Governance, Risk & Compliance (GRC) Software - An Exploratory Study of Software Vendor and Market Research Perspectives

The integration of governance, risk, and compliance (GRC) activities has recently witnessed increased attention. Many organizations have deployed integrated GRC software. In this paper scientific research examines state-of-the-art GRC software for the first time in answering two questions: What is state-of-the-art GRC software according to the software industry, and how should scientific research deal with it? Through a survey among GRC software vendors and a comparison with existing GRC software frameworks from market research we derived eight findings. While software vendors share a common basis in their GRC understanding, they deliver diverse functionality. Market research frameworks have different scopes and they do not match the vendors' perceptions. The products' technology architectures mainly differ in their degree of integration, which is a key topic in future developments. Due to the lack of congruence, industry perspectives and existing stateof-the-art GRC software should only very cautiously be applied in research.