Home > Risk > Perhaps I am naive, but really!

Perhaps I am naive, but really!

Every so often, a software vendor makes a claim that is so outrageous my blood boils. My annoyance is less about the vendor claiming to do something better than my company[i] than it is about the difficulties software buyers will have seeing through the b-s.

My colleagues tell me not to worry because they are used to such behaviors from “start-ups”; they go about preparing rebuttals – not to air in public, but in case a customer brings up the issue. Frankly (and this is why I am glad I write about my personal views and not those of my company), I would tend to take a stronger line. But, I am new to software and really am a practitioner by trade and experience.

I will give you a couple of examples of what gets me going. I am not going to name the companies involved, and any inferences you might choose to make are yours and yours alone.

In the first, a company claimed to have the first complete solution for a particular GRC functionality. These claims were repeated, without question, in the press. But those of us who have been practitioners for a while know software for that functionality has existed for decades – and is in use across the globe at hundreds of companies.

Now perhaps the company making the claim has a new wrinkle or even a more complete solution. But I am not persuaded that saying they were the first to offer a “complete solution” is the ‘truth’.

Are you familiar with Garrison Keillor and his radio show, A Prairie Home Companion? In his sign off from Lake Wobegon, he talks about all the children being “above average”. My second example is similar: all software vendors in the GRC space are above average!

How can all of these claims, from a variety of vendors’ web sites, be correct?

  • “ a global leader in compliance and enterprise risk management software”
  • “Industry leading software for Governance, Risk and Compliance”
  • “world leading developer of Governance, Risk and Compliance software solutions”
  • “Leading provider of software for internal audit, risk management, policy management, compliance, and integrated GRC”
  • “the recognized global leader in governance, risk, and compliance”
  • “best-in-class enterprise governance, risk and compliance program”
  • “market-leading provider of governance, risk and compliance (GRC) management software”
  • “the leading provider of integrated risk management solutions for global companies”
  • “the leading global provider of business assurance technology”
  • “the leading global provider of audit analytics and continuous monitoring software”
  • “the leading provider of continuous controls monitoring software”

I have heard of worse, where GRC vendors answered RFP’s implying they have functionality they don’t. But let’s not get into that – I just hope it is rare and customers will detect and report it.

I am not a lawyer and perhaps others can guide us in understanding what would constitute a ‘deceptive practice’ that might be of concern to the Federal Trade Commission. I tend to doubt that what I have discussed qualifies, especially as the practice seems to be rife: the typical GRC software vendor is not just ‘above average’: they are ‘world leaders’, ‘best-in-class’, or the ‘market leader’. (Of course, I know one that really is a leader – smile. )

So what then is my advice to the buyer of GRC software? It is to take all claims like these with a bucket of salt. Ask for references and challenge the claims. After all, you need to choose a vendor you can trust – for the long haul.


[i] My company generally has products at least as good

About these ads
  1. March 11, 2010 at 1:36 PM

    Norman,

    You and I are on the same page… I’ve run across software salesmen that make used car salesmen seem ethical (sorry to those ethical used car salesmen for the use of this stereotype). Unless you understand the technologies used in various so-called GRC solutions, you may end up buying a ‘pig in a poke.’

    Regards,
    Jeff

  2. Harish
    March 11, 2010 at 1:44 PM

    Hi Norman,

    You may want to do a search of “GRC” and “risk assessment” on the US patent office site. I think these companies can all sue each other for loyalties.

    Rgds,

    Harish

  3. C Jones CITP CISM
    March 11, 2010 at 5:48 PM

    You are right, and of course there is a thread of truth in all of what each of them says. At the end of the day it is marketing speak vs. reality. The proverbial problem of half truths

  4. March 12, 2010 at 2:04 AM

    Hi Norman,

    Sorry, I disagree,

    • You assume customers will buy a product because of marketing. Incorrect. We are not talking about a $5 rip-off on a product at your local shop. We are talking about a product that costs an arm and a leg to buy. Customers do due-diligence before spending that amount of money. They check to see if the product solves their business problem, the quality , the added value and the price. Marketing can only get a customer’s attention – no more than that.
    • I’m not in your industry (I’m more Microsoft platform), but I can remind you what happened to Microsoft when it got a bit “cocky”. I been on many customer sites that have SAP installed and I don’t hear a bad word about SAP (well done..) There is no need to bash the little guys. They actually bring value to the industry as they come up with fresh technology initiatives. There is more than enough room for them a well. Don’t try to monopolise the market. Don’t be a Microsoft. People don’t like bullies. (http://adamdeane.wordpress.com/2010/03/06/microsoft-bashing/)
    • I didn’t see you running to the SAP marketing team and demanding that they fight back. There is a reason that they don’t react. Giving them attention only helps there marketing campaign. (by the way – are you sure the SAPs marketing is 100% )
    • Its good the you are passionate about work and company. It good that you are loyal to the company brand. Live and let live.

    Cheers,
    Adam

    • Deborah Johnson
      March 16, 2010 at 8:30 PM

      Adam, your statement is assuming that the party purchasing a software product actually understands the business problem; in my experience this is rarely the case.

  5. March 12, 2010 at 6:04 AM

    Hi Norman

    I don’t blame them as many are repeating what Gartner and Forrester say on their GRC product reports.

    Thank you for your insightful blog,
    Gustavo Bittencourt

    PS: I’m not a native English speaker, so please me forgive for any language mistake.

  6. Jack
    March 12, 2010 at 7:46 AM

    You are niave. People in glass houses should not throw stones. You work for SAP and SAP is the biggest violater of the things you point out and quite honestly hold customers hostage. And if you don’t think your rants are anything more than marketing your personal brand you are delusional.

    From SAP.com: As the world’s leading provider of business software

  7. nmarks
    March 12, 2010 at 8:17 AM

    Well, it appears as if I am both naive and insightful at the same time. Thanks for all the comments – here and on LinkedIn.

    By the way, Jack, SAP makes the claim based on independent assessments of market share when it comes to business applications. Oracle is larger by virtue of their database sales.

  8. Ted mercer
    March 12, 2010 at 8:56 AM

    I completely agree with your statements Norman. It is sad that smaller vendors have to do this. However, to get the attention of customers and analysts, it seems that we have to play by these rules. Full Disclosure: my company’s website is equally “bad” at this practice and as a Chartered Accountant who prides himself on sincerity, it truly galls me to have to do it.

    On the other hand, I feel that a far more relevant rant is why the analysts only cover large companies without looking at smaller ones, who REALLY have come up with a more dynamic and innovative product than the more established companies. North America thrives because of our ability to innovate, yet the analysts stifle smaller companies that dare to push the limits. Why do you have to be big to be innovative and get coverage?

    • Deborah Johnson
      March 16, 2010 at 8:22 PM

      Brilliantly stated Ted. Unfortunately, marketing does sell Adam. Branding sells; big time! It also creates perception, which as we’ve all experienced becomes reality. Big dollar branding and market positioning has become so influential that it creates a definition that factual data proving otherwise is disputed.

  9. Manuel
    March 12, 2010 at 12:42 PM

    I totally agree with Gustavo – as long as not even Gartner or AMR provide a clear definition of what GRC and its benefits are, small vendors will always adopt blurry arguments and succeed in convincing their customers with poor arguments.

  10. Harish
    March 12, 2010 at 10:06 PM

    Manuel :
    I totally agree with Gustavo – as long as not even Gartner or AMR provide a clear definition of what GRC and its benefits are, small vendors will always adopt blurry arguments and succeed in convincing their customers with poor arguments.

    Good point. if you read Gartner’s and other blogger’s ideas on GRC, you would think they haven’t worked in a real compliance environment before. And you are right, they haven’t. Reading their postings makes me laugh.

    Norman’s blogs are the closest thing to real practice.

  11. Deborah Johnson
    March 16, 2010 at 8:08 PM

    Every so often, a software vendor makes a claim that is so outrageous my blood boils. My annoyance is less about the vendor claiming to do something better than my company[i] than it is about the difficulties software buyers will have seeing through the b-s.

    There has never been a sentiment stated so perfectly; and the b-s, contributes to our inability to get to our audience and be heard! Brutal, nothing less, actually painful.

  12. April 5, 2010 at 9:22 AM

    awesome story.

    robes

  1. March 8, 2011 at 9:40 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,303 other followers

%d bloggers like this: