It has been a few months since I last blogged about lessons learned from SAP Governance, Risk and Compliance (GRC) projects. Since then I have been busy on one such project and have learned a lot about the new and improved SAP BusinessObjects Access Control solution and its current state. If you read my previous post or are otherwise familiar with the components of SAP's GRC solution, you know that the components of Access Control, including Access Risk Analysis (ARA), Emergency Access Management (EAM), Access Request (ARQ), User Access Review (UAR), and Business Role Management (BRM), can be deployed in combinations to suit the needs of the customer. Since this release went into General Availability last summer, one would suppose that all of the components had been implemented by now and all of the early "kinks" worked out. As it so happened, Business Role Management (previously known as Enterprise Role Management) apparently had not been implemented yet, and my project team had the challenge of working through the early adoption issues.
The good news is that SAP support has been working with us closely and has been very responsive to the issues our team has raised. Although the go-live was delayed, the tool and process design is still a big improvement over the current provisioning tools and process, due to numerous manual procedures and handoffs. Our integration testing still has the client team very excited about the many improvements coming to their user provisioning and GRC processes. The automated and customized workflows powered by the Business Rules Framework (BRF)+ functionality give them many options they did not have previously, and there is a lot of excited anticipation.
Unfortunately, other project needs mean that I am leaving this project, but I have every confidence that this solution will be well received as the new tools and processes are rolled out through the client's organization. I am still a big believer in GRC 10.0, and I am looking forward to hearing not only about their successful roll out but also from other success stories and lessons learned at sessions coming up soon in Orlando at the ASUG Annual Conference and SAPPHIRENow.
Are you considering deploying or upgrading to GRC 10.0? I hope to see you in a few short weeks in Orlando.