Delivering Global SAP GRC Upgrades for a Leading Energy Giant

Challenge

ERPs supporting the group’s business operations are classified as ‘businesscritical’ applications, and as such are required to have tools in place to ensure transactions are controlled and risk-free. To achieve this the group implemented SAP GRC across its SAP ERP landscape. SAP announced that maintenance for GRC 10.0 (the client’s current version) will expire at the end of 2020. To maintain the integrity of its IT systems the organisation needed all 25 SAP environments to be upgraded to interface to a GRC12 system.

Turnkey’s client has also embarked on a long-term project to migrate all its SAP environments to a private cloud platform on SAP S/4HANA. Given its move towards a cloud hosted IT environment, GRC 12 Cloud Edition is optimal for their journey.

SAP GRC 12 comes with new features such as cloud integration, capabilities for S/4HANA, and an improved user experience, providing the organisation with an opportunity to leverage the automated user provisioning and role management capabilities.

Solution

Following the decision to upgrade all SAP instances to SAP GRC 12, the programme strategy was influenced by several factors:

• Imminent migration of the US pipeline business to the SAP S/4HANA platform
• Requirement for this business to utilise Access Risk Analysis (ARA) and Emergency Access Management (EAM) and Access Request Management (ARM) GRC modules

It was agreed therefore that GRC 12 would be implemented as a new cloud solution and that the US pipeline business would be the first, or ‘pathfinder’ instance to be migrated to GRC 12. This approach would prove the compatibility of GRC 12 for future SAP ERP cloud implementations and provide learning opportunities for the global roll out. Standardisation and optimisation would also be implemented for business role management & access request management processes.

A very aggressive timescale of completion by the end of 2020 was set and a ‘four wave’ approach of upgrades was planned.

“The objective of the project is to implement an effective access and role management solution on the new SAP S/4HANA Cloud platform for all 25 SAP ERP landscapes,” explains The Programme Manager. “This will increase agility, and deliver new business value while aligning with strategic IT standards and achieving a range of peripheral benefits”.

The scope of the project includes:

• Implementation of a new GRC 12 cloud solution for the US Pipeline business
• Migration of the remaining 24 SAP instances from GRC 10.0 to GRC 12
• Implementation of Access Risk Analysis (ARA) & Emergency Access Management (EAM) modules for all SAP instances
• Deployment of Business Role Management (BRM) & Access Request Management (ARM) for the US Pipeline business specifically
• Custom enhancements for EAM
• GRC-Saviynt Interface

The Programme Manager explains, “Since our in-house expertise in SAP S/4HANA and SAP GRC ARM and BRM modules was limited, we selected SAP Security Specialists Turnkey Consulting as our implementation partner”.

Turnkey was responsible for gathering requirements, designing and building the solution, testing and technical delivery of the upgrades. It also assumed the role of cutover manager for each go live. The pilot implementation was completed successfully in April 2020, and all remaining 23 SAP instances were onboarded on GRC 12 by November 2020.

As part of the pilot implementation post-implementation review, Turnkey produced a ‘toolkit’ for subsequent upgrades, including project plans, go-live checklists, and process documentation. This has equipped its client with a robust cutover template for each GRC upgrade, enabling the rapid rollout timeline.

“The quality of Turnkey’s consultants and their ability to effectively navigate our complex matrix management organisation has been critical to our programme,” says The Programme Manager. “Turnkey has provided rapid support when we have needed it, for instance by responding quickly to a change of scope with pragmatic proposals and financials.”

Benefits 

• The upgrade of all SAP ERP instances is already bringing benefits to the organisation. The US pipeline business has seen marked improvements in key KPIs, such as reduction in turnaround time for access requests and a halving of its rejection rates for role changes.
• The deployment of ARM and BRM modules for the US pipeline business has also provided insight into how these modules can benefit the rest of the organisation, including the increased automation of the access request process.
• The early deployment of the solution on the SAP S/4HANA platform has enhanced the group’s knowledge base, to build on for its long-term objective of moving all ERPs to a cloud environment.

Summary

Turnkey has helped the group to future-proof its GRC environment across one of the world’s largest corporate SAP ERP landscapes. With industry-leading technical skills and a responsive mindset, the rapid upgrade of its client’s global governance and security environment is on track to complete on time and on-budget.