SAP

Understanding Business Responsibilities During an SAP S/4HANA or Central Finance Transformation Journey – Part 2

Chris HansonDanielle Baumann
May 5, 2021
5 min read

In Part 1, we introduced the first four of the seven key areas of business responsibilities during an SAP S/4HANA or Central Finance transformation journey. Today, we cover the remaining three: user acceptance testing, reporting and analytics, and security and controls.

User Acceptance Testing (UAT)

UAT is the final and most critical phase of system testing, and it validates that the new system design can support the business. UAT is even more critical as more projects are delivered through agile-like methodologies like SAP Activate, as there is typically not a clear requirements document but a collection of user stories that define the requirements. The business plays a vital role in this testing phase and should assume responsibility to ensure all business requirements and user stories are met. For any user stories that are not met, the business must identify a resolution or workaround to support the process. Business participation is necessary during UAT to confirm the end-to-end, future state processes that the new system will support are operating as expected and that all critical user stories have been addressed. Successful UAT testing increases user adoption rates with a thoroughly tested and functional system at go-live, reduces go-live risk by ensuring the system is working as designed and reduces post live support requirements by surfacing issues early and allowing for resolution. Common gaps in UAT are a lack of comprehensive, well-designed test scripts to fully address end-to-end testing, lack of defined metrics (entrance/exit criteria) and understanding of workstream dependencies.

Below are key responsibilities of the business during UAT:

  • Develop test scenarios based on the solution design, business requirements and user stories that address all business processes end-to-end
  • Plan UAT execution schedule, identify appropriate testers and the sequence of user stories and scenarios
  • Identify dependencies on the other tracks (such as data conversion and interfaces) to ensure efficient coordination across workstreams for testing
  • Clearly communicate issues and defects and coordinate with all appropriate personnel.

Reporting and Analytics

During an S/4HANA or CFIN transformation, the reporting workstream is usually limited in nature and focused on leveraging standard reports. A comprehensive analytics strategy is often an afterthought. While standard reports may meet some business requirements, it does not consider the holistic reporting needs of the organization. Organizations taking on transformation journeys today should focus on identifying and developing the key analytics vision and requirements that the organization will need to stay competitive. This may include predictive or prescriptive analytics, leveraging big data and KPI dashboards. This analytics vision is a critical element of most transformations and must happen early in the process to help inform solution design, data requirements and tools selection.

The business can achieve these goals by:

  • Creating a complete vision for the future state analytics environment
  • Mapping and defining the user personas and how those personas need to interact with data to achieve the promised gains of S/4 HANA
  • Creating an inventory of key reports needed for go-live based on stakeholder input
  • Reviewing and validating the process for developing additional reports immediately after go-live
  • Reviewing and validating the overall architecture and the tools or technologies in place for reporting to ensure they will meet future business needs.

Security and Controls

Due to a variety of competing project management priorities during S/4HANA and CFIN implementations, it is common to prioritize functional readiness over system security and internal control requirements. This means that the technical security and compliance workstreams are scrambling to build and test their deliverables just prior to go-live, leading to a rushed and unsustainable system security architecture, excessive user access and lack of configurable controls. In such cases, significant compliance gaps are often discovered during post-implementation audits, creating the need for costly security and controls redesign projects to remediate large risk exposures.

The key to avoiding this common project pitfall is to obtain the adequate level of support from C-level management and the project steering committee to appropriately resource the security and compliance workstreams and ensure there are key security and compliance checkpoints throughout the project timeline, starting no later than the design phase. It is critical to develop strong collaboration with the functional workstreams, financial compliance and internal audit teams to ensure shared responsibility for the successful completion of the security and controls deliverables.

The business should consider these key security and controls deliverables:

  • Developing an enterprise security and internal control strategy and obtaining buy-in from key stakeholders, including an IT general controls framework, a business controls framework, data privacy and protection, regulatory compliance, relevant corporate policies and a knowledge transfer plan
  • Establishing key checkpoints with internal audit and other compliance teams to confirm alignment and sign-off of roles and responsibilities, scope and desired outcomes
  • Obtaining the sign-off of security and controls subject-matter experts for all final business process blueprint documents, ensuring the business process and solution design is influenced by a control mindset
  • Documenting detailed security operating policies and procedures (e.g., role, user access and emergency access management) that govern all security administration processes for both production and non-production systems in scope
  • Integrating security and internal controls into the integration testing plan
  • Evaluating an enterprise GRC solution.

It is imperative that companies understand their role when preparing for a business transformation initiative powered by S/4HANA or CFIN. Active business involvement in business process readiness and solution design, program governance and management, organizational change enablement, data conversion and governance, user acceptance testing, reporting and analytics and security and controls will help drive a successful transformation. Appropriate knowledge of the role the business will play throughout the project lifecycle helps avoid common mistakes and supports a successful transformation journey.

To learn more about our SAP capabilities, contact us or visit Protiviti’s SAP consulting services.

Chris Hanson

Managing Director
Business Platform Transformation

View all posts

Danielle Baumann

Senior Manager
Enterprise Application Solutions

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More