The 5 Most Important Post-GST Tasks for Companies Running SAP: Part 2
In our last post, we outlined the first three tasks that smart companies tackle after they’ve gone online with GST. The last two tasks are equally important, however, and give companies the tools to face new and existing GST requirements with confidence and security.
Automate emergency access management
Given the scope of GST compliance, it is worth noting that changes to IT and business processes are inevitable. Every major IT project leads to management better understanding their business and the more managers understand the business, the more ideas they will have to improve it – which means change. Furthermore, anytime there is chain of systems – from your IT environment to an ASP’s to a GSP’s to GSTN – there will be adjustments required to your IT systems. And anytime the government is involved there will be changes. So, with respect to GST, the question isn’t how to avoid every change, the question is how to be quick, efficient, and risk-free in making any required changes.
Smart IT teams already know that even the most knowledgeable people can be made useless if they lack the authorizations necessary to fix a problem or make a requested change to an IT system. Instead of having experts wait around for access, smart IT teams make it possible for those IT and business process experts to get the access they need as soon as they need it. The question asked by smart IT teams is: How do we make the change process efficient and risk free – especially since the first thing we did after going live with GST was to pull back exceptional access from various consultants, contractors, and staff with expanded privileges beyond their day to day responsibilities?
Speed and security are the core values behind automated emergency access management. It is beyond the scope of this article to get into best practices around emergency access management and the ROI organizations can typically expect, but visit our resource center for various whitepapers and data sheets about emergency access management.
Additionally, to request a demonstration of how easy it is to automate emergency access management, click here.
Conduct an after-action review
Sometimes called post-mortems, an after-action review is essential for IT to mature and for a business to become more competitive. There will be another major IT project. Business and IT can rest assured that major IT projects are recurring events. The question is: Will the organization have matured so that the next major IT project will be done even better than the last? The only way to increase the likelihood that the ability for an organization to handle hard challenges is to learn from the last challenge.
There are several methodologies to formally review and learn from major objectives. Each has its advantages and disadvantages. They all share a couple of key requirements: The review should involve all stakeholders, should not be punitive but should focus on areas for improvement, should be immediately after the event, should be oriented on the persistent goals of the organization and aligned with its cultural priorities and values, and should be documented.
If you would like one of our facilitators to help you conduct an after-action review, click here to email us about your interest.
Our two-part series on the 5 most import post-GST tasks has been a short review of five areas every IT and finance team should consider before closing out their GST project. Whether GST registration and compliance was easy or all consuming, if a company was running SAP, then there’s a good chance access was granted to a wide number of stakeholders. Smart IT and Finance teams are now in the process of withdrawing the exceptional access so that risks associated with sensitive access, fraud, and compromised Segregation of Duties are no longer material. They understand that GST did not remove the increasing enforcement of the India Companies Act of 2013 and other legislations which mandate access controls.
Companies know that granting access to new users or expanding access of existing users not only increases access related risks but also may trigger incremental license costs. Those running SAP also know that these licensing costs are not limited to just those with an SAP user ID, but include direct and indirect users. So before shutting down their GST projects they assess the licensing implications of each integration and of every user. Only then can they be confident they are controlling the costs of their SAP platform under the new GST regime.
In addition to cleaning up access and licensing, Smart IT and Finance teams are also in the process of inventorying their process controls so that their new supply chain processes and tax credit capture strategies are optimized. These companies are looking at both manual and automated controls, but have a bias towards the long-term value of automated controls. With respect to automated controls, they are including both controls that are inherent with the SAP platform as well as automated controls which augment the platform required by the company to meet all its objectives. These teams see controls not only as a way to ensure consistent operational behavior but also to facilitate knowledge transfer and to help identify where positive changes can be made.
Speaking of change, companies realize going live with GST was not the end of change for GST but the beginning. They are now anticipating the inevitable changes coming as bugs are found in the new systems, as management discovers ways to further optimize their business under the new GST regime, and as IT systems come under increasing capacity constraints. These companies want to accelerate one obvious process: emergency access management. This process enables greater speed and security as change requests and troubled processes inevitably come.
Lastly, before closing the books on their GST project, companies are bringing together their people and partners and ensuring that everyone has a chance to both learn from others and to contribute to the learning of others. These post-mortems are happening while the project is still fresh in everyone’s mind. They follow agendas that support the company values. And, they are enabling good organizations to become great, and great organizations to maintain their competitive advantage in the market.
If you would like to know more about how Security Weaver can help your team with GST compliance, SAP License Management, or anything having to do with SAP GRC capabilities, click here.