ESTMA – Reporting obligation for Canadian extractive sector
March 17, 2016
An HSE solution for Lerala Diamond Mine
March 30, 2016

So, should an organization design and develop its own custom applications that address its specific business needs­ software – such as Governance, Risk and Compliance (GRC) – (Build), or should it purchase a pre-made package from an outside software firm (Buy)?

To build or buy your GRC system?

A percentage of the population has always prescribed to the adage, “If you want something done right, you might as well do it yourself.” But that attitude is no longer so defensible. Market pressures are forcing industries to deliver new and improved products and services more quickly than ever.

In the resulting competitive environment, complex, enterprise-wide software systems are playing key roles in organisational strategy. So, should an organisation design and develop its own custom applications that address its specific business needs­ software – such as Governance, Risk and Compliance (GRC) – (Build), or should it purchase a pre-made package from an outside software firm (Buy)?

Here is a high level compilation of some advantages and disadvantages of both the Build and the Buy approach.

The Build approach

The temptation for an organisation to build its own software package is strong and, at times, justified. The decision of whether to build or buy a software package comes down to three key points:

  1. What is the nature of the problem and the complexity of application to be built?
  2. Does the organisation have the expert resources to build and support the application over time?
  3. Is there time to build and support the application?

Advantages of Building

  • complete control
  • tailored to unique business needs
  • ownership of the software code.

Disadvantages of Building

  • development time
  • resources needed for on going training and support efforts over the life of the built application, not just the initial implementation
  • difficulty to stay current: the software application designed to meet a need today may be out of date in just a few years or less
  • difficulty to produce a superior product in term of competitive functionalities.

One risk to consider

  • Turnover: If the organisation’s software developer leaves the company, who supports the application

The Buy approach

While an organisation may understand its business needs better than anyone else does, very few problems are truly unique. Purchasing software from a proven and focused-in-your-industry outside vendor provides a base of expertise for solving business issues. Rather than reinventing the wheel, an organisation can take advantage of the lessons learned from other companies within your industry that faced similar challenges.

Advantages of Buying

  • ready-made solution
  • thousands of hours of research and development saved
  • fewer “bugs”
  • expert support and training
  • functionality continuously enhanced through customer input.

Disadvantages of Buying

  • vendor retains rights to the code
  • product functionality determined by vendor
  • reliance on vendor’s technical support to resolve issues.

One risk to consider

  • Risk of single purpose applications: There is a huge problem in the industry with applications that are built for a single purpose. While these purpose-built applications are faster and cheaper to deploy up front, they are often rigid and hard to evolve as the market changes.

An alternative solution

In the end it is possible to attain the best of both options: Buy a tailorable industry-targeted solution, built on industry best practices, from an outside firm. The integration of best practices within software development is about not “re-inventing the wheel,” but implementing that which has been proven to work.

Developing and supporting enterprise-wide quality and compliance or GRC systems happens to be IsoMetrix’s business. We would like to take the burden of quality and compliance off your hands and make it our job, so you have time to do yours – better than ever before.

About IsoMetrix

IsoMetrix is a leading South African-based supplier of integrated GRC management software.  IsoMetrix is an agile application, thus its business model is to customise its solution to match its client processes and procedures. IsoMetrix even allows you to create your own solution.  Isometrix has a global footprint with more than 40 000 users.


  • Build or Buy: Assessing the Gaps, Risks & Opportunities – Channel Wave Whitepaper
  • An Investigation of ‘Build vs. Buy’ Decision for Software Acquisition by Small to Medium Enterprises – Farhad Daneshgar, Lugkana Worasinchai and Graham Low
  • To Build or Buy? A Question of Application Development for Compliance and Quality Systems – Cincom Whitepaper