Hi Andre,
I do not have a BW ruleset that evaluates critical reports, and I'm not sure that you will have luck finding a pre-configured ruleset because reports are very specific to each company. Although, it could be developed if you know which reports and "gateways" (authorizations) allow a user to reach the report: You could have your technical SAP security team open a trace on a user's account who is able to view these reports, and then you could review the trace log to see which authorizations were required to reach the report - then build new ruleset functions and risks from this information. These risks would be "Critical Action" risks (Sensitive Access), and are single-sided SOD risks (there's not a combination of functions, there's a single function = accessing the sensitive reports). There are several Critical Action risks within the standard-delivered SAP ruleset for ECC that you could reference as a model for how to build new Critical Action risks for this purpose.
Aside from BW access relating to reports, you can evaluate your BW system for all of the same Basis-related risks that are being evaluated for ECC. Both systems have similar ABAP foundations, and all of the system-maintenance abilities are the same. Ideally, you would already have your ECC system connector included in a GRC Logical Group "SAP_BAS_LG" or something similar, which is where your Basis ruleset is uploaded - and any system connectors that are assigned to this LG will be evaluated against this same ruleset. Therefore, you would simply need to include the BW system connector within this GRC Logical Group; generate the rules; and the you will be able to run risk analysis against BW just like ECC. At least in this case you will be able to see SOD issues and Critical Actions that your BW technical users have - and you can reduce the risk of one of these users being able to blow up the system, if they so choose.
Hopefully this helps,
Ken