How to Simplify SAP Change Audits with Automated Change Management

SAP system modifications are planned, scheduled, developed, tested, and implemented using change management. Since each change can potentially shut down a productive system, it is essential to control every change across its lifecycle in a repeatable and auditable way.

This is an auditable (and, in many organizations, a regulated) activity. Unscheduled downtime can cost millions of dollars very quickly. An SAP change audit is a risk management approach.

Conducting a change management audit

Whatever your size or industry, a change management audit includes:

  • Reviewing policies, procedures, and change control documentation
  • Evaluating change management processes, like develop, test, and deploy procedures; change request application; change acceptance and production authorization
  • An evaluation of security, who is authorized to do what, such as making changes in development and authorize / approve changes to production etc.

SAP-using organizations relying on traditional manual change processes will find this time-consuming and often challenging. At the same time, (simple) change management tasks are rarely possible due to increased regulations and complex SAP landscapes. In this environment, and without significant policing, workarounds to simplify processes are constant.

Automation is crucial

Yet, it doesn’t have to be a nightmare for SAP IT teams. Automating change management processes with a tool like Rev-Trac Platinum can streamline an audit, ensuring SAP changes migrate to production in a controlled and authorized way.

Automation can simplify even the most complex procedures. It reduces the need for manual workarounds and boosts trust in the integrity of the organization’s change management processes.

How Rev-Trac helps

Rev-Trac Platinum is an automated change management solution that eliminates high-risk manual methods and enforces consistent, repeatable change processes. With Rev-Trac, changes are migrated to production following a pre-defined workflow. Each change is fully documented, providing a transparent trail for auditors.

SAP change audit with continuous integration

Using Rev-Trac’s Web GUI, you can explore several critical reports that help to reduce the costs – time and resources wasted – of an audit.

    1. Status approvals report
      Provides details on the regular and migrating statuses of Rev-Trac requests. Select the report from the utilities section and click view to see the approval history of each Rev-Trac request, including who approved it and the time it was approved. In the example below, you can view the completed requests when the status, ‘equal to complete’, is selected.Rev-Trac Status Approval Report
    2. Time in status report
      Provides visibility into the time the request spent in each status, and the total since it was created. You can select this report in the utilities section, to view how much time has been spent on each status of a request.
      Time Status Report
    3. Retrofit/Clone report
      When running projects in parallel landscapes, retrofits need to be managed to ensure that production support changes that are migrated to production are reflected in the parallel project landscapes as the changes happen. To perform retrofits using Rev-Trac, it can be configured to clone the request once it is approved for production. This guarantees that not only is the change recorded for retrofitting, but you can use the cloned request to assess the change and determine whether to undertake the retrofit.Gain access to the report from the utilities section of the Web GUI and generate two types of reports for an audit trial:
    • Request cloned – displays the list of requests which are cloned
      Requests Cloned – Request filter is set to Status Complete
    • Requests to be cloned – displays the list of requests which are ready to be cloned
      Requests to be Cloned – Request filter is set to Status Complete

Foundation for audit success

Rev-Trac combines several features to enhance SAP change management and ease your audit pain. Key functionality includes:

1. Migrations – transport release, import – date and time

With Rev-Trac, transports are migrated to target systems using standard TP or STMS. It does this in two ways:

  • Rev-Trac can automatically migrate transports after a request is approved into a status such as ‘Approved for QAS’. This is known as the auto-migration method.
  • Authorized users can also migrate transports manually using the Rev-Trac Migration Workbench. This tool allows Rev-Trac administrators to handle non-routine transport migration requirements. Users can view and change the order in which the queued requests are displayed on the screen and migrated. The developer or an authorized user approves the transport migration. Upon approval, the transports are released and queued with the target group. When a transport is released, the approver’s name and then time and date are logged providing a trail for auditors.
2. Safety Checks and decision

There are various safety checks performed on the transports when migrated which will be recorded and help with auditing. The following safety checks can be performed in Rev-Trac.

  • OOPS Check (Overtake Overwrite Protection System)
  • PODS Check (Peripheral Object Dependency System)
  • CISS Check (Change Impact Scoring System)
  • Dependency Check
3. Change and release approvals – single change approvals and CAB approvals

The Release management workbench enables managers to approve multiple Rev-Trac request in a single approval step by adding all the multiple requests to a single release. This is often used by the Change Advisory Board (CAB) to ensure that all changes migrating to production have been reviewed and include the appropriate documentation. This creates an audit trial and ensures that no changes migrate to production without correct approvals.

4. Plan vs reality

This report identifies discrepancies between a transport’s target destination and its present location. The target destination is based on the status of a Rev-Trac request, its associated transports, and the migration strategy. You can also use the Plan vs Reality report as an audit compliance cheat sheet to ensure that transports exist where they belong, and SAP change reports are aligned.

Advanced functionality simplifies SAP change audits

To ensure straightforward audits, Rev-Trac combines additional features to enforce consistent change management process and collect the necessary documentation.

1. Modifications to change requests

To satisfy auditors, organizations must document the lifecycle of every change or request. Adding or removing transports from a request is recorded in the change log report, which can be used for audit purposes.

2. Integration with the service desk, ITSM, DevOps auditing and impact analysis

Integrating and automating an end-to-end process for SAP change creates a ‘single source of truth’. A complete record for every change is available from one place and the record is updated in all places. This gives you the confidence that 3rd-party tools are correctly utilized, and the results captured. You can also compile change and release approvals from external systems, for example ITSM for CAB Approval.

The Bottom Line

Simplifying change management audits is necessary in today’s fast-paced business world. Automating change control processes with a tool like Rev-Trac eliminates risky manual methods and helps to streamline SAP change management audits.

Organizations can realize considerable increases in production stability, massive reductions in the cost of managing change, measurable advances in development efficiency, and get essential documentation for audit purposes. Audits that once took days or weeks can be completed in a matter of hours.

Contact our in-house specialists for more information on simplifying change management audits with automation.