ZR Consultants SAP S4/HANA Risk & Controls Transformation delivery at BT Group

ZR Consultants (ZRC) is proud to share our recent success in delivering a global risk and controls transformation programme.

ZRC were asked to support BT on their SAP S4/Hana global roll out which included entities such as OpenReach, EE, Enterprise, Global etc.

This was one of the largest SAP S4/Hana roll outs in the UK and ZRC are proud to have played a part in the successful delivery of Finance Foundation.

We were responsible for designing, implementing, and embedding all the IT and Business controls, which was challenging because the design was based on a future state. ZRC successfully rolled out all the controls and worked with stakeholders to ensure they were effective post go-live.

We worked with KPMG (the external Auditors) to obtain a clean bill of health at the Audit Committee.

The scope of our deliverables was wide, and we had to deliver everything in record time. With the help of our excellent team, ZRC were able to do this. Some of our deliverables included:

1.     IT and Business Controls – ZRC took over the IT and Business controls from 2 large consultancies and bought everything under one roof, with half the team size.

2.     End-to-End IT data flow – All the interfaces were reviewed, and appropriate reports and controls were implemented and fully tested. There was a significant number of data flows and the ZRC evidenced completeness and accuracy across all in-scope applications/databases. This was signed off by the external auditors with no queries raised.

3.     Operational Effectiveness Testing (OET) and Design Effectiveness Testing (DEA) – Organised and planned testing of all controls in a test environment prior to go-live and identified a failure rate of 90%. Following this the ZRC team worked with all control owners to ensure all controls were effective Post go-live

4.     RACMS – All RACM’s were produced to the highest of standards with all attributes attested to

5.     IUC / IPE Library – A clean up of the library was carried out with clear identification of the reports technical name and whether they are custom or standard reports. All reports were tested, the outputs of which were reviewed by the external auditors. Reports were from SAP, BW and BPC.

6.     ARIS flows – The ARIS flows were reviewed, and recommendations shared with the business.A process on a page was also produced in Visio

7.     SOD Matrix / Sensitive Access – A complete update of all the rule sets were carried out with correct identification of mitigating controls. Sensitive access was reviewed and rectified.

8.     External Auditors – Managed the relationship with the External Auditors by developing a clear and agreed tracker and ensuring all their requests for evidence were actioned in a timely manner

9.     SAP GRC PC & AC – All controls were uploaded to the GRC system

10.  Internal Audit – IA gave the ZRC team a clean bill of health which is an achievement, as its previously unheard of within BT

We are grateful to BT for giving us this opportunity to work on such a large-scale project and are proud to have delivered a high-quality service with many value adds being identified and implemented.

If you think we can help you, please connect on LinkedIn with our CEO and founder Zeshan Raja or via the contact page.

You can find out more about working with us at https://zrconsultants.co.uk where you’ll find details of all our services, previous project work and further client testimonials.

Scroll to top