Key Initial Steps for Successfully Reacting to SAP Audit Notifications


In the past few months, SAP has made several statements regarding indirect use, evident in the Diageo case, the AB-InBev arbitration, and the recent show of ‘empathy,’ stressed by SAP’s Bill McDermott in his opening keynote at SAPPHIRE.  What is the common denominator?

When companies are not proactively informed of potential compliance exposures in their SAP environment, the receipt of an SAP audit notification can leave them paralyzed in fear due to the likelihood of unforecasted budgetary hits.

The following are some high-level recommendations to alleviate pressure, understand your baseline, and take an SAP audit head on.

Request More Time

Upon receiving a notification from SAP’s audit team, many companies feel compelled to commence the process of immediately providing SAP with the information they are requesting. In our experience, SAP has been receptive to reasonable requests for more time. More time should not be used as a delay tactic in hopes SAP will go away (because they won’t), but as an opportunity for your company to conduct a baseline assessment of your SAP relationship and come up with an informed strategy.

Conduct Baseline Assessment

A baseline assessment of your relationship will allow you to understand all aspects of your relationship with SAP, both good and bad.  Ensure you are evaluating your:

  • Relationship – Determine any pre-existing political capital that may be leveraged
  • Compliance – Understand potential compliance exposures attributable to traditional SAP audits (users and engines) and indirect access
  • Agreement – Review commercial terms allowing you to reduce or offset any potential compliance exposures
  • Optimization – Identify shelfware that may be either traded or terminated via commercial terms to offset any potential compliance exposures or related maintenance
  • Demand – Pin point software on the future roadmap that may be pulled forward and leveraged

Develop Your Strategy

The results of your baseline assessment should go beyond informing your budget of a potential compliance exposure. The baseline assessment should allow you to develop your strategy from an informed perspective such that you can now take an offensive posture. When you make decisions for your strategy you should be able to do so from your deeper understanding of where the relationship stands and where it is advantageous for your company. For example, if SAP is auditing select engines in your environment and you are interested in a comprehensive audit (traditional and indirect access), you should know what your full potential compliance exposure looks like and the commercial terms that are at your disposal prior to putting them on the table.

In our experience, alleviating pressure, understanding the baseline, and taking the audit head on through an informed strategy are keys to successfully reacting to SAP audit notifications and the audits that follow. To learn more about our SAP baseline assessment and negotiation services, take a tour of our SAP Indirect Access Resource Center or contact Carole Jacques or call 617-412-4313.  As always, we welcome your comments.

Leave a Comment

*