Why You Shouldn’t Wait to Upgrade Your SAP GRC System


Is your organisation running SAP Access Control, SAP Risk Management or SAP Process Control?

Assuming you answered yes, do you happen to know what version you’re running? If it is anything less than 12.0 then it is either already out of support or, in the case of versions 10.0 and 10.1, it will reach the end of standard support in December 2020. In this article, Winterhawk’s Head of Global Operations, Andrew Sawyer shares his key reasons to upgrade your SAP GRC system sooner rather than later.

What you need to know

SAP GRC version 12.0 became available in September 2018, with multiple support packs and enhancements released since then. At the time of writing, Support Pack 08 is the latest version to have been released, which continues to offer further enhancements as well as stabilisation of the solution’s core features.

If you want to ensure that your SAP GRC solution remains under support and maintenance, plus take advantage of the new features available, here are our top 5 reasons why you should plan now and budget for an upgrade.

1) Taking advantage of the latest technology release provides benefits such as enhanced features and process stabilisation.

Version 12.0 saw the release of several new Fiori apps for SAP GRC. One app in particular for SAP Process Control has proven very useful with our clients, allowing users to track ongoing Control Test of Effectiveness activity more effectively. This new app enables the performance, review and processing of Control effectiveness tests within a single simplified screen and can be used as an alternative to the Work Inbox.

In addition to the new solution apps released, SAP has enabled the standard delivered Core Data Services (CDS) content available in 12.0. This means that data within SAP GRC solutions can now be directly consumed through tools such as SAP Analytic Cloud (SAC), allowing for greater efficiency and structure of SAP GRC reports and dashboards. As the adoption of SAC continues to grow, this enhancement has proven to simplify GRC reporting.

2) The new look and feel of SAP GRC 12.0 solutions are at an entirely new level for user experience.

Although the classic screens (left) via the NetWeaver Business Client are still available, version 12.0 streamlines navigation using Fiori, offering a significantly improved end user experience (below).

Fiori provides users with a means to customise their own view, to remove or add Fiori apps and reports to better fit their style of working, and prioritise activities that are important to them.

Leveraging Fiori allows for much improved customisation of new reports and data views. Recently, a Winterhawk client using SAP Access Control 12.0 was looking for a custom app to consolidate and report on Firefighter usage. We were able to quickly create a custom report (made available within the standard Fiori app view), which has significantly reduced the review period for Firefighter usage and provides greater oversight of unapproved logs.

3) Increased integration with SAP solutions, both on-premise and cloud, including solutions such as SuccessFactors, SAP Ariba and SAP Concur.

Earlier this year I was responsible for the implementation of Access Control 12.0 for a construction company. During this deployment, we identified several limitations on how SuccessFactors stores and displays user and access data, as there is no true consolidation of User, Group, Role and permissions.

With SAP Access Control 12.0 we established a connection to SuccessFactors, and Winterhawk developed a custom report to consolidate employee central data. This new report is being used as part of frequent User Access Reviews, as well as providing assurance to both internal and external audit that the access assignments within SuccessFactors are under control.

4) Futureproofing – whether you already have S/4HANA or you’ll be considering a move later, upgrade to version 12.0 now to avoid a scramble to bring your SAP GRC solutions up to compatibility.

Now more than ever organisations are looking for their applications to be innovative, create efficiencies and reduce costs. With version 12.0, Winterhawk has developed and deployed several Robotic Process Automation (RPA) scenarios, in particular for SAP Access Control. For example, during a recent project, we implemented several chatbots to streamline the Access Request and Approval workflow.

When considering the right time to upgrade, you should also consider re-assessing your Compliance, Control, and automation needs. Are your processes fully optimised today? Has the business fully adopted the solution or could you getting more out of the technology you have?

5) Finally, with no additional infrastructure requirements, you can retain your current infrastructure without the need for long drawn-out upgrades.

One of the latest upgrades performed by Winterhawk included SAP Risk Management and Access Control, completed successfully within 8 weeks. The upgrade also included the full implementation of SAP Fiori, and business adoption of new ways of working.

Why wait? Avoid being left with solutions which are dated in look and feel, and out of standard support.

Winterhawk upgrade packages have been built for efficiency, with the lowest business impact. If you would like to find out more, or to book a free consultation with Andrew, contact us at info@winterhawk.com.

by Andrew Sawyer, 25 August 2020