How to Manage SAP Audits & Compliance Risks

360° SAP Evaluation

How to Manage Audits & Compliance Risks

How to Optimize your SAP Environment and Manage SAP Audits

  • 05 November 2020
  • Tony Wise
  • 8.55 minutes to read

In the software world, the word audit is one no-one wants to hear. In simple terms it is a check to see if your use of software usage matches your purchases, and undergoing an audit is often seen as a time consuming, and potentially extremely costly exercise. When faced with an audit letter, organizations typically think, “Why me”, “Am I really non-compliant?”, “What am I missing here?”. This uncertainty comes from a lack of visibility of the licenses they are entitled to use, who is using them, and how they are being used. Now more than ever, it is extremely important to be on top of usage before the vendor comes knocking.

Historically, vendors such as Oracle, Microsoft, and IBM were most feared when it came to audits, but in recent years SAP has more than made its presence felt, and its audits are highly complex and challenging events for end user organizations. Preparation is key to negotiating and getting through an SAP audit successfully. Below, we’ll outline compliance issues that are common among many organizations. We’ll also provide essential tips and practical recommendations that will help you to better understand the SAP auditing process so you can optimize your environment and reduce your overall risk.

Common Compliance Risks

We encounter many different compliance issues in our day-to-day practice and often hear questions from SAP customers who are unsure of the best approach. Let’s have a look at some of the most common license compliance issues seen at SAP customers:

  • Inaccurate user license assignment: SAP has many different Named User license categories to meet various different usage requirements, usually based on an individual’s actual business requirements. Theoretically, customers acquire SAP Named User licenses to meet their business needs, and when a new contract with SAP is signed, users should be classified under the license type they require. The same procedure should be followed every time a new user is created to ensure that individuals have the proper license type assigned to them. However, in reality, the acquired licenses are almost never correctly distributed and assigned to the users. This means that customers can slip into non-compliance by pure administration errors, and even pay for licenses that are not required. An accurate and enforced onboarding/offboarding process is key!
  • Default user classification: When a user is created in SAP, the basis administrators should classify the user under the licensed user type that is appropriate for his or her activity. However, a process for this is often not defined, resulting in a guess -- or even worse -- no classification is assigned. If you do not manually classify a user, the system will automatically classify that user under the default license type, typically Professional (the most expensive of course).
  • Professional Licenses versus Limited Licenses Ratio: For customers still owning Limited Professional licenses, SAP typically has a ratio limiting the number of users that can be provided with this classification. Another compliance issue that we often see is that, over time, customers lose track of the Limited Professional Users Classification Ratio, as stipulated in their contract.
  • SAP Software Engines / Packages: The larger the SAP environment, the harder it is to monitor the installations. You would think that the measurement of SAP Engines would be straightforward. However, SAP has a myriad of different licensing metrics, (in some cases for the same products) and by no means all of them are measured using SAP’s embedded measurement transaction, USMM. On that basis customers need to a) have a good understanding of the metrics, b) know where the software is being used, and c) obtain visibility of the actual usage.
  • Underestimating the self-declaration engines: During a standard audit, SAP sends a self-declaration form containing a selection of the products for which usage information will be verified. Software products licensed on metrics such as Annual Revenue, Number of Employees, Annual Spend Volume, CPU, and so on, are targeted to be included in the self-declaration form sent to the end users during an audit.
  • SAP Business Objects Measurement: SAP BusinessObjects is an analytics platform having key capabilities such as reporting and analysis, data visualization and office integration. BusinessObjects was acquired by SAP in 2007. Before the acquisition, BusinessObjects’ licensing model was based mostly on the number of server installations or users. Post-acquisition, SAP has changed the naming conventions, packaging, and metrics multiple times, and it is crucial to understand the licensing rules associated with each customer’s use of BusinessObjects software.
  • SAP HANA Global Allocation Limit: One of the most common compliance issues encountered with regards to HANA is setting up the right global memory allocation limit. The global memory allocation limit represents how much memory SAP HANA is allowed to utilize, according to your contractual agreement.
  • SAP Indirect Access: SAP’s view is that use of SAP Software, even via non-SAP applications, needs to be licensed. SAP’s licensing model in this area has been under intense public scrutiny for the past few years and during this time, SAP has caused a stir among their customers due to large claims for non-compliance. In our interconnected world the risk of being exposed to Indirect Access is high. SAP has a number of ways in which customers can license Indirect Access, and they come with different pricing models, different metrics, and different measurement processes. Which one is right for you?

Put Your Trusted Advisor to Work

Do any of the above risks raise a red flag for you? Perhaps the following tips and recommendations can help you remedy the situation so that you can remove risks from your SAP systems, and reduce your costs!

The sole purpose of an audit is to monitor your software usage compliance position, and to remedy any non-compliance with a financial transaction. The SAP audit team expects you to demonstrate that your usage is in line with the purchased and available licenses. Its SAP’s practice to apply tight deadlines to end users that are under audit. SAP’s Global License Auditing and Compliance (GLAC) team will allow small to medium enterprises a period of three weeks to perform the measurement and provide all the requested deployment and usage data, while large enterprises are expected to return results within four weeks. Not surprisingly, this short timeframe limits your and any other customer’s capacity to analyze and adjust any compliance issues. It is therefore highly recommended that you perform internal audits on a regular basis and especially before an official SAP audit starts.

Know your Entitlements

Self-assessment of usage is only effective when you understand your contractual entitlements. This is typically not a straightforward task, since SAP License Agreements and contractual documents are full of complex legal terminology, and even your legal team will in all likelihood not be SAP software experts. In addition, the original Agreement may have been signed many years ago, and you will almost certainly have bought additional SAP products in the interim. Thus, a thorough review of the contract and subsequent appendices and Order Forms is essential for the preparation of your (internal) audit. Going one level deeper, it is important to understand the context under which SAP products were sold. It is, for example, not uncommon that customers purchased licenses intended only for a specific business unit, while the contract states that that an enterprise-wide metric is applicable. Understanding the product metrics, the number of blocks and the special clauses that may have been contractually agreed (e.g. indirect use) are just a few examples of contractual terms that you should take into account.

Note that it is your contract that determines your usage rights, not SAP’s current documentation. As such, as a customer, you have a clear advantage if you have a thorough understanding of your contractual entitlements, associated metrics and pricing.

Update Your System Landscape

The SAP Support Portal is the reference for the auditors and should reflect your real and actual system use. If you don’t pay attention to this, you may, as one example only, end-up in situations in which the measurement of your SAP environments includes usage of modules or engines that your IT staff tested years ago but for which you were never licensed. In short, be ready, because SAP will ask about all your SAP systems. Your inactive SAP systems may be included in the measurement plan as delivered by SAP, with adverse cost consequences possibly arising. At the very least, maintaining the Portal will prevent wasted time and unnecessary justification.

Know Your Usage

It is highly recommended that you run proactive internal measurements of SAP software usage. This should be done in order to complete a thorough analysis of all users and engines – it is obviously not wise to send the resulting information to SAP. Most organizations don’t maintain their systems regularly, and the measurement might include inaccurate data. Therefore, it is recommended to run a test measurement and have it validated by an SAP expert. After implementing the SAP consultant’s recommendations (e.g. clean up the users, implement notes, etc.), and only if required, the measurement data can be shared with SAP, with confidence.

SoftwareONE and Snow Software Have Your Back

To avoid the risk of unbudgeted or unnecessary expenditure, it’s important to seek the support of independent expertise so you’re never caught off guard when confronted with an SAP audit. By working with professionals who have specific knowledge, organizations can minimize the potential cost implications that might arise. Our experts thoroughly understand SAP procedures (including measurement logic and legal aspects of SAP contracts) and can help you achieve substantial cost optimization and avoid non-compliance situations.

We’ve teamed up with Snow Software to help you optimize your SAP spend and reduce audit and compliance risks. Our special offer, 360° SAP Evaluation, combines SoftwareONE’s licensing expertise and experience, with Snow’s technology and technical services, to provide you with an accurate and holistic SAP license position. And it doesn’t end there. After the initial set-up and analysis, Snow will continue to allow you to take advantage of the Snow Optimizer for SAP Software for a full year from purchase, and SoftwareONE’s SAP licensing and commercial advisory experts will work with you to ensure you extract maximum value from your investment in our services.

In addition, if you’re proactively managing your software usage, you will be much more prepared when it comes to your commercial dealings with SAP. SoftwareONE can help you renegotiate your SAP contracts where needed, and also provides proactive audit defense through a holistic diagnostic assessment of your entire software estate. The result is visibility into your current position so you can bring a new level of protection and optimization to your organization.

Reduce Your Compliance Issues and Audit Risk

Get to know 360° SAP Evaluation and combine the power of SoftwareONE and Snow Software to accelerate your 360° SAP licensing and usage evaluation.

Learn More

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Tony Wise

SAP Licensing Advisory Services

Related Articles

  • 01 December 2020
  • Daniel DaVinci
  • Managed Cloud, SAP
  • Microsoft, SAP, Azure

Plan Your Roadmap for SAP on Azure

Find out how SAP Advisory Services can support your business plan for your adoption of the Azure Cloud for SAP with our standardized approach, experienced resources, tooling, and accelerators.

Gaining License Clarity Prior to Your Move to SAP S/4 HANA

As organizations prepare to migrate to SAP S/4HANA, license management has become an even more pressing concern. Find out how SoftwareONE can help.

  • 11 November 2020
  • Mathijs Ten Tusscher
  • SAP, Software Lifecycle Management, Cloud Spend Management
  • SAP, Snow, Commercial Advisory, Licensing, Audit, S4HANA

SAP: Gaining Financial Visibility

SAP S/4HANA is useful, but the expenses associated with converting can be a mystery. Learn how to find sources of cost in your SAP landscape, and minimize them before speaking to SAP.