2.3 min to readPublisher Advisory ServicesSAP Services

Be prepared for SAP enhanced audits

SoftwareOne blog editorial team
Blog Editorial Team
A woman is giving a presentation to a group of people.

As everyone who manages SAP licensing will be painfully aware, SAP audits are a frequent, mostly annual, affair. Historically, the "standard" audit in the on-premise world consists of submission of data from USMM and LAW, SAP’s inbuilt measurement tools, plus a "self-declaration" spreadsheet for some business based metrics such as Cores, Revenue, and Employees. Whilst this can often lead to significant unbudgeted cost if not managed correctly, it is a relatively easy process if you know what you are doing, can understand the output, and have the necessary insight as to how SAP will interpret the data.

However, in recent times, we have been working with many customers where the expected "standard" audit has turned into something much more significant.

What is SAP asking for?

As well as the data noted above, SAP’s demands have expanded, and often include (but are not limited to) the below:

  • USR02
  • SUIM
  • E070
  • DEVACCESS
  • USR41_MLD
  • AGR_1251
  • AGR_USERS
  • EKKO
  • VBAK
  • SM37
  • WE21
  • ST03 / ST03N
  • EDIDC
  • SM59
  • TADIR
  • RSA

Plus information relating to BusinessObjects, HANA DB, and non-SAP applications interfacing with the SAP Production systems. As you can see, not only is this a lot of work to simply gather the information, but the data being sent to SAP reveals a huge amount about how you use your SAP Software.

What is SAP looking for?

From the transactions above, let’s have a look at 3 examples to give you a flavor of what SAP is trying to achieve.

Developers – DEVACCESS

This will show which of your Users (ECC environments) have access to a Developer Key.

source: TCode Search | https://www.tcodesearch.com/sap-tables

User classifications – AGR_1251 and AGR_Users

Used to map roles to users and validate a customer’s User Classifications.

source: TCode Search | https://www.tcodesearch.com/sap-tables

Indirect use – EKKO

Used to show the orders being created and which user ID is creating them. This is used as an indicator of data exchange with non-SAP applications.

source: TCode Search | https://www.tcodesearch.com/sap-tables

What are the implications of the output and what can you do?

In short, the massively expanded data requests provide SAP with extremely detailed information, which can be used to identify non-compliance, or promote conversations where clients have to “justify” their use of SAP Software.

It is extremely important that clients understand the data before it is submitted to SAP and provide themselves with the opportunity to optimize their SAP landscape and mitigate any possible risks. Under no circumstance SoftwareOne advocates that clients should hide information from SAP, but we do strongly recommend that clients place themselves on the front foot when dealing with SAP audits and any required license purchases. This is only achieved by understanding and gaining visibility of your use of SAP software.

A building with many windows and a blue sky.

We are ready to lend you a hand with SAP

Wherever you are in your SAP journey, SoftwareOne has solved many of the problems you may face. Tell us about your business challenge, and we’ll get right back to you.

We are ready to lend you a hand with SAP

Wherever you are in your SAP journey, SoftwareOne has solved many of the problems you may face. Tell us about your business challenge, and we’ll get right back to you.

Author

SoftwareOne blog editorial team

Blog Editorial Team

We analyse the latest IT trends and industry-relevant innovations to keep you up-to-date with the latest technology.