* Create and distribute policies and controls and map them to regulations and internal compliance requirements.

* Assess whether the controls are actually in place and working, and fix them if they are not.

* Ease risk assessment and mitigation.

The GRC market is broadly divided into enterprise and IT products, though there is considerable overlap and the distinction is far from clear. This article focuses on IT operations, the problems organizations face and how IT GRC tools can help.

Analysts say the leading companies that are most clearly identified as IT GRC include Agiliance, Modulo, RSA Archer, Rsam and Symantec, but there are wide differences even among their tools. Expect to spend considerable time defining your requirements and matching them against the capabilities and focuses of the various tools.