A UK based mid-sized SAP customer needed to be able to prove that the security of its systems was of the highest order - this was a business imperative - not a nice to have.
This mid-sized (by SAP standards) company decided that the SAP GRC was the most applicable solution after a trawl of the market and began the implementation 14month ago.
It was initially defined as a 4-5 month programme.
3 re-installs and several major escalations later they are happy to now prove to the business that 100,000's of risk and conflicts are now being managed down to only 1000's.
Why did this happen? Several reasons really:-
- the GRC system is technically very complex and bleeding-edge
- the newness of the solution meant that support was generally less-than-helpful
- SAP resources to help (even in emergency) were very few and far between
- a mid-sized SAP customer does not have the depth and breadth of technical resources to support such a complex implementation.
As the GRC programme comes to a close, the customer can show measurable value-add, and real credit goes to the tenacity and dogged determination of the customer programme team, but the pain of the journey will leave deep scars that will take a longtime to heal.
BOTTOMLINE: Think twice about SAP GRC if you have anything less than a complete and comprehensive bleeding-edge technology team.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment