One of our long-standing customers has started the S/4HANA transformation with a Central Finance implementation. We have been contracted to support the project with:  

  • Updating the SoD framework and revising the IT general controls.
  • Content definition and implementation of risk analysis in SAP GRC Access Control for FIORI and cross-system SoDs.
  • Alongside Central Finance (CFIN), the adoption of Master Data Governance (MDG) and SAP Landscape Transformation Replication Server (SLT) were also part of the project.  

The customer is happy, and the result of the project has been live for 4 months now. Lesson Learned:

  • Defining a good and adequate role concept for both UI and the back-end role saves a lot of effort in the process. While doing this, reusing / enhancing old (ECC) back-end roles might not be the best approach.
  • It is advisable to have separate (but related) roles for UI and back-end, combined in a business role.
  • Never (ever) underestimate the creativity of ABAP developers. Adding the custom objects to the ruleset can take a (very) long time.
  • On the MDG side, enhancing the SoD ruleset with the WebDynpro addons is an interesting but complex task.  
  • A good understanding of the business processes distributed along several systems is required for the identification of the cross-system SoD risks.  
  • Knowing the limits of available solutions and the potential of new ones (like SAP Cloud Identity Access Governance) is an important part of making correct decisions about the GRC strategy in a company.
  • There are situations in which definition of SoD risks (in AC) is no longer possible due to process change (example: approvals via Inbox app). Implementing CCM scenarios instead can be a good alternative.

Please check our related services here or contact us here.