Governance, Risk and Compliance Blog

Top 5 integrated GRC software problems and solutions

Posted by Emily Hill on Tue, Oct 17, 2017

You know what? Buying an integrated GRC software solution may not be for you. If you're a small business with only a few processes and a small number of standards and regulations to meet, you can probably get by using spreadsheets and paperwork. But if you're a heavily-regulated large enterprise or a quickly-growing SME, a GRC solution is an essential investment that will deliver returns within several months of implementation.

However, implementing an integrated GRC software solution is not without its risks. A bad fit will not only cost you time and money, but valuable opportunities as well.

Here at Qualsys Ltd, we talk to lots of quality, health and safety and environmental managers who want to know what to look out for when choosing a solution.

We've asked Michael Ord, Qualsys's New Business Director, to list the top 5 things to think about when choosing a GRC solution. Michael has worked at Qualsys Ltd for the past five years and helped hundreds of professionals through the software-buying process.

 

1) Don't underestimate the implementation process

Very few businesses have all of their processes, procedures and policies ready to upload and configure on a new system. In fact, usually they're in a bit of a mess. Legacy systems are outdated and tired. And although the business itself has changed a lot, their processes haven't changed with it.

You might be in a similar situation, and buying a GRC solution for that very reason. But tread carefully. Any vendor who tells you they can implement a new system in a day or so is setting unrealistic expectations and will only disappoint at a later stage.

It takes a lot of time, energy and investment to get right. At Qualsys, we intend our solutions to have a truly transformational effect. We're talking about providing complete visibility, ownership and accountability. Overhauling and streamlining your processes. Making compliance a natural and invisible part of the everyday. This is one of your business's most important strategic and operational projects.

 

2) Make sure you and the vendor have a good cultural fit

The second thing to consider is whether the vendor fits your company culture. Do they share the same values? Are they positive and proactive? If something seems odd, unrealistic or concerning now, imagine what it'll feel like weeks or months down the line.

Companies don't always work well together. They have different aims and intentions, and a collaboration would feel very forced. At Qualsys, we're all about "growing by case study". This means we want satisfied, happy customers. We won't sell you our products if we don't think it's a good fit. Partnership is very important to us. We want to make sure your systems move with the times, and we want you to love using them. We want you to get amazing results that we can share with our other customers.

For this reason, we rarely work with businesses who have under 20 employees. We do, however, jump at the chance to work with food and drink manufacturers, medical device manufacturers and industrial manufacturers. We know our solution works very well for these customers, and have the case studies to prove it. 

We always encourage our potential customers to shop around and to either visit or call one or two of our existing customers. We find this creates a positive community of sharing, where you know there's someone who's been through the same process you're hoping to embark upon.

 

3) Consider all your requirements

Our software consists of 10 different modules designed to work together as one integrated solution. Most customers start with three or four core modules – such as document management, audit management and issue management – and then extend the number as they go. Some customers choose to implement all 10 modules at the same time.

It doesn't really matter which way you do it. Our pricing model means you buy administrator licences from across any of the modules.

But whichever modules you opt for, make sure you have a clear "why" from the very start of the project. By this, we mean knowing exactly what you want the software to achieve in the long run. What do you want it to change throughout your business? What results do you want to see as you go along?

Our team will help you understand what questions to ask and who to speak with. It may be that you have an enterprise resource planning (ERP) system which you could integrate with a GRC system. Perhaps you need a system to keep thousands of disorganised company documents under tight control. Or maybe your business extends over a number of sites and you want a different configuration or separate systems.

It’s common for your specification to change. Work with your leadership team and management team to clearly define the scope of the project, and put it in a place where everyone can refer back to it. This will help prevent stress later! Once the project gets underway, there will be lots of moving parts and you are going to be a lot busier. But remember, you don't need to so everything at once.

 

4) Don't neglect the engagement process

Engaging the people who are going to be using the software is crucial. If your employees have no idea why your business has chosen to introduce the system into their daily lives, or why they should be using it, they're not going to. They need to understand what it will do for them and how it'll help them to work more effectively.

We don't leave this up to you. We provide the software but we also give you your own customer success champion and dedicated account manager. They work to help you raise awareness, engage your employees and encourage the action you need.

 

5) You're not stuck with something that doesn't work for you

Our customers love our feature-rich modules, but sometimes the software doesn't quite fit the bill without a little tweaking and customisation.

When this happens, we ask whether this additional functionality will benefit all other customers. If it will, we'll usually do the extra development free of charge. If it's a very custom request, we'll ask for a contribution towards the cost of making the changes. If you think you'll need lots of changes made, talk to us and we'll consult our development team about how we can develop those enhancements for you.

We've had some of our customers request almost entirely bespoke modules as it's more cost-effective and quicker than doing it with other vendors or internally.

We have a process whereby requests for change are put into a development 'sprint'. Each sprint lasts for three weeks. At the end of the three weeks, we put all the enhancements live on your system. This is a very customised option, and requests for change range from a few hundred pounds to several thousand.

 

Want more information?

Schedule a GRC Software discovery call