<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=974250883405448&amp;ev=PageView&amp;noscript=1">
Reducing risk with SAP Solution Manager



Solution Governance


Risk Management, Auditing and Compliance


Latest Thinking

Reducing risk with SAP Solution Manager

Jon Friesen | Apr 28, 2016

In this blog post I’m going to divert our attention from the technical aspects of SAP Solution Manager and present a value proposition for the tool.  After all, we’re configuring Solution Manager to solve IT problems and address the needs of an SAP support organization.  So let’s focus on those needs and dig into the SolMan value proposition a little.

I’ve seen consultants and salespeople get tangled up trying to justify Solution Manager by using cost reduction as the driving value proposition.  This is misguided.  While SolMan can reduce costs (through test automation and reduction of manual operational work such as daily checks), SolMan’s primary value proposition is not about reducing costs.  It is about reducing risk.

Reducing risk with SAP Solution Manager

A modern SAP landscape may contain a heterogeneous set of applications such as ERP, HANA, Portal, BusinessObjects, and SuccessFactors.  With today’s increased rate of innovation (I am referring to the emergence of new frontends like Fiori, analytics tools like Lumira, the refactoring of PI, and so forth) an IT organization faces a variety of risks, which are impossible to control without effective processes supported up by an effective toolset.

Application Lifecycle Management contains those processes and Solution Manager is that toolset.  Consider the following risk scenarios, which are extremely common across SAP support organizations.

Risk during Updates

SAP has proposed that organizations should strive to achieve “two value releases per year”, which refers to a patch cycle (support package, EHP or upgrade) and accompanying adjustments to custom code, documentation, processes and so forth.  Even one value release per year is a risky proposition without the right tools.  Consider:

  1. Are you testing your entire business process?
  2. Are you spending time adjusting code that is no longer in use?
  3. Is your documentation up to date after the rollout is complete?
  4. Are you in danger of downgrading bugfix/maintenance changes when your update goes live?

These are the kinds of risks which can be addressed with CCLM, Retrofit, and Reverse Business Process documentation.

Risk of failing an Audit

An audit is itself a risk-reducing measure.  But failing an audit is a costly and highly visible incident. Consider these risks:

  1. Are all approved changes being implemented?
  2. Have all actual changes been approved?

A well-implemented ChaRM module is an audit-proof change management system.  And RCA features such as Change Reporting can provide “reverse audit” or “detective controls” functionality.

Risks related to Data

Solution Manager’s newer functions such as Data Volume Management and Data Consistency Management address a category of risk that relates to data stewardship:

  1. Are my interfaces keeping data consistent between multiple systems?
  2. Is my data retention policy implemented correctly?
  3. Am I incurring unnecessary storage costs due to a lack of data lifecycle management

The last point is becoming especially pertinent as customers contemplate a migration from a conventional database,where storage costs at the disk level are measured in pennies per GB, to HANA, where RAM storage is measured in dollars.

Risk during technical operation

All monitoring functions are fundamentally about reducing risk.  Let’s consider a few:

  1. Risk of poor user satisfaction due to unreported performance issues
  2. Risk of minor impairments becoming major impairments due to slow detection and resolution
  3. Risk of overuse of Basis team for manual efforts that could be automated

The last of these three examples is also a value prop for cost reduction. But it’s also a risk because time spent on manual monitoring efforts could be spent in other areas (such as your Fiori implementation project) that deliver visible value to your business.  SolMan’s Technical Monitoring and Technical Administration features are oriented towards reducing these kinds of risks.

Risk during application operations

Here’s an area which may fly under the radar in IT organizations since it is a topic that faces the business more than IT.  The question is: are your business processes successful? Remembering that business processes involve both IT and people, it might be surprising that SolMan would attempt to address this risk. But that is precisely the purpose of Business Process Monitoring — to provide a platform for measuring business process success at both the technical and functional layers.

The Value of SAP Solution Manager

These have been just a few examples of the risks facing organizations who run SAP. We often see the most interest in Solution Manager by customers who have been burned by a failed audit or other particular incident.  An IT manager who can recognize the risks their organization faces will find tools in SAP Solution Manager to reduce this risk. Taking a risk-oriented approach during Solution Manager blueprinting is a way to ensure the project’s success is measurable and that the implementation correctly addresses the organization’s need.