Perhaps I am naive, but really!
Every so often, a software vendor makes a claim that is so outrageous my blood boils. My annoyance is less about the vendor claiming to do something better than my company[i] than it is about the difficulties software buyers will have seeing through the b-s.
My colleagues tell me not to worry because they are used to such behaviors from “start-ups”; they go about preparing rebuttals – not to air in public, but in case a customer brings up the issue. Frankly (and this is why I am glad I write about my personal views and not those of my company), I would tend to take a stronger line. But, I am new to software and really am a practitioner by trade and experience.
I will give you a couple of examples of what gets me going. I am not going to name the companies involved, and any inferences you might choose to make are yours and yours alone.
In the first, a company claimed to have the first complete solution for a particular GRC functionality. These claims were repeated, without question, in the press. But those of us who have been practitioners for a while know software for that functionality has existed for decades – and is in use across the globe at hundreds of companies.
Now perhaps the company making the claim has a new wrinkle or even a more complete solution. But I am not persuaded that saying they were the first to offer a “complete solution” is the ‘truth’.
Are you familiar with Garrison Keillor and his radio show, A Prairie Home Companion? In his sign off from Lake Wobegon, he talks about all the children being “above average”. My second example is similar: all software vendors in the GRC space are above average!
How can all of these claims, from a variety of vendors’ web sites, be correct?
- “ a global leader in compliance and enterprise risk management software”
- “Industry leading software for Governance, Risk and Compliance”
- “world leading developer of Governance, Risk and Compliance software solutions”
- “Leading provider of software for internal audit, risk management, policy management, compliance, and integrated GRC”
- “the recognized global leader in governance, risk, and compliance”
- “best-in-class enterprise governance, risk and compliance program”
- “market-leading provider of governance, risk and compliance (GRC) management software”
- “the leading provider of integrated risk management solutions for global companies”
- “the leading global provider of business assurance technology”
- “the leading global provider of audit analytics and continuous monitoring software”
- “the leading provider of continuous controls monitoring software”
I have heard of worse, where GRC vendors answered RFP’s implying they have functionality they don’t. But let’s not get into that – I just hope it is rare and customers will detect and report it.
I am not a lawyer and perhaps others can guide us in understanding what would constitute a ‘deceptive practice’ that might be of concern to the Federal Trade Commission. I tend to doubt that what I have discussed qualifies, especially as the practice seems to be rife: the typical GRC software vendor is not just ‘above average’: they are ‘world leaders’, ‘best-in-class’, or the ‘market leader’. (Of course, I know one that really is a leader – smile. )
So what then is my advice to the buyer of GRC software? It is to take all claims like these with a bucket of salt. Ask for references and challenge the claims. After all, you need to choose a vendor you can trust – for the long haul.
[i] My company generally has products at least as good