The Risk Wheelhouse
The Risk Wheelhouse is designed to explore how RiskTech is transforming the way companies approach risk management today and into the future. The podcast aims to provide listeners with valuable insights into integrated risk management (IRM) practices and emerging technologies. Each episode will feature a "Deep Dive" into specific topics or research reports developed by Wheelhouse Advisors, helping listeners navigate the complexities of the modern risk landscape.
The Risk Wheelhouse
S6E4: Avoiding The RiskTech Buyer Trap
Shiny demos are everywhere, but what if that “next-gen SaaS” risk platform is still a construction zone under the hood? We unpack the Risk Tech Buyer Trap and show how modern UIs and AI buzz can disguise where vendors really are on the path to true integration maturity. Our conversation breaks down a clear four-stage transformation sequence—SaaS foundation, experience reset, object model stabilization, and finally productized integration—so you can pinpoint a platform’s real readiness and avoid inheriting the vendor’s rebuild risk.
AI raises the stakes. As non-human identities proliferate and SaaS-to-SaaS connections multiply, trust becomes the new currency. We explore how data boundaries, continuous assurance, and identity governance reshape due diligence, and why vague claims about “secure cloud” and “powerful AI” no longer cut it. Using Archer’s Evolve journey as a transparent case study, we illustrate the signals of staged modernization and the common gap between marketing momentum and operational maturity.
You’ll leave with a practical toolkit: five red flags that reveal immature integration, and five killer questions that turn any demo into a real diligence session. This is about buying outcomes, not slideware—negotiating around proven patterns, aligning contracts to maturity milestones, and protecting your timeline and budget from hidden complexity. If you’re evaluating IRM, GRC, or risk analytics platforms, this guide helps you separate finished systems from roadmaps in disguise.
Enjoy the episode? Follow, share with your team, and leave a quick review to help more risk leaders find these insights.
Visit www.therisktechjournal.com and www.rtj-bridge.com to learn more about the topics discussed in today's episode.
Subscribe at Apple Podcasts, Spotify, or Amazon Music. Contact us directly at info@wheelhouseadvisors.com or visit us at LinkedIn or X.com.
Our YouTube channel also delivers fast, executive-ready insights on Integrated Risk Management. Explore short explainers, IRM Navigator research highlights, RiskTech Journal analysis, and conversations from The Risk Wheelhouse Podcast. We cover the issues that matter most to modern risk leaders. Every video is designed to sharpen decision making and strengthen resilience in a digital-first world. Subscribe at youtube.com/@WheelhouseAdv.
Hello and welcome back to the deep dive. I'm Ori Wellington, an analyst here at Wheelhouse Advisors.
Sam Jones:And I'm Sam Jones, also an analyst with Wheelhouse.
Ori Wellington:And you are listening to The Risk Wheelhouse, the place we break down, well, the complex and let's be honest, often very confusing world of integrated risk management or IRM.
Sam Jones:It's good to be back. And today we're diving into something that's uh really timely. It's a brand new article that just dropped last week, January 15th.
Ori Wellington:Written by our own founder and CEO, John A. Wheeler.
Sam Jones:Exactly. And for anyone listening who might be new to the IRM space, it's probably worth taking a second to establish why a new article from John is, you know, a big deal. Aaron Ross Powell Right.
Ori Wellington:He's not just the founder of our firm. His history in this industry goes way back.
Sam Jones:Aaron Ross Powell It really does. He's the analyst who actually coined the term integrated risk management back in 2016.
Ori Wellington:That was when he was leading the charge to get the industry to move beyond those uh clunky old school GRC technologies, right?
Sam Jones:That's the one. He saw that the legacy governance, risk, and compliance model just wasn't built for the modern digital business. And he really framed this whole shift towards IRM.
Ori Wellington:So when he writes about the state of the market a decade later, here in 2026, we should probably pay attention.
Sam Jones:We definitely should. The article is titled Navigating the Risk Tech Buyer Trap: SAWS versus integration maturity.
Ori Wellington:The trap. I like that. It sounds uh uh a little ominous.
Sam Jones:It is ominous because the trap is expensive and incredibly frustrating for anyone who gets caught in it.
Ori Wellington:Okay, so let's set the stage. What is the trap?
Sam Jones:Well, the core idea is this it's early 2026. The market is just it's flooded. Every vendor seems to be shouting about their next gen platform.
Ori Wellington:Oh, absolutely. You can't open an industry journal or go to a single conference without seeing next gen this or AI powered that. It's just a wall of noise.
Sam Jones:It is. And the trap is that buyers, you know, chief risk officers, CISOs, they're looking at these sleek new user interfaces and hearing about all the AI capabilities, and they're making a very dangerous assumption. They're assuming that because the software looks modern, it must be fully mature and integrated under the hood.
Ori Wellington:It looks like a brand new car, so the engine must be perfect.
Sam Jones:Exactly. But John's research suggests that a modern look in this particular market cycle often signals the exact opposite. It's a sign that a massive rebuild is currently in progress. Not that the product is finished and ready for seamless integration.
Ori Wellington:Okay, that's a huge disconnect. Because if I'm a buyer, that sleek new UI is a relief. I'm thinking, great, finally, something that doesn't look like it was designed in 1998. This is going to be easy to use, easy to integrate.
Sam Jones:And that feeling of relief is the bait. You're buying the promise of ease, but you might actually be signing a contract for a front row seat to their construction project.
Ori Wellington:A very expensive front row seat, I imagine.
Sam Jones:The most expensive.
Ori Wellington:Okay, before we get into the nuts and bolts of this, just a quick reminder for everyone listening. If you want to see the research we're talking about today, you can find more information at wheelhouseadvisors.com.
Sam Jones:And you can find this specific article at risktechjournal.com. That's our free standard publication. Great for keeping up with the latest trends in IRM.
Ori Wellington:And for the really serious practitioners out there, the people who need that deep granular analysis to justify a major purchase, or, frankly, to avoid a bad one, you'll want to subscribe to the RTJ Bridge.
Sam Jones:That's our premium research service. We publish in-depth notes every week that give you the kind of insight you'd expect from a high price subscription with a larger firm, but at a fraction of the cost. You can find that at rtj-bridge.com. That's rtj-bridge.com.
Ori Wellington:All right, so let's talk about the landscape. What is it about 2026 that's creating this trap right now?
Sam Jones:John's article calls it a visible transition cycle. And if you look at what the big established risk heck vendors are doing, you see three trends happening all at once. Okay. First, they're all rebranding their portfolios or trying to shed the old dusty product names and sound fresh and modern.
Ori Wellington:Trying to sound like they belong in the AI era.
Sam Jones:Precisely. Which brings us to number two. They are all introducing AI capabilities because, well, it's 2026. If you don't have an AI story, you basically don't have a product anymore. It's just table stakes.
Ori Wellington:You won't even get the meeting.
Sam Jones:You won't. And third, and this is really the critical part, they're all emphasizing SaaS first delivery. And just to be clear for everyone, that's S-A-A-S pronounced SAS.
Ori Wellington:Right. Software is a service. So rebranding, AI, and a move to a SaaS first model. On the surface, that all sounds like progress. It sounds like exactly what customers have been asking for.
Sam Jones:And it is progress. The problem isn't the technology. The problem is how the buyer interprets the timeline of that technology.
Ori Wellington:What do you mean?
Sam Jones:When a buyer sees a vendor announce a new SaaS First platform with a slick UI, they think, finally, this means near-term integration maturity.
Ori Wellington:I think SaaS equals plug and play.
Sam Jones:Exactly. They expect it to embed into their business operations faster to give them those integrated risk management outcomes right out of the box. They think the vendor has done all the hard work already.
Ori Wellington:But that's not the case.
Sam Jones:Not even close. There's a quote in the article I think is so important. John writes, that interpretation can be costly.
Ori Wellington:So why is it so costly? What's the fundamental disconnect?
Sam Jones:It's because platform modernization follows a predictable sequence. It's an engineering reality. You don't just flip a switch and your entire legacy platform becomes a modern integrated SaaS offering. You have to build it step by step.
Ori Wellington:In the integration part.
Sam Jones:The integration maturity, the part that actually delivers the value where all the pieces talk to each other and to the rest of your business seamlessly, that is the last step in the sequence, not the first.
Ori Wellington:So going back to my car analogy, you're buying the shiny paint job and the fancy new touch screen display.
Sam Jones:But you didn't check if the engine has been connected to the transmission yet. You're mistaking a redesign UI and some flashy AI packaging for what he calls productized integration.
Ori Wellington:You move in, you turn the key.
Sam Jones:No, nothing. Nothing happens. Or in the enterprise software world, nothing happens. Means you're about to spend the next two years and a few million dollars on consultants to build all the plumbing yourself.
Ori Wellington:That's the trap. It's the gap between what's ready for a marketing slideshow and what's actually ready for production.
Sam Jones:That's it in a nutshell.
Ori Wellington:Okay, so let's break down this sequence. John's article outlines a four-stage platform transformation sequence. I think this is super helpful because it's like a roadmap. It can help you figure out where a vendor really is, no matter what their sales deck claims.
Sam Jones:It's a very predictable path. Stage one is modernize the delivery model.
Ori Wellington:This is the move to the cloud.
Sam Jones:This is the move to the cloud. It's the SaaS first announcement. It's about getting the foundation off of an on-premise server and into a cloud environment. It's foundational, but it's just step one.
Ori Wellington:Okay, so you've laid the new foundation. What's next?
Sam Jones:Next is stage two. Reset the experience layer.
Ori Wellington:This is the new UI, the eye candy.
Sam Jones:It is the modern UX. The part that looks great in a demo, it probably has a dark mode. But the key thing to understand about stage two is that initially it's often just a surface level change. It might be a new skin running on top of a lot of the old backend logic. It makes the user feel like things are modern, but it doesn't necessarily change how the data is structured or how the workflows operate under the hood.
Ori Wellington:So we got a new foundation and a new paint job, but the internal wiring might still be the old stuff.
Sam Jones:For a while, yes. Which leads directly into the hardest part, stage three. Stabilize extension and object models.
Ori Wellington:Okay, that sounds technical. Let's break down object models for anyone listening who isn't a systems architect. Why is this so important and so difficult?
Sam Jones:Think of the object model as the blueprint for your data. It defines what a risk is, what a control is, how they relate to a business process or an asset. It's the skeleton that holds everything together.
Ori Wellington:And in the old legacy systems, that skeleton was pretty rigid.
Sam Jones:Very rigid, often hard-coded. To build a modern, flexible SaaS platform, you have to completely redesign that skeleton. You need it to be both stable and extensible. And that process rewriting that core logic to work in a new cloud native way is incredibly messy.
Ori Wellington:That sounds like the construction zone phase you mentioned.
Sam Jones:This is 100% the construction zone. It often involves what engineers call breaking changes. It means things that used to work one way might suddenly work differently. It's why features might disappear for a while and then reappear. The vendor is actively rebuilding the engine while you're trying to drive the car.
Ori Wellington:And if you're a customer on that platform during stage three, you're gonna feel that turbulence.
Sam Jones:You're definitely gonna feel it. Which brings us finally to the promised land. Stage four. Stage four. Productize integration and operational patterns. This is the stage where the buyer finally gets the value they thought they were buying back at the stage one announcement.
Ori Wellington:This is where the plug and play promise starts to become real.
Sam Jones:Exactly. This is where you get the pre-built connectors, the automated workflows that actually cross different modules without custom curd, the seamless data sharing that you need for true integrated risk management.
Ori Wellington:I see it now. The whole trap is that the marketing hype kicks in at stage one and two. Look, we're on the cloud. Look how beautiful our new UI is. But the actual business value, the stuff that makes a CISO's life easier, doesn't really arrive until stage four.
Sam Jones:And that could be years later. This is what John calls the Ms. Buy risk. You commit to a next gen SaaS platform expecting those stage four results on day one. But the vendor is still deep in the trenches of stages one, two, and three.
Ori Wellington:And so the buyer is stuck. They have to do all the heavy lifting of integration themselves with expensive consultants and custom code?
Sam Jones:They're essentially paying for a toolkit they have to assemble themselves, and they thought they were buying a finished machine. They sign up for a Tesla and got a box of parts and a wrench.
Ori Wellington:That's a brutal position to be in, especially if you've gone to your board and promised that this new system is going to deliver value in six months.
Sam Jones:It's a career-limiting move if you're not careful.
Ori Wellington:So you've mentioned this is all happening in 2026. The AI factor seems to be a huge accelerator here. Why does this trap bite harder now than it did, say, five years ago when we were just talking about moving to the cloud?
Sam Jones:It's because our basic assumptions about SaaS are no longer stable. For a decade, we were trained to think SaaS is simple. The vendor manages it, it's in the cloud, it's secure, it's easy. Right. But AI has fundamentally changed the risk equation. John's article even references that big IDC report from late last year, December 2nd, 2025.
Ori Wellington:The one with the crazy title is SASDED.
Sam Jones:Is SauceDead. Rethinking the future of software in the age of AI. It argues that the whole model is up for debate because of the new complexities AI introduces. You do. On the vendor side, they have to rebuild. This isn't optional for them. It's survival. They can't run sophisticated AI and machine learning models on a 20-year-old on-premise architecture. They need a modern SaaS foundation to deliver the features the market is demanding.
Ori Wellington:If they don't rebuild, they become irrelevant, they become dinosaurs.
Sam Jones:Correct. But at the exact same time, on the buyer side, the trust bar is being raised dramatically, specifically because of AI.
Ori Wellington:Talk about the security angle on that. I know we've seen some pretty alarming reports about what happens when you let AI loose across these interconnected SaaS platforms.
Sam Jones:We have. The Cloud Security Alliance, the CSA, published their state-of-sauce security report 2025 back in April of last year, and the findings were stark. They identified two primary attack vectors that are exploding right now: Sauce-to-Sauce connectivity and identity expansion.
Ori Wellington:Identity expansion? That sounds a little dystopy. What does that mean in practical terms?
Sam Jones:It sounds like sci-fi, but it's very real. It just means non-human identities. Think bots, APIs, service accounts, AI agents, software, talking to other software without a human in the loop.
Ori Wellington:And in an AI world, that's happening constantly.
Sam Jones:All the time. An AI agent might query a risk register, then automatically pull employee data from your HR system, then connect to a third-party threat intelligence feed, all to update a single dashboard. Each of those actions is a non-human identity, traversing your network and crossing application boundaries.
Ori Wellington:And if that identity gets compromised or if its permissions are too broad.
Sam Jones:So understandably, buyers are scrutinizing things like data boundaries and continuous assurance like never before. They need proof of control.
Ori Wellington:So here's the collision course. Buyers are demanding more proof of security and control because of AI-driven risks.
Sam Jones:Well, the vendors are in the middle of a massive multi-year rebuild where those very controls and data models are in flux because they're still trying to stabilize stage three.
Ori Wellington:Wow. So if you're a buyer and you just assume SAS equals simple and secure in 2026, you are taking on a mountain of unpriced risk.
Sam Jones:A mountain. You have to ask your vendor, okay, great AI features, but how does your new architecture enforce data boundaries between tenants? How do you govern that AI agent's identity? And if they're still figuring out their back-end object model, they might not have a very good answer.
Ori Wellington:It's like asking the construction foreman about the fire suppression system while the walls are still just wooden frames.
Sam Jones:And he says, Don't worry, it's gonna be great. That's not a good enough answer anymore.
Ori Wellington:Okay, so this has been a great theoretical discussion. But John's article doesn't just leave it there. He provides a real-world case study to show this isn't just an academic model. He brings receipts.
Sam Jones:He does. The case study focuses on Archer and their evolve platform.
Ori Wellington:And let's be really clear here. Just so everyone understands, the point isn't to bash Archer.
Sam Jones:Not at all. In fact, the article presents it as a clear, well-documented case study of a necessary corporate evolution. Archer is one of the original giants of GRC. They had a massive legacy footprint they had to modernize. Their journey is just a perfect illustration of the four-stage sequence in action.
Ori Wellington:So let's walk through that timeline because seeing the dates really makes the theory click.
Sam Jones:It does. Let's start with stage one. Modernize the delivery model, the launch. That happened on February 4th, 2025. Archer officially introduced Archer Evolve as their next generation AI-powered SaaS platform.
Ori Wellington:Okay, so the flag is planted. We are now a SaaS company.
Sam Jones:Check. Then we move into stage two. Reset the experience layer. This is when they started talking about NGRX, the next generation risk experience.
Ori Wellington:The new UI.
Sam Jones:The new UI. But look at the details of the rollout. They introduced configurable instance modes. You could have NGRX default or NGRX only.
Ori Wellington:That's a classic sign of a transition. It's a toggle switch. You can try the new thing, but the old thing is still here if you need it.
Sam Jones:It's a safety net. And the article points to the chatter in the Archer community forums around that time, mid-2025. You had practitioners, real users openly discussing production readiness and pointing out performance differences between the new NGRS experience and the classic UI.
Ori Wellington:So the user base itself was actively validating the new experience layer. They were the ones finding the bugs in the gaps.
Sam Jones:Exactly. That is a textbook signal that the experience layer is still being normalized. It's not fully bafed yet.
Ori Wellington:And that leads into stage three.
Sam Jones:Stage three. Stabilize extension and object models. This became really visible around the Archer summit in 2025. At the summit, they didn't just talk about Evolve as one thing. They announced Evolve Risk and Evolve Intelligence.
Ori Wellington:The layered rollout.
Sam Jones:The layered rollout. It shows they're building out the portfolio piece by piece, module by module. They're stabilizing the object models for risk first, then moving on to other areas. It's a rational engineering approach, but it proves they are deep in the build-out phase.
Ori Wellington:And then they added another layer on top of that, the continuous narrative.
Sam Jones:Right. On November 19th, 2025, there was a businesswire release about Archer extending Evolve with continuous controls monitoring. And then just this month, January 2026, they published a white paper called Why Continuous Controls Monitoring is the Future of Cyber GRC.
Ori Wellington:Okay, so we're looking at a timeline from the initial launch in February 2025 to now. That's almost a full year. So what's the verdict from the article? Where is Archer in the sequence?
Sam Jones:The verdict is that they're executing a massive, necessary modernization. But the center of gravity for them right now is clearly and firmly in stages one through three. They are deep in the work of foundation, experience, and extensibility.
Ori Wellington:Which means stage four of the productized integration is still on the horizon.
Sam Jones:It's still on the roadmap. So if you bought Evolve in March 2025 thinking, great, this is a mature, fully integrated SaaS platform, you're probably in for a surprise. You bought into the transition, not the final destination.
Ori Wellington:And there's a premium research note about this on the RTJ bridge, right?
Sam Jones:Yes, a companion piece titled IRM50 OnWatch. One year after Evolve, the TRM transition is still playing out. It goes even deeper into the evidence.
Ori Wellington:The key takeaway being that a new UI does not equal immediate integration maturity. The transition is still very much in progress.
Sam Jones:And again, Archer is just a transparent example. Every major legacy vendor is going through a similar journey, whether they're as open about it or not.
Ori Wellington:Okay, this is so valuable. Yeah. Because now we have a framework. So let's make this super practical. I'm a buyer. It's 2026. A vendor walks in with a demo that looks amazing. How do I spot the trap? John's article lists five red flags. Let's go through them.
Sam Jones:These are the tripwires. If you hear these phrases, your diligence alarms should start ringing. Red flag number one. Integration is described as a capability, not a pattern.
Ori Wellington:Okay, what's the difference in plain English?
Sam Jones:Capability means yes, we have an API library. You can hire a team of developers and spend six months building a connection to your other systems.
Ori Wellington:It's technically possible.
Sam Jones:It's possible. A pattern, on the other hand, means we have a pre-built, supported, repeatable solution for connecting our platform to Salesforce or ServiceNow that you can deploy in a week.
Ori Wellington:It's the difference between being handed a box of bricks versus a finished wall.
Sam Jones:A perfect analogy. If their answer to how do you integrate is to just point you to their API documentation, that's a huge red flag.
Ori Wellington:Got it. Red flag number two. The new UI is a transition decision.
Sam Jones:This goes right back to the Archer example. If you, as the customer, have to choose between a classic mode and a modern mode, because the modern one still has performance issues or lacks key features from the old one, then the baseline platform is still settling.
Ori Wellington:It means they don't have enough confidence in the new experience to turn off the old one.
Sam Jones:Exactly. You're buying a product that is still at war with itself.
Ori Wellington:Okay. Red flag number three, the extension model is prominent.
Sam Jones:This one is more subtle, but it's a big tell. If the vendor's sales pitch focuses heavily on how you can configure and build things yourself, look at our flexible studio, you can create your own objects, you can script any behavior. It's often a sign that their out-of-the-box solutions aren't mature yet.
Ori Wellington:That's brilliant. Flexibility can be a code word for we haven't built it yet, so you have to.
Sam Jones:Precisely. They're selling you a powerful toolkit because they haven't finished building the actual applications on top of it. They're shifting the development burden from their RD team to your implementation team.
Ori Wellington:Wow. Okay, red flag number four, continuous is a narrative.
Sam Jones:Everyone is talking about continuous controls monitoring. It's the buzzword of the year. But you have to dig past the label. Ask them to show you the evidence trails. Ask about the exception handling workflows.
Ori Wellington:What happens when the continuous connection breaks at 2 a.m. on a Saturday?
Sam Jones:Exactly. Who gets the alert? What's the audit trail? If they can't show you the nitty gritty operational mechanics of it, then continuous is just a marketing narrative. It's a slide, not a system.
Ori Wellington:And the fifth and final red flag, which ties back to the whole AI discussion.
Sam Jones:Red flag number five SAS value is not reconciled with AI trust. This is the big one for today. If they can't give you a clear, crisp, technical explanation of how their new SaaS architecture handles data boundaries and governs non-human identities in an AI context, that is a showstopper.
Ori Wellington:If their answer is a lot of hand waving about our secure cloud and our powerful AI, but they can't tell you how they prevent your data from being used to train a model that serves your competitor or how they audit the actions of an AI agent, then you are inheriting a massive unquantified risk. Okay. Those flags are an amazing diagnostic kit. But let's go one step further. Let's arm our listeners with the exact questions to ask. You're in the room, the demo is over. What are the five killer verification questions from the article?
Sam Jones:Write these down. Take them to your next vendor meeting. Question one. Which stage of the four-stage transformation sequence are most of your customers operating in today?
Ori Wellington:That's a great question. Not where are you going, but where's the bulk of your user base right now?
Sam Jones:Exactly. Are 90% of them still on the old classic platform? That tells you everything you need to know about the new platform's maturity.
Ori Wellington:Okay.
Sam Jones:Question two Which of your integration patterns are fully productized supported, and repeatable versus those that are implementation specific? Force them to make that distinction between a real off-the-shelf product and a custom project that requires developers.
Ori Wellington:Get specific examples. Show me three customers using that repeatable pattern in production.
Sam Jones:Yes. Question three. What does continuous mean operationally in your system? Show me the audit trail. Show me the alert workflow. Make them prove it's more than a buzzword.
Ori Wellington:Love that. Question four.
Sam Jones:How does your SaaS model specifically address AI-era trust issues like data boundaries and non-human identity governance? Don't let them off the hook with vague answers. Make the sales rep bring in a sales engineer who can talk architecture.
Ori Wellington:And if they can't answer that clearly, that's a huge problem.
Sam Jones:It's a deal breaker in 2026. And finally, question five. What parts of your platform are stable today versus what is on the near-term roadmap and subject to change?
Ori Wellington:In other words, what am I buying that's finished and what am I buying that's still a construction site?
Sam Jones:Precisely. If they're planning a major overhaul of the UI in the next six months, you need to know that before you invest in training thousands of your employees on the current version.
Ori Wellington:These questions are gold. They completely change the dynamic of the conversation from a sales pitch to a proper diligence exercise.
Sam Jones:And a mature vendor, an honest vendor, will appreciate these questions. They'll have answers. They might say, Look, we're currently stabilizing stage three, so you should expect some turbulence here, but our stage two experience layer is locked down. That's an answer you can work with.
Ori Wellington:It's the vendors who get defensive or evasive that are waving the biggest red flag of all.
Sam Jones:That's when you know you're in the trap.
Ori Wellington:So as we start to wrap this up, what's the big takeaway for the industry? Are we saying people should just stop buying new risk technology?
Sam Jones:No, absolutely not. The article is very clear about this. Platform reinvention is necessary, it's critical. Vendors have to do this to stay relevant. We need the capabilities that modern cloud and AI architectures can provide.
Ori Wellington:We can't stay stuck in the past.
Sam Jones:We can't. The risk isn't the software itself or the act of modernization. The risk is the buyer mistaking the beginning of that reinvention for the end result of maturity.
Ori Wellington:That's the core distinction.
Sam Jones:It is. The advice for 2026 is to treat every NextGen Sauce Plus AI announcement not as a signal to go sign a check, but as a prompt to begin your deep diligence. You have to be a skeptic. You have to be a rigorous buyer.
Ori Wellington:So I'll leave our listeners with a provocative thought to chew on. Something to ask yourself the next time you're looking at a multimillion dollar software proposal.
Sam Jones:Okay.
Ori Wellington:Ask yourself this. Are you buying a tool to help you manage your organization's risk? Or are you actually buying into the vendor's risk of stabilizing their own unfinished platform?
Sam Jones:That is the million-dollar question. And sometimes it's literally a multi-million dollar question.
Ori Wellington:Well, thank you for listening to this deep dive on the Risk Wheelhouse. We really hope this gives you the tools to navigate that track.
Sam Jones:My pleasure. And don't forget, you can read the full article with all the charts and data at risktechjournal.com.
Ori Wellington:And for those of you who need that next level of analysis, get the deep dive research notes and companion pieces at rtj bridge.com. We will see you on the next one.
Sam Jones:Signing off.