People around table and computer

Seven Secrets to Buying Software No One Tells You

October 27, 2020

By Matt Oakley, COO, Affiliates Management Company

As we speak, the professionals who lead their organization’s governance, risk and compliance (GRC) efforts are planning for the upcoming year. And for many of them, the integration of technology is at the top of the list. That’s because the business of GRC is changing, becoming more complex and time-intensive by the day. The sun is setting (if it hasn’t already) on manual data entry and static spreadsheets to manage boards, vendors, risk, compliance, audits and the many other essential aspects of operations.

Because of the nature of their jobs, researching and buying software solutions is probably new for a lot of GRC leaders. For that reason, I thought a few tips might come in handy, especially now when most organizations are in the throes of planning (and budgeting!) season.

Over the course the last 30 years, I’ve bought and sold my fair share of software. As technology throttled into position as a game-changer for every business across verticals, my interaction with tech providers ramped up exponentially, exposing me to many different philosophies and practices around software integration.

I sure wish I knew then – at the outset of my tech buying days – what I know now. It’s in that spirit that I’ve gathered up a few of the lessons I’ve learned over the years in the hopes they can smooth the process for others.

‘Customization’ Has Many Meanings

Most of today’s software solutions are at least somewhat configurable. However, the level of flexibility ranges from provider to provider, and unfortunately, it’s often limited. I continue to see technology solutions that force the user to conform to them rather than the other way around. My advice to GRC pros – when participating in demos, ask detailed questions about the provider’s ability to make changes to fit your existing processes. A picture is worth a thousand words, so if the seller is willing to show you how an imagined change would look in the real world, that’s a sign you’re talking to provider that gets it.

Scale is a Budget’s Best Friend

No secret here, but CFOs love economies of scale. When searching for a GRC platform, think bigger than the problems your department needs to solve. Understanding how others across the organization may benefit from the solution opens the door for dialogue around sharing budget. I’ve found the best way to uncover this kind of potential is to invite multiple department heads to a follow-up demo. As the champion of change, you’ll want to vet the software first. But, after you’re satisfied with the potential, gather up a larger group of colleagues. They will inevitably see things you don’t and may get just as excited at the prospect of automating their own manual processes.

Opportunity Costs Matter

The integration of technology is all about reallocating resources. Brain power and human hours are among a business’s most valuable assets. Conveniently, they are often assigned dollar amounts. Once you understand what a particular tech can do for your company in terms of freeing up time and talent, put a dollar figure to it. Having those numbers at the ready can give you a greater sense of whether a particular solution’s pricing is in the ballpark.

Buyer-Driven Demos are Always Better

It’s very important to know – and to communicate with a salesperson – the problems you’re most wanting to solve ahead of a demo. And here’s why. If the buyer isn’t steering the conversation, the seller is. That’s a lose-lose. The seller, flying blind, is much less likely to show off the best parts of the technology for the buyer. The buyer, not knowing what they don’t know, is less likely to come away feeling a good fit.

Modules are Meant to be Modular

Quite a few of the most exciting solutions on the market today are offered in segments. If a tech provider is giving you the hard sell on the whole ball of wax, be leery. A good software provider will want you to start small, fall in love with the solution and come back for more.

References Rule

If a software provider doesn’t or can’t offer up a reference or two, that’s a sizable red flag. I advise colleagues never to sign a deal with a company unless they’ve talked to at least one, if not several, users. When you do get on the phone or video chat with an existing user, be sure to ask about the onboarding process. Especially for GRC pros that are managing multiple ongoing projects at once, it will be important to know what the next steps look like so you can plan properly and avoid surprises.

Ballparks are Possible

Although they will be hesitant to provide one, every software salesperson can give you a ballpark estimate. You can expect some pushback, but if you need those numbers to feel comfortable moving forward, insist. Ask your salesperson, “What would be a safe number to put in my budget for next year?” Just know the final costs may change, as most of today’s customization also means case-by-case pricing. A good rule of thumb is to budget 10-15% above any estimate.

Each of the above lessons has helped me become a better software purchaser; they’ve also allowed me to advise the ViClarity team on making the GRC technology onboarding experience an enjoyable one. In 30 years, I’ve not seen a technology company so empathetically guide its clients toward the future. The deeply rooted values of collaboration and human-centricity that ViClarity brings to the technology sector are incomparable and something more tech providers would do well to emulate.


Services performed by ViClarity are compliance and not legal in nature, and do not form an attorney-client relationship or any of the protections attendant to the attorney-client relationship.


Recent/Related Articles

The Top 8 Risk Reports for GRC Leaders

May 20, 2024

With factors ranging from the economy to the environment to artificial intelligence playing a part, it is essential for financial institutions, insurers and other regulated businesses to have a sound risk management program in place, and here are 8 reports that help GRC leaders become more strategic.

Video: Why Should Risk Management Be Top of Mind for Boards?

May 13, 2024

Global CIO & Interim CEO, Ogie Sheehy, talked with CU Management (CUES) about why risk management and creating and maintaining a risk register are critical for boards.