We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Why SaaS ERM and GRC Vendors make Better Strategic Partners

Vote 0 Votes

Take the Risk out of ERM and GRC Software

Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data "in the cloud" (a myth we explore below), and fall victim to the common misconception that on-premise solutions provide greater flexibility due to the professional services and customizations marketed by those vendors.

Redefining Flexibility

why SaaS ERM and GRC software vendors make better strategic partners

Often, companies misinterpret flexibility as the ability to heavily customize a system's back end with professional services, and subsequently compound this mistake by underestimating the cost, complexity, and time associated with those changes. Real GRC software flexibility, the kind that saves money and provides efficiency, evolves with industry practices while empowering the user to define fields, processes, and workflows so that the program can keep up with their business.

SaaS ERM and GRC software providers do not charge professional service fees for configuration, customizations, or installation. In fact, if you come across a vendor that charges these fees on an hourly or ongoing basis, it's a good indication that what you're buying isn't true SaaS. Rather, it's all the disadvantages of a traditional on-premise solution with none of the benefits, and it's in a data center that you don't own!

Aligning Incentives

Professional service fees work twofold against the customer. First, they require a large investment to get the product to a point where it's usable by your employees, which takes at least a year and often more. Second, because these fees offer a huge revenue stream for the vendor, the vendor has no incentive to improve their base product or provide better customer services.

Furthermore, because most of these vendors get nearly all of their revenue upfront from the customer, there is no incentive to provide great customer service. They already have your money, and outside of the small maintenance fees, they often won't receive more of it unless you require additional professional services.

Worst of all, offering these types of implementations for an entire customer base diverts resources away from the vendor's ability to innovate and respond to customer needs, and to testing compatibility and an increased cost of ownership. This is why implementation timelines are more than one year for traditional on-premise and hosted solutions, verses the typical 90 day time to value for SaaS offerings.

SaaS vendor business models require vendors to be accountable to their customers over the lifetime of their agreement. SaaS GRC software is subscribed to on a yearly or quarterly basis, so the vendor is only as good as their last 90 days. This subscription model motivates vendors to continue improving their product and respond to customer needs. If for some reason the software or service lags, the customer has few barriers to exit. Hint: if your vendor won't offer an unconditional satisfaction guarantee, you are not getting a SaaS solution.

Ask these 5 Questions of Customer References when Evaluating an ERM or GRC Software:

1) How much has your organization paid in professional services to your GRC vendor?
2) How long did it take from contract signing to your 1st day of actually using the software in your job?
3) How much internal IT time was needed, and how long did it take to make a change in your configuration?
4) How often are your feature enhancement requests adopted into the core software without any cost to your organization?
5) How many users have actually logged into the system at least once in the past year?


LogicManager has led the Software-as-a-Service ERM and GRC software market since 2007. To learn more about the flexibility and true cost of ownership of real SaaS versus hosted and on-premise ERM and GRC solutions, get a detailed definition or read this detailed SaaS comparison.


Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives