Take the Risk out of ERM and GRC Software

Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data “in the cloud” (a myth we explore below), and fall victim to the common misconception that on-premise solutions provide greater flexibility due to the professional services and customizations marketed by those vendors.


Redefining Flexibility

Often, companies misinterpret flexibility as the ability to heavily customize a system’s back end with professional services, and subsequently compound this mistake by underestimating the cost, complexity, and time associated with those changes. Real GRC software flexibility, the kind that saves money and provides efficiency, evolves with industry practices while empowering the user to define fields, processes, and workflows so that the program can keep up with their business.

SaaS ERM and GRC software providers do not charge professional service fees for configuration, customizations, or installation. In fact, if you come across a vendor that charges these fees on an hourly or ongoing basis, it’s a good indication that what you’re buying isn’t true SaaS. Rather, it’s all the disadvantages of a traditional on-premise solution with none of the benefits, and it’s in a data center that you don’t own!

Aligning Incentives

Professional service fees work twofold against the customer. First, they require a large investment to get the product to a point where it’s usable by your employees, which takes at least a year and often more. Second, because these fees offer a huge revenue stream for the vendor, the vendor has no incentive to improve their base product or provide better customer services.

Furthermore, because most of these vendors get nearly all of their revenue upfront from the customer, there is no incentive to provide great customer service. They already have your money, and outside of the small maintenance fees, they often won’t receive more of it unless you require additional professional services.

Worst of all, offering these types of implementations for an entire customer base diverts resources away from the vendor’s ability to innovate and respond to customer needs, and to testing compatibility and an increased cost of ownership. This is why implementation timelines are more than one year for traditional on-premise and hosted solutions, verses the typical 90 day time to value for SaaS offerings.

SaaS vendor business models require vendors to be accountable to their customers over the lifetime of their agreement. SaaS GRC software is subscribed to on a yearly or quarterly basis, so the vendor is only as good as their last 90 days. This subscription model motivates vendors to continue improving their product and respond to customer needs. If for some reason the software or service lags, the customer has few barriers to exit. Hint: if your vendor won’t offer an unconditional satisfaction guarantee, you are not getting a SaaS solution.

Ask these 5 Questions of Customer References when Evaluating an ERM or GRC Software:

1) How much has your organization paid in professional services to your GRC vendor?
2) How long did it take from contract signing to your 1st day of actually using the software in your job?
3) How much internal IT time was needed, and how long did it take to make a change in your configuration?
4) How often are your feature enhancement requests adopted into the core software without any cost to your organization?
5) How many users have actually logged into the system at least once in the past year?


LogicManager has led the Software-as-a-Service ERM and GRC software market since 2007. To learn more about the flexibility and true cost of ownership of real SaaS versus hosted and on-premise ERM and GRC solutions, get a detailed definition or read this detailed SaaS comparison.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!