We all know there are numerous benefits to having an audit management software solution in place. If you’re considering a new system to help manage your audit, risk and compliance projects, these are the key areas you should consider addressing within your organization when purchasing software.
Is a request for proposal needed?
A request for proposal (RFP) is a document that an organization requests to elicit bids from potential vendors in order to procure a product/service through a responding business proposal. Does your organization require vendors to submit a formal RFP? If so, what are the proposal requirements and the timeframe by which a vendor needs to respond by?
There are varied levels of RFPs:
Who are the stakeholders involved?
Larger organizations tend to have a higher departmental approval threshold for software purchases. Often, if the value exceeds US$100,000, the process typically requires purchase transactions to be facilitated by a purchasing committee.
When it comes to introducing new technologies, it’s best to involve IT in the early decision making stages. Begin developing your relationship with IT to understand how their decision fits within the organization and the type of influence they’ll ultimately have on the purchase.
Software as a Service (SaaS) purchase (ACL GRC)
Once you’ve selected audit management solution, your legal team will likely be interested in reviewing the contract’s terms and conditions. Find out how much time is required for the full process from submission to approval. Also, inquire when the best time is to submit a review request to get it in the queue faster.
Ownership of and access to/use of customer data
Who owns your data? It’s a question we often hear. With ACL GRC, customers have complete control of all data that goes into the service, and the GRC Terms further provide that ACL will not:
a) Modify customer data
b) Disclose customer data, except as expressly permitted in this agreement or by [customer] in writing
c) Access customer data, except to provide the service and to prevent or address service or technical problems
(Source: ACL Blog)