The Challenge: SAP Indirect Usage Audit Claim
The Michigan automotive supplier is a Tier 1 manufacturer supplying major global OEMs with precision-engineered components. The company received an unexpected SAP licence audit notification focused specifically on indirect usage (digital access).
SAP's audit team alleged that several internal systems and third-party platforms were accessing SAP data and executing transactions without appropriate licensing, issuing a preliminary non-compliance claim totalling millions of dollars in back-dated licence fees plus ongoing annual costs.
Scope of the alleged non-compliance
The claim covered: Manufacturing Execution Systems (MES) reporting production quantities to SAP, logistics platforms triggering goods movements, customer portals creating sales orders, and supplier platforms processing purchase orders.
SAP's audit methodology did not distinguish between documents created by automated machine processes and those initiated by human users.
The Client's Position
The company's IT leadership believed their integration architecture complied with SAP's licensing terms. The interfaces had been designed deliberately with specific attention to licensing implications, and had been discussed with SAP during previous licensing conversations.
However, the documentation supporting this compliance position was not consolidated in a single, audit-ready format.
Redress Compliance Engagement: Approach and Methodology
Comprehensive interface mapping
Every non-SAP system connected to the ERP environment was identified and mapped, including specific integration protocols, direction and frequency of data flows, SAP transaction codes invoked, and licensing provisions applicable.
Transaction categorisation
Separating automated system actions from human-driven processes.
Historical documentation assembly
Gathering emails, meeting minutes, architectural diagrams, and contract amendment records proving SAP's prior awareness of the integration architecture.
Statistical analysis
Demonstrating SAP had overcounted and included duplicate entries, batch-processing repetitions, and system test transactions.
The Formal Rebuttal: Evidence-Based Challenge
Redress Compliance prepared a detailed formal rebuttal document supported by usage logs, architectural diagrams, transaction analysis, historical correspondence, and legal licence interpretations that systematically challenged each element of SAP's audit findings.
The rebuttal was structured to address SAP's specific findings point by point, with evidence for why each claimed non-compliance instance was either covered under existing licences, misclassified, or based on an inflated transaction count.
Facing a SAP compliance challenge?
Our audit defence experts help you rebut inflated claims with evidence-based arguments.
Key Defence Arguments
Automated transactions do not require licensing
MES systems posting production confirmations and logistics platforms triggering goods movements were automated system integrations requiring no human SAP login.
Prior SAP awareness of integration architecture
Historical documentation showed SAP had been informed of the company's integration patterns during previous licensing discussions.
Inflated transaction count
SAP had included duplicate entries, batch-processing repetitions, and test transactions in its count.
Existing entitlements covered residual indirect access
For the limited number of transactions involving human-initiated access, existing SAP licensing provisions already covered this usage.
The Results: Full Claim Withdrawal
SAP withdrew the indirect access compliance claim in its entirety. The original multi-million dollar non-compliance finding was retracted completely.
No additional licensing was required—not a single named user licence, not a single digital access document licence, and no retroactive fees.
Establishing permanent governance
The engagement established a permanent compliance governance framework including formal documentation for all system interface reviews, comprehensive audit logs, quarterly interface reviews, and a designated SAP audit response team.