Professional Documents
Culture Documents
Denson
from implementing SAP GRC release 12.0 PricewaterhouseCoopers
Produced by Wellesley Information Services, LLC, publisher of SAPinsider. © 2019 Wellesley Information Services. All rights reserved.
Agenda for GRC 10.x to 12.0 Migration Presentation
1
GRC 12.0 Overview
2
SAP Governance Risk & Compliance Solution
• SAP Governance Risk and Compliance (GRC) Solutions offers an organization a preventative
approach towards governance risk and compliance in real-time.
• With automated features to perform SAP user provisioning, risk analysis, control monitoring, etc.;
GRC helps in maintaining consistency in processes and aids well in audit activity.
• SAP GRC versions have evolved from GRC AC 5.3 to GRC 12.0 over the course of time
• We shall cover in this presentation, key points for migration/upgrade of GRC 10.x to 12.0 system
3
New Features in GRC 12.0
5
Enhanced UI: Personas-based Launchpad
6
Enhanced Reporting and Dashboards
EAM and Role Overview pages to visualize key metrics for greater insights
7
Firefighter ID Review
8
Role Mass Maintenance Enhancements
9
Simplified Firefighter Administration
10
Risk Owner / Mitigating Control Owner Mass Maintenance
Risk Owner Mass Maintenance and Reassign Mitigating Control Owner Mass Maintenance
11
GRC 12.0 Process Control - New
Features
12
GRC12 Process Control
13
GRC12 Process Control Highlights
14
GRC12 Process Control Highlights
15
GRC12 Process Control Highlights
My Compliance Tasks
16
GRC 12.0 Upgrade Pre-requisites
17
GRC 12.0 Upgrade Pre-Requisites: GRC System
• Mentioned below are the technical system components needed for GRC 12.0 System
18
GRC 12.0 Upgrade Pre-Requisites: Plugin System
• Mentioned below are the technical plugin components needed for the system to be
integrated with GRC 12.0
Required or Component Version Description
Optional
Optional GRCPINW V1200_750 SAP GRC PLUGIN NW 7.50 Access control integration with ERP non-HR functions for
NW 7.50
Optional GRCPIERP V1200_S4 SAP GRC PLUGIN S4HANA 1610+ Access control integration with S4HANA/ERP HR functions
Optional GRCPIERP V1100_700 SAP GRC 10.1 Plug-in ERP 7.00 Access control integration with ERP HR functions
Optional GRCPINW V1100_710 SAP GRC 10.1 Plug-in NW 7.10 Access control integration with ERP non-HR functions for
NW 7.10
Optional GRC 10.1 Java Components SAP GRC AC Portal Plug-in Portal integration for back-end systems.
Note
There is no Portal plug-in for AC12, therefore use the GRC
10.1 plug-in.
Optional HCO_GRC_PI SAP GRC 10.1 Plug-in for HANA SAP GRC 10.1 Plug-in for HANA
The supported internet browser depends on the NW version installed (i.e. NW 7.52 requires IE11).
To determine the supported web browser, check the SAP Product Availability Matrix (PAM) for
your NW version, then navigate to Technical Release Information > Web Browser Platforms.
19
GRC AC 12.0 Architecture
20
Architecture – Access Control 12.0 Release
Web Browser
SAP GUI/
Web GUI for Mobile Fiori Launchpad BOBJ Client
HTML NWBC Portal
Fiori App. WDA/SAP GUI HTML
<R
IDM/(Other IDM Web Service Access Control 12.0 Release
Vendors) <R> Front End Server NW BI
Access Control UI Component
S/4 HANA
SAP HANA DB
Cloud Edition
Other Business Any DB
SuccessFactor Application
(GL Adapter)
21
GRC 12.0 Component Implementation
Sequence & Migration Timeline
22
GRC 12.0 Component Implementation Sequence
Step Required/Optional Action Reference
Install NetWeaver 7.52 SP00 on the GRC
1 Required system https://help.sap.com/viewer/p/SAP_NETWEAVER
Install GRCFND_A V1200: Add-on
2 Required Installation on the GRC system For more information, see SAP Note: 2602131
Install SAP Access Control 12.0 NetWeaver
Plug-In (GRCPINW V1200_750) on the
3 Required Plug-in system For more information, see SAP Note: 2602564
Install SAP Access Control ERP Plug-In on
the Plug-In system (GRCPIERP For more information, see SAP Note 1855405
4 Optional V1100_700) If SAP HR is installed, you must install GRCPIERP.
Install SAP GRC PLUGIN for S4HANA
5 Optional 1610+ (GRCPIERP V1200_S4) For more information, see SAP Note: 2602825
6 Optional Install SAP Enterprise Portal 7.x https://help.sap.com/viewer/p/SAP_NETWEAVER
23
SAP GRC 10.x to 12.0 Migration Timeline
• A GRC 10.x to12.0 upgrade project could take 11-15 weeks for end to end implementation
• The phases mainly consists for planning, requirement gathering, component installation,
integration with a new solution if needed, testing, implementation and support.
• The migration timeline could differ if there’s an integration activity of GRC 12 with any
new solution(s)
Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8 Week 9 Week 10 Week 11 Week 12 Week 13 Week 14 Week 15
Technical
Post Upgrade Implementation
Planning Requirement Gathering Component Integration of GRC 12 with a new solution Testing Hyper-care Support
Activities in Production
Upgrade
24
Integration Opportunities
25
End-to-end integration with SAP SuccessFactors
• Expanded integration
with SuccessFactors to Existing Access
Determine user’s existing
Target
HR Trigger Actions System
- New Hire
- Rehire
- Termination
- Leave of Absence
Approval / Compliance
- Transfer Workflows
Access exceptions / mitigating
controls are approved by
responsible parties
27
SAP Cloud Identity Access Governance (IAG) Bridge
29
Where to Find More Information
• https://help.sap.com/doc/8e4687084c55465c85a653023b8ceab3/12.0.00/en-
US/loiob418d62abab34473a573adf94bc3daf6_en.pdf
⬧ Upgrade: SAP Access Control 10.0/10.1 to 12.0
• https://launchpad.support.sap.com/#/notes/2602131
⬧ SAP Note 2602131
• https://launchpad.support.sap.com/#/notes/2612335
⬧ SAP Note 2612335
• https://www.linkedin.com/pulse/new-features-sap-grc-ac-120-rakesh-ram
• https://help.sap.com/viewer/f77342ea45c24d3f81032575e6f50d8b/12.0.00/en-
US/290167512a602166e10000000a441470.html
⬧ New Features in GRC 12.0
30
Your Turn!
David J. Denson
Thank You
Any Questions?
david.j.denson@pwc.com
Please remember to complete
t your session evaluation
31
Disclaimer
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other
countries. All other product and service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP SE.
32
Wellesley Information Services, 20 Carematrix Drive, Dedham, MA 02026
Copyright © 2019 Wellesley Information Services. All rights reserved.