As financial institutions increasingly turn to software-as-a-service vendors in order to boost productivity and deal with risks, it turns out that SaaS companies themselves must deal with very similar risks, according to a report by Grant Thornton LLP’s Software practice.

SaaS companies, it found, face risks in three primary areas:

Financial risk—Intense competition and maintaining adequate capital for growth and development threaten to sap capital. SaaS companies also face unique financial risks—most notably how to develop sustainable revenue- and sales-generation business models.

Operational risk—SaaS services require 24/7 operability backed by vigilant observation and the execution of highly effective business continuity plans. Data management, scalability, and security protocols are critical for future success.

Compliance risk—Complex domestic and global compliance requirements, often too complex for most organizations to understand or manage on their own, are a formidable challenge. The importance of using critical control and efficiency practices, such as SSAE 16 audits (formerly known as SAS 70 audits), ISO certifications, SysTrust audits and other standard compliance tools cannot be overlooked. Implementing the right set of compliance controls can not only help providers meet regulatory standards, but also improve organizational efficiency, internal controls, and enhance market credibility.

“As the SaaS segment has evolved, so too have the challenges, opportunities, and risks. It is imperative that SaaS providers address internal risk management practices and standardize compliance processes if they want to continue innovating, succeed, build credibility, and capitalize on the demand for ground-breaking enterprise and cloud computing applications,” said Cal Hackeman, national managing partner of Grant Thornton's Technology Industry Practice.

A fast-growing technology sector, SaaS is populated by a large number of businesses offering a wide range of hosted software services. THINKstrategies’ Cloud Computing Showplace, for instance, counts more than 1,300 cloud computing vendors, including SaaS providers, operating in more than 80 application and industry segments (the lack of a clear set of criteria to define SaaS has contributed to increased competition).

The number of pure-play companies in the space, meanwhile, is only increasing while major technology businesses such as Microsoft, Oracle, and SAP are building out their SaaS offerings.

“SaaS providers have strong growth possibilities in front of them but CEOs, board members, and other C-suite executives must keep their eye on the ball when it comes to managing risk if they want to grow and achieve consistent profitability in today’s rapidly evolving technological landscape,” said the report’s author, Ralph Nefdt. “New challenges, such as high-speed change and the need for continuous innovation, among other factors, pose significant threats to SaaS companies.”

The report was derived from a survey of 121 technology professionals at U.S.-based and global businesses, spread between traditional software vendors, pure-play SaaS companies, sub-$50 million revenue businesses, and even some with less than $1 million in annual sales. Fifty-five percent of respondents were composed of corporate executives such as CEOs, CFOs, and CIOs.

The survey found that 63% of respondents thought that the SaaS sector needed to improve its credibility, and 34% indicated that SaaS compliance management systems are no better or worse than compliance systems associated with in-house applications. Likewise, 38% thought that SaaS risk management practices are no better or are worse than those associated with in-house systems.

 

Click here for more info.