I have implemented Archer, Lockpath, and RSAM at my previous employers. They all are super heavy weight and require armies of people or professional services to manage. I don't think you emphasize enough the small amount of body overhead with the payback that Simple Risk provides. There is no way my current employer could afford the previously mentioned apps.
Information Security and Risk Manager