There are two types of SAP license audit process – Basic and Enhanced. The Basic license audit is instigated by SAP and the Enhanced license audit is instigated by SAP or a third party.
SAP perform routine license audits to verify their customer’s software use. SAP’s Global License and Compliance team (GLAC) compare the software use to the customer’s license entitlements.
The purpose of this overview is to explore the differences between each type of SAP license audit process and what customers can expect. Note, this overview only provides guidelines and is not indicative of individual SAP license audits.
Typically, customers go through the simpler Basic license audit on an annual basis whereas the Enhanced license audit is more in-depth and infrequent. We have seen some customers experience the Basic audit followed by the Enhanced audit within the same year, therefore it is wise to be prepared for either.
SAP license audit scope
Let’s take a look at what we have observed, and our comparison between the two types. Note that just because a product can be part of a Basic audit does not mean that it will be. For example, customers who own BusinessObjects Business Intelligence (BO BI) are only occasionally required to measure this usage as part of a Basic audit.
For Basic audits, the scope is generally limited to:
- products that can be technically measured by the standard SAP license audit tools e.g. LAW and LMBI
- having the customer self-declare technical data that can be extracted from the estate e.g. Cores
- having the customer self-declare business metrics for specific product use e.g. Revenue
Note that for the above, there are SAP manuals available to explain how to extract the required information.
The Enhanced audit focuses not only on how many licenses are consumed but also HOW the products are used. For example, the number of assigned Named User licenses can be quantified by the standard SAP license audit tools. This would be considered as part of a Basic audit.
For an Enhanced audit, SAP is more likely to investigate how you have assigned those Named User licenses compared with the use rights of your licenses. SAP would then determine how the license assignments should be made. SAP may review additional data sources to verify if users are licensed correctly. This is typically only performed during an Enhanced audit, but occasionally SAP may perform further checks on Named User classification as part of a Basic audit.
For Enhanced audits, the scope can include further analysis in addition to the above list. This may include one or more of the below activities (note the list is not exhaustive):
- comparison of Named User assignments to Named User use e.g. role analysis
- Indirect Use assessment
- functional review of HANA Runtime Edition database
- onsite visit by the auditors
Although all product areas are considered in scope for an Enhanced audit, SAP can limit the scope at their discretion. We have also seen instances where the customer has negotiated a limited scope.
SAP license audit process
The SAP License Audit process will differ, depending on which type of audit is being conducted. The following diagram illustrates what to expect at a high level:
The initial step in an SAP license audit is an email introducing the subject, the parties involved, the audit scope and timings. An Enhanced audit would also include a request for a meeting in person or conference call. Remote audits can also be conducted which can include a request for logon details for the SAP auditor and a list of specific authorizations.
In both instances the standard license audit tools developed and delivered by SAP will need to be executed in the requested SAP systems. Additionally, the customer will be required to Self-Declare product use for technically unmeasurable products in the form of a self-declaration (document provided by SAP auditors).
Onsite visit (Enhanced audit)
For an Enhanced audit, additional steps have been observed. An onsite visit could be required, though often a remote audit is sufficient, in which SAP will look to understand how your organization uses SAP software. The activities here will vary depending on the scope, but may include interviews to understand how your processes work for Indirect Use, HANA functionality if licensed by Runtime Edition, or how you assign your Named User licenses.
Once all of the required information has been gathered, it is submitted to SAP. We usually see a round of follow-up questions as the data is reviewed for Enhanced audits and less frequently for Basic audits.
The final stage is negotiation, where customers will respond to SAP’s original findings. This is a crucial step and we would always advise to review the audit report thoroughly before signing off on the findings. Ensure you know how SAP arrived at every license usage figure to avoid paying fees due to assumptions or incorrect calculations made by SAP. This stage also includes the commercial negotiations should there be a requirement to purchase additional licenses. We usually see a higher level of non-compliance identified by SAP during Enhanced audits compared to Basic due to the level of depth of the Enhanced audit. Note that the resolution of compliance findings will be managed by the SAP Sales team rather than by GLAC who conduct the audit.
SAP’s Basic and Enhanced license audit process can differ greatly in scope and depth. It’s important to know which type of audit is being undertaken to help you understand what information SAP will be looking for and inform how you approach the process internally. ITAA recommends conducting a similar process to an Enhanced audit before the audit takes place as this could save you a significant amount of time, effort and license fees when the actual audit is performed. It will also help you understand SAP’s audit report in order to question SAP’s findings and identify where you will be able to negotiate.
ITAA’s SAP license specialists have supported and defended customers during and after a license audit across a variety of industries and organization sizes. The services we provide cover SAP license audit preparation (pre-audit), support (during the audit) and defense (post-audit and during negotiation, if required). Please feel free to contact us for more information.