From Software Vendor to Trusted Advisors
During the start of our projects, typically called scoping, we have very elaborate discussions with our customers on the goals of the project. The typical goals stated by our project sponsors are:
- install and run the BWise software
- provide consistent and substantive reporting on Operational Risks
- educate and train the users to be self sufficient in using, running and operating the BWise application
Although often pursued, the picture above shows an impossible path. Ambition and current Maturity need to be aligned. The success of our implementation depends highly on the maturity of the customer. Think big, start small and grow. Keep it stupid simple. Shoot for the moon and you'll land a star. There are many more of these sayings but the message is always the same and a very valid one: Do not bite of more than you can chew! Maturity doesn't come with installing a software solution, it comes by organizational education, change and adapting evolved GRC processes and procedures.
During scoping we have discussions with our customers about the time, resources and throughput time of our project. Something every vendor has to withstand during projects. Many forget that it is not just 'an implementation'. It involves organisational change, people, education and 'learning' in many cases. These are factors we can help with but our software doesn't eliminate them and it's something every customer HAS to go through. Our software can perfectly support your GRC initiatives, but there has to be something to 'support' ;)
That being said, challenge us, discuss with us and see our implementations not as hit and run projects, but as a partnership in evolving both your internal processes, your people and our software. Envision our consultants as Trusted Advisors and make efficient use of their experiences. Most of our implementations nowadays have project plans like they used to, but we now add distinct phases if we think the customer would benefit from a phased approach. Each phases has time in between and states explicit goals in where to start, where it ends and what are the 'simple' steps towards a mature ERM, ORM or other initiative with sufficient time in between to change, educate and get used to a new way of working.
Unless ofcourse you already know what you want, you're already doing it and there is nothing to learn (and for some reason, GRC, laws and regulations stop changing :)). Which is very rare. So partner up with our consultants and live by the words of Socrates: "the more you know, the more you do not know, that you know, you do not know". Use our experiences and best practices. Challenge us as we know we don't know....