GRC GUIDEBOOK: STRATEGIES AND TOOLS TO MITIGATE RISK | SAPINSIDER SPECIAL REPORT Master GRC Project Documentation with SAP Solution Manager How to Keep Your GRC Configuration Knowledge After the Consultants Leave Geoff Wright Director and Technical Specialist (SAP Solution Manager and GRC) Island Consulting (Ireland) W hen organizations implement new software, and documenting target systems. Furthermore, you they are often most focused on getting the can print the blueprint document, which can be use- functionality up and running and achieving business ful to compliance teams, as it is a record of the system results as quickly as possible. This goal sometimes design at a point in time. comes at the expense of important procedures — such When you move to configuration mode, new tabs as properly documenting their solutions. When consul- appear in SAP Solution Manager from which you can tants are around to answer questions, a lack of docu- perform configuration directly in your GRC develop- mentation is no problem, but as soon as they leave, ment system. You can store the entries made in the customers are left to their own devices. If the solution target system’s IMG next to each step and group steps is not properly documented, the organization could module by module into a Business Configuration (BC) be in trouble. Set for check-out or portability later. A printout of the This holds true for SAP solutions for governance, completed configuration serves as a delivery docu- risk, and compliance (GRC). If your solution, such ment for sign-off and comparison with the blueprint as SAP Access Control or SAP Process Control, isn’t document. properly documented, you run the risk of not getting There are a number of other standard tools that the most out of your investment due to not being con- you can use during various project steps. For example, fident in updating your solution, not applying patches, when testing GRC apps you can use the testing suite being reluctant to upgrade, or even having to reimple- to manage the whole testing cycle, including using ment. You can use SAP Solution Manager to docu- workflow for testers, test script management, and ment your solution, regain any lost knowledge, and not getting the issue management. You can also use the learning suite keep your users informed, even after the project team to automatically distribute content, as well as collect most out of your has left. Shareable Content Object Reference Model (SCORM)- If your solution isn’t properly documented, you run the risk of investment. Use Solution Documentation to Prevent Project Knowledge Loss compliant data and return it to HR training records. The Change Analyzer tool allows you to collect data about the changes that have been made to SAP solu- Say, for example, that you upgrade SAP Access Control tions for GRC. It then tells you what testing is required from version 5.3 to version 10.1 and you want to create and which learning modules to check. or update documentation. You would start by creating Reporting is also available throughout all of the blueprint for your system in the Projects application SAP Solution Manager, with preconfigured reports in SAP Solution Manager. You then use accelerator data for each section. from the repository for SAP Access Control, which sup- S-16 plies basic business processes to populate a blueprint Learn More structure for user provisioning and role management. Island Consulting specializes in SAP Solution Manager From this structure, you can add any customized work- and SAP solutions for GRC, with experience running flows, interfaces, and organizational data. them on both SAP HANA and standard ABAP imple- In tabs within the Projects application, you can store mentations. Island Consulting also offers reverse en- project data such as decision-making explanations, gineering of your solutions as well as preconfigured which can serve as a guide for future decisions. There solutions that can be delivered to give your organiza- is also a graphical tool for organizing processes across tion a rapid standard deployment of SAP solutions for multiple systems, such as connections to LDAP and GRC 10.1. For more information and brochure down- identity management systems, as well as identifying loads, go to www.islandconsulting.ie. Reproduced from the Oct n Nov n Dec 2014 issue of SAPinsider with permission from its publisher, WIS Publishing | SAPinsiderOnline.com
© Copyright 2024 ExpyDoc
