Model governance

How to Reduce Key-Person Risk in SAP Programmes

By Dzmitryi Kharlanau · Published · 23 min read

The programme has one person who knows how everything fits together.

Contents

Reviewed: 14 July 2026

The programme has one person who knows how everything fits together.

They know why a standard field was not used. They remember which country received an exception. They know that one mapping workbook is obsolete even though it is labelled “final.” They understand which migration default was temporary, which Jira decision superseded another and which SAP validation will break if a source field changes.

When a defect appears, everyone calls them.

When a new rollout starts, they explain the model again.

When a change is proposed, they identify dependencies no document shows.

Management may describe this person as indispensable.

Operationally, that is a risk.

The problem becomes visible when the person:

The team still has documentation.

It may have thousands of pages, mapping workbooks, tickets, test results and configuration records.

What it does not have is the connected knowledge that allows another qualified person to reach the same conclusion without reconstructing the programme from the beginning.

Key-person risk is not simply a shortage of documentation. It is a shortage of transferable decision context.

Reducing that risk does not mean replacing senior experts with documents or AI.

It means converting important implementation knowledge from personal memory into a controlled model that others can inspect, validate and maintain.

Expertise is not the risk

Experienced architects and consultants are essential in complex SAP programmes.

They contribute:

The programme should not attempt to eliminate dependence on expertise.

The risk appears when expertise is the only place where critical relationships exist.

For example:

Legacy field
→ business meaning
→ approved mapping
→ SAP target
→ validation rule
→ local exception
→ test evidence

If only one person understands this path, the programme is not merely benefiting from their expertise.

It is depending on their continued availability as a runtime component of the delivery model.

The strongest experts often hide the weakest knowledge systems

A capable lead can compensate for poor structure.

They may know:

Because the person resolves problems quickly, the organisation may underestimate the underlying weakness.

The programme appears controlled.

In reality, the expert is performing manual integration between:

When that person is absent, the integration disappears.

The immediate reaction is often to request more documentation.

That is necessary but insufficient.

The organisation needs to preserve not only documents but the relationships and decisions that the expert carries mentally.

SAP MDG governs operational data, not every implementation memory

SAP currently describes SAP Master Data Governance as a central governance layer that unifies master data, policy and metadata. Its capabilities include governed models, preserved semantics and relationships, ownership of attributes, validated values, collaborative workflows, monitored business rules and auditable data changes.

These controls reduce dependence on individuals for operational master-data processing.

The platform can make explicit:

An SAP MDG implementation still creates important knowledge outside those operational controls:

This wider implementation knowledge must also become governable.

Otherwise, the organisation can have a well-controlled MDG workflow and still depend on one architect to explain why the workflow was designed that way.

The different forms of key-person dependency

Key-person risk does not have one cause.

We separate it into several forms.

1. Knowledge-location dependency

Only one person knows where the relevant information is stored.

The information may exist, but others cannot find it efficiently.

Typical statements include:

This is a discoverability problem.

2. Interpretation dependency

Several artefacts exist, but only one person understands how to reconcile them.

For example:

The expert knows the history and can explain the intended state.

This is a model-coherence problem.

3. Decision dependency

Only one person remembers why a design choice was made.

The result may be documented.

The alternatives, evidence and conditions are not.

This is a decision-traceability problem.

4. Relationship dependency

Only one person can identify what is affected by a change.

They know which:

depend on the field.

This is a lineage and impact-analysis problem.

5. Execution dependency

Only one person can perform a critical task.

Examples include:

This is a process and automation problem.

6. Authority dependency

The organisation has not clearly assigned decision rights.

One senior person becomes the default approver because nobody else is recognised as authorised.

This is a governance problem.

Each form requires a different response.

Adding another consultant may reduce execution dependency without resolving decision or relationship dependency.

Why traditional handover often fails

Handover is commonly treated as a final project phase.

The delivery team prepares:

The receiving team attends presentations and signs acceptance.

A few weeks later, AMS begins contacting the original project team.

The handover failed because it transferred artefacts but not enough operational understanding.

Common causes include:

A document repository can preserve content.

It does not automatically preserve the model connecting that content.

Start by identifying where the programme is fragile

Do not begin by demanding that every expert document everything they know.

First identify the dependencies with material delivery impact.

Ask:

A practical inventory might look like this:

Knowledge areaPrimary expertBackupCurrent evidenceRisk
Business Partner tax modelLead MDG architectNoneDesign deck and ticketsHigh
Supplier migration mappingsMigration leadJunior analystExcel workbookMedium
Local value-list exceptionsCountry consultantNoneWorkbook commentsHigh
Readiness reportingData-quality leadNoneLocal scriptsHigh
Workflow configurationSAP developerSecond developerTechnical documentationMedium

The purpose is not to evaluate individuals.

It is to identify system weaknesses.

Do not ask experts to “write everything down”

This creates large, low-quality documentation tasks.

Experts are asked to describe entire domains from memory.

The result often contains:

The most valuable knowledge may still be missing:

A better approach is to capture knowledge through operational objects and questions.

For each critical model element, record:

This turns knowledge capture into model construction rather than memoir writing.

Capture decisions while they are made

The cheapest time to preserve a decision is at the point of approval.

The most expensive time is months later, during an incident, after participants have left.

For material decisions, record:

For example:

Decision:
Allow temporary supplier classification MIGRATION_REVIEW.

Reason:
Legacy ERP_B has no reliable classification source.

Scope:
Inactive and blocked suppliers in Wave 2.

Restriction:
May not be used for newly created suppliers.

Owner:
Global Procurement Data Owner.

Expiry:
Before production cutover.

Another architect can now understand the treatment without contacting the original workshop participants.

Stable model objects reduce reliance on terminology memory

One expert may know that the following terms refer to the same approved concept:

Another person may reasonably assume they represent different concepts.

Stable identifiers provide an anchor:

ATTR-SUPPLIER-CLASSIFICATION

The object can connect:

This does not remove the need for domain interpretation.

It preserves the interpretation once it has been approved.

Preserve source-to-target lineage

A support analyst investigating a target field should be able to trace it back to:

For example:

SAP Supplier Risk
→ MAP-SUPPLIER-RISK-ERP-A
→ ERP_A.VENDOR_RISK
→ value mapping VLIST-RISK-ERP-A
→ dataset profile dated 10 July

Without this path, the analyst depends on the migration lead to explain how the value was produced.

This dependency often survives long after migration because bad or unclear converted data continues generating support incidents.

Preserve target-to-consumer lineage

The reverse direction also matters.

A change to a target field may affect:

The expert may know these dependencies from previous incidents.

The model should represent them explicitly where material.

Supplier Risk
→ compliance workflow
→ outbound supplier interface
→ procurement reporting
→ data-quality rule

This allows another qualified person to assess change impact without relying only on institutional memory.

Separate model truth from personal working files

Experts often maintain private helper files because project tools are slow or fragmented.

These may include:

These files are valuable.

They are also dangerous when they become the real operating model.

The programme should determine:

Do not prohibit personal tools.

Prevent them from becoming undocumented production dependencies.

Use canonical files and generated views

Martenweave’s architecture uses canonical model files as the source of truth and generated indexes, reports and review views as derived artefacts. The current core documents canonical Markdown and YAML, deterministic validation, generated SQLite and JSONL indexes, trace and impact analysis, dataset profiling, reports and controlled change proposals.

This supports continuity in several ways.

The model is portable

It is not locked inside one person’s local workbook or proprietary interface.

Changes are reviewable

Version history shows what changed.

Views can be regenerated

A report does not depend on one expert manually rebuilding it every month.

Relationships can be validated

Broken references become visible.

Automation can be documented

Commands and outputs can be reproduced by another team member.

The business user does not need to edit YAML.

They can work through spreadsheets, reports or a UI generated from the controlled model.

Deterministic validation transfers tacit checking knowledge

A senior architect may automatically notice that:

Less experienced team members may not recognise these patterns.

Encoding them as deterministic validation rules transfers part of the expert’s checking process into the system.

For example:

Rule:
Every active critical Mapping must reference
one active source endpoint,
one active target endpoint
and one accountable owner.

The validator does not replace the architect’s judgement.

It ensures that basic structural weaknesses do not depend on the architect noticing them manually.

Encode programme policy, not individual preference

Not every expert habit should become a validation rule.

The programme should distinguish:

Good deterministic rules include:

Poor rules may enforce:

Validation rules themselves require ownership and review.

Create reproducible operating commands

A key-person dependency often exists because one person knows how to run the tools.

Important processes should have:

Examples include:

Validate canonical model.
Build generated index.
Profile migration dataset.
Detect model gaps.
Generate impact report.
Export review workbook.
Create issue bundle.

The process should be tested by someone other than its author.

A written command that has never been executed by a second person is not yet a reliable handover.

Use the “two-person execution” test

For each critical operation, ask:

Can a second qualified person execute this process from the maintained instructions and controlled inputs?

This can be tested through:

The second person should not merely observe the expert.

They should perform the process while the expert reviews the result.

This reveals:

Use pair ownership for critical domains

Every critical domain should have:

A backup who never participates is not a practical backup.

Possible practices include:

The objective is not to duplicate every role.

It is to prevent critical knowledge from remaining single-threaded.

Rotate explanation, not only execution

A person may learn to run a process without understanding why it exists.

Ask different team members to explain:

The explanation should cover:

This tests whether model understanding has transferred.

Use incidents as knowledge-capture opportunities

Every difficult defect reveals a gap in the knowledge system.

After resolving the issue, ask:

Then update:

Otherwise, the expert solves the incident and retains the new knowledge personally, increasing dependency further.

Do not transfer knowledge only through meetings

Meetings are useful for explanation and discussion.

They are weak as the only durable output.

A knowledge-transfer session should produce or verify:

Recording the meeting can help.

Future teams should not need to watch several hours of video to understand one mapping.

Use generated handover packages

A handover package should be produced from the current model rather than assembled manually at the end.

For a domain, it can include:

Because the package is generated from controlled objects, it can be refreshed after changes.

This is more durable than a frozen project archive.

The receiving team must validate the handover

Handover is not complete when documents are delivered.

The AMS or operations team should demonstrate that it can:

This tests operational usability.

A formal sign-off without these exercises may confirm receipt rather than understanding.

Distinguish platform knowledge from programme knowledge

Some knowledge is generic SAP expertise:

Other knowledge is specific to the organisation:

Training and vendor documentation may reduce dependence on generic platform expertise.

Only the programme can preserve its own decisions and context.

Both are required.

Reduce dependency on implementation partners without rejecting them

External partners provide necessary specialist capacity.

The risk arises when the organisation cannot maintain or challenge the delivered model without the same partner.

A responsible engagement should ensure:

The goal is not to remove the partner.

It is to prevent commercial continuity from becoming the only form of knowledge continuity.

Avoid the “more people” solution without structure

Adding another consultant does not automatically reduce key-person risk.

The second person may:

Staff redundancy without knowledge-system redundancy is fragile.

A stronger combination is:

Stable model objects
+ shared evidence
+ reproducible processes
+ secondary ownership
+ tested handover

AI can accelerate knowledge capture

AI can help process fragmented project history.

Useful tasks include:

This can reduce the burden on senior experts.

Instead of writing the complete model manually, the expert reviews structured proposals.

AI can also create a new key-person problem

An opaque AI workflow can become another dependency.

For example:

The AI process should therefore be reproducible and governed.

Record:

The goal is not to replace one expert dependency with one agent dependency.

AI should propose; people should approve

Martenweave’s public product description states that AI-assisted changes should pass through reviewable PatchProposals rather than altering the canonical model directly. It also describes structured connections among fields, attributes, rules, owners, issues and decisions.

This supports continuity because:

Human approval is not only a safety control.

It is part of preserving organisational authority.

Build a key-person-risk scorecard

A practical scorecard can assess critical model areas.

For each domain or process, evaluate:

Primary owner

Is one accountable person named?

Secondary owner

Can another person perform and explain the work?

Canonical artefacts

Is the current authoritative model identifiable?

Decision traceability

Can important choices be explained?

Relationship traceability

Can changes identify their dependencies?

Reproducibility

Can reports and validations be rerun?

Operational evidence

Are tests and implementation references current?

Access

Do the necessary people have access to tools and repositories?

A simple rating can be used:

The purpose is to prioritise remediation, not produce another decorative maturity score.

Indicators of high key-person risk

Warning signs include:

One sign alone may be manageable.

Several together indicate structural dependency.

A practical remediation plan

Do not attempt to solve every dependency at once.

Choose one high-risk domain.

For example:

Step 1: Identify critical questions

List the questions currently routed to one person.

Step 2: Create stable model objects

Represent the affected attributes, endpoints, mappings, rules and contexts.

Step 3: Record material decisions

Capture rationale, evidence and approval.

Step 4: Connect implementation evidence

Add configuration, datasets, tests and issue references.

Step 5: Encode basic validation

Automate repeatable checks.

Step 6: Document operating commands

Make reports and analyses reproducible.

Step 7: Assign a secondary owner

The second person reviews and executes the process.

Step 8: Run an absence simulation

Resolve a sample issue without the primary expert leading.

Step 9: Measure remaining dependency

Identify what still requires personal knowledge.

This creates a bounded improvement rather than a general documentation campaign.

A worked example: Business Partner tax governance

The programme depends on one architect to explain country tax treatment.

The risk areas include:

The remediation model might include:

Global attribute:
Tax Registration Identifier

Country contexts:
DE, PT, ES

Source endpoints:
Defined per legacy system

Mappings:
Connected to each country context

Rules:
Mandatory and format conditions

Decisions:
Approved exemptions and temporary deviations

Tests:
Positive, negative and exemption cases

Owners:
Global tax-data owner and local finance owners

A secondary architect is then asked to investigate a failed German tax record using only the maintained model and evidence.

Any information they cannot find becomes a concrete knowledge-system gap.

Another example: migration readiness reporting

Only one data-quality lead can produce the readiness report.

They use:

To reduce dependency:

The objective is not merely that the second person can run the script.

They should understand why the report reaches its conclusion.

Another example: local value mappings

A country consultant maintains local value mappings in a private workbook.

The global team relies on them during each test cycle.

Remediation includes:

The consultant retains domain expertise.

The mapping no longer disappears when their contract ends.

What should remain human

Some knowledge cannot be reduced completely to model objects.

Experienced people still need to interpret:

The objective is not complete codification.

It is to ensure that the next qualified person starts from preserved evidence and decisions rather than from an empty desk.

What managers should ask

  1. Which people are currently indispensable to critical model decisions?
  2. What work stops when they are absent?
  3. Is the current model identifiable without asking them?
  4. Can another person trace critical fields from source to target?
  5. Are material decisions recorded with rationale and approval?
  6. Are local exceptions explicit?
  7. Can another person run validation and readiness reports?
  8. Are scripts and commands version controlled?
  9. Does every critical area have a participating secondary owner?
  10. Has the receiving team demonstrated understanding?
  11. Are difficult incidents used to improve the model?
  12. Can the organisation change implementation partners without losing model truth?
  13. Are AI workflows reproducible and reviewable?
  14. Which dependencies remain intentionally person-based?

The final question matters.

Some dependency on rare expertise may be an accepted business choice.

It should be conscious rather than discovered during a crisis.

Common mistakes

Producing more documents without establishing authority

The team receives more files but still cannot identify the approved state.

Waiting until handover

Knowledge should be captured through delivery and change.

Treating recordings as structured knowledge

Recordings are useful evidence but expensive operational references.

Naming a backup who does not participate

A passive backup is unlikely to be ready.

Expecting junior staff to absorb context through observation

They need controlled opportunities to execute and explain.

Documenting configuration without rationale

Future teams see what exists but not why.

Keeping scripts on personal machines

This turns reporting and validation into individual capabilities.

Attempting to capture every expert thought

Focus on material model objects, relationships and decisions.

Replacing an expert with AI

AI can prepare proposals and summaries but cannot inherit business authority.

Treating key-person risk as an HR issue only

It is also an architecture, governance and knowledge-model issue.

When a lightweight approach is enough

A small project may use:

This may be sufficient when:

A model registry becomes more useful when:

Where Martenweave fits

Martenweave is intended to turn knowledge scattered across spreadsheets, datasets, tickets, validation reports, decisions, SAP context and project history into structured, connected model objects. Its public documentation describes validation, gap detection, traceability, impact analysis and human-reviewed model proposals.

The current open-source core includes canonical model files, generated indexes, dataset profiling, reports, spreadsheet review flows and a PatchProposal-to-ChangeRequest lifecycle.

For key-person risk, its role is practical:

Expert knowledge and project evidence
        ↓
Structured model objects and decisions
        ↓
Deterministic validation
        ↓
Generated views and reproducible reports
        ↓
Shared review and ownership
        ↓
Transferable operational knowledge

Martenweave does not make specialists interchangeable.

It makes the results of specialist work less dependent on one person’s memory.

Our conclusion

Key-person risk in SAP programmes is rarely solved by one final handover workshop.

It is reduced when important knowledge becomes part of the delivery system while the programme is still active.

That means preserving:

The practical test is:

Can another qualified person explain and safely change a critical part of the model without the original expert reconstructing the context for them?

When the answer is no, the programme remains person-dependent even if documentation exists.

When the answer is yes, expertise has begun to become organisational capability.

The objective is not to make experts less valuable.

It is to stop wasting their value on repeatedly explaining facts and relationships that the programme should already know.

About the authors

Martenweave is maintained by Dzmitryi Kharlanau.

We build practical model-governance infrastructure for SAP migration, MDG, MDM and AMS teams. Martenweave is designed to preserve model objects, evidence, decisions and relationships so that implementation knowledge survives staff changes, partner transitions and the move from project delivery to long-term support.

Sources and notes

This article was reviewed on 14 July 2026.

SAP currently describes SAP Master Data Governance as a central governance layer that unifies master data, policy and metadata. Its stated capabilities include governed models, preserved semantics and relationships, ownership of master-data attributes, validated values, collaborative workflows, monitored business rules and auditable data changes.

Martenweave’s public documentation describes a model-control layer that connects fields, attributes, rules, owners, issues and decisions and supports deterministic validation, dataset-gap detection, traceability, impact analysis and reviewable model proposals.

The current open-source core includes canonical model files, generated indexes, search, trace and impact analysis, dataset profiling, ownership and audit reports, spreadsheet review flows and a PatchProposal-to-ChangeRequest lifecycle.

Martenweave is an independent project and is not affiliated with or endorsed by SAP. SAP, SAP S/4HANA and SAP Master Data Governance are trademarks or registered trademarks of SAP SE or its affiliates.

Primary sources