Navigating Risk and Resilience: Balancing Complexity and Cost in GRC Solutions

Complexity & Costs: Key Points of Consideration in Selecting a Solution

When it comes to operational resilience and continuity, as well as broader GRC, many solution options are available in the market. Selecting the right solution is critical as many choices lead organizations down the road of complexity and cost, not just in implementation but also in ongoing maintenance, management, and user experience. Organizations need operational resilience and continuity solutions that are highly efficient (in both human capital and financial capital), effective, and agile to the needs of dynamic and distributed businesses.

It used to be that the dividing line between agile solutions with lower implementation and maintenance costs was whether the solutions were cloud-based (e.g., SaaS) or on-premise. This is not the case anymore, as some cloud-based solutions have significantly higher costs over others as their approach and architecture vary widely. This grows even more apparent when organizations consider solutions originally built and designed for purposes unrelated to operational resilience and continuity that then added these modules on. With expansive ITSM platforms trying to be everything to all organizations, this has further exacerbated the cost and complexity issues in these solutions against the efficiency, effectiveness, and agility of best-of-breed solutions for operational resilience and continuity.

Consider this comment from one large global company in their frustration in working with the wrong solution provider, “[It] is an ITSM platform that they've tried to adapt for GRC. Way too tedious to work with and maintain and not intuitive at all. Its relational database foundation makes it slow and clunky. And the complex relationships of the gazillion tables make every new version potentially painful for any custom-developed modules — or even [their] own GRC modules — because it's pretty easy to break stuff. And [their] licensing model is byzantine and expensive.”

Here are some key things to consider when evaluating operational resilience and continuity solutions available in the market:

• Complexity. What is the complexity of the system’s overall data and application architecture? Is the overall data architecture overly complex, burdensome, and in that context, cumbersome and slow? Basically, is the overall solution bloated because of everything it does at the cost of efficiency, effectiveness, and agility of the solution?
• Implementation. What does it cost to implement the solution, not just in software acquisition but in consulting and other resources?
• Ongoing management. What does it cost to administer, configure, and maintain the solution year after year? Does it require high-cost consultants, or is it easily configured by the organization itself?
• Agility & adaptability. How easy is configuring and adapting the solution to changing business requirements and needs? Does it require high-cost consultants to adapt the solution and make modifications?
• User experience. How easy is the solution to navigate and use not just by back-office subject matter experts but by the line of business? Is the interface highly engaging and intuitive for all levels of users?

Remember, it has been stated that:

The goal is to provide a user experience that gets the job done for operational resilience and continuity. Like Apple, with its innovative technologies, organizations must approach resilience and continuity in a way that re-architects the way it works and interacts. The goal is simple; it is itself simplicity. Simplicity is too often equated with minimalism. Yet true simplicity is more than just the absence of clutter or the removal of embellishment. It’s about offering the right information in the right place when the individual needs it. It’s about bringing interaction and engagement to resilience and continuity processes and data. These interactions must be intuitive, leading to efficiency, effectiveness, and agility for operational resilience and continuity.