A leading UK engineering group received a twenty four point six million dollar SAP indirect access claim across the ECC estate. Redress ran the audit defense, rebuilt the document number based position, and closed the settlement at four point seven million in fourteen weeks.
SAP's audit team opened the engagement with a twenty four point six million dollar indirect access claim built around document number counts across the ECC backbone. The claim cited document creation through three integration points, the corporate banking gateway, the customer portal, and a third party logistics platform that posted material movement records into the ECC plant maintenance module. The signed settlement landed at four point seven million dollars, a reduction of nineteen point nine million dollars in fourteen weeks.
The customer is a top three UK engineering and infrastructure group with global manufacturing and project delivery operations. The SAP estate ran a single ECC 6.0 backbone with bolt on Treasury, Plant Maintenance, and Materials Management modules, supported by an SAP BW analytics tier and a Solution Manager governance instance. The audit notification arrived in the first week of January, four months before the contractual renewal anniversary that would have triggered the next true up cycle. The audit team's commercial pressure point was clear. Settle before the renewal anniversary, or face an aggregated claim that combined indirect access exposure with the standard true up at the same time.
Redress was engaged on day three of the audit notification window. The Redress team had previously delivered a Java audit defense engagement at the same customer two years earlier. The directive from the chief information officer was identical to the previous engagement. Cooperate fully, but contest every assumption. The audit defense framework that ran on the previous engagement was applied verbatim. A communications protocol routed all SAP and partner inquiries through a single authorised inbox, the data request was received but not answered until the buyer side rebuild was substantively complete, and the audit defense team operated under the published SAP audit defense service framework.
The customer's SAP relationship dated back fourteen years across three master agreements. The current master agreement included a Named User entitlement of seven thousand two hundred Professional Users and four thousand five hundred Limited Professional Users, supplemented by Engine licenses for FI, CO, MM, PP, and PM, and a Plant Maintenance Engine licensed by maintenance plan count. The contract included a standard clause covering indirect access, with the document creation rule that SAP introduced in the 2018 contract refresh. The clause was the central legal frame for the entire claim.
The customer had not run a buyer side license position assessment in the prior thirty months. The SAM tooling was deployed but the indirect access scope had not been mapped. The corporate banking gateway, the customer portal, and the third party logistics platform had each been deployed inside the prior twenty four months. The integration architecture review had not asked the indirect access question at design time. That gap was the opening that SAP's audit team exploited.
The SAP audit team delivered the preliminary findings five weeks into the audit. The findings broke down into three lines.
First, the corporate banking gateway. The audit team asserted that every payment run posted from the gateway into the ECC FI module created a chargeable document number under the indirect access rule. The audit team counted document numbers across the prior thirty six months. The total was three point seven million documents. Applied at the SAP published per document rate, the line totalled fourteen point two million dollars. That single line carried fifty seven percent of the headline claim.
Second, the customer portal. The audit team asserted that the customer portal posted material requirement notes into the ECC SD module under the indirect access rule. The portal had been deployed twenty two months earlier and carried a population of approximately twelve thousand active customer users. The audit team counted document numbers and applied the per document rate. The line totalled six point eight million dollars.
Third, the third party logistics platform. The audit team asserted that the logistics platform posted material movement records into the ECC PM module under the indirect access rule. The platform had been deployed sixteen months earlier and processed approximately two thousand six hundred records per day across the customer's manufacturing sites. The audit team counted document numbers and applied the per document rate. The line totalled three point six million dollars.
The Redress team opened the engagement with a license position reconstruction. The reconstruction pulled every document number from the ECC system across the prior thirty six months, classified each by source system, document type, and posting user, and mapped each document against the contractual indirect access definition. The reconstruction took eighteen working days. The output was an alternative effective license position that contradicted the audit team's claim across all three lines.
On the corporate banking line, the reconstruction showed that the payment runs posted as batch reversals against named user accounts already entitled under the Professional User pool. SAP's own published technical documentation, including the November 2019 OSS note, classified batch reversals against named user accounts as already covered under the named user entitlement and not separately chargeable under the indirect access rule. The Redress team produced the OSS note, the gateway technical specification, and the named user mapping. The fourteen point two million dollar line collapsed to two point one million dollars covering a residual subset of payment runs that posted under a service account rather than a named user account.
On the customer portal line, the reconstruction showed that the customer portal posted material requirement notes through a documented integration scenario that the contract master agreement defined as covered. The 2018 contract refresh had specifically named customer portals as covered under the existing entitlement, provided the portal user population was distinct from the SAP named user population. The Redress team produced the contract clause, the customer portal user master file, and the named user master file. The two populations were entirely distinct. The six point eight million dollar line collapsed to zero.
On the third party logistics line, the reconstruction showed that the logistics platform posted material movement records through an SAP certified Process Integration adapter. SAP's certified adapter framework included an explicit indirect access exemption that applied to all postings made through the certified adapter, regardless of the originating system. The Redress team produced the adapter certification, the integration architecture diagram, and the message log that confirmed every posting flowed through the certified adapter. The three point six million dollar line collapsed to four hundred thousand dollars covering a residual subset of postings that flowed through a non certified path during the platform deployment phase.
The Redress reconstruction was delivered to the SAP audit team in week eleven of the engagement. The audit team contested the customer portal line and the corporate banking line in the first response and accepted the third party logistics rebuild without further challenge. By week twelve the SAP commercial team replaced the audit team as the customer interface. By week thirteen the commercial team accepted the customer portal rebuild against the contract clause and reduced the corporate banking line to two point seven million dollars in negotiation. The settlement closed at week fourteen at four point seven million dollars. The settlement covered the residual indirect access exposure, a one year support cap reset, and a contractual addendum clarifying the named user mapping for batch reversals through service accounts.
The settlement closed without litigation, without escalation to the customer's general counsel beyond a routine review, and without disturbing the renewal conversation that began six weeks after the settlement was signed. The customer subsequently retained Redress for a continuous SAP advisory engagement covering the next renewal cycle and the planned ECC to S/4HANA migration. The migration carries its own indirect access reset, which Redress is running under a separate framework documented in our ECC to S/4HANA migration guide.
The post audit remediation program covered four work streams:
The UK engineering case is consistent with the wider SAP audit pattern observed across the Redress SAP practice. SAP audit teams typically open with claims that combine three pressure points. They count document numbers without testing the contractual indirect access definition. They apply the per document rate where the named user entitlement already covers the posting. They count postings through certified adapters as if the certified adapter exemption did not apply. The reduction from twenty four point six million to four point seven million is large but not unusual. The Redress SAP practice has run audit defense engagements where the opening claim was higher and the settlement was lower in absolute and percentage terms.
The pattern reinforces the case for continuous audit readiness rather than reactive audit defense. A buyer side Vendor Shield program produces audit ready evidence as a standing operational output, which collapses the response time when an audit notification arrives and reduces the settlement risk before any claim is opened. For the full SAP audit defense framework, see our SAP audit defense service and the related SAP audit defense framework.
The customer engagement profile mapped to three resource lines that we recommend to other SAP customers facing comparable audit risk:
For the operational checklist see our SAP services overview, the SAP knowledge hub, and the SAP RISE negotiation guide for customers planning a migration that resets the indirect access framework entirely.
The full SAP RISE migration framework, indirect access reset mechanics, and the renewal posture for customers approaching an ECC to S/4HANA cycle. Includes the named user mapping and certified adapter exemption framework that closed this case at $4.7M.
Seventy two pages. PDF. Used in more than fifty live SAP engagements since 2022.
The SAP audit team opened with twenty four million. By week eleven Redress had a contractually defensible position on every line. By week fourteen the settlement was signed at four point seven million.
SAP's audit team opened the engagement with a twenty four point six million dollar indirect access claim built around document number counts across the ECC backbone.
SAP's audit team opened the engagement with a twenty four point six million dollar indirect access claim built around document number counts across the ECC backbone.
Triage the SAP notice. Build a position. Run the response protocol. The buyer side strategy is documented in the page above and the audit defense playbook.
From notice to settlement, most SAP audits run 90 to 270 days. The first 30 days are decisive. Triage, scope, and response protocol drive the outcome.
Redress Compliance runs the assessment, builds the buyer side baseline, and supports negotiation, renewal, or audit defense across the program. Contact us to scope the engagement.
We work for the buyer. Always. There is no other side of our table.
Indirect access settlements, RISE migration economics, audit movements, and renewal posture across the SAP estate.
Once a month. Audit patterns, renewal benchmarks, vendor commercial signals across Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, Google Cloud, ServiceNow, Workday, Cisco, and the GenAI vendors. No follow up sales pressure.
Free providers (Gmail, Yahoo, Outlook) cannot subscribe. Work email only. Unsubscribe in one click.
