Getting Ready for a Software Audit with SAP? Of all the software publishers out there, SAP is known for dealing out particularly vicious audits with high numbers that are dreaded by SAP customers. But living in constant fear of being audited is no way to live your life. If you have SAP software of any substantial scale, then it is only a matter of time before your SAP audit is at your door. The best thing you can do is simply prepare. At MetrixData 360, we have gone up against SAP in enough audits to know what to expect. In this article, we’ll share with you the five ways you can prepare for an SAP-specific audit.
Five tips to keep in mind
- Know What Triggers an SAP Audit Expect an SAP audit at least every two years. You may receive a software audit from SAP more frequently if :
- you are a larger corporation
- your company has gone through a merger or acquisition which has led to substantial growth
- you have purchased a new SAP product
- you are deemed a ‘high risk’ customer based on the findings of a previous audit
- Know Your SAP Software Contract SAP contacts have the tendency to be needlessly complex, with over 100 separate Agreements/Order Forms/Exhibits/and so forth. These contracts all contain custom wording that can be difficult to understand but this comprehension of your agreements is critical if you want to avoid the brunt of an audit. Take something so simple as SAP’s definition for Use, as an example. Isn’t it great when a software publisher slightly changes the use of a seemingly commonly understood word? For SAP that word is “use.” According to SAP’s Software License Agreement, Use is defined> as the ability to load, execute, access, employ the software or display the information resulting from those capabilities. This is a fancy way of saying basically any interaction or capability of interaction with SAP’s software can be defined as Use and any Use requires a license. Since the definition is so broad, it means that it could prove a challenge in an upcoming audit for companies who do not have a strong understanding of Use according to SAP. In particular, you should make sure that your company has a strong understanding of the following terms as laid out in your specific agreement since they are often subject to customization:
- Named User
- Definition of your particular license metric, with close attention to any exceptions that your company could qualify for.
- Indirect Access or wording related to Indirect Access such as External user, interfaces, etc. Pay attention to even the smallest clause.
- SAP Indirect Access Many SAP systems have a dual licensing system that relies on two main components.
- Packaged licensing: is what you paid for and what you use. I couldn’t tell you which metric SAP will use since SAP uses every metric under the sun and it will vary from product to product.
- Named User License: allows a user to use any number of SAP applications that can be found in the packaged licenses. Every user needs at least one license and to access any package you need a packaged license and a named user license. Confused yet?
- Risk Management for SAP Before you start organizing your briefcase full of money to hand over to SAP for the purchasing of more licensing, there are a few strategies you can implement that can address the compliance issues of a SAP audit even before you are found in the middle of one. License purchasing should only be used after all other methods have been exhausted.
- License Identification: You may already have the licenses required to cover unique and seemingly unlicensed scenarios. You need to figure out if you are even in trouble before you start paying for it.
- Software Reconfiguration:With issues like indirect access, a reconfiguration of your software architecture may be just the thing you need to get you out of the compliance risk hotseat.
- System Clean-up: It’s important that you are using up-to-date software, and a system cleanup can be a great way to reduce your exposure.
- Have the Right People on Your Side Above all else, it’s important that you have the right team to handle an SAP audit. This isn’t a side project your IT department can get done in their spare time. Depending on the size of your software licensing environment, you may very well need to hire a team of people for the job, either in-house or an expert. Each option comes with its own advantages and drawbacks. An in-house software asset management team, while they may be more integrated into the culture of your company, will need to be versed in licensing and contracts from every vendor in your profile, negotiation skills, expertise in technology and so many more. To get all the resources you need, you will be required to hire a whole team of experts and it may take them a while to get up to speed. An external expert may come at a higher starting price but their immediate expertise and scalability to match your project can make it easy to gain massive returns on your investment. If you’d like more information about the pros and cons of hiring a SAM expert vs. doing it yourself, check out our article!
- To End on a Good Note! The frequency of software audits are only accelerating, and SAP is no exception. Ignoring what you have in your software licensing environment until your SAP audit is upon you will only create further problems, along with copious amounts of unneeded stress for you and your company. Imagine being able to approach a software audit with confidence in your own compliance and a rock solid defense to back your claims? At MetrixData 360, we have all the tools you need to get yourself ready for any audit that might be thrown your way, regardless of which software vendor it comes from. So, get ahead of your audits today!
Basically, if your last audit didn’t go so well, then in SAP’s mind, two years is a long enough time for old habits to flare back up and for disorganization to creep back in. While it is not a rule set in stone, SAP may initiate audits as a reactive measure to events that are occurring within their company. If SAP has lost a competitive bid, if their sales are slowing down, if they have released a new licensing model, it may increase the likelihood of you seeing an audit sooner rather than later.
Taking the SAP definition of Use as seen in the last section, Indirect Use can be interpreted as Use through a custom-built application or a third-party application. So basically, anyone who touches SAP data or software in any way could be considered having Indirect Access. Make sure that you have a clear map of your SAP environment, including any SAP architecture not linked to your main ERP environment and affiliate system that might be interlinking with your SAP environment.