As companies find ways to streamline compliance programs and reduce costs, the IT governance, risk, and compliance (GRC) vendor market is quickly looking like prime feeding ground for merger and acquisition sharks. Low company valuations, recent leaps in product maturity, and a strong market growth potential are all aligning to set the stage for consolidation. By mid-2009, a few IT GRC vendors will be partnered with or acquired by larger GRC, information security, or business application vendors needing to complement their offerings with IT GRC capabilities.