Suite Talk
Vendor execs offer views on GRC, CSR, sustainability applications
With the complex and overlapping GRC, CSR and Sustainability software markets shifting faster than the latest regulation or stakeholder campaign, CRO engaged C-suite officials from the top application providers (See Chart PDF) and solicted their advice on what clients need to do, how the vendors’ companies can help them, and what the next “big things” will be. Their answers on a broad range of pertinent issues follow:
CRO: What is the most important advice you can give clients or prospective clients on choosing the best application for their needs?
Joe Ruck, President and CEO, BoardVantage: “For Software-as-a-Service (SaaS) applications, it is hard to know what is going on behind a glitzy vendor website, so we recommend that prospective customers conduct a thorough evaluation of both BoardVantage and any other alternatives under consideration. An evaluation of this sort should scrutinize the system security and director functionality in the portal, as well as any productivity tools made available to the corporate secretary.”
Jacob Lamm, Executive Vice President of CA’s Governance Group: “The GRC market is broad, ill-defined and crowded. Many small companies have jumped on the bandwagon and are attempting to both define and capture a large share of this market. History has shown that most of these smaller companies do not survive the first shakeout because they don’t have the critical mass of engineering, support or consulting capability to meet the growing needs of the market. And, as the viability of these smaller companies is called into question, it has a snowball effect that feeds on itself. In summary, we encourage our clients to make sure that they pick a vendor with a) proven expertise in this market, b) a broad product offering to meet a variety of complex IT needs, and c) component integration to provide easier management of the entire environment.”
Philippe Tesler, Co-Founder and Head of Business Development, Enablon: “Ask your stakeholders what they want from you: The granularity of information they require drives the choice of software. Don’t
believe the hype: Ask for customer references in the same industry, as their needs will likely be close to yours and their feedback will be useful. Establish a cross-functional team to feed the process and ensure departmental adoption Think ahead: Don’t just focus on your immediate needs. The environment is changing fast, what will you need tomorrow and will your application be up to the challenge?”
Michael Duffy, President and CEO, OpenPages: “Choose a solution that is configurable without the need for IT customization and based on an integrated platform. Evidence has shown that customizable packages available in the market from OpenPages’ competitors often carry additional first—year costs of up to $250,000 for customer—specific customizations.”
Chris Leone, Group Vice President, Fusion and GRC Applications Development, Oracle: “Clients very often purchase GRC solutions to address specific initiatives and pain points that they are currently facing within their organizations. This is a pragmatic approach that delivers immediate value. When consulting with clients, we also recommend that they map out these specific initiatives within the context of a longer-term roadmap that shows their ideal ‘to be’ state. By framing their evaluation in such a manner, clients can see the forest, not just the trees, and will be more likely to collaborate across functional divisions to include feedback from the business as well as IT stakeholders. This longer-range approach enables our clients to not only address immediate GRC concerns, but also to build a foundation that will help them adjust to shifting business and regulatory conditions.”
Ejaz M. Syed, Founder and Managing Partner, Plan-A: “Public companies, through professional IR specialists, have seen the value in being proactive; [they are] making their investor relations function a marketing one. Just as the buyers of your company’s products and services make purchasing decisions, shareholders also make decisions based on the value of the information they receive. If you reach out to your shareholders, as you do to your product and service customers, you can serve as the source for their information needs and thus you can lead them into buying, holding or selling your company’s stock. You can see that this proactive/marketing investor relations function is a two-way street. Stockholders like to receive their information directly from the source. But, they need to feel sure that the information provided is credible. A company that provides credible information is more likely to earn a confident, loyal shareholder base.”
Jim Davis, Senior Vice President and Chief Marketing Officer, SAS: “Technology that addresses CSR and greenhouse gas modeling should be a robust platform to grow with your business, easily take into consideration new acquisitions or divestitures, and model alternative business scenarios. Users of the application should be able to access more than just standard pre-built reports. Ensure that your application allows for creative analysis and flexibility in information delivery.”
Colin Grant, Founder and CEO, Visible Strategies Software: “Listen to staff and stakeholders to understand deeply their highest hopes and aspirations for the organization and choose tools that will allow them to say ‘Wow! You've really got it! We can see where we're going and whether we're on track and we’ve done it all with just a few clicks of a mouse button!’ Understand that software can help people to fall in love with the organization’s vision and their part in achieving it.”
CRO: How does your software equip your clients to respond to changing market conditions, including new regulations or increased competition etc?
Patrick Conte, CEO, Agiliance: “The foundation software structure for Agiliance IT-GRC includes our Common Control Framework that allows all standards, regulations, policies and frameworks to be mapped to a common environment and then to each other, avoiding the testing of duplicate or overlapping controls that are common across multiple regulations. Agiliance uses this to deliver a 70 to 80 percent reduction in cost as well as time-to-compliance. New policies, regulations and updates to existing regulations become part of this common control framework allowing content to be continually updated and added.”
Jill Lyons, Leader, Corporate Services, RiskMetrics Group: “We are constantly evolving all of our products and services to meet changing market conditions. Our Governance Exchange is the result of our clients identifying a need for a forum that facilitates board-shareholder communications.”
Andy Wyszkowski, Global Head of Publishing and Compliance, SAI Global: “Our system enables a client to capture the obligations of a business (rules and regulations) and the risks associated with people, processes and technology in a single knowledge view. We’re able to help provide timely information because of our global expertise in both publishing and advisory services. For example, our online, searchable anti-money laundering and privacy databases and our World Watch news feeds provide globally and regionally relevant content in key risk areas and automatically feed into the GRC system. We’re currently developing additional industry-specific content feeds and, in some markets, we’ve integrated regulatory alerts.”
Natan Zaidenweber, CEO, StakeWare: “We provide a suite of applications that address the full spectrum of sustainability requirements. This gives companies the flexibility to deploy individual modules on a department basis, across the enterprise, or to their supplier network. As their needs expand they can rapidly deploy any of our applications to meet their needs. Because we deliver our applications on the Force.com platform (the most-advanced SaaS infrastructure in the marketplace) we can focus on innovation and solving specific customer problems and/or new regulatory requirements. This gives us the ability to instantly incorporate new standards and market requirements into our applications and continually provide greater utility to our customers as the sustainability market and their needs mature.”
Grant, Visible Strategies: “[CSR/Sustainability platform] ‘see-it’ encourages clients to be forward-looking, strategically integrated and to engage in a two-way dialogue with stakeholders, rather than to be focused on retrospective reporting of ‘non-financial’ issues in isolation of strategy. see-it is wonderfully dynamic and very effective in meeting situations, allowing organizations to agree to course changes on the spot and then to share this new direction with appropriate stakeholders immediately.”
CRO: From a software perspective, what is the biggest challenge you face in encouraging clients to explore the full functionality of your products?
Mark Opausky, CEO, BPS: “Clients need time to adopt risk management at the pace that best suits their cultures and strategies. Our approach is to add value at each stage in highly demonstrable ways. If we can maintain this rhythm with our clients, then our mutual software adoption goals are met with little resistance.”
Lamm, CA: “One of the primary challenges is that the “culture of silos” is well-entrenched in most organizations. This implies that business units (or even smaller groups such as project teams) often maintain their own information relating to risks, controls, and compliance activities. Each team may duplicate information (typically in spreadsheets), to the overall detriment of the quality of that information across groups. Spreadsheets involve excessive effort and become out of date quickly. It’s often
impossible to even determine who is tracking certain items, or where redundant information is being stored. As a result, the notion of centralizing this information is appealing, but somewhat daunting, to many organizations. And, it requires difficult cross-unit coordination (and sometimes politics) that can be challenging.”
Gopal Nagarajan, CEO, eQuilibrium: “Choose a purpose-built solution, not another general purpose, customized application. It will save you a lot of money during and after implementation, significantly lower training costs and promote proliferation of best practices. For enterprise sustainability to be successful, it should be considered a strategic operational program, not a project. It is a journey, not an event.”
Leone, Oracle: “The Oracle GRC Suite provides complete, open, and integrated GRC solutions that are built on industry-standards to work with a client’s existing technology investments. However, C-level executive sponsorship must exist within the client itself in order to explore the full capabilities of the suite. Responsibility for GRC initiatives is often splintered across different functional groups within an organization. While clients can realize significant benefits by consolidating on a GRC software
platform and by integrating GRC software with existing technologies such as enterprise resource planning, financial consolidation, or user provisioning systems, quite often the internal divisions within client organizations can pose obstacles to leveraging the full capabilities of GRC software consistently across geographies and lines of business.”
Tim Welu, CEO, Paisley: “The most significant challenge is to get disparate assurance groups inside an organization to work together and utilize a common language, methodology and approach to GRC. In many organizations, internal audit, risk management, and compliance groups choose to work in silos leading to many inefficiencies and duplication of effort. Although Paisley GRC solutions provide best of breed functionality for each individual assurance group, there is significant value to be gained by the various groups sharing data and utilizing the same integrated solution.”
Syed, Plan-A: “Shrinking IT budgets, risks and high costs associated with data collection, and technology advancing at a faster rate than adoption.”
Lyons, RiskMetrics: “Often we have found that the biggest challenge is that clients often don’t have the time to explore the full functionality of the analytical tools. This is part of the reason we implemented the Advisory Desk function.”
Wyszkowski, SAI Global: “Clients are wary to implement what they believe could be an expensive, time consuming, and complex technology. They mistakenly compare it to enterprise-wide technology that, although bringing great benefit, is very difficult to start up and may cause a lot of disruption throughout the organization. Organizations also worry that because of staff turnover or small staff size, they won’t be able to have a consistent base of key users who are fully trained and experienced in the system. We’ve found that successful programs begin small and engage a senior manager as product champion. These individuals often see the strategic and tactical benefits of integrating and automating compliance, risk and governance, regardless of company or departmental structure.”
Zaidenweber, StakeWare: “Convincing them that implementing a Corporate Sustainability Management (CSM) application is not an overwhelming task. To demonstrate this, we have created the StakeWare CSM Governance Framework, which is a step by step guide for establishing good sustainability practice leveraging the CSM application.”
Cyril McGuire, Chairman and CEO, Trintech: “Historically, clients have been poorly served by compliance and governance software applications. These historic deployments have typically resulted in silos of applications, duplicate data, wasted staff time and a resulting high cost of compliance. As a result, clients have been unaware of the new breed of compliance and governance solutions that provide deep, purpose-built functionality across a common platform.”
CRO: What is the next level of functionality that your clients are looking for in GRC, CSR or
Sustainability?
Conte, Agiliance: “Customers are looking to manage all of these facets with a seamless application that can address such issues and at the same time account for gaps and vulnerabilities through the lens of enterprise risk. Having a simple way to integrate all of this into a common interface is highly desirable. Agiliance can combine data from IT and non-IT assets and reconcile objectives against regulations, standards and policies.”
Ruck, BoardVantage: “A number of BoardVantage customers have started to deploy the system in their executive leadership teams, keen to leverage the same security and productivity benefits that the board enjoys. BoardVantage is adding additional functionality to address the needs that are unique to this constituency.”
Opausky, BPS: “The challenges for companies include coordination, consistency and getting the right information to the right people on a timely basis. We see a push to increase the elegance of visual tools and smart notifications that allow business people to efficiently integrate risk management into their day-to-day operations and business processes.”
Tesler, Enablon: “More and more customers are looking for integrated platforms. Additionally, we are seeing companies embedding corporate responsibility and risk management into their core business strategy and operations.”
Nagarajan, eQuilibrium: “In addition to carbon, supply chain, social responsibility, energy, and product stewardship, the most critical dimensions are corporate water resource management, and waste optimization.”
Duffy, OpenPages: “OpenPages customers are looking to us to provide integration with advanced business intelligence and corporate performance-management applications.”
Welu, Paisley: “We see organizations looking for not only the technology but also the advice on methodology and a how-to blueprint to successfully implement GRC convergence. Most organizations are currently challenged to effectively implement integrated GRC processes. This challenge cannot be solved through technology alone. Successful GRC convergence will be enabled through the appropriate balance of technology, methodology, and the implementation of best practices through professional services guidance.”
Davis, SAS: “Our clients are looking for SAS to integrate more sustainability-focused capabilities into our existing solutions to evaluate their supply chain, distribution network, and portfolio of holdings. The value chain (up-stream suppliers and downstream distributors) has a significant impact on a company’s sustainable performance, so organizations are looking for ways to increase visibility in this area and
better integrate third party data. In addition, public and private financial institutions seek more information about the environmental and social responsibility of the projects they fund or shares they hold. The next wave of solutions should provide risk factors that account for sustainability of investments.”
McGuire, Trintech: “Recently, Trintech has addressed the emerging XBRL (Extensible Business Reporting Language) standard within our solution as well as the ongoing move to integrate IFRS (International Financial Reporting Standard) and GAAP. Trintech first included XBRL capabilities in our solution late in 2007, well ahead of any SEC requirements. Now with the release of our Unity 10.1 solution in June, we have full XBRL capabilities including the export of XBRL-formatted financial statements. Likewise, the likely merge of IFRS and GAAP is already accommodated with the Trintech Unity solution, which enables a client to format and produce financial statements according to either standard of accounting and to compare filings side by side.”