A leading Swiss multinational with over 100,000 employees and operations in more than 50 countries faced an aggressive SAP compliance audit alleging significant non-compliance across indirect access, user licensing, and unreported usage. Redress Compliance dismantled the inflated claims, corrected material overestimations, and negotiated a 94% reduction in financial exposure — while implementing governance frameworks to prevent future disputes.
When SAP’s compliance team delivered its audit findings to a leading Swiss multinational, the financial exposure was severe: CHF 25 million in alleged non-compliance. For a company with operations spanning more than 50 countries, SAP systems that underpinned supply chain management, financial consolidation, and human resources for over 100,000 employees, this was not merely a financial shock — it threatened to derail technology budgets, strain the relationship with a critical vendor, and expose the IT leadership team to uncomfortable board-level scrutiny.
The company’s SAP estate was extensive and complex. Multiple SAP ERP instances served regional operations across Europe, Asia, and the Americas. SuccessFactors managed global HR processes. SAP BW supported enterprise-wide reporting. Dozens of third-party systems and custom interfaces connected to SAP through various integration points. This complexity — accumulated through two decades of organic growth, acquisitions, and system consolidations — created the exact conditions under which SAP audit methodologies produce inflated findings.
SAP’s audit report identified discrepancies across three principal areas: indirect access (third-party systems accessing SAP data without corresponding named user licences), licensing misalignments (users classified under incorrect licence types), and unreported usage across global operations where local deployments had not been properly captured in the central licence register. The company’s internal IT and procurement teams recognised they needed specialist SAP licensing expertise, and engaged Redress Compliance to lead the audit defence.
Global operations across Europe, Asia-Pacific, and the Americas, each with regional SAP instances and local system integrations creating complex licence mapping challenges.
A workforce spanning manufacturing, logistics, finance, and corporate functions — all interacting with SAP systems through direct access, self-service portals, and integrated third-party applications.
Regional ERP deployments, a global SuccessFactors implementation, SAP BW for analytics, and dozens of custom interfaces connecting third-party systems to SAP data.
SAP’s audit findings represented a demand equivalent to several years of the company’s annual SAP maintenance spend — an unsustainable figure that demanded immediate expert challenge.
Before constructing a defence strategy, it is essential to understand how SAP builds its audit claims. SAP’s compliance programme operates under contractual audit rights embedded in the standard SAP licence agreement, which grants SAP the right to verify that a customer’s actual usage aligns with its purchased entitlements. In practice, SAP audits rely on system measurement reports (typically generated by SAP’s License Administration Workbench, or LAW), combined with transaction usage data, user master records, and RFC connection logs.
However, SAP’s audit methodology contains structural weaknesses that experienced advisors can identify and challenge. These are not technicalities — they are genuine areas where SAP’s measurement approach routinely produces findings that overstate actual non-compliance.
SAP historically counted every system or interface that reads or writes SAP data as requiring named user licences for each individual who might trigger such access — even if those individuals never log into SAP directly. This single issue can account for 40–60% of a large audit claim. Since SAP’s 2018 introduction of digital access licensing, the rules have evolved, but audits frequently apply the most conservative (and expensive) interpretation to pre-existing indirect access scenarios.
SAP audits frequently reclassify users into more expensive licence types based on transaction log analysis. A user who executed a single SAP Professional-level transaction in a 12-month period may be classified as requiring a Professional licence (approximately EUR 4,500) rather than a Limited Professional licence (approximately EUR 1,500). The audit methodology does not typically account for accidental, one-time, or test-related transaction executions.
SAP’s LAW measurement counts all active user accounts, including those belonging to departed employees, service accounts, and test users. In large global environments with 100,000+ employees, the gap between “active accounts in SAP” and “actual users who need licences” can be substantial.
In this engagement, all three weaknesses were present. SAP had applied the most aggressive interpretation of indirect access rights to a landscape with dozens of integration points, reclassified thousands of users into higher licence tiers based on minimal transaction evidence, and counted user accounts that should have been decommissioned years earlier. The result was a CHF 25 million claim that bore little resemblance to the company’s actual licence requirements.
“SAP audits are not neutral assessments. They are commercial events where SAP’s compliance team has a financial incentive to interpret ambiguous scenarios conservatively — meaning in SAP’s favour. Every finding must be verified independently, because in our experience, 50–70% of initial SAP audit claims contain material inaccuracies that can be successfully challenged.”
Redress Compliance deployed a structured four-phase approach to dismantle SAP’s audit claims, validate the company’s actual licence position, and negotiate a settlement that reflected genuine usage rather than inflated assumptions.
We conducted a line-by-line review of SAP’s audit report, cross-referencing every claim against the company’s actual contracts, historical purchase records, and system data. This phase identified the specific areas where SAP’s findings were overstated, including indirect access claims that applied incorrect licensing metrics to pre-2018 integration scenarios. We also reviewed all historical licence agreements and amendments across 15+ years to identify entitlements that SAP’s audit team had failed to account for.
We performed an independent usage analysis across all SAP instances globally, validating actual user activity against SAP’s licence classifications. This involved analysing transaction logs for over 85,000 named user accounts to determine genuine licence requirements versus SAP’s assumptions. We identified thousands of dormant accounts, duplicate user records across regional instances, and users who had been incorrectly classified into higher-cost licence tiers based on minimal or accidental transaction activity.
Armed with a corrected usage report that demonstrated material discrepancies in SAP’s original findings, we entered structured negotiations with SAP’s compliance and commercial teams. Our approach combined technical evidence (corrected user counts, validated indirect access scenarios) with commercial strategy (the company’s long-standing SAP partnership, future investment plans, and the reputational risk to SAP of pursuing an indefensible claim). We presented alternative compliance pathways that addressed genuine shortfalls at a fraction of SAP’s initial demand.
With the settlement agreed, we developed an internal compliance governance framework to prevent future audit exposure. This included automated licence monitoring tools, standardised user provisioning and deprovisioning processes, an indirect access register for all SAP-connected systems, and training programmes for IT and procurement teams across all major regions.
Indirect access represented the largest component of SAP’s CHF 25 million claim — approximately CHF 14 million. SAP alleged that dozens of third-party systems (CRM platforms, e-commerce portals, supply chain tools, and customer-facing applications) were accessing SAP data without corresponding named user licences. Under SAP’s most aggressive interpretation, every customer, supplier, or employee who interacted with any system that read or wrote data to SAP required a named user licence — regardless of whether they ever saw or touched SAP directly.
SAP’s position: The company’s Salesforce CRM synchronised customer and pricing data with SAP. SAP claimed that all 8,500 CRM users required SAP named user licences because the CRM accessed SAP master data. At list prices, this represented approximately CHF 6.2 million in additional licence requirements.
Our analysis: We mapped the actual data flows between Salesforce and SAP. The integration was read-only for pricing reference data and used a single RFC connection for batch synchronisation. Individual CRM users never initiated SAP transactions — the integration ran as an automated batch process. Under SAP’s own digital access licensing framework (introduced in 2018), this scenario was appropriately licensed through digital access documents rather than named users.
Similar patterns repeated across the company’s other integration points. An e-commerce platform that created sales orders in SAP was claimed as requiring named user licences for all website visitors — an absurd proposition that we challenged with detailed data flow documentation. A supplier portal that allowed vendors to check invoice status through a web interface was claimed as indirect access for all 12,000 registered suppliers. In each case, we mapped the actual technical integration, identified the correct licensing mechanism, and presented SAP with evidence that their claims were overstated by orders of magnitude.
SAP’s audit reclassified approximately 15,000 users from lower-cost licence types (Limited Professional, Employee Self-Service) to the most expensive Professional licence tier. The basis for this reclassification was transaction log data showing that these users had, at some point during the measurement period, executed at least one transaction that SAP classified as requiring Professional-level access.
Through detailed transaction log analysis, HR data reconciliation, and system-by-system validation across all regional instances, we produced a corrected user count that reduced the classification gap from 15,000 users to approximately 2,200 — a genuine shortfall that the company needed to address, but at a fraction of SAP’s original demand.
| Category | SAP’s Claim | Our Verified Position | Reduction |
|---|---|---|---|
| Indirect access (named users claimed) | CHF 14.0M | CHF 0.4M (digital access) | 97% |
| User reclassification (Professional tier) | CHF 8.5M | CHF 0.8M (genuine shortfall) | 91% |
| Unreported regional usage | CHF 2.5M | CHF 0.3M (after deduplication) | 88% |
| Total | CHF 25.0M | CHF 1.5M | 94% |
The third component of SAP’s claim — CHF 2.5 million for unreported usage — related to SAP deployments in regional offices that had not been captured in the company’s central licence register. Over two decades of growth and acquisitions, several business units had deployed SAP modules locally (particularly in Asia-Pacific and Latin America) without formal licence procurement through the central IT organisation.
Our investigation confirmed that some unreported usage was genuine: three acquired subsidiaries in Southeast Asia were running SAP Business One instances that had not been included in the enterprise licence agreement. However, SAP’s quantification of this shortfall was significantly overstated.
SAP counted users in regional instances who already held licences under the global enterprise agreement. After deduplication, 60% of the “unreported” users were already legitimately licensed.
Two of the flagged regional instances had been decommissioned during a recent infrastructure consolidation project. SAP’s audit data was based on historical system measurement reports that predated the decommissioning.
The remaining genuine shortfall (approximately 400 users in acquired subsidiaries) required SAP Business One licences at approximately EUR 700 each — not the full ERP Professional licences at EUR 4,500 that SAP had assumed.
After deduplication, decommissioning verification, and correct licence type mapping, the unreported usage component reduced from CHF 2.5M to approximately CHF 300,000.
With our independent analysis complete, we entered structured negotiations with SAP. The negotiation strategy combined technical evidence with commercial positioning to achieve the maximum reduction possible while preserving the company’s strategic relationship with SAP.
We presented SAP’s compliance team with a 120-page corrected usage report that systematically dismantled every inflated claim. Each finding was supported by data flow diagrams, transaction log extracts, HR records, and contract references. The quality and depth of this evidence made it clear that SAP could not sustain its original position in any formal dispute.
We positioned the negotiation within the company’s broader SAP investment. The company was evaluating a potential RISE with SAP migration, SuccessFactors expansion, and BTP adoption — representing significant future revenue for SAP. An aggressive audit settlement risked souring a relationship worth far more to SAP than a one-time compliance payment. We ensured SAP’s commercial team understood the stakes.
Rather than simply rejecting SAP’s claims, we acknowledged the genuine compliance shortfalls (approximately 2,200 incorrectly classified users and 400 unreported regional users) and proposed a fair resolution. This credibility — accepting responsibility for legitimate gaps while challenging inflated ones — was essential to reaching a productive settlement.
Financial resolution: CHF 1.5 million total, comprising approximately CHF 800,000 for user classification corrections (purchasing the correct licences for genuinely misclassified users), CHF 400,000 for digital access licensing to address indirect access scenarios properly, and CHF 300,000 for regularising the acquired subsidiary deployments.
Forward-looking value: The settlement included a restructured licence agreement that provided the company with additional licensing flexibility, pre-agreed pricing for the anticipated SuccessFactors expansion, and a commitment from SAP to adopt digital access licensing for the company’s indirect access scenarios going forward — eliminating the risk of future named-user claims for system integrations.
“Redress Compliance’s expertise in SAP audit defence was transformative. Their strategic approach reduced our financial exposure and strengthened our internal processes. They were a trusted partner throughout this challenging experience.” — CIO, Swiss Multinational
Resolving an audit claim is only half the engagement. Without governance improvements, the same conditions that created the original exposure will generate future compliance risks. We implemented a comprehensive framework designed to give the company permanent visibility and control over its SAP licensing position.
This engagement illustrates patterns that we see repeatedly in SAP audits across industries and geographies. The specific numbers vary, but the underlying dynamics are consistent.
SAP’s initial claim was CHF 25 million. The verified exposure was CHF 1.5 million. A 94% discrepancy is not unusual — in our experience, SAP audit findings are overstated by 50–80% as a matter of course. Independent verification is not optional; it is essential.
Indirect access accounted for 56% of SAP’s initial claim (CHF 14M of CHF 25M) but only 27% of the final settlement (CHF 0.4M of CHF 1.5M). This is where SAP’s most aggressive interpretations produce the most inflated numbers — and where specialist knowledge delivers the greatest savings.
Dormant accounts, duplicates, and departed employees inflated this company’s user count by over 7,000. At Professional licence list prices, that represents approximately CHF 4.7 million in phantom licence requirements. Regular user account reconciliation is one of the simplest and most effective compliance investments.
SAP’s methodology reclassified 15,000 users based on transaction logs. Our analysis reduced the genuine reclassification requirement to 2,200. The difference was understanding the context behind the data: one-time transactions, test activity, service accounts, and classification rules that SAP’s audit team applied without nuance.
We achieved a 94% reduction not by denying everything, but by acknowledging genuine shortfalls while challenging inflated ones. Presenting SAP with a credible corrected position — supported by evidence — created a productive negotiation dynamic that blanket denial would not have achieved.
Reviewing 15+ years of licence agreements revealed entitlements that SAP’s audit team had not accounted for, including bundled licences from prior enterprise agreements, successor product rights, and promotional grants. Comprehensive entitlement archaeology is a critical component of audit defence.
The conditions that created CHF 25 million in alleged exposure — dormant accounts, undocumented integrations, regional deployments outside central oversight — are preventable. The governance framework we implemented costs a fraction of what the company would have paid without it.
Operations in 50+ countries meant SAP usage patterns that no single regional team fully understood. Central visibility across all instances, all user accounts, and all system integrations is a prerequisite for both compliance and cost optimisation.
The difference between this company’s outcome — CHF 1.5 million — and what it would have paid without independent advisory is stark. Companies that negotiate SAP audit settlements internally, without specialist support, typically resolve at 30–50% of the initial claim. This company resolved at 6%. The difference is expertise, evidence, and negotiation strategy that internal teams rarely possess.
SAP licensing is a specialised discipline. Indirect access rules, user classification frameworks, digital access pricing, sub-capacity licensing, and contract interpretation require knowledge that is not typically available within enterprise IT or procurement teams. Redress Compliance’s consultants have decades of combined experience working directly with SAP licensing — including former SAP employees who understand how SAP builds and pursues audit claims from the inside.
SAP’s audit teams are accustomed to customers who lack the technical capability to challenge findings at a granular level. When an independent advisor produces a 120-page corrected usage report with data flow diagrams, transaction log analysis, and contract references, the dynamic changes fundamentally. SAP knows that unsupported claims will not survive scrutiny.
Redress Compliance has no commercial relationship with SAP — no partner status, no resale revenue, no referral commissions. Our audit defence recommendations are exclusively aligned with our client’s interests. This is a critical distinction from advisory firms that hold SAP partnerships and may have financial incentives to recommend settlement rather than challenge.
This engagement delivered a return on advisory investment of over 15:1 — CHF 23.5 million in avoided costs against a fraction of that in advisory fees. More importantly, the governance framework we implemented provides ongoing protection that will prevent the accumulation of compliance drift for years to come.
Redress Compliance delivers independent SAP audit defence advisory — challenging inflated claims, correcting overestimated findings, and negotiating settlements that reflect actual usage rather than vendor assumptions. CHF 25 million reduced to CHF 1.5 million is a result, not a promise — but it represents the kind of outcome that specialist expertise consistently delivers. Complete vendor independence.