Skip to Content
avatar image
Former Member

SAP GRC System Consolidation.

We looking at consolidation of Multiple GRC installation to one GRC system. We have difference Rule set for each of the company. Can someone advice the pros and cons of Consolidation.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jun 15, 2015 at 09:19 AM


    I believe in the long run the benefits will outweigh the short term headaches if you are to consolidate the multiple GRC systems.

    As long as your new single GRC box can withstand the multiple connected target systems (assuming this is the case) and have enough power and storage space available for use, things should be great.

    Depending on your companies licensing agreement with SAP, you may be even saving software costs as well as hardware costs.

    Main application benefits will be the fact you are maintaining a single GRC system. You are able to maintain multiple rule sets in GRC. A single place for maintaining and observing Emergency Access ID and it's usage will also be a good benefit. The fact you would be maintaining roles in BRM from a single system will also be a resource and time saving benefit.

    the "Short term pain" may be to ensure you have intelligently designed your Access Request workflow to ensure it caters as a "combined" version of your previous workflows across the different GRC systems. If the workflows were the same across the different GRC systems, in terms of paths and routing rules etc, then you should have a less painful transition.

    In 10.x, it is pretty easy to also cater for multiple rule sets to be applied to analyse a Access Request. SAP provide a BRF+ rule to cater for multiple rule sets, i.e. a specific rule set is selected for analysis depending on the certain type of request submitted. This does require some additional configuration, but in the long run once configured, it works very nicely.

    I am sure there are many other benefits that could come to mind.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Your original question was about Multiple GRC systems. The response is in relation to multiple target systems.

      Multiple target systems is normal in many organisations. Connecting them to a GRC system is not that difficult as long as your Basis team have the right amount of understanding and ensure the correct GRC plug in components is installed on the target systems (based on NW level etc).

      As for the hard bit, depending on how many systems are being connected to the GRC system, you will have to consider how to size the GRC system. SAP do provide a sizing guide, which can be used as a starting point, but after some heavy testing and usage, your company may decide to bulk up the memory space allocation etc.

      Whilst Application support may be different per target system, as long as you have a central GRC team being the active connection between all the other teams, you should be fine. Easier said than done.

      Hope this helps you towards your answers.