Risk is about uncertainty. The things you can’t predict are most likely to derail your best-laid plans. But if you put a framework around that uncertainty, a way to limit the volume and impact of unexpected outcomes, then you effectively de-risk your project. And that means you can move much more confidently to achieve your project goals. 

The first question we have to ask ourselves is ‘what risks exist in our project?’. Or to put it another way, ‘what is there that we know might cause a problem, and how can we avoid those outcomes?’. Identifying and managing as comprehensive a list of these risks as possible means that unpleasant surprises can be reduced. It might also bring to light some golden opportunities for doing things better. 

Some things are bound to go wrong though, even with the best of planning. And anyway, we simply can’t predict every issue – there will always be the famous ‘unknown unknowns’ (also referred to more simply as ‘stuff we don’t know’). So the second question is ‘how can we more effectively manage the things we didn’t want to happen, when they do occur?’. 

An effective risk management process not only helps to identify risks but also to resolve problems, either because they have been envisaged and plans to treat them have been developed, or because a defined, robust mitigation process is in place. Either way, the goal is to avoid impulsive reactions and going into “fire-fighting” mode. This makes for happier, less stressed project teams and stakeholders. The end result is that you minimize the impacts of project threats and capture the opportunities that occur.

Risk in SAP change

The nature of highly interdependent systems like SAP makes risk even harder than usual for developers and project managers to identify. Not only must technical issues be considered, but the business processes that depend on those systems may be absolutely critical to day-to-day running of the company. This gets even more complicated when the size of many SAP estates is taken into account. Some Basis Technologies customers have upwards of fifty operational production systems, which means the volume of regular change – and corresponding risk – can be huge.

A typical high-level SAP risk management process might look like this:

• Step 1: Identify the Risk. Work with technical and functional teams to uncover, recognize and describe risks that might affect your project or its outcomes. 
• Step 2: Analyze the risk. Once risks are identified you need to determine the consequence of each occurring, based on the nature of the risk and its potential to affect project goals and objectives. 
• Step 3: Evaluate the Risk. Determine the magnitude of each risk by considering the output of step 2, combined with the likelihood of it happening. Then you can make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. 
• Step 4: Manage the Risk. This is also referred to as Risk Response Planning. During this step you assess your highest ranked risks and set out a plan to treat or modify them to make the risk level acceptable. 
• Step 5: Monitor and Review the risk.

But how can we do this? Like most aspects of SAP change management, manual risk analysis and tracking is incredibly labor-intensive, if it’s even possible. That’s why so many Basis Technologies customers who use ActiveControl love one of its more under-the-radar features: the Risk Guard analyzer.

The Risk Guard Analyzer

Risk Guard helps to make the kind of risk management process I’ve proposed a practical reality. It includes a variety of individual features that help across the different steps, for example:

• A High Risk Object flag helps you to identify risk by automatically reviewing the contents of every transport against a pre-defined list of risky objects (an out-of-the-box list of common ones is provided). Even if you’re moving thousands of transports, this enables you to quickly and easily create a list of all transports that have the potential to cause problems.
• A Risk Rating System helps you to evaluate relative levels of deployment risk. Each risky object can be associated with a numerical rating on a scale of 1 to 10, allowing transports to be ranked based on cumulative score.
• Automatic splitting of transports prevents mixing of object types and ensures risky ones are segregated, avoiding delay to other independent, low-risk changes.
• Customizable approval workflows can be defined based on the output of the Risk Guard analysis, for example to define an escalated approval path or prevent automatic deployments that would otherwise take place.

And that’s not all. Risk Guard combines with more than sixty other automated ActiveControl analyzers – all of which can be run at any point between dev and production – to further minimize risk and help you create an SAP change management process that suits the needs of your business. 

Risk Guard allows our customers to manage ‘business as usual’ risk more effectively, but also helps them to accelerate critical projects like the transition to S/4HANA. Although it is just one of many ActiveControl that help to deliver faster, cheaper, higher quality – and therefore safer – SAP change, it’s definitely a firm favorite among the companies I work with.

To learn more about how ActiveControl and Risk Guard can help you to deliver SAP change in a more reliable, consistent, comprehensive, reportable way, request a demo from our team of SAP experts today.