To prepare for a SAP License Audit, consider the following steps:
- Understand Contract Terms: Familiarize yourself with the SAP licensing agreement and terms.
- Internal Audit: Conduct a self-audit to assess current SAP software usage.
- Documentation: Gather and organize relevant documentation and usage records.
- Identify Discrepancies: Compare actual usage with licensed entitlements to identify any discrepancies.
- Rectify Issues: Address any under-licensing or compliance issues found during the self-audit.
- Prepare a Response: Organize findings and prepare a response for the SAP audit.
- Seek Expert Advice: Consult SAP licensing experts for guidance and support.
SAP License Audit Preparation – How to Build Your Defense
Facing an SAP license audit can be daunting. SAP’s Global License Auditing and Compliance (GLAC) team conducts formal audits, typically every one to two years. ‘
If you’re not prepared, the outcomes can lead to substantial true-up costs. However, with the right approach, you can turn an audit from a threat into a manageable exercise.
Audit preparation is about doing your homework in advance: understanding your license entitlements, comparing them with your actual usage, and having a clear strategy to address gaps.
Essentially, you want to build a “defense” that demonstrates to SAP (and yourself) that your organization is compliant, or that you have a plan to remedy any shortfalls. This article provides a step-by-step guide for SAM managers and licensing pros to prepare for an SAP license audit and defend their license position.
Read SAP License Audit Readiness: CIO’s 10-Step Compliance Checklist.
Understanding the SAP Audit Process (Briefly)
Before preparing, it’s helpful to know how a typical SAP audit unfolds.
After you sign your SAP agreement, SAP can typically audit you, usually after the first two years, and annually (although not every customer is audited annually).
Basic audits (standard remote audits via LAW/USMM data submission) and Enhanced audits (more detailed, sometimes on-site, targeting specific customers】.
The process often starts with a notification email.
Then, you run measurement programs (USMM) in each system, consolidate the results via LAW, and send those results along with a self-declaration to SAP.
SAP reviews the data, asks questions as needed, and then shares the findings, which may indicate compliance or any required license purchases.
Knowing this, our goal in audit preparation is to ensure that there are no surprises when we run those measurement tools and declarations.
Let’s break down the core elements you should focus on when gearing up for an SAP audit:
1. License Inventory and Agreement Review
Start with what you’ve agreed to:
- Review Your SAP License Agreements: Retrieve the contracts, order forms, and any relevant addenda related to SAP. Key things to note: the number of each type of named user license purchased (e.g., 100 Professional, 200 Limited, etc.), any package/engine licenses and their metrics (e.g., up to X revenue, Y employees, etc.), the products/modules you’re entitled to use, and any special clauses (like special licensing terms for indirect access or a migration credit if you’re moving to S/4HANA). Understand your obligations – for instance, some contracts might require you to count certain third-party usage as named users. Also note the maintenance agreements – if you dropped certain modules from maintenance, you must not be using them.
- Identify Relevant Documents: In addition to the contract, ensure you have documentation such as the SAP Pricing and Licensing Guide from the year you signed (to interpret definitions) and any correspondence or emails from SAP that clarify usage rights. Companies sometimes overlook special terms. For example, perhaps SAP offered you a special discount on Digital Access documents for a specified period, or you have a contractual cap on price increases. These can become negotiation points if the audit findings differ from expectations.
Read Handling an SAP License Audit: A CIO’s Response Plan.
2. Internal Usage Assessment
Next, review what you’re using in detail:
- Conduct an Internal License Audit: Per the steps outlined in the first article, conduct an internal audit. Run SAP’s measurement tools (USMM and LAW) internally (if you haven’t done so recently) to see what numbers they produce. Analyze user lists for classification issues, clean up inactive users, and ensure each user has the correct license type. This internal check might reveal, for instance, that LAW is counting 10 more Professional users than you thought, because some users in the HR system were unclassified and defaulted to the Professional Category. You should discover and fix it now rather than SAP doing so.
- Compare Usage to Entitlements: Take the results of your internal measurement and compare them with your license entitlements. There is a gap if you have 100 professional licenses, but the internal count shows 120 users effectively require professional licenses. Check engines too: If you’re licensed for “SAP Digital Payments” and can process up to $1 billion in transactions per year, and your FI system shows $1.2 billion processed, that’s a red flag. By doing this comparison, you create a list of discrepancies to address.
- Focus on Indirect Usage: As part of the usage review, specifically look at indirect access scenarios. Use SAP’s Digital Access Estimation Note or any custom tracking to count documents created indirectly (sales orders from a web shop, etc.). If you haven’t moved to Digital Access licensing and are still using traditional named-user rules for indirect access, list all third-party systems and check if those users are accounted for. For example, if 50 sales agents use a Salesforce CRM that creates quotes in SAP, do you have 50 SAP licenses for them? If not, this is an area where SAP audits will be conducted. During preparation, you may want to quickly license them via Digital Access or adjust user licenses to cover them, rather than being caught short.
3. Remediation Plan
Now, with knowledge of any gaps, decide how to address them before the audit:
- True-Up or Optimize: Can you resolve each discrepancy proactively? Options include:
- Reassign or Cleanup: If you find 50 extra Professional users but realize 30 are inactive, removing those accounts may bring you back into compliance. If some users were overclassified (given a license that is too high), downgrading them (if justified by their usage) could resolve a compliance issue. Essentially, optimize your current usage to fit within entitlements.
- Purchase Needed Licenses (in Advance): If, after optimization, you still have a shortfall (for example, you have 10 more heavy users than licenses), consider purchasing the necessary licenses before the audit concludes. The reason is strategic: if SAP finds you under-licensed, you’ll pay the list price plus back maintenance from the date the usage began. If you buy proactively, you might be able to negotiate a better discount or bundle it with something else. However, timing is crucial – if the audit has already been formally launched, any purchases may still be attributed to the audit. Some companies prefer to quietly engage their SAP account manager before submitting audit data to top up licenses, thereby avoiding non-compliance findings.
- Document and Justify: For any grey areas, prepare a justification. For instance, if you have a technical system user whose SAP tools count as a named user but whose contract says system accounts don’t need a license, flag that clause. You may need to explain why you didn’t include certain IDs in the SAP count. Having the documentation ready, such as the contract excerpt, strengthens your defense.
- Address Indirect Access Now: If indirect use is significant, one remediation option could be to opt into SAP’s Digital Access Adoption Program (DAAP) before the audit. SAP’s DAAP offers a steep 90% discount for licensing indirect documents. By measuring your documents and purchasing digital access licenses through the program, you effectively resolve indirect use compliance issues and secure favorable terms. The program has specific rules (e.g., Option B grants 90% off, but no further negotiation is allowed on that item). Consider this if indirect usage is your primary concern – it may be better to settle it proactively rather than haggling during an audit resolution when SAP has more leverage. Always run the numbers: maybe your indirect count is small and existing Named Users cover it, or maybe it’s huge and DAAP is worth it.
- Plan for Engines: If an engine metric is overused, limit its technical usage to prevent misuse. For example, if a BW data volume exceeds the licensed TB limit, can you archive some data to reduce it? Or, if you exceeded a user metric, was it a one-time spike that has now returned to normal? Document those circumstances. If unavoidable, discuss with SAP the possibility of proactively adjusting the license metric (for example, by upgrading to a higher-tier license).
4. Documentation and Audit Process Readiness
Preparation isn’t just about licenses; it’s also about how you’ll handle the audit process itself when it occurs.
- Prepare a Documentation Package: Organize a central repository of all documents that you may need to provide or refer to during the audit. This includes the contracts (with key pages highlighted for easy reference), recent USMM/LAW measurement results, and a written explanation for any non-standard aspects of your landscape. For example, list all your SAP installations and their System IDs, highlighting which ones are for backup, disaster recovery (DR), and non-productive use (because non-production users may not be counted similarly, depending on your contract). Note how those are isolated if you’ve carved out an exception (like a training system with generic users). The goal is to show you’re on top of your environment. A clear License Entitlement vs. Usage spreadsheet is powerful – it can mirror SAP’s compliance report format, showing each category as either OK or with a planned action.
- Define Roles & Responsibilities: Determine who will serve as the primary point of contact for the auditors (typically someone in SAM or IT Asset Management). Also, who will be on the internal “audit response team”? This often includes a representative from procurement or legal (to handle contractual interpretation and any negotiations), the SAP Basis administrator (to run measurements and gather data), and possibly a finance person (if financial discussions are involved). Let this team know their roles beforehand, even run a drill: for example, practice how you would respond if SAP queries why a certain user is classified in a certain way. This avoids confusion when you’re under time pressure during an audit.
- Communication Strategy: It’s wise to have a strategy for communicating with SAP during the audit. Generally, you want to be cooperative and transparent (hiding stuff can raise suspicion), but also measured and consistent in your responses. If a question arises that you’re not ready to answer, it’s fine to say you need to investigate and will get back to you, then consult your internal team or external advisors. Part of the preparation is listing potential questions SAP might ask and prepping answers. For instance, “We see you have an interface to a non-SAP warehouse system. How are you licensing that?” You should be ready to say, “Yes, we have 30 employee user licenses assigned to cover those external warehouse users, which we’ve accounted for in our count.” Proactive and confident answers show control.
5. Seek Expert Help if Needed
Audit defense is a nuanced field.
If your SAP estate is especially large or complex (say you’re using many industry solutions or suspect a big indirect use exposure), consider engaging a third-party expert or legal counsel before the audit happens.
They can help refine your preparation:
- External SAP Licensing Consultants: Firms that specialize in SAP licensing can offer a pre-audit assessment, effectively simulating an SAP audit, and advise on areas of risk. They can help interpret complex clauses (such as counting a specific metric) and suggest creative solutions, like utilizing a contract negotiation loophole or leveraging an upcoming purchase to secure better terms.
- Legal Counsel for Software Licensing: Having legal counsel briefed is crucial if you anticipate a contentious audit (or already have a dispute with SAP). They would ensure you don’t accidentally admit non-compliance in writing, and that any settlement is negotiated fairly. They can also advise on your rights – for instance, you are generally not obligated to give SAP remote access; you typically only provide data. Understanding boundaries can help you manage the audit efficiently.
During the Audit: Building Your Defense in Real-Time
When SAP notifies you of an audit, your preparation efforts come into play:
- Kick-off Meeting: SAP often holds a kick-off call. Use this to your advantage – ask them to clarify the scope. Are they looking at all systems? Should they include cloud solutions? The more you know, the more you can focus your defense. Reconfirm timelines and deliverables. This also shows SAP that you’re organized.
- Data Collection and Submission: Execute the measurement as required. Thanks to your prep, this should be straightforward. Double-check the data before sending – e.g., ensure you applied the correct consolidation in LAW (so duplicates are merged), and the classification texts align with your contract terminology (SAP’s default user types may have changed names; map them if needed, e.g., “Employee” vs “ESS User”). Submit the data professionally, perhaps with a cover letter highlighting any special points (“We’ve excluded system X as it’s a decommissioned instance with no use, per our agreement, see attached proof”).
- Anticipate Findings: While waiting for SAP’s analysis, prepare your defense for each likely finding that may arise. If you suspect they’ll say “you need 20 more Professional users”, have your counter ready. Perhaps you can demonstrate that you’ve reclassified some and now only need five, or you have an order for those five already in process, showing good faith. If indirect documents arise, be prepared to discuss how you measured them and that you are evaluating the Digital Access license option (or have it in place).
- Challenge Where Justified: When SAP shares preliminary findings, scrutinize them. Sometimes, SAP can count users in non-production systems or test IDs – if your contract states that these don’t count, push back with evidence. Or if they assumed all “unclassified” users are Professionals, but you have since corrected that, show them the updated classification and measurement. You are allowed to contest findings – audits can be a negotiation. The key is having the facts and documentation to support your position.
- Negotiation and Settlement: If you do owe licenses, use your preparation to negotiate the best outcome. Because you did your internal assessment, you know exactly how many you need (sometimes SAP’s initial number overshoots – they might try to sell more as a buffer). You can negotiate down to the precise number required. Additionally, you may be able to negotiate terms; for instance, if you need to purchase licenses, you could request retroactive maintenance waivers or a discount, provided you have promptly complied. It’s not uncommon to treat an audit true-up like a mini license purchase negotiation – stay firm but reasonable. Remember, SAP audits are also a sales touchpoint for them. If you plan to expand your SAP usage or purchase new SAP products soon, please mention it; you may be able to incorporate the compliance purchase into a larger deal for better discounting.
Building a Long-Term Defense Strategy
After going through (or in anticipation of) an audit, aim to strengthen your processes:
- Post-Audit Review: Conduct a lessons-learned meeting. What caught you off guard? Was there an area where data was hard to get or interpret? Use that to improve future preparations.
- Continuous License Compliance Program: As covered in previous articles, implement regular internal audits and governance so that your “defense” is always up. Ideally, you want to reach a state where an SAP audit is just another external check you’re already 99% confident about.
- Documentation Updates: Keep your documentation current. If you purchased new licenses or changed contract terms as a result of the audit, update your records so that you start from the new baseline next time.
Recommendations
In summary, here are actionable recommendations to build a solid audit defense:
- Know Your Contract: Gain a deep understanding of your SAP agreements. Keep a summary of entitlements and any special conditions readily available.
- Audit Yourself First: Never walk into an SAP audit blind. Always perform an internal measurement and compliance check before SAP does】. This allows you to resolve issues on your terms.
- Close Gaps Proactively: If you’re under-licensed in some area, address it. This could mean cleaning up unused accounts or purchasing needed licenses. It’s better to negotiate a purchase outside the pressure of an audit.
- Document Everything: Maintain meticulous records of your license allocations and usage. Strong documentation, such as user lists, system lists, and explanations for non-standard scenarios, is your best defense for justifying compliance during an audit.
- Be Organized with SAP: When the audit starts, engage with SAP professionally. Provide requested data promptly, and communicate how you manage licenses. This sets a cooperative tone.
- Don’t Settle for First Findings: Analyze SAP’s findings critically. If something seems off, ask for clarification or correction in a respectful manner. Use the negotiation as an opportunity to ensure you only pay for what you truly need.
- Future-Proof Your Licensing: During settlement, if you anticipate future changes (such as a migration to S/4HANA or business growth) that will increase your needs, try to address them in the agreement now. For instance, consider securing pricing protections or including additional licenses at a discount to avoid another audit surprise.
- Continuous Vigilance: Audit readiness should be treated as an ongoing discipline. Regular internal audits, staying up to date on license rules, and fostering a culture of compliance will make each subsequent audit easier.
By taking these steps, you build a robust defense against SAP license audits. Not only can you emerge from an audit without unexpected bills, but you’ll also have optimized your SAP licensing, ensuring your organization pays only for what it truly needs.
Remember, preparation and knowledge are your best tools for transforming an SAP audit from a potential minefield into a routine checkpoint.
Read Negotiating SAP Contracts for Audit Protection.
FAQs
What is SAP license audit preparation? It involves reviewing and verifying your SAP software usage to ensure compliance with your license agreements. This process helps identify and address potential non-compliance issues before an official audit.
Why is it important to review my SAP license agreement? Reviewing your SAP license agreement helps you understand your obligations and responsibilities. It ensures that you are aware of the terms and conditions you must comply with, which is crucial for avoiding penalties for non-compliance.
How do I review my SAP software usage? Examine the types of SAP software you use, the number of users, and the frequency of usage. Document these details to get a clear picture of your current usage, which you can then compare with your license agreement.
After reviewing my SAP software usage, what should I do? Compare your documented software usage to the terms of your SAP license agreement. This comparison will help you identify discrepancies or areas where your usage may not align with your licensing terms.
Why is a thorough compliance check necessary? It identifies potential issues with your SAP software usage. It is a proactive step toward ensuring that you adhere to your license terms, helping you avoid penalties during an official audit.
What if my use of SAP software exceeds the terms of my license agreement? If your usage exceeds the terms of your license agreement, you must update your SAP license agreement. This adjustment ensures that your usage remains compliant and helps prevent any issues during an audit.
How can I keep accurate records of my SAP software usage? Maintain detailed documentation of the types of SAP software you use, including the number of users and the frequency of usage. Update these records regularly to reflect any changes in your usage patterns.
How often should I review my SAP software usage? Review your software usage regularly, ideally every quarter or semiannually. Frequent reviews help ensure you remain compliant with your license terms and quickly address discrepancies.
Why is it important to stay updated with SAP licensing changes? SAP licensing terms and conditions are subject to change. Staying informed about these changes ensures that your usage remains compliant with the latest terms, avoiding potential non-compliance issues.
Where can I find updates on SAP licensing terms? Regularly check SAP’s official communications, website, and licensing documents for updates. These sources will provide the latest updates and changes to SAP’s licensing terms and conditions.
How can I prepare for an SAP license audit? Review your license agreement, document your software usage, conduct compliance checks, and update your records as necessary. These steps help ensure you are ready for an audit.
What are the benefits of conducting internal audits? Internal audits help you identify and address potential compliance issues before they are discovered during an official audit. They allow you to correct discrepancies and ensure that your software usage aligns with your license terms.
Who should be involved in the preparation of the SAP license audit? Include team members who understand your SAP usage, IT personnel, and legal advisors. Their combined expertise will help ensure thorough preparation and compliance.
What role do SAP license consultants play in audit preparation? SAP license consultants provide specialized knowledge and guidance. They can help you navigate complex licensing terms, identify compliance issues, and ensure thorough and accurate preparation.
Read about our SAP Audit Defense Service.
