SAP ECC – End of Life and What to Do
You know, I was sitting down today and pondering just how I am going to get the message out to everyone that’s interested. Interested in what? Well, how about starting with those folks running SAP ECC and are facing a timeline to upgrade or migrate to S4/HANA? That looks to be around 2027 when SAP will pull support for ECC. Then there is the issue of custom code on SAP systems. How much is there? How much is still running? What’s the impact of all this legacy custom code with either a greenfield or brownfield migration to S4/HANA?
And then, implications of auditing SAP systems for fraud detection that may have been introduced via the custom code that modifies standard tables in SAP. I would argue that many CIOs are not aware of the extent of this (and probably a fair number of internal auditors are not as well!). These are known as ISA 315 and SAS 145 – standards that are now required for all publicly traded companies whether running SAP or any other ERP and/or financial system. Anyone nervous yet?
OK, so how do we put all this together to figure out just how a migration is going to take place, while minimizing the amount of custom code that is to be transported to a new environment as well as making sure that what is transported is ‘auditable.’ And of course, transforming a company with the tools and capabilities of S4/HANA. To be sure, one must build a business case to justify the spending and resources required to migrate a company into the 21st century with S4/HANA. The good news is there is a solution – an app – that is significantly more advanced than any tool or proposed ‘assessment’ process on the market.
Driven by AI capabilities, WestTrax (www.westtrax.com) is an international, independent company that delivers an SAP systems’ usage, risk, requirements, and capabilities. It is an automated, AI-driven app built on SAP BTP that provides 360-insights and super-detailed insights of the state of your SAP ECC system – in as little as 24 hours. Yeah, as little as 24 hours! This tech is based on ~2,000 unique analysis of SAP ECC systems across 15 different industries. There is no other company in the world that has this experience, goes to this level of detail, and delivers the goods in 24 hours – none. Put the ball directly into the hands of the teams that will be migrating their SAP ECC system. No interpretation, translation, subjectivity, covering tracks. It’s the real deal. Let me explain the moving parts.
First up is the KPI Analyzer app. This beauty does the heavy lifting and provides insights into security issues (more later):
- 1 – 2 hours … customer preps ERP logs, pushes into KPI Analyzer subscription Transport
- 3 – 4 hours … automated assessment output completed (bro, when did anything in IT ever happen in 3-4 hours?!)
- Levels 5 & 6 Usage
- Down to Transaction Codes (Tcodes) & Document Types
- All users, all custom & standard ABAP code, all SAP modules, all industry solutions, all customer locations – 100% automation eliminates human error risks
- Removes subjectivity with actionable information for business case accuracy
Re-scan regularly, no additional cost - Monitor DevOps progress success, cost-effective active-user tiered pricing
- 100% data output for Financial Security Standards audit compliance
- IAASB ISA 315 & AICPA SAS 145 fully supported (hopefully, no jail time!)
The last point above is key and is the foundation for the WestTrax Security Pathfinder, a configuration provided in the KPI Analyzer app. The message here is that you need to understand just how the custom ABAP code is configured and used in your SAP ECC production system. It is the foundation for fraud detection. The reason these new requirements are there is to ensure that the custom code developed is audited and is compliant with these regulations. Prior to this, no one was really looking to whether a custom APAB program was altering a standard SAP table that would / could result in fraudulent transactions. I mean, you are not going to move ‘bad’ or questionable / unaudited ABAP code into a new, shiny S4/HANA system, right? Right?!
I wanted to explain what the leveling is and how it is that WestTrax can get to this level of detail. There are typically 6 levels of detail as shown below:
Many software products go to level 4 which is a process level. Not much use when wanting to see specifically who is doing what with custom ABAP code. WestTrax’s unique capability to deliver detailed results as to who is doing what is truly different. By not only removing old code that is no longer running, and by ensuring that what is running is compliant with audit standards, migration to S4/HANA can now be done quicker, easier and with the knowledge that can be exposed to business users, finance teams, and internal and external auditors. Seems like a win-win to me!