Things to consider as GRC market is maturing
It is impossible to read a story about Governance, Risk Management and Compliance (GRC) without reading about how this market is maturing. While this may be true in some respects, there are certainly elements of early adolescence in many cases.
The most important thing is that most companies by now acknowledge that implementing GRC is not a Big-Bang software implementation, but a step-by-step GRC Journey. Most companies take several years to implement this.
It puzzles me why so many GRC implementations are still bespoke, custom build implementations. This is not going to work in a GRC Journey. Every new initiative should be a logical and integrated piece of the puzzle, not a complete new bolt-on. Believe me, it is not in many cases. It should be said, though, false claims are being made. Look for technology that allows you to follow the journey. For one, ask vendors simple question whether the technology you're using can be upgraded, and how that is done. Or ask their references that are using a solution for multiple years about their upgrade pains to really compare off-the-shelf and bespoke. You'll be surprised of some of the long-winded answers you will get.