Risk Management Essentials for SAP S/4HANA Projects

An SAP S/4HANA transformation project has many risks that need to be managed and often, it is difficult for the project team operating day to day on detailed tasks to “see the forest for the trees.” Enter the Program Risk Management process.

  • The PMO has intimate knowledge of the key processes and risks associated with the project and, as such, is in an ideal position to develop mitigation strategies in collaboration with the system integrator and the business.
  • This ensures that key business concerns are appropriately communicated to the system integrator and limits potential interruptions to the business and system integrator during critical project phases.

Typically, the PMO reports to the project sponsor and steering committee but can also have communication lines with internal audit and compliance functions.

  • A strong PMO typically monitors and assesses two main types of risk: Risks associated with program execution and governance and those associated with business process and technology.
  • There are several different areas of risk to be monitored in each of these areas, but for the purposes of this blog we will focus on a few key items in each area.

Program execution and governance risks

Implementation governance – Governance structures fail to enable timely decision-making, issue identification and issue resolution at the right levels in the organization.

  • We frequently see programs with governance structures that do not have empowered teams to make decisions or effective escalation paths.
  • The inability to make decisions related to design or issue resolution quickly and efficiently or the revisiting and rehashing of previously made decisions (when no new information is available) will almost always impact a project’s timeline.
  • To resolve issues and make decisions effectively, it is critical to establish an empowered team and to have clear escalation paths with well-defined roles and responsibilities.
  • Capturing issues at the source with concise descriptions, developing realistic and well thought out alternatives and establishing recommendations with a distinct understanding of impact to resources, timeline and scope can help this process run smoothly.

Project planning and oversight – Ineffective project and resource planning leads to delays in project execution, missed dependencies and key activities lacking ownership or resource delivery capacity.

  • Establishing a detailed project plan and resourcing plan is critical.
  • Monitoring the plan and resource commitment is paramount to effective execution and delivery. We have all seen projects where resources that are expected to be full-time cannot disengage from their day job to support the project. It is also common for the business to dedicate resources they can most afford to do without. Either of these scenarios will create problems with program execution and delivery.
  • Project planning that is too high-level and without built-in dependencies can give the team a false sense of being on time.
  • Developing an effective plan includes a clear line of sight to critical path activities, clear linkages between predecessor and successor tasks, visibility of resource contention and the impact of delays in the completion of activities.

This visibility will help the PMO to monitor and proactively address issues with the schedule and resourcing.

Stakeholder support – A lack of focus on building user and management support, adoption and readiness lead to ineffective and inefficient processes and post-go-live disruptions, regardless of deployed system quality.

  • The PMO needs to establish an effective stakeholder management process and assess the various stakeholders to gauge change readiness and support for the initiative.
  • It is also important to establish a clear sense of “what is in it for them” for the various stakeholder groups.
  • Stakeholders must be communicated with consistently and effectively and they must be given adequate access to project information, key design decisions and issue resolutions.
  • Building and managing stakeholder support for the program is a significant effort but will pay large dividends when the new system goes live.

Business process and technology risks

Evolving design – one of the major drivers of scope creep, project delays and inadequate testing is the risk of evolving design.  This risk materializes when the requirements and design of the future solution emerges over time, leading to rework, changes, delays and missed user expectations both pre- and post-go-live.

  • The PMO has good visibility to these types of issues as they will often be the areas that are delayed or where new requirements keep surfacing. The “fit to standard” approach that many implementations use may help minimize this risk, however, we often see this happen when gaps are identified or in integrations.
  • When these design delays drift down the project timeline (often creating additional requirements) they can wreak havoc on testing and system go-lives.
  • The PMO must drive these design decisions to closure and ensure that all necessary stakeholders are engaged and bought in to the finalized design.
  • The design should also be played back to the business to ensure the requirements and capabilities needed are met by the design.
  • This takes a focused effort, but any impact to other workstreams can be made up through better system stability and readiness earlier in the program.

Data conversion and governance risk is caused by ineffective planning and resourcing with respect to the data workstream. There is a significant amount of work in this area, and it is typically not well organized or staffed.

  • Data conversion and governance is one of the biggest causes of project delays and post live issues.
  • A clear data conversion and governance strategy should be developed and implemented early in the program.
  • The PMO can help to mitigate this risk by pulling key activities forward. This includes performing a data quality assessment, establishing cleansing and remediation plans, and identifying the data elements that will need to be converted along with the right data owner.
  • Clarity around the scope of the effort and taking a hard look at the resourcing necessary to execute the activities will help to highlight gaps which the PMO can then pro-actively address.
  • On a recent engagement our PMO pulled the data cleansing activities forward several months prior to the program kick-off.
  • This gave good visibility to the work effort, and we were able to pull in the appropriate staff and have the data workstream in good shape by program kick-off.

The key is to make sure that this conversion effort with its associated cleansing and data preparation is maintained over the long term by establishing the right governance model and processes to keep the data clean in the new environment. This is best done in parallel so that the governance process is operational and functioning effectively as the new system comes online.

The final risk in this category is related to quality assurance; specifically, focused on testing as opposed to third party quality assurance which can be used as a second set of eyes to help manage risk.

  • This can lead to inadequate testing scope and resources. We have used personas, capabilities inventory (or the Business Process Master List – BPML), requirements traceability and several other methods to help mitigate this risk.
  • The key is to establish the strategy and approach early and define how many cycles of each form of testing will be performed as well as establishing entry and exit criteria for each cycle.
  • It is also important to ensure comprehensive test scripts are created and maintained and leveraged for end-to-end processing is critical.
  • This, coupled with the data conversion process, should ensure there are mock data loads ahead of each cycle of system integration and user acceptance testing to minimize the risk of having to use perfect curated data which can hide data issues that are discovered when converted data is used.
  • It is also critical to understand the dependencies between test scripts so that as issues are resolved adequate regression testing can be performed.

This can be a significant effort, so resourcing plans should be developed early and staffed appropriately with people who are dedicated to doing thorough testing.  Automation tools can also be deployed here as well as testing as a service (TAAS), and each should be assessed early in the program to make sure that all necessary activities can be completed to keep the program on track.

While there are several other high-level risks, the risks highlighted above can have significant impacts to the program.

  • If these risks are not monitored and mitigated it can lead to big delays, costly overruns and even project failures.
  • The PMO plays a key role in driving the risk management process and an effective governance model and focus on risk management can help to identify these risks early, mitigate them and drive the program to a successful outcome.

Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.

To learn more about our SAP consulting services, contact us.

Chris Hanson

Managing Director
Business Platform Transformation

Subscribe to Topics

Protiviti’s Christine Livingston contributed to #Harvard Business Review’s latest report, speaking on the ethical issues of #GenAI governance frameworks and the importance of connecting these with your company ethos and brand values. https://ow.ly/6mgL50RK5oX #ProtivitiTech

What is high-speed #quantum networking? How does it work? How fast is it? Listen now to host @KonstantHacker and @NoelGoddard2 from @QunnectInc as they explore this concept and potential business use cases. https://ow.ly/QHER50RK4SS #ProtivitiTech #Podcast

Protiviti recently helped a manufacturing client gain more autonomy over its #SAP environment by upgrading from SAP HANA Enterprise Cloud to SAP HANA Cloud Platform. Learn more about this successful migration. https://ow.ly/7ZN450RCfUM #ProtivitiTech

It can be difficult to link security risks associated with operational technology to the financial impact of OT security events. Enroll in this webinar to learn how Protiviti has utilized #FAIR to visualize critical production assets and threat scenarios. https://ow.ly/cGJk50RpgbT

Effective content management enhances efficiency, promotes collaboration, ensures consistency, and helps business stay compliant. Here's why Protiviti recommends #Microsoft SharePoint to support these efforts: https://ow.ly/1M3J50RyQRl #ProtivitiTech

Load More