Applications

Part 5: GRC AC/PC 12: What’s Trending? A Report from GRC 2018 and Financials 2018

Jay GohilSteve Toshkoff
April 25, 2018
4 min read

The 2018 GRC and Finance SAP Insider Conferences took place in mid-February in Las Vegas. Our SAP teams spent time attending conference sessions, and their observations on what’s trending across the industry are compiled here in a five-part series. During the conference, SAP® announced a major update to the Governance, Risk and Compliance (GRC) suite of products, with Access Control (AC), Process Control (PC), and Risk Management (RM) getting a bump to 12.0 with a number of improvements and additional functionality.

One of the major updates across GRC 12.0 is a refresh and alignment of the user interface to be more “Fiori-like,” ensuring a more consistent user experience and visual harmonization across the SAP products portfolio and allowing for mobile capability. The user interface update is an optional change, as there is an organizational change management element to this update, considering the training that may need to occur in large organizations. GRC 12.0 requires upgrades to both the SAP NetWeaver® version and the SAP_UI support pack to enable the new user interface.

Key updates for Access Control include:

  • Introduction of “Overview Pages”
    • Provides a dashboard-style view across all the core components of Access Control – access request, firefighter, role management and risk analysis.
    • Data behind the dashboards is driven primarily by existing reports which are summarized in a single page, plus visualizations with drill-through capability.
  • Improved out-of-the-box integration with several other SAP products, such as Ariba®, SAP® SuccessFactors®, SAP S/4HANA® Cloud, and Concur®.
    • This is a noteworthy update from SAP and a move to address current customer challenges unifying Access Control functionality into the existing GRC investment.
    • One of the biggest benefits of this integration is the ability to increase segregation of duties risk coverage by performing risk analysis across multiple applications.

Additional updates were also made to the current version of Access Control 10.1 in support pack 19 to include end-to-end integration with SuccessFactors, including HR trigger functionality. Risk analysis functionality has also been updated to handle SAP HANA® and SAP Fiori® permissions and the delivered ruleset is updated to include Fiori, HANA and new S/4 transaction codes.

Key updates for Process Control include:

  • New out-of-the-box Fiori launchpads with the ability to create and customize new launchpads using the SAP Fiori Launchpad Designer:
    • Compliance Manager – aligned with the Internal Control Manager role
    • Compliance Specialist – aligned with the Control Owner role
    • Executive – aligned with the CEO/CFO role
    • Manager – aligned with the Organization Owner role
  • A Continuous Control Monitoring (CCM) exception will be labeled as an ad-hoc issue instead of a control exception, which will have an effect on some of the PC reporting.
  • Ability to run and report on standalone Business Rules for CCMs:
    • Previously, in order to run a CCM, a Business Rule had to be assigned to a Control. In GRC 12.0, the Business Rule can be run by itself.
  • Improvements in Test of Control Effectiveness and Subprocess Design Assessments related to test plan execution and survey.

Key updates for Risk Management include:

  • New out-of-the-box Fiori launchpads with the ability to create and customize new launchpads using the SAP Fiori Launchpad Designer:
    • Employee – aligned with the Risk Owner / Risk Expert role
    • Risk Manager – aligned with the Central Risk Manager role
    • Risk Management Specialist – aligned with the Risk Unit Manager role
  • Risk Aggregation includes automatic aggregation underlying risks and analysis of aggregation reports. Aggregation methods are available in customizing.
  • Workflow Enhancements such as the selection of delivery options (work inbox / via e-mail) in risk assessments, introduction of new workflows (key risk indicators manual entry).
  • Activity Risk Validation Enhancements give the activity owner the ability to now view risk validation information from other validators.

 

Jay Gohil

Director
Enterprise Application Solutions

View all posts

Steve Toshkoff

Director
Business Application Solutions

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More