Vendor / Product Assessment & Recommendations

We often assess GRC vendors and their "pure" enterprise-class GRC applications (including applications oriented towards Internal Audit and Security) using a proven process that has a number of mission-critical business objectives associated with the work.The top objectives are to reduce the risk of technology insertion, reduce the risk assocated with employee adoption of the technology (or, God forbid, technology rejection), building rapor between the acquiring firm and their chosen vendor, building employee motivation through communication and involvement, ensuring that the 6 strategic shareholder values are providing an over-arching framework for financial guidance, ensuring that the acquiring firm makes progress on their GRC convergence plans for enterprise integration, ensuring that the acquisition timeframe and process duration are appropriate, ensuring that the acquiring firm is able to negotiate the pricing with the top 2-3 finalists, and making sure, at the end of the day, that the software can be purchased for a reasonable rate and that the final solution that is acquired, is capable of doing the job that it was chosen for. There are many other sub-objectives, but these primary ones are a good place to begin.

Our work for industry watch firms and industry benchmarking firms includes such names as PwC, Gartner, Forrester and others. Our advice to these vendors, Venture Capital firms and any other firm that needs to select one of these applications is to leverage our work with Decision Support System (DSS) Frameworks to ensure that you have the technical clout to not only assess the short-listed vendors and their solutions, but to have the data needed to negotiate with the vendor once the top two or three finalists have been established.

Speaking of short-listed vendors... that phrase suggests that there is a vendor / product assessment and recommendation process in place to follow. That's where many assessment teams get hung up. From our perspective a vendor/product assessment and recommendation process should be completed from soup to nuts within a 6 week period. Sure, if you're selecting a departmental software application the process can be much shorter, but for most enterprise-class assessments, 6 weeks is a good duration to shoot for. Let us know where your team has run into issues and we can give you some assistance virtually, or we can address your challenges in this blog without mentioning any company names.