Your Next GRC Solution: Why Ease-of-Use is Essential
Top GRC pundit Michael Rasmussen’s 2019 GRC Market Analysis, Trends, Sizing, Forecasting & Segmentation identified that the topmost criterion when buying a GRC solution is ease of use.
This is because, typically, the user experience for these solutions is poor, resulting in time-consuming processes and a lack of buy-in from stakeholders across the whole business.
In this series of blogs, we’re going to focus on and explore five of the core areas where it’s important that a policy management software tool delivers ease of use.
So what constitutes “ease of use”?
But before we explore these five core areas in detail, what do we mean when we say “ease of use”? The International Organization for Standardization (ISO) standard 9241 provides a definition of “usability”:
“The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use.”
Yes, it’s about the amount of effort required to use the tool, but it’s also about how easily the tool can be incorporated into the organisation and used alongside existing tools. It is also important to not forget about the ease of doing business with the vendor.
Measuring the value of GRC engagement
Michael Rasmussen measures the value of GRC engagement around the elements of efficiency, effectiveness and agility. Let’s take a look at these three elements in a little more detail:
- Efficient: How much time, clicks, or page views does it take to complete routine tasks? The solution should provide the right information, at the right time, to the right employees, in a simple and intuitive format.
- Effective: How accurately can tasks be completed? You need to make sure that your employees understand the organisation’s policies and easily identify if there are any possible areas of concern (for example, a lack of sign-up to a particular policy). You also need to ensure that these policies are monitored and managed across all levels of the business. This results in improving compliance and reducing risk across the organisation.
- Agile: How quickly can you respond to a change in the organisation? You need a tool that can easily change with you, whether that is advising employees on an amended regulation or expanding the use of solution.
The five core areas for ease of use
So, in this series of articles, we’re going to focus on the following five core areas for ease of use when choosing a policy management solution:
- Ease of Use for End Users: Your employees need to be able to access policy information as quickly and easily as possible, whilst understanding if any action is required, such as attestation.
- Ease of Use for Policy Owner & Administrators: They need a tool that’s simple to use when it is time for them to review a policy, and to ensure all stakeholders can easily take part in the review process.
- Ease of Training: It is important to implement a system that requires minimal training so you can be up and running as soon as possible.
- Ease of Deployment: In order to get buy-in across the organisation, your policy management solution should be quick to deploy so employees are using it within weeks of purchase – not months (or even years).
- Ease of Ongoing Development: You need your policy owners and administrators to be able to manage the system from day one, configuring and maintaining it without having to ask for vendor assistance.
Implementing a policy management tool requires everyone across your organisation to make a change to current behaviour and habits. Anything you can do to make this easier can only result in a positive reaction to this change and buy-in from all stakeholders. Employees need to be engaged with the software, not frustrated, otherwise you’re only introducing more risk to the organisation by relying on a tool that isn’t delivering the required results.
Starting off next week with Ease of Use for End Users, we’re going to explore why making policy management as intuitive and effortless as possible for your employees is imperative when evaluating and then implementing a solution.