Upgrading to GRC 12? Time’s Up!

On December 31, as the world was saying goodbye (or in many cases, good riddance!) to 2020, SAP Governance, Risk and Compliance (GRC) 10 users were saying a different goodbye as well. When the clock struck midnight, SAP officially ended mainstream support of the GRC 10 application.

Any organization that is still running Access Control, Process Control or Risk Management 10.x will need to upgrade to GRC 12 as soon as possible to avoid any SAP support disruptions with their GRC application. Not planning for or delaying the upgrade process can result in the inability to receive support or assuming and accepting additional costs for customer-specific support.

Upgrade or Update?

In October, we wrote about organizations starting their upgrade process with a “technical upgrade” and shared the key considerations for this approach. Over the last six months, we have seen many of our clients adopt this method. However, we also saw an equal number of clients take this opportunity to update their existing GRC system by implementing additional functionality. When deciding between these two options, keep the following in mind:

  • Process optimization opportunities – take the necessary time to assess the current GRC environment for areas that can be enhanced and streamlined, while also taking advantage of the new capabilities that come with GRC 12. Some key functions being adopted include enabling risk analysis for Fiori/HANA, extending GRC integration to cloud applications, configuring automated continuous control monitoring and deploying automated policy management.
  • Project team participation – the team members that will manage the project, participate in testing, coordinate project deliverables and communicate with end users may be tasked with these activities multiple times, or for an extended period, if the technical upgrade is performed separate from any GRC enhancements.
  • Minimal business disruption – some GRC system downtime will be necessary when upgrading the environment; this downtime could be utilized to also push any additional GRC updates (i.e., releasing a new and improved Segregation of Duties ruleset).
  • Repeated activities – consider the efficiencies that can be gained by reducing the duplication of activities such as project preparation/planning, testing, cutover, communication and deployment.

Example of the GRC 12 Fiori Launchpad screen (can be customized)

It is important to take the time needed during the project planning phase to assess the current GRC environment for any gaps or optimization opportunities, while also taking advantage of the new capabilities that come with GRC version 12. At the same time, keep in mind that this is not a “one size fits all” approach and organizations should not simply choose from a menu of GRC functionalities to configure and enable. Some of the key factors that should drive an upgrade strategy include:

  • SAP systems that have not yet been connected to GRC (i.e., BW, HANA DB)
  • SAP cloud applications already in use (i.e., Ariba, SuccessFactors)
  • Status of move to SAP S/4HANA
  • Enablement of Fiori applications or a Fiori-like end user interface
  • Audit requirements/findings

The ultimate goal in making a move now is to ensure the upgrade is successful while maximizing the GRC investment by implementing and utilizing the functionality that will assist management to operate effectively and efficiently their associated GRC processes. Protiviti is currently helping organizations perform an independent review of their existing GRC environment and building a customized roadmap to GRC 12. Time may be up on SAP’s mainstream support of GRC 10, but that doesn’t mean there isn’t time to plan upgrade and optimization activities.

To learn more about our SAP capabilities, contact us or visit Protiviti’s SAP consulting services. 

Madhu Mathew

Associate Director
Enterprise Application Solutions

Subscribe to Topics

Many often overlook the potential impact—both positive and negative—a #TechnModernization project can have on operational #resilience. #ProtivitiTech's Kim Bozzella shares her thoughts with #Forbes Technology Council. https://ow.ly/1FLA50TYIaE

Establishing a scalable #AI #governance framework is crucial for balancing innovation with #risk and #compliance. Dive into our latest ebook, co-authored with #OneTrust, to explore key steps and technologies that will elevate your AI governance strategy. https://ow.ly/QqKy50TVUx3

News reports implied that China has managed to break "military grade" encryption using quantum computers. But the truth is more complicated than that. Protiviti's #quantum expert Konstantinos Karagiannis explains it all to #VISIONbyProtiviti. https://ow.ly/Zb9z50TWNuh

The #IIoT can help organizations collect and analyze data to optimize operations and maximize resources. #ProtivitiTech's Kim Bozzella details how IIoT can yield benefits for businesses and the people they serve with #Forbes #Technology Council. https://ow.ly/V5I250TVLAj

Protiviti has earned the AWS DevOps Competency, which complements our existing Migration and Security Competencies. These competencies reflect Protiviti's ability to deliver comprehensive AWS system integration services. https://ow.ly/Baj550TWR9I

#AWSDevOps #AWSCloud #AWS

Load More