Credit: Shutterstock photoIn the introduction blog of this series, I went back in time to the origin of Governance, Risk and Compliance (GRC) software and its evolution. Read the blog post here.
In this post, I will dive deeper into the Best Practice Solution concept that can be a game changer in delivering successful projects.
Various software vendors have now embraced the best practice concept, but the scope of what is exactly meant by this concept varies in the market. So, let's first start with exploring why this concept is winning in popularity throughout the market and then explore how this concept can be best leveraged by various types of organizations.
The Traditional Waterfall Approach
The traditional way to implement software is the 'waterfall-based approach' based on requirements drafted by the buyer and functionality delivered by the vendor. These projects are lengthy and often perceived as complex with at best an average result but more often a disappointing result. Organizations combine the momentum of purchasing a new software solution with the opportunity to improve the process. The requirements are often a reflection of a current understanding of the process with some minor improvements. Throughout the project duration, the requirements often need to be revisited based on new insights, resulting in an inefficient process. The most common conclusion I have heard is that people 'don't know what they don't know'. Only when really working with the new software solution they see new, and often better, opportunities to optimize their process.
The Rapid Implementation Solutions
Vendors have recognized this issue and started to create out-of-the-box configurations which could be used as a baseline, a starting point, for the client specific configuration. Usually these configurations are adapted to specific needs of the clients. If these out-of-the-box configurations are combined with more modern implementation approaches like Agile or Rapid Implementation the project success is usually higher. With these approaches clients are able to evaluate the out-of-the-box functionalities and evaluate the suggested vendor processes in relation to their specific situation. This results in cheaper projects, quick measureable results and higher customer satisfaction.
The Best Practice Solution
Rapid Implementation works well for larger clients and enables project teams to accomplish quick results against lower costs, but it still requires insights in the 'to-be' and 'as-is' situation. In most cases, it still requires some consulting effort to make it work as well. Especially for clients who have a lessoned budget, the total cost of ownership can still be an issue. Usually these prospects chose a point solution as purchasing a GRC platform is not feasible from a budget point of view.
The best practice solution concept solves this dilemma. For the price of a point solution, including Nasdaq hosting, prospects can purchase a true GRC platform with the possibility to start with one GRC use-case and later extend with other Best Practice Solutions that can be used as point-solutions but also seamlessly integrate with existing solutions.
A Best Practice Solution is a, designed for a high level of security, hosted pre-configured solution, including content and in-application training, which requires no configuration to get started. The fundamental difference is that the supported use-case is designed in a way that clients can use the system from day one.
Who will benefit from a Best Practice Solution?
There has been quite some debate if a standardized solution is even possible, as most organizations have the experience that 'standard' solutions always need tweaking to the specific needs of the client. Our vision in this debate is that it all depends on the use-case in combination with the maturity of the client.
Let's start with the use-cases. Governance, Risk and Control software is covering potentially more than 30 use-cases which can be vertical specific. Operational Risk Management for banks is a different situation than Operational Risk Management for a pharmaceutical company. So, the supported use-case should be designed with knowledge of the specific industry in mind.
Next to this, some use-cases are more standardized than others: A compliance driven use-case like the Sarbanes Oxley (SOX) Solution is way more standardized in the market than a Policy Management Solution. There are certain rules for SOX Compliancy that drive the design of the specific process, while there are no rules or guidelines to follow when designing a Policy Management process.
Another element to consider is the maturity of the organization. Our pre-IPO companies who consider becoming listed on the Nasdaq stock exchange need to deal with SOX, so a standard solution which is simple and cost effective is a no-brainer for them. Organizations who have already matured in their way to manage the SOX cycle need to evaluate if they want to compromise their way of working to the standard. Clients who are focused on a low Total Cost of Ownership will probably chose the Best Practice Solution and would be willing to changing their way of working as long as it is more efficient and leads to the same or a higher success rate. If organizations want to stick to their existing process, they can use our standard configuration and implement the project through the Rapid Implementation approach. This leads to a higher TCO but a more specific configured solution.
The Regulatory Change Management use case is a good candidate to release as a Best Practice Solution. The process of regulatory change management is pretty straightforward. In the end, you need to create a process to import the relevant changes, assess if a change needs follow up, define a process to manage this follow up and report on it to pass the regulatory exam. Our best practice solution is delivered with industry and country specific content and we expect it to be a game changer for the Best Practice Solution market. For more information, please contact us.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
