but the benefits of having a voice in the discussion of what goes into the next generation of a product as a customer in a community of like-minded individuals or knowing that multiple times a year new features will be added can influence this debate significantly.
In a prior role at another software company, I was the business owner for a "Customer Reference" solution built by my internal team adding on to Salesforce. The first version of the tool was great, but when I needed changes, I was put into a queue... that also included customer wants. Of course, rightly so, the customer's requests came first. After a year, V2 of my tool was still on the list... somewhere.
If these discussions are happening in your risk program, read "RISK & COMPLIANCE – THE BUILD VERSUS BUY DEBATE" and let me know what you think? Does your IT department believe they can solve the issue? Have you managed a homegrown solution before with success? What other pluses and minuses have you seen?