In partnership with brickbybrick, the #1 community for modern risk managers.
RiskStack
← All posts
ImplementationSoftware SelectionBest Practices

Implementation Horror Stories: How COI Software Rollouts Go Wrong

Implementation is where most COI software ROI gets lost. Real patterns from rollouts that failed, and how to avoid them.

The RiskStack Team

Most COI software comparisons focus on features. The actual difference between a platform that works for you and one that doesn't usually shows up during implementation, not in the demo. The features all look fine in the demo. The problems surface six months later, when you realize the implementation cut corners that you didn't notice at the time.

We've collected patterns from a number of implementations — some successful, some not — and the failure modes are consistent enough to be worth writing down. If you're about to start an implementation, knowing how others have failed is more useful than knowing how vendors describe their own success.

Failure mode 1: The ghost migration

The pattern: legacy data from a spreadsheet (or older platform) gets imported into the new system. The numbers all look right. The vendor list is complete. Three months in, somebody realizes that none of the imported data has actual underlying documents — just the field-level metadata. When a real audit happens, the new platform looks great on the dashboard but the document layer is empty for half the vendor base.

How it happens: implementation timelines are aggressive, document upload is the most labor-intensive part of migration, the implementation partner cuts the corner, and the customer signs off because the dashboard looks good.

How to avoid it: require document migration as part of the implementation deliverable, not just metadata migration. Sample-audit the migrated data before signing off. Confirm that "compliant" vendors actually have documents on file, not just compliance flags.

Failure mode 2: The unconfigured workflow

The pattern: the platform is installed, vendors are uploaded, but the configuration was done quickly with default settings. The compliance rules are generic, the notification cadence is wrong for your business, the document categories don't match your contract requirements, and the dashboard surfaces the wrong information. The platform technically works, but it's not configured to your business.

How it happens: implementation timelines focus on go-live rather than rightness. The customer trusts the implementation team to configure correctly. The implementation team uses defaults because customer-specific configuration takes longer.

How to avoid it: do a configuration review before go-live. Have somebody who actually understands your contracts and processes sit with the platform and verify that compliance rules match your actual requirements. This usually surfaces five to ten things that need adjustment.

Failure mode 3: The unattended rollout

The pattern: the platform is implemented, vendors are notified, and... nothing happens. Vendors don't respond to the upload requests. Documents don't come in. Three months in, compliance rates are below where they were on the spreadsheet, because at least somebody was actively chasing things on the spreadsheet.

How it happens: leadership assumes the platform will magically drive vendor behavior. There's no internal owner driving adoption. The platform sends automated reminders that vendors ignore.

How to avoid it: assign clear internal ownership. Implementation isn't done at go-live — it's done when adoption rates hit target. Plan for active vendor outreach during the first 60-90 days. Treat low-response vendors as a process problem, not a platform problem.

Failure mode 4: The integration mirage

The pattern: the platform was sold partly on integrations — Procore, NetSuite, Yardi, your AMS, whatever. After implementation, the integrations either don't exist (despite being demoed), are partial, or require ongoing custom development that wasn't budgeted.

How it happens: vendor demos show the integration working, but in the demo environment with seeded data. The production integration requires customer-specific configuration that wasn't included in the implementation scope.

How to avoid it: get integration deliverables in writing as part of the implementation contract. Specify exactly which fields sync, in which direction, with what trigger. "Procore integration" is too vague. "Vendor record sync from Procore to platform on creation, with field mapping per attached spec" is specific.

Failure mode 5: The compliance rule cliff

The pattern: implementation goes fine, vendors are responding, documents are flowing in. Then the compliance rules turn on, and 60% of vendors flag as non-compliant overnight. The team is overwhelmed. Procurement gets angry. Legal asks why everyone suddenly stopped being compliant. Within a month, the rules get loosened to make the dashboard look better, and the original compliance gap is right back where it was.

How it happens: compliance rules were configured to the contract requirements without staging. The pre-existing compliance gap was always there — the spreadsheet just didn't make it visible.

How to avoid it: stage compliance rule rollout. Start with permissive rules, document the actual gap, plan a remediation campaign, then tighten rules over time. Don't let a tighter compliance ruleset create a panic that ends with looser rules.

Failure mode 6: The training that wasn't

The pattern: the platform launches. Two weeks later, the team is using it badly because nobody really understood the workflow. People are uploading documents to the wrong fields, manually overriding compliance flags, using email-based workarounds because the platform feels foreign. Adoption is technically 100%; effectiveness is much lower.

How it happens: training was a one-hour webinar three weeks before launch. Nobody retained anything. Documentation existed but nobody read it.

How to avoid it: train in two waves — initial training before launch, refresher training 30 days after. Have the implementation team review actual usage patterns 60 days in and identify where users are doing things wrong. Build internal champions who actually understand the platform.

Failure mode 7: The vendor revolt

The pattern: vendors hate the new platform. Submission flows are clunky, the platform requires accounts they don't want to create, the document requirements feel intrusive. They push back. Some refuse to participate. Procurement ends up with a vendor problem that's also now a platform problem.

How it happens: the platform was selected for buyer-side features without enough attention to vendor experience. Vendor onboarding flows are friction-heavy. The platform's reputation in the vendor community is mixed.

How to avoid it: actually test the vendor flow during evaluation. Send a sample submission yourself. Talk to vendors who've used the platform at other clients. Some platforms (notably bcs and TrustLayer) have invested heavily in low-friction vendor flows; others (some legacy platforms, Jones with their auto-outreach approach) have reputations for being painful from the vendor side.

Failure mode 8: The renewal trap

The pattern: implementation went well enough. The platform works. At renewal time, the price has gone up significantly, the team has built workflows around the platform, and switching costs are high. The customer pays the increase because the alternative is another implementation project.

How it happens: the original contract had favorable first-year pricing that escalated. Switching costs were never modeled. The platform's lock-in features (proprietary data formats, integration dependencies) make moving away expensive.

How to avoid it: negotiate multi-year pricing upfront. Understand the data export and migration story before signing. Some platforms make migration easy; others make it deliberately hard. Check this in advance.

What good implementations look like

The implementations we've seen succeed share some patterns:

  • Clear executive sponsor with budget and authority to enforce vendor compliance.
  • Realistic timelines. 60-90 days for basic, 4-6 months for complex enterprise rollouts. Aggressive timelines tend to produce ghost migrations.
  • Configuration review before go-live, not just functional testing.
  • Staged compliance rule rollout rather than turning everything on at once.
  • Active vendor outreach during the adoption phase, not just automated emails.
  • 30-day and 90-day reviews to catch problems early.
  • Internal champions trained deeply enough to support the team beyond implementation.
  • Realistic vendor experience expectations with friction-light platforms when vendor adoption matters.

A note on platform selection's downstream effects

Some of the failure modes above are platform-agnostic — they happen with any tool. Others are platform-specific. Platforms with poor vendor flows produce vendor revolts more often. Platforms with weak migration tools produce ghost migrations more often. Platforms with rigid compliance rule structures produce rule-cliff failures more often.

In our comparison research, we try to surface these implementation-relevant differences alongside feature differences. A platform that wins on features but consistently fails in implementation isn't actually a better choice. The total cost of ownership includes implementation cost, and implementation cost includes failure risk.

The takeaway

Most COI software ROI is created or destroyed during implementation, not at the demo stage. If you're approaching a rollout, plan for what could go wrong, not just what's supposed to go right. The horror stories above all started as confident kickoffs.

Compare implementation track records across platforms in our vendor profiles.

Find your COI tracker in three minutes.

Eight questions, personalized shortlist. No sales calls.

Start My Comparison