SAP Audit Preparation Toolkit

Your Progress

0/33 (0%)

🚨

Phase 1: Immediate Response & Assessment

6 items

0/6

▾

Determine the type of SAP audit activity

SAP uses: System Measurement (annual), Licence Audit (formal), or indirect probing during renewal. Each requires different strategies.

Critical

Do not submit SAP system measurement data without review

The LAW (Licence Administration Workbench) data contains detailed usage that SAP will use against you. Review first.

Critical

Engage independent SAP licensing advisory

SAP-affiliated partners have conflicts of interest. Independent advisors protect your position.

Important

Assemble your audit response team

Include: SAP Basis team, procurement, legal, and business stakeholders who own SAP-connected systems.

Locate all SAP licence agreements and order forms

Gather your original SAP contract, all order forms, and any amendments. Entitlement reconstruction is essential.

Identify your SAP contract model

Determine if you are on: Named User, Package, Engine-based, or SAP RISE licensing. Each has different audit mechanics.

🔍

Phase 2: Internal Discovery

6 items

0/6

▾

Run USMM (User & System Measurement Module) internally first

Understand what SAP will see before you submit. Review every user type classification.

Critical

Audit all SAP Named User classifications

Users are often misclassified. Professional vs Limited Professional vs Developer vs Employee (ESS) has massive cost impact.

Critical

Identify inactive SAP users that should be deactivated

Users who have not logged in for 90+ days should be deactivated or reclassified before measurement.

Important

Map all indirect/digital access to SAP

Third-party systems (CRM, e-commerce, portals, RPA bots) that read or write SAP data may require licensing.

Critical

Document all RFC, BAPI, and IDoc interfaces

Every technical interface to SAP is a potential indirect access point that SAP will examine.

Identify SAP Engine metrics in use

Engines like Order Management, PPE, or DBM have separate metrics. Verify your engine entitlements match usage.

📊

Phase 3: Licence Position Analysis

6 items

0/6

▾

Build your SAP Effective Licence Position

Reconcile every user type, engine, and access mode against your contractual entitlements.

Important

Verify Named User type assignments are correct

The difference between Professional ($4,600) and Limited Professional ($1,500) is massive at scale. Verify every assignment.

Critical

Calculate indirect access exposure under your contract model

If on pre-2018 terms, indirect access may be user-based. Post-2018, it may be document-based. Know your model.

Important

Check SAP Developer and Test user classifications

Developer users carry high licensing costs. Verify only active developers hold Developer-type licences.

Validate SAP system landscape against licence grants

Ensure your production, QA, development, and sandbox systems are covered by your licence grants.

Identify any legitimate gaps and quantify at your discount level

Know your exposure before SAP does. Quantify using your contractual pricing, not list price.

🤝

Phase 4: SAP Engagement Strategy

5 items

0/5

▾

Control the system measurement submission

Submit only required data. Do not provide raw database extracts or additional reports SAP requests.

Important

Challenge SAP user type reclassifications

SAP auditors often reclassify Limited Professional users to Professional based on transaction usage. Push back with evidence of actual usage patterns.

Critical

Dispute indirect access claims with technical evidence

Document exactly which SAP data is accessed, how, and by what mechanism. Many indirect access claims are overstated.

Important

Do not accept SAP measurement results as final

SAP preliminary results are negotiation starting points. Every finding is challengeable.

Request SAP provide specific evidence for every claimed gap

SAP must demonstrate specific transactions, users, or interfaces that create each claimed licence requirement.

💰

Phase 5: Negotiation & Resolution

5 items

0/5

▾

Negotiate at your existing contractual discount rates

Any compliance purchase should be at your current discount level, not SAP list price.

Important

Evaluate RISE with SAP as a potential resolution path

SAP is pushing RISE. If you are considering cloud, use compliance resolution as leverage for a better RISE deal.

Consider consolidating indirect access under document-based model

The 2018 Indirect Access model (document-based pricing) may be cheaper than per-user indirect licensing.

Tip

Negotiate a measurement holiday as part of resolution

As part of any settlement, negotiate a period where SAP will not measure or audit again.

Get all terms in writing with specific product and user counts

SAP settlements must be precisely documented with exact user type counts and product entitlements.

Important

🛡️

Phase 6: Post-Audit Governance

5 items

0/5

▾

Implement continuous SAP user monitoring

Track user type classifications, login activity, and transaction usage monthly.

Important

Establish SAP user lifecycle management

Automate deactivation of users who leave the organisation or change roles. Run monthly reclamation sweeps.

Monitor and govern indirect access interfaces

Track all third-party system connections to SAP. Require approval for new interfaces.

Schedule internal measurement reviews before SAP annual measurement

Run USMM quarterly. Fix issues before they appear in the annual SAP measurement.

Recommended

Negotiate improved audit terms at next SAP renewal

Limit measurement frequency, require advance notice, and cap compliance exposure in your next contract.

Tip

Need SAP Audit Defence Support?

Redress Compliance provides independent SAP audit defence. We help enterprises challenge SAP system measurement findings, negotiate indirect access exposure, and achieve fair resolutions.

Book a Free Consultation

Get Your Personalised Report

Need SAP Audit Defence Support?