Key Insights Blog

Read the latest insights from our experts on GRC and risk management

8 July 2020

Why now is the time to upgrade to SAP GRC 12.0

The current coronavirus pandemic has highlighted just how important it is for businesses to stay compliant and to protect themselves from unnecessary risk. Whether it’s keeping employees safe from infection, or avoiding the threats to business continuity, compliance and risk management are critical elements of our post-COVID-19 future, just as they are in every part of business.

In particular, the pandemic has raised a number of issues around Segregation of Duties (SoD). Fewer people are asked to do more, which means responsibilities cannot be separated as widely - leading to a greater need for even closer monitoring than before. This issue is also likely to bring about a greater reliance on controls to mitigate the added risk of reduced segregation - all of which will need to be formally managed. And with fewer human resources at hand, this is likely to prove challenging.

To manage the risk effectively organisations will need to take a centralised, transparent, automated and consistent approach to risk management. One which enables them to be much more agile in their reactions and management of risks such as COVID-19.

That’s why ensuring your governance, risk and compliance solutions (such as SAP Risk Management, Process Control and Access Control) are constantly kept up-to-date is a critical business necessity. And there’s a key deadline on the horizon that mustn’t be ignored.

SAP is ending mainstream support for GRC 10.1 at the end of 2020, irrespective of the disruption to business caused worldwide by COVID-19. Any organisation still running 10.x versions of Access Control, Process Control or Risk Management after this time will have to rely on extended or customer-specific maintenance, which will likely result in higher fees and reduced levels of support.

That’s why there’s no time to lose in upgrading to GRC 12.0. Organizations that start planning the move now will not only ensure the smooth continued running of their GRC applications, but will also feel the benefits of the upgrade earlier:

Get ahead in the cloud: adopting SAP Access Control 12.0 in conjunction with the SAP Cloud Platform unlocks a host of opportunities for managing applications in the cloud. You’ll be able to simplify risk analysis and user provisioning across a variety of related SAP products; S/4 HANA, Commerce Cloud and Concur are just a few of the applications that can be connected with ease.

The secret of your SuccessFactors: SAP Access Control 12.0 provides full integration with SAP SuccessFactors Employee Central for your Human Resources management. This means actions you take in SuccessFactors around employee status - for example, adding a new starter, adjusting for a role change or removing staff that have left - will generate activity in GRC. This integration can help you tighten up your risk analysis and access management processes with automated steps to facilitate them more effectively.

Feel at home in 12.0: if you’re concerned that the upgrade might give users and admins headaches as they grapple with a new user interface, then there are a couple of options to help smooth the transition.

If you have been used to the Fiori-enabled screens from other SAP applications, then GRC 12.0 offers the opportunity to apply the same user experience, with Fiori having been extended to GRC as part of the upgrade. Taking the extra time and stress out of getting everyone up to speed with the latest system - whilst capitalising on many of the same user experience enhancements that Fiori offers.

However, if you prefer, you can continue to work with NWBC (which is what was used in v10.X) giving you the flexibility you need for a smooth transition.

Embrace the change: if you’ve ever felt that your business wasn’t getting as much out of its GRC experience as it could or should be, then this is your chance to do something about it. Whether it’s improving processes to make better use of existing features, or taking full advantage of new ones such as the cloud-based integration mentioned above (and a whole host more), you can pivot towards a richer, more efficient GRC with minimal disruption.

Pave the way for your S/4 HANA future: although the S/4 HANA upgrade deadline has been pushed back to 2027, GRC 12.0 has been put together with one eye on the new version. So upgrading GRC now will remove a major burden from your migration in the coming years, whenever you decide to implement your S/4 HANA upgrade.

Next steps

Don’t underestimate the time or scale of the upgrade, leaving plans to the last minute will place unnecessary strain on what should be a very smooth transition. Your IT team, GRC admins and even the end users within your workforce all have vital roles to play, and you should be acting now to ensure the upgrade is executed successfully before the end of this year.

It’s vital to ensure the upgraded system doesn’t cause wider disruption to your network than is necessary, or break any existing configurations. So when you start your upgrade planning, remember to take these 2 key factors into account:

  • Regression testing: conduct this extensively pre-upgrade to protect against broken configurations, especially around Continuous Controls Monitoring (CCM) content; and
  • Existing infrastructure: GRC 12.0 doesn’t require use of the HANA database for hosting, so using current infrastructure can save time and money compared to procuring new kit.

It’s also true that, although an upgrade of this magnitude is an ideal opportunity to refine processes and controls at the same time, those wanting to take a “lift and shift” approach are still likely to benefit from the new features within 12.0. Including improved reporting, additional user access review capability, improved sync job performance and simplified Firefighter maintenance. So, whatever your appetite for change, your GRC 12.0 upgrade should be high on your agenda.