Among the potential benefits of GRC are greater efficiency, reduction of losses and improved performance, McClean says.

Despite the promise of the technology, organizations have been somewhat slow to implement GRC software, according to industry research. Forrester's June 2011 Forrsights Security Survey of 1,071 IT security executives shows that nearly 40 percent of those surveyed said they were interested in the technology; however, only 20 percent of the organizations had implemented IT GRC platforms or were planning to at some point.

"Adoption is relatively low, but interest, and therefore market potential, is still high," says McClean.

Before a company gets involved with GRC software, its executives need to understand that the products are essentially designed to automate existing processes that should already be proven and effective. This is the single most critical success factor in building an effective GRC program. People first (buy-in), process second, and only then technology.