SAP has outlined the latest updates to SAP GRC for SAP HANA. The changes focus on how governance, risk, and compliance processes run in HANA-based environments, with simplified user interfaces and real-time analysis central to the update.
The updates introduce SAP Fiori-based workflows, tighter alignment with SAP S/4HANA, and automation features that change how access, risk, and control activities are performed.
The release is currently available in restricted shipment through SAP’s Early Adoption Care program and is expected to reach general availability in the third quarter of 2026.
Execution Changes in SAP GRC for SAP HANA
The update changes how GRC processes run. SAP’s emphasis falls on user experience, processing speed, and integration, with new capabilities and AI-native features layered in.
- SAP Fiori apps reshape the user experience.
Role-based workflows simplify access requests, control monitoring, and risk analysis, reducing reliance on complex, context-heavy screens. - SAP HANA enables real-time processing.
Risk, access, and control analysis operate on current system data, replacing batch reporting with continuous visibility into system activity. - SAP S/4HANA alignment reduces separation from core processes.
GRC operates more directly with transactional data and workflows, allowing controls and risk checks to run against live business data. - AI-supported features introduce targeted automation.
SAP highlights AI-native capabilities as part of the update, positioning them as assistive tools within existing GRC workflows.
The core modules remain intact. SAP Access Control, SAP Process Control, and SAP Risk Management continue as the foundation, even as their operation changes.
Analysis
What This Means for ERP Insiders
GRC becomes a lever for operational control. Embedding controls into workflows allows organizations to act on risk earlier, improving decision speed and reducing reliance on retrospective review cycles.
SAP GRC Direction and 2027 Transition Timeline
This update sits within a defined transition. SAP positions SAP GRC for SAP HANA as the successor to SAP Access Control, SAP Process Control, and SAP Risk Management, with mainstream maintenance for GRC 12.0 ending in 2027.
That timeline changes how this release should be read. The update shows the direction customers will need to follow as GRC aligns with SAP S/4HANA and SAP HANA. SAP is moving toward a more unified, SAP HANA-based GRC environment with a shared architecture.
The technical reality is more involved. Moving to SAP GRC for SAP HANA requires HANA adoption, updated GRC 12.0 environments, and architectural decisions between hub and embedded deployment models, which ties the GRC transition to broader SAP S/4HANA programs.
At the same time, the scope of GRC is shifting. SAP links governance, risk, and compliance with application-level security and data protection, particularly in SAP Fiori and SAP S/4HANA environments, where controls operate closer to how data is accessed and used.
GRC decisions shift to enterprise architecture. Platform alignment forces governance ownership into architecture teams, reshaping how risk, security, and ERP design decisions are coordinated.
Analysis
What This Means for ERP Insiders
GRC planning becomes an architectural decision. Platform dependencies and timelines force organizations to define GRC within ERP strategy rather than treating it as a standalone compliance function.
About Us
ERP Today covers how ERP, cloud, and AI change the way businesses run. Our editors speak with practitioners, vendors, and analysts to surface the technology, contracts, and risks that matter for enterprise leaders.
Alongside our newsroom coverage, we run in‑person summits where ERP leaders compare notes on programs like yours, and a research practice that turns reporting like this into organization‑specific briefings and content.
This article was first published by SAPinsider on April 9, 2026.
