GRC Software: Are Modules the Key to Winning?
In Governance, Risk & Compliance (“GRC”) Software (or as Gartner likes to call it, “IRM”) companies often have to struggle with the trade-off between configurability and ease of use. On one end you have Archer (owned by Dell) which lets companies customize the entire platform from A-Z but operate a solution so complex that many customers find it intimidating. On the other end, you have the smaller players who specialize in verticals but whose solutions lack the necessary configurations.
Large players like Archer (Dell), BWise (Nasdaq), OpenPages (IBM) and Ariba (SAP) typically try to develop incredibly configurable platforms which are able to be customized for any organization no matter the sector or size; even the large, complex operations of fortune 500 corporations.
As a result of the incredible configurability, many medium-sized companies have shied away from the behemoth-like software solutions. It’s the same as walking into a store, asking for a suit, only for the tailor to pull out rolls of fabric. Now there is definitely a market for hand-made suits from scratch, but the process of creating one which exactly fits your needs with the correct dimensions, look and feel will be expensive and time consuming for both the customer and the shop. That market strategy theoretically means you can make the perfect suit for anyone who walks in the door, but in reality, the average man typically looks for something easier to use. It will be much more difficult to attract medium sized enterprises given the complexity of the set-up process. Therefore, the key for those companies to realistically tap into the mainstream GRC market and begin experiencing explosive growth is to begin selling “prepared suits” and modifying them to fit the needs of the customer. But how can SAP, Dell, Nasdaq and IBM apply that concept to their GRC software?
The key for the large players to expand and utilize the “prepared suits” analogy is to use their platforms to create pre-configured modules which cater to a specific industry or function. For example, Archer (Dell) would conduct extensive market research into existing pharmaceutical GRC solutions, collect feedback on desired features, and create a “pharma module” which would be marketed to all potential pharmaceutical clients.
The pharma module will act as an out-of-the-box (“OTB”) solution that caters to 80% of the organization’s needs versus a standard solution that addresses only 30%. The key here is Archer would have invested heavily not only in including the necessary features, but also in developing a simple, intuitive user interface, something that would have been virtually impossible using the standard solution. Given the OTB already addresses 80% of the client’s needs, the implementation timeline will be drastically reduced, and the on-boarding process will be significantly easier for the clients. By focusing all their efforts on the last 20% (as opposed to the last 70% in the previous case), Archer would be able to place more focus on providing a satisfying user experience as well as a smoother on-boarding. The cost of investment in the pharma module will be redeemed multiple times over in the form of cost savings and increased sales. Over time, the company will experience the following with each customer acquisition: 1) reduced cost of configuration; 2) significantly shortened on-boarding timeline, 3) improved sales conversion and win rates 4) more satisfying user experience.
The investment in modules can come in the form of R&D and be developed in-house, or it can come in the form of M&A acquisitions, where the large players could acquire a GRC SaaS Company that specializes in a specific vertical and integrate it with their current solutions.
Conclusion
Although no company is perfect, the GRC SaaS market has disrupted itself multiple times and has gone a long way in such a short time. The impact that has had on companies managing their risk and compliance has been phenomenal and I look forward to seeing more changes in the future.
