SAP licence audits can expose costly compliance gaps. But those findings are negotiable. This advisory shows how to treat an audit like a business negotiation, turning a potential financial hit into a managed outcome aligned with your IT strategy.
This article is part of our SAP Licence Audit Survival Guide. See also: Top 10 SAP Audit Triggers | SAP Digital Access (DAAP) | SAP Indirect Access Strategies
An audit outcome is not set in stone. With preparation and negotiation, it becomes a business discussion, not a one-sided fine. Customers who understand the process and treat the settlement like a vendor negotiation consistently achieve far better outcomes.
SAP periodically audits enterprise customers, usually every few years, to verify you are not using more software or users than purchased. If an audit finds overuse, SAP demands remediation: typically purchasing additional licences and potentially paying back maintenance fees. Even a few dozen extra users can translate into hundreds of thousands of dollars at list prices. Indirect usage by external systems can expose companies to multi-million-dollar claims.
However, an audit outcome is the starting point for negotiation, not the final answer. Customers who understand the process, prepare thoroughly, and treat the settlement like a vendor negotiation consistently achieve far better outcomes.
Indirect access. The biggest audit risk. Third-party systems or non-SAP applications interfacing with SAP without proper licences incur enormous fees if not licensed correctly. SAP's Digital Access model (document-based licensing for S/4HANA) provides a more predictable approach, but only applies if formally adopted. Otherwise traditional indirect use rules apply.
Misclassified users. Companies often assign lower-cost licence types to individuals performing higher-level tasks. These misclassifications accumulate over time. Even after migrating to S/4HANA, legacy misassignments carried over can still trigger audit findings if not corrected.
Engine and package overuse. Many SAP modules have specific metrics (database size, CPU cores, employee counts). Using more than licensed, running SAP on extra servers or using unpurchased components, gets flagged. These findings carry straightforward but sometimes significant remediation costs.
Contract ambiguities. Older SAP contracts may not clearly define terms like indirect use, or may contain strict clauses requiring shortfalls to be purchased at full list price plus back maintenance. Such gaps and rigid language work in SAP's favour during audits if not addressed in advance.
Indirect access remains the single highest-exposure audit finding. The SAP v Diageo ruling and numerous subsequent cases demonstrate the scale of risk. If your organisation has any third-party systems reading or writing SAP data, evaluate Digital Access licensing proactively, before SAP's auditors do it for you.
The best defence is a good offence. Prepare for an audit before it happens. Organisations that invest in preparation consistently reduce their audit exposure by 40 to 60% before negotiations even begin.
1. Inventory licences and usage. Keep a detailed inventory of SAP licences owned and compare against actual usage. Use SAP's measurement tools (USMM and LAW) to simulate an audit internally. Spot and reconcile discrepancies. If you have more active user IDs than licences purchased, that is a red flag to address immediately.
2. Clean up users and data. Remove or deactivate dormant accounts and reassign unused licences. Many companies find 10 to 20% of SAP accounts are inactive (former employees, duplicates, test IDs). Clearing them out immediately reduces potential compliance gaps. Ensure each user has the correct licence type. Downgrade users who only need self-service access.
3. Simulate an internal audit. Run SAP's measurement programmes internally on a routine basis. This produces the same kind of report SAP would see. Address red flags proactively. It is far easier to fix a licence assignment or reduce usage before SAP's official audit clock starts.
4. Build a cross-functional team. Assemble an internal "SAP audit response" team: IT (usage data), procurement/ITAM (entitlement knowledge), finance (budget implications), and legal (contract interpretation). Assign a point person to coordinate when an audit notice arrives. Having this team ready ensures you control the process and messaging.
5. Know your contract's audit clause. Review your SAP agreement for audit-related terms: notice period, data scope, time allowed to cure findings. When under audit, provide only what is specified. If your contract does not obligate sharing details about third-party systems, politely decline those requests. Be cooperative but stay within contractual limits.
Preparation reduces exposure before negotiations begin. By cleaning up users, correcting misclassifications, and removing dormant accounts before SAP's audit clock starts, you can eliminate 40 to 60% of potential findings. Every issue you fix proactively is one SAP cannot charge you for.
When SAP delivers the audit report, it might list licence shortfalls with a large dollar figure attached. Do not panic or assume you must pay immediately. Treat the findings as a starting point for negotiation.
Verify every detail. Cross-check SAP's report against your own usage records. Audit data can be wrong or outdated. Identify errors or overcounts: inactive users counted as "active," duplicate IDs counted twice, or test accounts included in production totals. Every user or engine you can legitimately remove from findings reduces the compliance gap.
Challenge indirect access findings. Do not automatically accept large indirect usage charges. Ask SAP to explain exactly how they calculated each claim and whether every integration truly requires a licence. What SAP flags as "indirect use" might be read-only data sharing or a limited interface that arguably should not be counted the same as a full user. If indirect usage truly exists, you can still negotiate an alternative resolution rather than paying per unlicensed user.
Prioritise big-ticket items. Focus energy on findings carrying the highest financial impact. If the audit claims $1M for indirect access and $20K for extra HR users, devote your resources to the $1M issue first. You might negotiate the big number down or away entirely, which has far more benefit than haggling over a minor discrepancy.
Engage SAP's account team. SAP's auditors report numbers, but your account manager and sales executives care about the relationship. If a finding seems unreasonable, involve your SAP account rep. Emphasise that you want to remain a long-term customer. Often the sales side will advocate internally for a more reasonable settlement if they see you are valuable ongoing business.
Control the timeline. Do not let SAP impose an unrealistic deadline. Use any notice period and take the time you are entitled to for analysis. It is appropriate to tell SAP you need weeks to review findings thoroughly. Removing the "urgent, pay now" pressure gives you time to build your case. Keep communications professional and document everything.
When it is time to settle, approach it like a typical vendor negotiation. Ultimately, you are likely buying additional licences to address the compliance gap, so leverage that fact. SAP expects negotiation. Customers who come prepared consistently achieve far better outcomes.
Determine your true needs. Determine what licences you actually need, which may be fewer than SAP's report indicates. After cleanup and reclassification, a 100-user shortfall might shrink to 60. Enter negotiations with a clear understanding of the actual gap. Only purchase what is truly necessary.
Never accept list prices. The initial report often calculates fees at full list price, but almost no large customer pays list. Treat compliance purchases like any other SAP deal. Push for volume discounts. Companies commonly secure 30 to 50% or more off the initial audit quote. Also negotiate waiving back-dated support fees.
Bundle with future investments. Convert compliance cost into investment in new SAP solutions. Rather than spending purely on "penalty" licences, propose a deal that covers needed licences plus strategic purchases (S/4HANA migration, new modules). SAP often significantly reduces audit fees when funds are redirected toward new products.
Leverage SAP's sales calendar. Align negotiations with SAP's quarter-end. If an audit occurs mid-year, extend negotiation into Q4 when SAP is closing deals. As deadlines approach, SAP becomes more motivated to compromise. Let SAP know you have internal approval processes to manage. Aim to finalise by their quarter-end.
Address indirect usage creatively. Do not simply accept a large per-user bill. Negotiate alternatives: adopt SAP's Digital Access document licensing model, negotiate a one-time fee for blanket permission, or purchase document packages at negotiated rates. Whatever approach you take, ensure it settles the claims completely. No coming back next year for the same issue.
Negotiate favourable terms. Beyond price, negotiate payment plans, explicit coverage of all past issues (preventing double-dipping), grace periods before the next audit, and maintenance start date alignment. These contract terms prevent future surprises and can save significant money long-term.
The following table shows how initial SAP audit demands can be substantially reduced through effective negotiation. The first number is never the final number.
| Audit Finding | Initial SAP Demand (List Price) | Negotiated Settlement |
|---|---|---|
| 50 Professional User licences short | $150,000 (50 x $3,000 each) | $75,000 after 50% volume discount |
| Indirect access for external CRM system | $1,000,000 one-time fee proposed | $0. Waived by moving to SAP Digital Access licensing in new contract |
| 100 Limited Users misclassified as Professional | $300,000 at list (100 x $3,000) | $100,000 after reclassifying users and negotiating discount on remainder |
Timing is your most powerful lever. SAP's sales organisation operates on quarterly and annual targets. Aligning your audit settlement negotiation with Q4 (October to December) or Q2 close puts maximum pressure on SAP to offer concessions. They need the deal signed by their deadline. You do not.
After settling an audit, turn your focus to preventing the next one from being painful. Ongoing governance is cheaper than reactive remediation.
Continuous licence governance. Make SAP licence compliance a routine practice. Conduct internal audits at least annually. Check user counts, engine usage, and entitlements. Use SAM tools to monitor usage in near real-time. Regularly clean up unused accounts and adjust licences as roles change. Catching issues early maintains a clean environment.
Educate stakeholders. Ensure IT teams and business units understand SAP licensing basics. If a department wants to integrate a new application with SAP, it should involve the ITAM/licensing team to evaluate indirect use implications before going live. Building a culture of "licence awareness" prevents unintentional violations.
Optimise contracts at renewal. Use periodic renewals to close loopholes and add protections. Negotiate clearer definitions for ambiguous terms (what constitutes indirect use, how a "user" is defined). Push for audit-friendly clauses: longer notice periods, ability to retire and reallocate licences without penalty. Every improvement makes future audits less contentious.
Maintain a proactive vendor relationship. Engage regularly with your SAP account manager through annual or quarterly business reviews. Discuss licence usage and upcoming needs openly. If SAP sees you are on top of licensing, they are more likely to collaborate informally. In some cases, you may get guidance on compliance concerns before they become official audit findings.
| # | Recommendation | Priority |
|---|---|---|
| 1 | Conduct regular self-audits. Run SAP's measurement tools internally to verify usage versus entitlements. Catching and correcting issues yourself lets you fix them long before an official audit. | Critical |
| 2 | Clean up unused licences continuously. Remove or reallocate licences for departing employees or role changes. Keep user lists lean and up-to-date to minimise ghost users inflating usage figures. | Critical |
| 3 | Know and use your contract. Be intimately familiar with the audit clause. Exercise contractual rights: use full notice periods, provide only required data. A strong grasp of terms helps set boundaries with SAP. | Critical |
| 4 | Always negotiate. Never just pay. Do not treat SAP's first audit bill as final. Engage negotiation as you would for a new purchase. Many companies find their final settlement is a fraction of the initial quote. | High |
| 5 | Leverage SAP's sales goals. Mention planned S/4HANA upgrades or new products during audit discussions. SAP may reduce compliance fees in exchange for new commitments. Time settlements near quarter-end for better terms. | High |
| 6 | Engage stakeholders early. Involve procurement, legal, and executive sponsors as soon as an audit begins. A united, well-informed team negotiates more effectively and will not be pressured into quick, unfavourable deals. | High |
| 7 | Document everything. Capture final settlements in writing, clearly stating what compliance issues are resolved and any promises from SAP. A detailed agreement prevents disputes later and closes the book on the audit. | Moderate |
| 8 | Invest in SAM and training. Use the audit as a catalyst to improve. Better SAM tools for continuous tracking and team training on licence management means a much stronger position for the next review. | Moderate |
| 9 | Stay informed on licensing changes. SAP licensing rules evolve (Digital Access policies, new user definitions). Stay current through official channels and industry forums to adjust compliance strategy proactively. | Moderate |
1. Audit your usage now. Inventory all current SAP users, modules, and interfaces. Compare against licensed entitlements. Identify obvious overuse or mismatches immediately, before SAP does.
2. Form your response team. Designate a core team (IT, asset management/procurement, finance, legal). Ensure each member knows their role, from gathering data to reviewing contract terms, so you are ready when an audit notice arrives.
3. Engage with SAP methodically. If audited, review each finding against your own data and contract terms. Ask for clarification on unclear points. Challenge incorrect findings calmly, providing evidence where possible.
4. Negotiate a win-win settlement. Enter discussions with a clear plan: purchase specific licences at agreed discounts, or incorporate compliance spend into new investments. Aim for resolution that addresses issues without waste.
5. Secure the agreement and follow up. Get final terms in writing and signed. Immediately implement measures to prevent repeat findings. Clean up remaining issues, update processes, negotiate contract adjustments for the future.
Most SAP customers face an audit roughly every 2 to 3 years, though it varies. SAP also conducts annual self-measurements (licence usage reports) which can escalate into formal audits if discrepancies are found. Certain events trigger out-of-cycle audits: significant usage spikes, mergers/acquisitions, or switching to third-party support. You should always be prepared for the possibility, even if you have recently been audited.
Indirect access means using SAP's system via a third-party application rather than direct logins. For example, a cloud CRM or custom mobile app reading or writing SAP data. SAP charges because the software is still being utilised behind the scenes. Historically this required named user licences for every indirect user, leading to confusion and large bills. SAP introduced the Digital Access model, charging based on documents processed rather than users, to make costs more predictable. The bottom line: SAP wants any significant use of its software properly licensed, whether direct or through another application.
Absolutely. Initial audit reports typically show fees at full list price, but in practice almost no large customer pays list. You can negotiate audit findings just as you would a normal purchase. Companies commonly secure 30 to 50% or more off the initial quote. You can also negotiate scope: back-maintenance fees for years of unlicensed use can often be waived. SAP's priority is to get you licensed and keep you as a customer, so they are usually open to compromise rather than enforcing sticker price.
You should dispute any findings you believe are incorrect, with evidence and reasoning. Show SAP why a particular claim is wrong. Perhaps their tool counted users incorrectly, or your contract does not support an indirect usage claim. SAP will often adjust or drop charges when you make a solid case. However, if a compliance gap is real and you refuse to address it, you would be in breach of contract. Almost always, continued dialogue produces a mutually acceptable settlement. Aim for compromise rather than standoff.
If potential exposure is large or licensing issues complex, outside help is wise. Specialised SAP licensing advisors analyse audits for errors, provide benchmarking from other customer outcomes, and negotiate on your behalf. Legal counsel should review any settlement agreement before signing. For routine audits with small findings, your internal team may handle them well. For high-stakes matters, outside expertise typically pays for itself by substantially reducing settlement costs or improving terms.
Implement continuous licence governance immediately after settlement. Run internal self-audits at least annually using SAP's measurement tools. Clean up inactive accounts quarterly. Educate business units on indirect access implications before they integrate new systems with SAP. Negotiate clearer contract definitions at your next renewal. The goal is to ensure SAP finds nothing material at the next audit because you have already found and fixed everything yourself.
Our SAP advisory team includes former SAP insiders who know exactly how SAP's audit process works from the inside. Independent. Fixed-fee. No commercial relationship with SAP.
SAP Audit Defence ServiceIndependent SAP audit defence and settlement negotiation. Former SAP insiders. Fixed-fee. Vendor-independent.