Upgrading to SAP GRC 12: Down to the Wire

We are just weeks away from the SAP GRC application reaching the end of its mainstream maintenance on December 31 of this year (see illustration below).  Organizations who are running Access Control, Process Control or Risk Management 10.x should be upgrading to GRC 12 now; otherwise, the consequences for not upgrading could include entering the extended maintenance period or customer-specific maintenance (which often equates to higher fees). As a reminder, after the maintenance period ends, companies will not be able to log support incidents for the 10.x versions, however, but  will still be able to search the SAP Support Portal to find existing issues and solutions.

Referenced from SAP Product Availability Matrix (requires login)

Back in March, we wrote about upgrading to GRC 12 and taking advantage of the opportunity to optimize the use of GRC.  As we are down to the wire on the maintenance window, we have clients who are opting to first perform a “technical upgrade” to get up-to-date as quickly as possible and then planning for optimization later in 2021. Organizations choosing to go with the technical upgrade first should consider allocating enough time and resources to perform the necessary regression testing. This may sound like a large burden, but with the right skillset and documentation, is something that can be easily accomplished.

Organizations in this boat should follow the organization’s systems development life cycle, including ensuring there is adequate project governance and documentation.

Some of the key areas to consider include ensuring appropriate resourcing, time commitment and coverage of the following areas:

  • Project management – includes establishing project plan, timeline, key milestones, task owners and coordination between key stakeholders
  • Regression testing script development
  • Regression testing execution and support

Often, auditors classify GRC systems as critical to the organization (due to the processes it impacts, such as user provisioning, assignment of temporary elevated access and reporting on segregation of duties/sensitive access), so it is no coincidence that implementations and upgrades related to GRC software are selected for SDLC audits.  When we know this is the case, we want to make sure we have all our i’s dotted and t’s crossed!

If you are interested in discussing this topic further, please contact us directly. Visit Protiviti’s SAP consulting services page for more information on our solutions.

Jay Gohil

Jay Gohil

Director
Technology Consulting - Enterprise Application Solutions

Yeurd Ng

Yeurd Ng

Director
Enterprise Application Solutions

Subscribe to Topics

Join @SosemanMatt, @dmadelung and @AntonioMaio2 for an interactive, virtual roundtable on May 20th to discuss "Protecting your Data with Microsoft Information Protection". Register today: https://bit.ly/3xaWfg5

#MIP #Microsoft #dataprotection

Acting on Disruptive Megatrends: Position Your Organization to Thrive
by @Ronald_vanLoon |

Read more: https://bit.ly/3t6fMuY

In Partnership with @Protiviti #ArtificialIntelligence #MachineLearning #Innovation #Automation

Cc: @jblefevre60 @HaroldSinnott @randal_olson

Join us for an interactive, virtual roundtable on May 20th for Data & Compliance Leaders to discuss "Protecting your Data with Microsoft Information Protection". Register today: https://bit.ly/3xaWfg5

#MIP #Microsoft #dataprotection

The Data Steward CISO is an analytical leader who bolsters a data-driven mission throughout the enterprise and drives its security forward. Does this sound like you? Take our survey to see what CISO you are: http://ow.ly/Z8Pm50EuwcY #CISOnext #CISO #Cybersecurity

Learn how @Protiviti was able to assist a healthcare system organization with assessing and recommending supply chain configurable controls during its Workday implementation http://ow.ly/6Ik250ExUHR #ProHealthcare #TechnologyInsights #Healthcare #Workday #SupplyChain

Load More...