Hope some of these questions would help if you are or when you would be evaluating GRC solutions:

1. What is the best GRC solution available for my industry?
2. Am I using the appropriate IT GRC solution?
3. How do I find out if I'm using an appropriate solution?
4. How do I find out other solutions in the market?
5. How do I find out what others from my industry are using?
6. How do I find out their experience about solutions used by them?
7. Which are the strengths and weaknesses?
8. What is their experience?
9. Which are the most mature modules or solutions such as Risk or Compliance?
10. Am I benefiting from all the features?
11. How do I optimize my solution?
12. Have I configured it correctly?
13. How do I enable users to use the solution in a simple, easier and seamless manner?
14. How do I get my users accustomed to the solution quickly and effectively?
15. How do I get my vendor to support with a new feature if that could be useful to all others?
16. Do I know shortcomings in the solution?
17. Why did I not find out these shortcomings during product evaluation?
18. Which are the unusable features?
19. What is my vendor’s financial stability?
20. What’s my vendors vision and road-map for their solution
21. How long will my vendor support me for their solution?
22. How can I get vendor agnostic opinion about various solutions?
23. Is there an inexpensive way to learn about the current solutions?
24. How do I reduce time taken to test and evaluate the shortlisted solutions?
25. How far can I rely on my consulting partner given their partnerships & revenue pressures?
26. How do I demonstrate value/ROI from the solution I selected?