Skip to Content

More lessons learned from a GRC 10.0 project


     It has been a few months since I last blogged about lessons learned from SAP Governance, Risk and Compliance (GRC) projects. Since then I have been busy on one such project and have learned a lot about the new and improved SAP BusinessObjects Access Control solution and its current state. If you read my previous post or are otherwise familiar with the components of SAP’s GRC solution, you know that the components of Access Control, including Access Risk Analysis (ARA), Emergency Access Management (EAM), Access Request (ARQ), User Access Review (UAR), and Business Role Management (BRM), can be deployed in combinations to suit the needs of the customer. Since this release went into General Availability last summer, one would suppose that all of the components had been implemented by now and all of the early “kinks” worked out. As it so happened, Business Role Management (previously known as Enterprise Role Management) apparently had not been implemented yet, and my project team had the challenge of working through the early adoption issues.

     The good news is that SAP support has been working with us closely and has been very responsive to the issues our team has raised. Although the go-live was delayed, the tool and process design is still a big improvement over the current provisioning tools and process, due to numerous manual procedures and handoffs. Our integration testing still has the client team very excited about the many improvements coming to their user provisioning and GRC processes. The automated and customized workflows powered by the Business Rules Framework (BRF)+ functionality give them many options they did not have previously, and there is a lot of excited anticipation.

     Unfortunately, other project needs mean that I am leaving this project, but I have every confidence that this solution will be well received as the new tools and processes are rolled out through the client’s organization. I am still a big believer in GRC 10.0, and I am looking forward to hearing not only about their successful roll out but also from other success stories and lessons learned at sessions coming up soon in Orlando at the ASUG Annual Conference and SAPPHIRENow.

     Are you considering deploying or upgrading to GRC 10.0? I hope to see you in a few short weeks in Orlando.

You must be Logged on to comment or reply to a post.
    • Diego,

      I have read the comments in Idea Place; thanks for sharing them with me and my readers. My personal opinion is that there can be value in the centralized FF functionality in GRC 10.0 for users supporting many systems, Especially when you look at EAM as a whole, I am very excited about the new features, especially being able to add the additional activity information. However, I can appreciate the customer suggestion to make it a configurable option to be either centralized or not. That is the kind of idea that needs to be discussed further to see if there is sufficient customer support to make it worth SAP’s while to pursue, I would encourage all customers who support that idea to stay alert to opportunities to bring that idea to SAP’s attention, such as the Customer Connection program or an influence opportunity within your local user group (ASUG, DSAG, etc) Perhaps our discussion here will be noticed by SAP solution management and will help in the cause.  I welcome comments here from SAP personnel, as well as from additional customers, to keep the conversation going.

      Thanks for your comments!


    • Luis,

      I am not a CRM expert, and this blog post is not about CRM. I recommend that you post How To questions in the appropriate discussion forum, after searching the forum to ensure that they question is not already answered, and keep blog comments generally related to the blog post.

      Good luck with your CRM issue.