SAP Increases Scrutiny on License Audits

by Michael Pearson

SAP License Audits used to be simple and relatively painless: classify some users, run some reports, and send off the results to SAP. In many cases that would be the end of it, or maybe you had to answer a few questions to get the audit marked closed and completed.

Some of our customers have reported a significant increase in the level of scrutiny from SAP on their recent license audits. The level of detailed information being requested is unprecedented, according to one customer who has been trying to get their audit completed for over six months.

The first round of questions comes from an “Audit Specialist” on the SAP Global License Audit & Compliance team. These questions are mainly concerned with making sure that all systems, users, and system usage are measured and recorded.

Not only are these technical auditors becoming much more thorough and detail-oriented, there also appears to be a new level of audit scrutiny from a “Global License Management” team located in each region.

Some of our customers have reported receiving an email from a “License Compliance Manager” asking specific questions seemingly aimed at detecting indirect access such as “Who is creating sales orders?” and “Are you using EDI?”.

This is a significant change from the past where, once you have submitted your results to the License Audit team, unless you were exceeding your allowed usage the audit would be completed and you could consider it done.

The License Compliance Manager appears to be seeking to collect information about SAP customers’ systems that is not captured in the metrics and data contained in the standard license auditing reporting process.

This additional step in the SAP License Audit process may be a cause of concern for some customers. Not only is the audit process taking longer and consuming more time, but it also raises questions about how much information customers are required to provide to SAP, and whether they should even do so.

Despite SAP’s efforts to promote Digital Access Licensing, where customers can purchase licenses for indirect system access, it is possible that many SAP customers might be offside on licensing without even knowing it.

The defense of “We’ve been doing this for a long time, and my partner/SAP Rep has never raised it as an issue, so we must be okay” is not necessarily going to be effective. SAP’s position is, and always has been, that all system usage, both direct and indirect, must be appropriately licensed.

Until recently there wasn’t a practical way for many customers to do this – hence the introduction of SAP Digital Access licenses, and the SAP Digital Access Adoption Program.

With the additional layer of audit scrutiny from SAP it seems that now, more than ever, customers need to be aware of their risks and their options for compliance.

We recommend SAP customers to proactively engage with their partner or SAP Rep in advance of their license audit to understand any potential risks to avoid any nasty surprises at audit time.

About the author: Michael Pearson

Michael is President of CONTAX and claims to be one of the few people in the western world who understands SAP licensing.