A $15 Million Claim Built on Inflated Indirect Access Allegations

The company is one of the largest food manufacturers in the United States. Over 75,000 employees. Multiple production facilities across the country. A global distribution network serving retail chains, food service companies, and wholesale operations. SAP was the backbone of everything: supply chain management, production planning, financial operations, warehouse management, quality control, and logistics coordination across every facility and geography.

When SAP initiated a compliance audit, the company expected some findings. Large SAP environments accumulate complexity over time, and perfect compliance across 75,000 employees and dozens of integrated systems is more aspiration than reality. What the company did not expect was a $15 million claim.

SAP's audit findings alleged three categories of non-compliance. Indirect access violations accounted for the bulk of the claim. Unlicensed users represented a significant portion. And outdated licensing agreements that no longer reflected the company's actual deployment created additional exposure. The combined figure of $15 million was presented as the cost of bringing the company into compliance under SAP's interpretation of its licensing terms.

The company's leadership recognized immediately that paying $15 million without independent validation would be irresponsible. They engaged Redress Compliance to validate SAP's findings, challenge the methodology behind the claim, optimize the existing license portfolio to close genuine compliance gaps without unnecessary spend, and negotiate a settlement that reflected the company's actual license obligations rather than SAP's inflated calculation.

Food manufacturers are among the most vulnerable to inflated SAP indirect access claims. The nature of food production, with integrated supply chain systems, automated production lines, warehouse management systems, and EDI connections with major retailers, generates massive volumes of system-to-system transactions that SAP classifies as "indirect access." SAP's audit methodology frequently counts every automated interface touchpoint as a separately licensable event, producing claims that bear little relation to actual named-user activity. For manufacturers with seasonal and part-time workers, outdated license models that do not reflect workforce structure compound the problem further. In our experience, SAP audit claims against food manufacturers are typically inflated by 70-95%.

What We Found When We Examined SAP's Audit Report

We reviewed SAP's audit report line by line. Every alleged violation was mapped against the company's actual contractual entitlements, its historical license agreements, and its real-world system usage. The review revealed that SAP's $15 million figure was built on a combination of methodological overcounting, misinterpretation of contractual terms, and a failure to account for the company's existing license portfolio.

The indirect access calculation was the most significantly inflated component. SAP's audit methodology had counted every automated interface touchpoint between the company's third-party systems and its SAP environment as a separately licensable indirect access event. In a food manufacturing operation of this scale, the volume of system-to-system transactions is enormous. Warehouse management systems communicate with SAP for inventory updates. Automated production lines feed data into SAP for quality control and production planning. EDI connections with major retail customers transmit orders, invoices, and shipping confirmations. Each of these automated interactions was counted by SAP's audit team as if it required its own named-user license or generated its own indirect access liability.

The reality was fundamentally different. These were automated system-to-system transactions, not human users accessing SAP. The EDI connections were electronic data interchanges that no human initiated or monitored on a per-transaction basis. The warehouse management integrations were automated feeds between operational systems and SAP's inventory modules. The production line interfaces were machine-generated data streams. Counting each of these as a licensable event produced a claim that was orders of magnitude larger than the actual indirect access footprint.

The unlicensed user count included users who should not have been counted. SAP's audit identified a substantial number of users who were accessing the system without appropriate licenses. Our review found that many of these users were seasonal and part-time workers whose access patterns did not require the license types SAP was claiming. Others were users whose roles had changed but whose system access had not been updated. Some were inactive accounts that had not been deprovisioned but had no login activity during the audit measurement period. The distinction between an account that exists in the system and a user who is actively using the system is critical for license compliance, and SAP's audit methodology had not made that distinction with the precision the situation required.

Historical license agreements contained provisions that SAP's audit team had either overlooked or misinterpreted. The company's SAP relationship spanned many years and multiple contract amendments. Earlier agreements contained terms that, properly interpreted, covered some of the usage patterns that SAP's audit was classifying as non-compliant. Our review of the full contractual history, going back to the original license agreement and tracing through every amendment, addendum, and renewal, identified provisions that directly contradicted several of SAP's audit findings. These were not ambiguous clauses. They were specific terms that addressed the types of usage the audit was flagging.

The combined effect of these findings was clear. SAP's $15 million claim did not represent the company's actual compliance exposure. It represented the maximum figure SAP's audit methodology could produce when every automated transaction was counted, every inactive account was included, and the company's contractual history was incompletely considered.

Closing Genuine Gaps Without Overpaying

Challenging an inflated audit claim is necessary but insufficient. The company did have genuine compliance gaps. Not $15 million worth, but real gaps that needed to be addressed. The objective was to identify and close those gaps at the lowest possible cost, ensuring the company was fully compliant without purchasing licenses it did not need.

License reallocation addressed much of the gap without any new spend. The company's SAP estate had accumulated licenses over many years, and those licenses were not optimally distributed across the organization. Some operational units had surplus licenses while others were under-licensed. By reallocating existing licenses across business units to match actual usage, we closed a significant portion of the compliance gap without purchasing a single additional license. The licenses the company had already paid for were simply not being used where they were most needed.

Legacy licenses tied to decommissioned systems were retired and repurposed. The company's SAP environment had evolved over the years. Systems that had been replaced or consolidated still had licenses allocated to them. By identifying and retiring these outdated allocations, we freed up license capacity that could be applied against the genuine compliance gaps elsewhere in the estate.

Role-based access controls were introduced to right-size licensing for the actual workforce. A food manufacturer with 75,000 employees has a workforce that does not fit neatly into SAP's standard license categories. Seasonal workers, part-time employees, floor supervisors, quality control inspectors, and dozens of other role types have different SAP access needs. Implementing role-based access controls allowed the company to assign the most cost-effective license type to each user category based on their actual interaction with the system rather than a blanket assignment that over-licensed some users and under-licensed others.

Actual usage patterns were mapped to identify the optimal license type for each user category. SAP offers multiple license types at different price points, each with different access rights. Our analysis mapped what each category of user actually did in the system, which transactions they executed, which modules they accessed, and how frequently they logged in, and then identified the least expensive license type that covered their actual usage. In many cases, users who were counted in SAP's audit as requiring the most expensive license types could be compliant on significantly cheaper alternatives.

License optimization before negotiation is the most powerful lever in SAP audit defense. Every genuine compliance gap that can be closed through reallocation, retirement of unused licenses, or license type optimization is a gap that does not need to be resolved through additional spend. The smaller the genuine compliance gap, the smaller the settlement. In this engagement, license optimization reduced the company's actual compliance exposure to a fraction of what SAP had claimed before negotiations even began.

Facing an SAP Audit?

Our SAP audit defense team has defended enterprises worldwide against SAP audit claims totalling hundreds of millions in alleged non-compliance. Our team includes former SAP licensing specialists who understand SAP's audit methodology, indirect access rules, pricing structures, and negotiation tactics from the inside. Early engagement typically produces the best outcomes. SAP Knowledge Hub →

Book a Confidential Call →

The Negotiation: Evidence Against Methodology

With the audit analysis complete and the license portfolio optimized, the negotiation with SAP was conducted from a position of comprehensive data and documented evidence. Every element of the counter-position was supported by specific findings from the audit review, contractual provisions from the historical agreement analysis, and usage data from the optimization exercise.

We presented SAP with a detailed counter-report documenting every disputed line item. The counter-report was not a general objection to the audit findings. It was a line-by-line analysis showing where SAP's methodology had overcounted, where contractual provisions already covered the alleged non-compliance, where inactive accounts had been included in the user count, and where system-to-system transactions had been misclassified as indirect access events requiring individual licensing. Each disputed item was supported by evidence: contractual language, system logs, usage data, and architectural documentation showing the automated nature of the interfaces SAP was counting.

The indirect access challenge was the centerpiece of the negotiation. We demonstrated with specific technical evidence that the automated interfaces between the company's warehouse management systems, production lines, EDI connections, and SAP were not indirect access in the sense that the license agreements contemplated. These were machine-to-machine integrations, not human users accessing SAP through third-party applications. The distinction was not theoretical. It was documented in the system architecture, the interface specifications, and the transaction logs that showed no human initiation or interaction for the transactions SAP was counting.

The proactive compliance measures strengthened the negotiation position. By the time we engaged SAP in settlement discussions, the company had already reallocated licenses, retired unused entitlements, implemented role-based access controls, and mapped every user category to its optimal license type. The company was demonstrably addressing its genuine compliance obligations, not resisting compliance but ensuring that it was paying for what it actually used rather than what SAP's methodology had calculated. This proactive posture made the settlement discussion more productive. SAP was engaging with a customer that had done the work to understand its own estate rather than simply rejecting the audit findings.

The settlement was $1.2 million, a 92% reduction from SAP's initial $15 million claim. The $1.2 million resolved all audit findings and included future-proof licensing terms that positioned the company for continued growth. The settlement was not simply a reduced payment. It included additional licensing value and strategic terms for future scalability, ensuring the company would not face the same indirect access classification issues as its operations expanded.

"Redress Compliance's support during our SAP audit was critical in mitigating financial risks and strengthening our compliance processes. Their expertise not only saved us millions but also ensured our licensing strategy aligned with our growth plans. We are now better prepared for the future."

CFO, Major US Food Manufacturer

Governance: Ensuring the Company Never Faces This Again

Winning an audit negotiation is important. Ensuring the company never faces the same exposure again is more important. The governance framework established after the settlement was designed to provide continuous visibility into SAP license compliance, prevent the gradual accumulation of gaps that had led to the audit findings, and ensure the organization could respond to any future audit with comprehensive evidence on short notice.

Real-time monitoring now tracks SAP license usage continuously. The company can see its compliance position at any point in time, not just during an audit. The monitoring system tracks named users, license types, module access, and indirect access touchpoints against contractual entitlements. Deviations from compliance are flagged immediately rather than accumulating over years until an audit discovers them.

IT and procurement teams were trained on SAP licensing models. The knowledge gap that had allowed compliance issues to develop over time was addressed directly. Both teams now understand SAP's licensing structure, the implications of different license types, the rules governing indirect access, and the contractual obligations that apply to the company's specific agreement. They can evaluate the compliance implications of system changes, new integrations, and user provisioning decisions before those changes are implemented.

A periodic internal audit process reviews license usage on a regular schedule. Rather than waiting for SAP to audit the company, internal reviews assess the compliance position proactively. Gaps identified during internal reviews can be addressed through license reallocation, access control adjustments, or targeted purchases at negotiated rates rather than at audit-driven prices. The internal audit process also produces the documentation that strengthens the company's position if SAP initiates another formal audit.

An indirect access governance framework manages the most complex compliance risk. The interfaces between third-party systems and SAP, the automated transactions that generated the bulk of the original $15 million claim, are now documented, monitored, and governed by a framework that distinguishes between system-to-system automation and genuine indirect access. New integrations go through a compliance review before deployment. Existing interfaces are periodically validated against the contractual terms governing indirect access. The company will not face a repeat of the scenario where years of unmonitored interface growth produced an audit claim that bore no relation to actual compliance exposure.

Why Food Manufacturers Are Especially Vulnerable to SAP Audit Inflation

The patterns that produced the $15 million claim against this company are not unique. They are structural features of how food manufacturing operations interact with SAP systems, and they affect every food manufacturer running SAP at scale.

Automated supply chain integrations generate massive transaction volumes. Food manufacturing involves continuous automated data flows between warehouse management systems, production control systems, quality management systems, logistics platforms, and SAP. Each automated transaction is a potential counting event under SAP's indirect access methodology. A company running dozens of production lines, multiple warehouses, and hundreds of supply chain partners can generate millions of system-to-system transactions that SAP's audit methodology treats as licensable events.

EDI connections with major retailers compound the counting problem. Food manufacturers maintain EDI connections with every major retail chain they supply. Orders, invoices, shipping confirmations, and inventory updates flow through these connections continuously. SAP's audit methodology can classify each EDI touchpoint as indirect access, producing claims based on transaction volumes that reflect the scale of the company's retail relationships rather than its actual SAP user activity.

Seasonal and part-time workforces create license management complexity. Food manufacturing is a seasonal industry. Workforce levels fluctuate with production cycles, and a significant portion of the workforce is part-time or temporary. SAP's standard license models are designed for stable, full-time workforces. Fitting a seasonal workforce into SAP's license categories without either over-licensing or under-licensing requires active management that many companies do not maintain between audit cycles.

Accepting SAP's initial audit figure without independent expert review is the single most expensive mistake an SAP customer can make. SAP audit claims against food manufacturers are routinely inflated by 70-95%. The combination of automated interface overcounting, seasonal workforce complexity, and historical contract misinterpretation produces initial claims that are designed to establish a negotiating position, not to reflect actual compliance exposure. Expert audit analysis, indirect access challenge, license reallocation, and evidence-based negotiation consistently deliver reductions of 80% or more. The $13.8 million this company saved is not an outlier. It is the predictable result of bringing independent expertise to a process that is designed to favor the vendor.