Business Platforms

Part 5: GRC AC/PC 12: What’s Trending? A Report from GRC 2018 and Financials 2018

Jay GohilSteve Toshkoff
April 25, 2018
4 min read

The 2018 GRC and Finance SAP Insider Conferences took place in mid-February in Las Vegas. Our SAP teams spent time attending conference sessions, and their observations on what’s trending across the industry are compiled here in a five-part series. During the conference, SAP® announced a major update to the Governance, Risk and Compliance (GRC) suite of products, with Access Control (AC), Process Control (PC), and Risk Management (RM) getting a bump to 12.0 with a number of improvements and additional functionality.

One of the major updates across GRC 12.0 is a refresh and alignment of the user interface to be more “Fiori-like,” ensuring a more consistent user experience and visual harmonization across the SAP products portfolio and allowing for mobile capability. The user interface update is an optional change, as there is an organizational change management element to this update, considering the training that may need to occur in large organizations. GRC 12.0 requires upgrades to both the SAP NetWeaver® version and the SAP_UI support pack to enable the new user interface.

Key updates for Access Control include:

  • Introduction of “Overview Pages”
    • Provides a dashboard-style view across all the core components of Access Control – access request, firefighter, role management and risk analysis.
    • Data behind the dashboards is driven primarily by existing reports which are summarized in a single page, plus visualizations with drill-through capability.
  • Improved out-of-the-box integration with several other SAP products, such as Ariba®, SAP® SuccessFactors®, SAP S/4HANA® Cloud, and Concur®.
    • This is a noteworthy update from SAP and a move to address current customer challenges unifying Access Control functionality into the existing GRC investment.
    • One of the biggest benefits of this integration is the ability to increase segregation of duties risk coverage by performing risk analysis across multiple applications.

Additional updates were also made to the current version of Access Control 10.1 in support pack 19 to include end-to-end integration with SuccessFactors, including HR trigger functionality. Risk analysis functionality has also been updated to handle SAP HANA® and SAP Fiori® permissions and the delivered ruleset is updated to include Fiori, HANA and new S/4 transaction codes.

Key updates for Process Control include:

  • New out-of-the-box Fiori launchpads with the ability to create and customize new launchpads using the SAP Fiori Launchpad Designer:
    • Compliance Manager – aligned with the Internal Control Manager role
    • Compliance Specialist – aligned with the Control Owner role
    • Executive – aligned with the CEO/CFO role
    • Manager – aligned with the Organization Owner role
  • A Continuous Control Monitoring (CCM) exception will be labeled as an ad-hoc issue instead of a control exception, which will have an effect on some of the PC reporting.
  • Ability to run and report on standalone Business Rules for CCMs:
    • Previously, in order to run a CCM, a Business Rule had to be assigned to a Control. In GRC 12.0, the Business Rule can be run by itself.
  • Improvements in Test of Control Effectiveness and Subprocess Design Assessments related to test plan execution and survey.

Key updates for Risk Management include:

  • New out-of-the-box Fiori launchpads with the ability to create and customize new launchpads using the SAP Fiori Launchpad Designer:
    • Employee – aligned with the Risk Owner / Risk Expert role
    • Risk Manager – aligned with the Central Risk Manager role
    • Risk Management Specialist – aligned with the Risk Unit Manager role
  • Risk Aggregation includes automatic aggregation underlying risks and analysis of aggregation reports. Aggregation methods are available in customizing.
  • Workflow Enhancements such as the selection of delivery options (work inbox / via e-mail) in risk assessments, introduction of new workflows (key risk indicators manual entry).
  • Activity Risk Validation Enhancements give the activity owner the ability to now view risk validation information from other validators.

 

Jay Gohil

Director
Enterprise Application Solutions

View all posts

Steve Toshkoff

Director
Business Application Solutions

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
25 Jul

Protiviti’s @KonstantHacker chats with guest @RichardBlech of @XsocCorp about a high-performance symmetric encryption solution that will provide in-depth defense against the threat of fault-tolerant #QuantumComputing. Listen now: https://ow.ly/9oVU50SJklj #ProtivitiTech

Reply on Twitter 1816504643360358712 Retweet on Twitter 1816504643360358712 1 Like on Twitter 1816504643360358712 1 Twitter 1816504643360358712
protivititech Protiviti Technology @protivititech ·
25 Jul

Protiviti’s Joe Corrado will join a #Nintex panel for a July 30 webinar to discuss how document automation boosts #RevOps efficiency and sales. Register today to get access to expert tips and real-world success stories. https://ow.ly/LSsf50SJnaY #ProtivitiTech

Reply on Twitter 1816443898970898615 Retweet on Twitter 1816443898970898615 Like on Twitter 1816443898970898615 Twitter 1816443898970898615
protivititech Protiviti Technology @protivititech ·
24 Jul

The world was dealt a massive wakeup call after a #CrowdStrike software update caused global IT outages. In the aftermath, business leaders should take the opportunity to reboot tech resiliency. Learn more from the latest #VISIONbyProtiviti: In Focus: https://ow.ly/R2vU50SJrAT

Reply on Twitter 1816169832544432319 Retweet on Twitter 1816169832544432319 Like on Twitter 1816169832544432319 Twitter 1816169832544432319
protivititech Protiviti Technology @protivititech ·
24 Jul

#VISIONbyProtiviti: In Focus discusses a U.S. judge’s recent ruling that rejected #SEC oversight of #cybersecurity controls in the case against SolarWinds, the impact of the decision, and why it matters. https://ow.ly/Ph7j50SIbLH #ProtivitiTech

Reply on Twitter 1816111993767547294 Retweet on Twitter 1816111993767547294 Like on Twitter 1816111993767547294 Twitter 1816111993767547294
protivititech Protiviti Technology @protivititech ·
17 Jul

How can organizations tackle internal tech tickets when a team is remote? Protiviti’s Kim Bozzella recommends fully leveraging the features of their #IT service management software. Learn more: https://ow.ly/Yf3J50SEy7u #ProtivitiTech #Forbes

Reply on Twitter 1813635582964183412 Retweet on Twitter 1813635582964183412 Like on Twitter 1813635582964183412 Twitter 1813635582964183412
Load More