GRC Tuesdays: Investing in What You Know You Want – Flip Phones, Televisions, and GRC Solutions
I’m not an early adopter when it comes to technology, but I do realize that you can’t wait forever… I remember when the smart phone came out. I wrote them off as a passing fad, because I was in love with my “simple” flip phone, because it was pink.
It didn’t matter to me that my phone took pictures that appeared on a smaller screen and were of lesser quality. It didn’t matter to me that sending text messages took a bit more time to click to the appropriate letters. It didn’t matter that accessing the internet was impossible if not a challenge. My phone was pink. Needless to say, I can’t even imagine living a life without a smart phone that has several apps that access the internet to make me more efficient and give me the ability to dictate this blog right now.
Recently, my husband bought a curved-screen, “giant” TV. It didn’t matter to him whether people were buying this new technology. He knew he wanted something that integrated with the Internet and was heavy enough that our cats wouldn’t knock it over as they ran across its base. Those were his specs. He knew our current and future needs, was confident in his buying criteria, and didn’t need external validation.
How Are You Approaching the GRC Market?
I wish people would approach the governance, risk, and compliance (GRC) market in the same fashion. Nobody will know your business better than you. Nobody will know your organization’s strategies to manage governance, risk, and compliance better than you, so the onus is on you to invest in the technology that’ll meet your long-term needs.
Prior to living and working in Asia, I was based in the United States. In my current role, I’m often asked questions about the buying behaviors of other customers (like how many sales of the particular solution have occurred, how many customers we have, and who are customers are). I think when customers ask these questions their intentions are good, but their questions are a bit flawed.
To me, it doesn’t matter how many customers have purchased a particular solution in a particular year, especially because some of the solutions are quite mature and some are newer. Mature solutions may have already had their buying spike, and newer solutions are beginning their climb. Everyone’s buying behavior is different…
Further, as for references, customers must realize that not all organizations want to participate as formal references but will sign up for speaking engagements for user groups or other events. Other customers are simply not allowed to be a reference based on their internal policies.
If Every Customer Is Different, How Do You Know When to Invest in a GRC Solution?
I had a customer tell me years ago that he and his team had been looking at various GRC solutions for a “few” years, but still weren’t “ready” to invest. They were still doing manual activities, working in silos to complete their GRC activities, and had several frustrations with these processes, during this investigation period. He even admitted that eventually they would need to jump in the water and learn to swim.
An investment in GRC solutions doesn’t need to be a jump off the high dive into the deep end. You can wade into the baby pool with floaties…
My best advice, if your organization is mature enough, is to determine where you want to focus your GRC technology investments (people, process, fraud/waste/abuse) and at least get your feet wet. People have been swimming in the GRC water for several years. As people say, “Come on in. The water’s fine.”