Benoit Froment, Partner Director at IsoMetrix Canadian Office, explains the advantages and disadvantages of building verses buying a Governance, Risk and Compliance (GRC) software solution.
A percentage of the population has always prescribed to the adage, "If you want something done right, you might as well do it yourself."
But that attitude is no longer so defensible. Market pressures are forcing industries to deliver new and improved products and services more quickly than ever.
In the resulting competitive environment, complex, enterprise-wide software systems are playing key roles in organizational strategy.
So, should an organization design and develop its own custom applications that address its specific business needs software - such as GRC - (Build), or should it purchase a pre-made package from an outside software firm (Buy)?
Here is a high-level compilation of some advantages and disadvantages of both the Build and the Buy approach.
The Build approach
The temptation for an organization to build its own software package is strong and, at times, justified. The decision of whether to build or buy a software package comes down to three key points:
- What is the nature of the problem and the complexity of application to be built?
- Does the organization have the expert resources to build and support the application over time?
- Is there time to build and support the application?
Advantages of Building
- Complete control
- Tailored to unique business needs
- Ownership of the software code.
Disadvantages of Building
- Development time
- Resources needed for on-going training and support efforts over the life of the built application, not just the initial implementation
- Difficulty to stay current: the software application designed to meet a need today may be out-of-date in just a few years or less
- Difficulty to produce a superior product in term of competitive functionalities
One risk to consider
- Turnover: If the organization's software developer leaves the company, who supports the application
The Buy approach
While an organization may understand its business needs better than anyone else does, very few problems are unique. Purchasing software from a proven and focused-in-your-industry outside vendor provides a base of expertise for solving business issues. Rather than reinventing the wheel, an organization can take advantage of the lessons learned from other companies within your industry that faced similar challenges.
Advantages of Buying
- Ready-made solution
- Thousands of hours of research and development saved
- Fewer defects
- Expert support and training
- Functionality continuously enhanced through customer input
Disadvantages of Buying
- Vendor retains rights to the code
- Product functionality determined by vendor
- Reliance on vendor's technical support to resolve issues
One risk to consider
- Risk of single purpose applications: There is a huge problem in the industry with applications that are built for a single purpose. While these purpose-built applications are faster and cheaper to deploy up front, they are often rigid and hard to evolve as the market changes.
An alternative solution
In the end it is possible to attain the best of both options: Buy a tailorable industry-targeted solution, built on industry best practices, from an outside firm. The integration of best practices within software development is about not "re-inventing the wheel," but implementing that which has been proven to work.
Developing and supporting enterprise-wide quality and compliance or GRC systems happens to be IsoMetrix's business. We would like to take the burden of quality and compliance off your hands and make it our job, so you have time to do yours - better than ever before.
IsoMetrix develops, deploys and maintains comprehensive, enterprise-level GRC Management Software solutions. IsoMetrix software solutions are agile and fully customizable, able to build solutions that perfectly fit an organization's processes. The software is user-centric, with simple and customizable interfaces to ensure maximum workforce engagement.
IsoMetrix has fully integrated solutions for Health, Safety, Environment, and Quality; Enterprise Risk and Compliance; as well as Environmental and Social Sustainability.
IsoMetrix boasts offices in Johannesburg, Atlanta, Toronto and Perth, and has implementation partners on four continents.