Embed Size (px)
Citation preview
Calculating the ROI of GRC software.
Table of Contents.
1
Executive Summary. 2
The Importance of GRC. 3
ROI Analysis. 4
Implementation-Based ROI. 5
Procurement-Based ROI. 9
ROI Calculation. 12
Conclusion. 13
About Us. 14
Works Cited. 15
Appendix I. 16
©2015 Resolver Inc. All Rights Reserved.
Executive Summary. Governance, Risk and Compliance (GRC) software can provide significant value to your company. Unfortunately, because the benefits are difficult to quantify, so is making the case to implement GRC software. Having a quantifiable Return on Investment (ROI) makes it easier to build a case for upper management, who ultimately makes the final decision on implementing GRC software and which GRC platform to use.
This case bases all calculations for ROI on a sample client: a large global organization that
implements a comprehensive GRC platform for their Regulatory Compliance, SOX/ICFR, Issue
Tracking and Remediation, Risk Management and Audit programs. To best understand the ROI of
GRC software, this case outlines two distinct types of ROI:
1. “Implementation-Based ROI” – The benefits of a GRC software solution and the gains realized
by the business as result of those benefits.
2. “Procurement-Based ROI” – The efficiency gain resulting from using an Agile Procurement
Process.
All quantifiable data and statistical information related to the benefits of GRC software was found through primary and secondary research. Primary research includes our experiences with clients and the research we have done on the benefits specific to our GRC platform. Secondary research includes reports and studies from Harvard Business Review, Forrester, Michael Rasmussen, Ernst & Young and ASQ. For a complete list of sources, please see the “Works Cited” section at the end of this case
Methodology.
Although the benefits of GRC software are widely known, there is little quantifiable evidence of
these benefits to procure and implement it. Calculating the ROI of a GRC platform for your
organization may help your organization’s decision-makers fully understand the extent to which a
GRC program can benefit your company.
Our analysis provides a foundation for creating your own business case for GRC software, as the
scale of your organization and the extent of your implementation may result in a different ROI
calculation than presented in our case. We suggest reviewing the sample monetary benefits and
using our framework as a template to calculate your own ROI percentage.
Results.Our findings show that the total ROI, a combination of implementation-based and procurement-
based benefits, is calculated at 637% of the total cost of licensing and implementing a GRC
solution. Alone, implementation-based ROI is calculated at 389% of total cost, while
procurement-based ROI is calculated at 346% of total costs.
Conclusion.
2©2015 Resolver Inc. All Rights Reserved.
As business environments become more complex at an increasing rate, it’s necessary for companies to be able to stay agile. Regulatory changes, globalization, disruptive technologies, cybersecurity, and personnel changes are just some of the challenges that companies must deal with on an ongoing basis in order to be successful.
Using a GRC software solution can continually empower your organization to anticipate, respond and adapt to risk. The result is effective and efficient GRC, which as the next section explains, can be quantified to better understand the benefit to your organization.
“Following the financial collapse in 2008, with product recalls, health and safety disasters,
security breaches, and other disastrous risk
events in the mix, we've reached an
environment where organizations without
formal compliance and risk management
functions may fairly be considered
irresponsible.”
“The compliance function has garnered even more attention,
with colossal new regulations causing
difficulties for companies in more
industries around the world. In fact, when
Forrester asked more than 1,800 business
decision-makers from enterprises around the world to list their most important concern, a
full 25% of respondents said increasing
regulations is a critical issue.”
(Forrester 2012)
of companies are concerned with their ability to adapt to changing regulatory requirements and the flexibility of their current system to adapt to these changes. (Ernst & Young 2014)
78%
The Importance of GRC.
3©2015 Resolver Inc. All Rights Reserved.
ROI Analysis.GRC implementations vary considerably across industries and businesses, but there are agreed
commonalities in the value achieved.
We have chosen to base our analysis on a large global corporation. Outlined below are key size
metrics, which provide a context to the savings figures outlined in the ROI analysis:
Area of operation Global
Number of employees 60,000
Annual revenue $35 billion
Total assets $18 billion
Business units 40 units
(2-5 processes/business unit)
Controls per process 8-10
Full Time Employee (FTE) Rate
(fully loaded cost includes benefits and other resources
required for FTE employment).
$120,000 salary* or $60/hour**
This business case provides a summary of all benefits realized using a comprehensive, integrated
GRC platform. When you partner with Resolver, you get access to a comprehensive, integrated and
readily expandable platform: GRC Cloud. Thus, we chose to base our analysis on the benefits of
using a software like ours. Further, we have found that a more comprehensive GRC platform
provides a higher ROI.
It should be noted, however, that implementing one GRC area can provide similar benefits but at a
smaller scale. In fact, many of our clients begin by implementing one area of GRC, such as Internal
Control, and then expand to implement other programs as they realize the value of a GRC platform
and as their business needs grow.
In this case, our sample client’s GRC platform supports the following programs: Compliance,
Internal Control, Issue Management, Risk Management and Audit.
*Salaries can vary but the salary number used in this business case is conservative based on comparable ROI studies involving GRC solutions.**$120,000 annual salary converted to an hourly cost
4©2015 Resolver Inc. All Rights Reserved.
*Estimated hourly cost for a non-manager plant employee
Implementation-Based ROI.
1.1 Extended leverage beyond core users.A more efficient tool’s benefits are not limited to the employees administering the organization’s GRC initiatives, but extend to all employees that interact with the software. The following table breaks down the additional benefits of GRC software in the context of a global compliance employee training initiative:
Number of employees required to attend
training.
Estimated at 15,000 employees.
Time saved by using an online repository with
individual user login access instead of a manual
process. The result being employees are able
to complete training at any time by submitting
their work online through a single click.
0.5 hours saved per employee (per training
initiative)
Time Saved (hours) = 15,000 X 0.5
= 7,500 hours
Savings ($) as function of time saved (hours)
and the cost ($) of a fully loaded plant
employee at $30/hour*
Savings ($) = 7,500 X $30
= $225,000
Time saved, at 20 hours per training initiative,
across 300 managers. This benefit is a result of
identifying and enforcing gaps (non-compliant
employees) through reporting and
notifications in the system.
The savings to the company is calculated as a
function of time saved (hours) and an hourly
rate of a manager at $60/hour.
Time Saved (hours) = 20 hours x 300 managers
= 6000 hours
Savings ($) = 6,000hrs X $60/hour
= $360K
Total Employee Time Saved 7,500 plant employee hours
6,000 manager hours
Total Efficiency Savings On Worker Compliance
Program
$225,000 + $ $360,000 =
$585,000
Implementation-based ROI covers the benefits of a GRC software solution and the gains realized by the business as a result of those benefits. Implementation-based ROI is broken down into six areas. Each area explains the benefit and provides the full calculations of the quantifiable benefits.
5©2015 Resolver Inc. All Rights Reserved.
Number of processes within the company 100 processes
Risk/Control framework change occurs and the following three areas of manual documentation must be updated:
• Process Risk & Control Matrix (4hrs)• Issue Log (4hrs)• Testing Workpaper (4hrs)
Time saved for each process is the summation of these three areas.
Savings ($) = total time saved using a central repository x number of processes x FTE rate
Time Saved (hours) = 4 + 4 + 4 = 12 hours
Savings ($) = 12 hours x 100 processes x $60/hour = $72,000
Typical number of changes to framework
risks/controls during the year per process
5 changes
Total Employee Time Saved Time Saved (hours) = 12 hours x 100 processes x 5 framework changes=6,000 hours
Total Savings Through Efficient ICFR Framework
Management
Savings ($) = 6,000 hours x $60/hour= $360,000
By organizing Risks and Controls centrally, it is
possible to link controls that span multiple risks
across different business functions. The result is a
lean list of controls, which requires less time to
document, maintain, execute and test.
Number of controls within the company 2,000 controls
Control testing overlap identification 30%
Amount of time required to document,
maintain, execute and test
8 hours per control
Time saved on control assessments Time Saved (hours) = 600 controls x 8 hours
testing
= 4,800 hours
Total Employee Time Saved 4,800 hours
Control assessments efficiency gained 4,800 hours x $60 = $288,000
1.3 Control rationalization.
By eliminating disconnected repositories that previously handled ICFR/SOX processes, the client is
now able to make changes to an existing risk or control and instantly see the changes propagate
throughout the system where desired. The savings resulting from the elimination of
redundant/repetitive work is illustrated below:
1.2 Elimination of duplicate effort.
6©2015 Resolver Inc. All Rights Reserved.
Data aggregation, analytics and reporting is where your company can realize the largest efficiency
improvement. Without the use of a central database and reporting tools, producing reports for
management and board level audiences is an extremely arduous and time consuming process.
Using a central database and advanced analytics and reporting tools eliminates susceptibility to
error and omission during manual data aggregation and enables you to generate accurate,
insightful and actionable reports in seconds.
Auditing functions previously handled exclusively by external sources can now be completed by
internal resources. Savings are also realized in regulatory compliance through the time saved in
producing the required documentation.
Access control review external audit hours 500 hours
Configuration control review external audit hours 500 hours
Standard external audit hourly cost $350/hour
Scope of work handled by the external auditors prior to a
GRC solution
100%
Access control review audit time savings 67%
Configuration control review audit time savings 65%
Total savings as a result of reduced work required by the
external auditors. As a function, total savings is made up of
the costs saved from the above audit time savings.
Total Savings ($) = 0.67x500 +
0.65x500
= 117,250 + 113,750
= $231,000
Total billable hours saved 335 + 325 = 660 hours
Total savings on external audit cost $231,000
1.4 Reduction of external resource requirements.
1.5 Efficient data aggregation, analysis and reporting.
7©2015 Resolver Inc. All Rights Reserved.
Combined, an issue tracking environment and escalation workflow engine result in issues being
resolved quicker. Further, a central repository prevents the duplication of work by addressing
duplicate issues tracked in the system
Cost of a Full Time Employee (FTE)
responsible for issue tracking and issue
remediation
1 FTE at $120,000/year (fully loaded employee
cost)
Issue remediation savings due to minimal
duplication in issue tracking is calculated at
30%.
Time Saved (hours) = 2000 hours per year (38.5
hours per week) x 0.3
= 600 hours
Total Employee Time Saved 600 hours
Annual savings as a result of time savings $36,000
1.6 Optimized issue tracking and resolution.
Busy Employee Clicks Link in Email
Easily Inputs Data
Done
Number of reports generated per year Total reports (#) = 1 (annual) + 4 (quarterly) + 12
(monthly) + 25 (ad hoc reporting requests)
= 42 reports
Time to prepare a single report before GRC
solution
40 hours
Functions requiring reports Functions (#) = Compliance + ICFR/SOX + Issue
Tracking + Audit + Risk
= 5 functions
Reporting generation efficiency achieved is
calculated at 88% (as seen in our clients).
Time saved (hours) = number of reports x hours
per report x number of functions x efficiency
improvement (%)
= 42 x 40 x 5 x 0.88
= 8400 hours x 0.88
= 7392 hours
Total Employee Time Saved 7392 hours
Report generation cost savings per year $443,520
8©2015 Resolver Inc. All Rights Reserved.
Procurement-Based ROI.The “Agile Software Selection Approach” developed by Forrester® allows clients to minimize costs from the moment the need is identified all the way through to the GRC solution being fully implemented. The following key concepts govern the Agile Procurement Approach:
• Cost-effectiveness: Procurement costs minimization by not issuing an RFP. • Visibility across vendors: Innovative vendors are encouraged to showcase their
groundbreaking solutions• Configurability: Focus is shifted from rigid RFP requirements and replaced by an
emphasis of the system possessing a robust configuration layer at the end user level• Risk Mitigation: Mitigating risk of unsuitable vendor selection during the procurement
process via: • Proof of concept demonstrations• Pilot programs and soft launches
• Adaptability: Ease of expansion to handle new functionality within the realm of GRC (non-modular framework)
The Agile Procurement approach breaks down the process into stages. The concepts noted above are inherent in each of the stages and are the basis for the benefits derived. This section outlines the applicable costs and savings realized in each stage of a typical procurement process, however a more in-depth analysis and explanation of the financial numbers can be found in the “Procurement Cost Analysis Diagram” in Appendix I.
Resolver’s support of the “Agile Software Selection Approach,” offers a more efficient software procurement approach when compared the onerous nature of a traditional RFP procurement process.
2.1 Cost-effective procurement.
Total time needed to complete the RFP
procurement process
(This excludes any time it takes to implement
the solution)
12 to 36 months
(The duration range is dictated by the size of the
purchasing entity)
Total costs associated with a traditional RFP
procurement methodology
(This cost does not include and
licensing/configuration costs for the selected
solution)
$300,000 to $440,000
(The range depends on the size and complexity
of the purchasing entity)
Applicable range to our case study Our client is a multi-national corporation with
over 100 thousand employees, therefore the
complexity and size of the organization dictates
the top level of the procurement cost range of
$440,000.
Total cost savings as a result of using the
Agile Software Selection Approach $440,000
***See Appendix I for a detailed breakdown of the costs
9©2015 Resolver Inc. All Rights Reserved.
Most GRC solutions are modular, meaning that expansion into new areas of GRC requires the
purchase of additional modules. Choosing a non-modular solution, like GRC Cloud, provides the
client with the necessary features to expand into any additional area of GRC without needing to
purchase and implement additional software. The only costs of expansion are additional licenses
for new users and cost of configuration.
Initial implementation ICFR/SOX
Strategic decision made to manage a new
aspect of GRC
Client would like to configure the system to
handle Compliance in addition to SOX
Extra software functionality purchased and
implemented through a new vendor
$100,000 to $500,000
Size of the enterprise dictates the maximum cost
of $500,000
Cloud configuration cost and extra licenses $25,000 to $100,000
Size of the enterprise, again, dictates the
maximum cost of $100,000
Savings from not purchasing additional
modules to handle new GRC area
Savings ($) = $500,000-$100,000
= $400,000
2.2 Ease of expansion into new GRC areas.
10
***See Appendix I for a detailed breakdown of the costs
©2015 Resolver Inc. All Rights Reserved.
The traditional RFP procurement process might discourage the right vendor from participating. This can result in the buyer picking from a list of inadequate software vendors.
A traditional RFP procurement process can discourage vendors for the following reasons: • A very high cost of sales and time commitment for the prospective vendors• An internal policy where the VP of Sales does not accept RFP bids• The bandwidth or resources are not available and the vendor declines participation• The perception of low odds, despite having the qualifications and available resources
to respond to an RFP
The nature of the Agile Software Selection Approach removes the possibility of qualified vendors opting out of the procurement process.
The largest reason for issuing an RFP is ensuring the solution meets the needs of the buyer. To mitigate the sunk costs of a solution not meeting the needs of the buyer after the vendor has been chosen, the client can use pilot programs or soft launches. By avoiding the costly traditional RFP procurement process and starting with pilot programs/soft launches the following sunk costs can be avoided should the solution not perform as expected.
Cost of failed RFP procurement process $440,000
Licensing fees and FULL
implementation/configuration
$100,000 to $500,000
Cost of failed pilot program/soft launch
(Agile Software Selection Approach)
$50,000 to $100,000
Total sunk cost of abandoning implemented
solution
Total sunk cost ($) = $440,000 + $500,000 -
$100,000
= $840,000
2.3 Vendor encouragement.
***See Appendix I for a detailed breakdown of the costs*See Bombardier case study
A solution that allows for robust end-user configuration mitigates any emerging requirements
not accounted for in the procurement process. A traditional RFP process attempts to capture a
complete list of current and anticipated future requirements, but in reality there are often factors
that have not been documented or properly communicated. It is also very common for business
needs to evolve by the time the lengthy procurement process has completed. The ability for an
end user to configure system workflows and attributes related to the data objects are key factors
why a GRC solution should be aligned with the business needs of the client. Leveraging a study
conducted by Bombardier, we estimate the typical cost to re-work a very rigid software solution
for our example organization..
GRC software total costs for a global enterprise
(licenses and implementation)
$500,000
Costs associated with scope changes during implementation Cost ($) = $500,000 x 0.1*
= $50,000
Cost savings by the application administrator modifying the
application at the configuration layer $50,000
2.4 End-user configurability and flexibility.
11
***See Appendix I for a detailed breakdown of the costs
©2015 Resolver Inc. All Rights Reserved.
ROI Calculation.ROI Category # Benefit Savings
Implementation Based ROI 1.1 Extended leverage beyond core users. $585,000
Implementation Based ROI 1.2 Elimination of duplicate effort. $360,000
Implementation Based ROI 1.3 Control rationalization. $288,000
Implementation Based ROI 1.4 Reduction of external resource
requirements
$231,000
Implementation Based ROI 1.5 Efficient data aggregation, analysis and
reporting.
$443,520
Implementation Based ROI 1.6 Optimized issue tracking and resolution. $36,000
Procurement Based ROI 2.1 Cost-effective procurement. $440,000
Procurement Based ROI 2.2 Ease of expansion into new GRC areas. $400,000
Procurement Based ROI 2.3 Vendor encouragement. $840,000
Procurement Based ROI 2.4 End-user configurability and flexibility. $50,000
Total Benefit $3,673,520*All financial benefits are fully realized over a period of 3 years.**Cost savings are calculated using a conservative Full Time Employee (FTE) rate of $120,000 salary or $60.00 per hour
Total costs associated with GRC Solution
(licensing and implementation)
$500,000
Implementation Based Benefits $1,943,520
Procurement Based Benefits $1,730,000
Total Benefits $3,673,520
Return on Investment (ROI) 634 %
Payback Period 1 to 2 years
Time to Full ROI Realization 3 years
ROI as a percent(%) of total costs.
12©2015 Resolver Inc. All Rights Reserved.
Conclusion.For a large global organization that implements a comprehensive GRC platform across their organization their Return on Investment (ROI), a combination of implementation-based benefits and procurement-based benefits, is calculated at 634% of their total cost of licensing and implementing a GRC solution.
Implementation-based ROI refers to the benefits of a GRC software solution and the gains realized by this business as a result of those benefits. Implementation-based ROI was broken down into the following six sub-categories: extended leverage beyond core users, elimination of duplicate efforts, control rationalization, reduction of external resource requirements, efficient data aggregation, analysis and reporting, and optimized issue tracking and resolution. The total implementation-based ROI for our example client was $1,943,520, or 389% of total costs.
Procurement-based ROI refers to the efficiencies gained from an Agile Procurement Process. Similar to implementation-based ROI, procurement-based ROI is broken down into the following four sub-categories: cost-effective procurement, ease of expansion into new GRC areas, vendor encouragement and end-user configurability. The total procurement-based ROI for our example client was $1,730,000, or 346% of total costs.
While there are other resources available that describe the qualitative benefits of GRC software, this business case focused exclusively on formulating quantitative figures that outline a tangible monetary benefit to make the case for implementing GRC software in your organization.
It is important to note that the scale of your organization and the extent of the implementation and adoption may result in different ROI results than what was outlined in our business case. These numbers are meant to serve as a baseline and the transparent benefit calculation can be leveraged to create your own calculations. For example, if your organization is smaller than the multi-national organization in our example, your benefit figures as well as your costs will also be smaller.
Resolver often recommends starting out with a specific area, and once implemented moving to the next area. We often borrow the phrase:
“Every journey starts with a single step.” – Confucius
Starting out and focusing on one area of GRC greatly helps the success of your program as a whole and increases adoptability with each implementation success. Resolver’s innovative use of a non-modular and highly configurable architecture makes this process painless and very cost effective.
13©2015 Resolver Inc. All Rights Reserved.
Resolver is a global leader in audit, risk and compliance software with more than 400 clients across 40 countries. Our clients include
some of the world’s most recognizable brands, government agencies and 9 of the top 10 global accounting firms.
Who We Are.
What We Believe.At Resolver, we believe that audit, risk and compliance drive
performance. We believe that if done effectively, audit, risk and compliance help you operate legally and ethically, minimize fraud and promote efficiency. They align disparate organizational units and focus them on what matters most: your strategic objectives.
They protect your company’s assets, employees and stakeholders. Most importantly, they enable value creation today, while mitigating
the problems of tomorrow.
What We Do.For over a decade, Resolver has helped businesses drive
performance through Intelligent Audit, Risk & Compliance software. Our platform helps you identify the biggest risks to success and
coordinate assurance, compliance and risk activities. It provides oversight and transparency, and promotes accountability. It delivers
a reliable, secure system of record, enabling you to know what’s working and what’s not, where your gaps are, and what you are doing about them. It has the right combination of simplicity and
complexity to enable your business at any stage of maturity to grow, expand and reach your full potential.
©2015 Resolver Inc. All Rights Reserved.
resolverGRC.com | [email protected] | 1-888-891-5500
Contact Us.
Works Cited.Claude Y. Laporte. (2012). Measuring the Cost of Software Quality of a Large Software Project
at Bombardier Transportation: A Case Study. Retrieved on February, 2015, from
http://www.etsmtl.ca/Professeurs/claporte/documents/publications/Project-at-bombardier-
transportation_SQP_June-2012.pdf
Ernst & Young. (2014). Improve your business performance: Transform your governance, risk
and compliance program. Retrieved February, 2015, from
http://www.ey.com/Publication/vwLUAssets/EY-improve-your-business-performance/$FILE/EY-
transform-your-grc-program.pdf
Forrester. (2014). Build the Business Case for GRC. Retrieved February, 2015, from
http://www.forrester.com/Build+The+Business+Case+For+A+GRC+Platform/fulltext/-/E-
RES56677?objectid=RES56677
Harvard Business School. (2013). HBR Guide to Building Your Business Case. Retrieved February,
2015, from http://hbr.org/product/hbr-guide-to-building-your-business-case-ebook-
tools/an/16980E-KND-ENG
Michael Rasmussen. (2011). The ROI on GRC. Retrieved February, 2015, from
http://www.fiercecfo.com/story/big-issue-roi-grc/2011-10-27
Paul D. Hamerman. (2014). Choose Your Business Applications Using An Agile Software Selection
Approach. Retrieved February, 2015, from
http://www.forrester.com/Rightsource+Your+Business+Applications+Using+An+Agile+Software
+Selection+Approach/fulltext/-/E-RES88121
15©2015 Resolver Inc. All Rights Reserved.
Appendix I.Phase Vendo
rsWorkflow Cost Calculation Top 5 inherent risks:
1) During the RFO preparation, software bloat can result in a lot of ‘nice to have’ features that obscure core functionality. A typical budget for an enterprise software solution is an expensive, one-time expenditure which results in the client trying to address all possible future needs in the RFP requirements. This results in 80% of users using only 20% of the features within the application (80/20 rule).
2) High variability of cost and time based on: the complexity of the requirements, corporate procedures/policies and employee availability. All of these factors result in a much more expensive and longer procurement process than originally anticipated.
3) The probability of executive sponsor interest loss and/or funding loss increases as time and costs accumulate during the procurement process. Sunk costs and solution abandonment are inevitable when interest or funding are lost.
4) Scope creep is created by late entrant stakeholders (often coming from various functional areas) becoming involved in the procurement process. Scope creep aggravates risks 2&3 when these new entrants voice their needs for the software.
5) The core day-to-day job responsibilities of the personnel involved in the procurement project take precedence and as a result delay the benefits and ROI of the eventual software solution. This results in frustration of the business units in need of the solution and creates executive sponsor doubt.
Res
earc
h(6
mo
nth
s)
10-20 1) Evaluation of purchasing the solution vs. using internal resources to create a solution. 80 hours x $60 FTE = $50002) Market research performed and a “long list” of vendors developed. 160 hours x $60 FTE = $9000
$14,000 $20,000*Cost variance based on size and complexity of the organization and software complexity
RFI
(o
pti
on
al)
(3 m
on
ths)
10 1) The RFI is less retailed than the RFP and it outlines the various high level goals to be accomplished by the enterprise software solution. 50 hours x $60 FTE x 5 people = $15,000
$15,000 $20,000
RFP
(2
-21
mo
nth
s)
3-8 1) High level demos attended by senior personnel within the purchasing organization. 2 hours x $60 FTE x 8 people x 3-8 demos = $70002) Analysis of results from demos 8 hours x $60 FTE x 8 people = $4000 3) Committee to create, draft and review the RFP document. (3-6 months). A formal process around the internal requirements gathering precedes the creation of the RFP. (6 months)200 hours x $60 FTE x 5 people = $60,000 4) A large accounting firm often used as a consultant to help with RFP preparation and/or review$35,000 - $110,000 (depending on the extent of the scope on the consulting agreement)5) Corporate policy needs to be developed (if not already in place) to ensure fair bid process. 80 hours x $60 FTE x 2 people (legal/HR) = $10,000 6) Designated point of contact required to answer questions in standardized/fair methodology and according to corporate policy. 80 hours x $60 FTE = $5000
$200,000 $260,000
Ven
do
r D
emo
s(2
mo
nth
s)
1-5 1) In-depth demos require sample data to be provided to the vendors. Data must be exported and scrubbed to remove any proprietary/sensitive information. 80 hours x $60 FTE x 2 people = $10,0002) Detailed demos attended by staff which will be directly involved with the software implementation. (Directors, Managers, Senior Staff)8 hours x $60 FTE x 8 people x 1-5 demos = $19,0003) Analysis of results. 16 hours x $60 FTE x 8 people = $8,000
$35,000 $50,000
Fin
al D
emo
(1
mo
nth
)
1-3 1) Final demos attended by executive sponsors once all the ground work has been done by the project committee. Final assessment of the solution is performed and executive buy-in is established. 8 hours x $60 FTE x 6 people x 1-3 demos = $6000
$6000 - $10,000
Aw
ard
of
bu
sin
ess
(1-1
2 m
on
ths)
1 1) Price negotiation and license counts 40 hours x $60 FTE x 2-3 people (Director/IT/Finance/ProcurementDept.) = $70002) Contract legal terms negotiation40 hours x $400/hour legal rate = $16,0003) Statement of work (SOW)16 hours x $60 FTE x 4 people (Director/Manager, Senior employees) = $40004) Technical IT requirements/questionnaire20 hours x $60 FTE x 2 people (IT) = $2000
$30,000 $80,000
12-36 months Time and cost before purchasing enterprise solution $300,000 - $440,000
Res
olv
er G
RC
Clo
ud
A
dva
nta
ge
Choosing GRC Cloud vs. engaging in the procurement process provides: 1) Instant savings on the purchase cost of the software solution (GRC Cloud is not modular and all required functionality is already available to the client)2) Greater ROI on the initial purchase of GRC Cloud and exponential benefit realization with each additional business functionality incorporated into GRC Cloud. [$100,000 + $300,000 - $25,000] to [$500,000 + $440,000 - $100,000]
$375,000 $840,000 in total cost savings (The range relates to the degree of complexity and the cost of the new software implemented)
Needs identification
Research vendors
Long List of Vendors created
Internal Req. gathering RFI Creation &
Distribution Evaluate responses &
Refine Vendor list
Intro/high-level demos
In-depth internal req.
gathering
Consultant hired for RFP Review
RFP Creation & Distribution
Corp. Policies developed
Clarification of Vendor
Questions
Evaluation of RFP Responses
Vendor short list created
Prepare and share ‘dummy
data’ with vendors
Detailed (Full Day) demos –validation of
responses
Analysis of results
Final demos to Exec Sponsors
Analysis & Vendor chosen
(Informal Award of Business
Price Negotiations & License Counts
Contract Terms (Legal)
Statement of Work Developed
IT Coordination
Purchase new software or
use GRC Cloud
New Software: Software licensing, Implementation & Configuration cost
$100,000 - $500,000
Continue using GRC Cloud: Extra licenses
& internal configuration
$100,000 - $500,000
©2015 Resolver Inc. All Rights Reserved.
