Think Twice: The Pitfalls of Outsourcing SAP GRC Reporting to External Analytics Tools
Not everything that glitters is gold! This statement applies perfectly to the external reporting solutions that many enterprises are embracing today. Surprisingly, approximately 40% of enterprises are outsourcing their reporting to external analytic applications without fully understanding the potential drawbacks. Take a moment to read this article and discover the benefits of retaining SAP GRC Reporting as an in-application capability!
When it comes to managing and analyzing large volumes of data, organizations are increasingly turning to external visualization tools such as Tableau, Power BI etc., While these solutions offers a range of features for data visualization and business intelligence, it may not be the most suitable solution for handling massive data sets and also relevant when in-application reporting is available.
In this blog post, we will explore the challenges associated with external reporting/visualization tools. We will discuss what factors to consider and also delve into the in-application reporting capabilities available in SAP GRC.
External reporting solutions undoubtedly offer impressive visualization capabilities and can enhance business reporting. However, improper utilization can lead to increased ongoing cloud and management costs. Therefore, it is highly recommended to evaluate the in-application reporting capabilities before opting for an external reporting solution.
Following are the top three reasons on why external visualization tools are not preferred, especially for SAP GRC reporting:
1. Cloud Costs:
Are you paying huge on your cloud costs every month? Many of the enterprises that adapt these solutions, end up paying significant cost due to misaligned or poorly developed analytic models. Inefficient or inaccurate models consume excessive computational resources, increasing the time and resources required for data processing and analysis. This can result in higher storage costs, increased network bandwidth usage, and extended processing times, all of which contribute to inflated cloud expenses. Moreover, incorrect or incomplete models may generate misleading insights, leading to poor decision-making and potential rework, further driving up costs.
To mitigate this risk, organizations should prioritize investing in robust data modelling techniques, proper validation, and continuous monitoring to ensure the optimal utilization of cloud resources and avoid unnecessary financial burdens. Look at the following:
- Utilize quality data. Cleansing of data is more important.
- Utilize data compression techniques.
- Optimize data pipelines. For example: Many of the NewGen reporting applications can be connected to HANA DB and can consume the data directly.
- Implement cost-effective storage options.
While outsourcing SAP GRC reporting may appear cost-effective in the short term, organizations must consider the long-term financial implications. External analytics tools often come with licensing fees, integration costs, and ongoing maintenance expenses. These additional costs, coupled with the potential need for specialized expertise to manage the external tool, can significantly impact the overall budget. Organizations should carefully weigh the benefits against the long-term financial commitment before opting for outsourcing.
Data security is a paramount concern in today’s digital landscape. When outsourcing SAP GRC reporting to external analytics, sensitive information needs to be shared with third-party platforms. This transfer of data increases the risk of breaches, unauthorized access, and potential data leaks, when not secured properly. Additionally, if the visualization is outsourced to an external partner, organizations must take additional care and evaluate the security protocols and measures implemented. Note that majority of the SAP GRC data is classified as PII and business critical and comes under GDPR and other data protection laws.
3. Near real-time reports/dashboard
Please keep in mind that the reports and dashboards you view on these reporting solutions may not always be in real-time. The data needs to be extracted from the backend systems, processed/cleansed, and loaded into the analytics solution to generate the visualizations.
This process incurs additional resource costs for downloading, cleansing, and uploading data to the reporting solutions. Moreover, if not properly managed, it can result in outdated and inaccurate outputs.
Despite these facts, it is still not advisable to outsource SAP GRC reporting to external tools, as SAP GRC itself offers exceptional reporting capabilities. Leveraging these capabilities not only helps minimize ongoing costs but also provides real-time insights.
As mentioned, for comparison purpose I am discussing about the Reporting options that are available in SAP GRC Access Control solution. The other GRC solutions such as Process Control, Audit Management, Risk Management, Business Integrity Screening, Enterprise Threat Detection etc., have similar or better reporting options. I strongly recommend to explore these options before outsourcing or utilizing external reporting solutions.
Standard Reporting Capabilities
The “Reports & Analytics” tab in NWBC and Fiori Apps for SAP Access Control provides various ready to use reports and dashboards. These reports utilize the standard SAP GRAC tables and shows the real-time data. However, additional jobs such as Batch Risk Analysis jobs to be scheduled for a more accurate reporting. Below is a screen shot that shows various reports:
Additional Fiori analytical applications can be created to provide real-time updates to information. One example is – an application that presents the latest active requests. By leveraging HANA CDS views, these apps can be further developed and improved that displays real-time information without adding any additional cloud costs.
SAP HANA Live for SAP Solutions for GRC
SAP HANA Live for SAP Solutions for GRC is a game-changer in reporting and analytics application developed by SAP. This solution taps into the speed and real-time processing capabilities of SAP HANA, providing instant access to pre-built analytical views and reports tailored for GRC data.
With SAP HANA Live for SAP Solutions for, enterprises can achieve real-time reporting with significantly improved performance, and the ability to conduct ad hoc analysis on GRC data.
The solution also offers comprehensive dashboards that deliver a holistic view of GRC metrics and KPIs (key performance indicators), allowing businesses to monitor compliance, risk levels, and control effectiveness effortlessly.
SAP HANA Live seamlessly integrates with other SAP GRC solutions, enabling a unified approach and a consolidated view of data and insights across various GRC domains.
By leveraging this solution, organizations can optimize their GRC processes, enhance decision-making, and proactively manage risks, ensuring they remain agile, compliant, and well-prepared to address the challenges of governance, risk, and compliance effectively.
Please note that a comprehensive list of Virtual Data Models (VDMs) for SAP GRC Access Control can be found in the help portal. Click here.
However, it is important to note that since the initial release in 2016, SAP has not provided any updates or announced a new version of SAP HANA Live, nor have they released any new VDMs. For detailed information and technical specifications of each view, you can refer to SAP Note 50132749.
It’s worth mentioning that this list can serve as a starting point for developing VDMs and utilizing the application or creating custom Fiori apps. Importantly, this does not incur any additional costs for cloud or reporting solutions.
SAP Access Control 12.0 – SAP Fiori Dashboard OVP
SAP Fiori Dashboard OVP (Overview Pages) – a ground-breaking advancement in the world of SAP Fiori, offering a user-friendly and highly adaptable solution. This innovative solution empowers individuals to craft personalized dashboards tailored to their roles, providing quick and convenient access to critical business information.
Designed with a sleek and modern interface, the Fiori Dashboard OVP revolutionizes the user experience by presenting a consolidated view of key metrics and insights. With this intuitive tool, users can effortlessly visualize and comprehend essential data at a glance. It empowers users to aggregate data from multiple sources, enabling comprehensive analysis and decision-making. By arranging tiles, charts, and graphs according to users preferences, users can customize the dashboard to suit their specific needs and maximize productivity.
By utilizing the SAP Fiori Dashboard OVP, users can efficiently monitor and analyze critical business data, leading to informed decision-making and improved productivity. The personalized and interactive nature of the dashboards allows users to focus on the most relevant information for their roles, facilitating better business outcomes and driving organizational success. Below figures given a quick overview on the Fiori Dashboard OVP page:
SAP Access Control has five OVP Dashboard for GRC Access control:
- Risk Violations
- User Analysis
- Role Analysis
- Access Rule Library
- Mitigation Control Library
SAP is developing & delivering numerous new OVPs in the future releases. For an overview on OVP, refer to the below SAP Notes:
2991499– UIGRAC01 RC AC Dashboard OVP Reports.
2942434– UIGRAC01 user analysis OVP dashboard navigation.
NOTE: Check the minimum system requirements to utilize the Fiori OVPs. You may go through the SAP Access Control 12.0 – SAP Fiori Dashboard OVP blog by Khushboo Kapur for detailed steps on setting up Fiori OVPs.
Moreover, various reporting solutions have been developed on in-application platforms like GAMS360 (GRC Audit Management System), offering a valuable opportunity to minimize upfront investments, development efforts, and ongoing maintenance expenses. Refer to the below figure that list various ready to utilize reports
While the allure of external analytics solutions may seem tempting, organizations must carefully evaluate the pitfalls of outsourcing SAP GRC reporting. The potential risks associated with data security, lack of integration, limited customization, increased complexity, and long-term cost considerations should give organizations pause. By retaining SAP GRC reporting within the system, organizations can leverage the inherent security, integration capabilities, customization options, and operational efficiencies offered by the SAP GRC suite. Taking a step back and thinking twice about outsourcing can ensure a more robust and reliable GRC reporting process, ultimately leading to better governance, risk management, and compliance practices.