While we heard Bill McDermott and others talk heavily about “trust” during SAP’s fiscal year-end call and Capital Markets Day, trust is one of those things in life that erodes quickly and takes much time to re-establish. While it is true our experience advising clients indicates that market sentiment reflects a higher level of trust in SAP, many SAP customers have become too comfortable thinking audits and Indirect Access are relics of the past. In our experience, SAP audits and Indirect Access are still a thing, a very real thing that can impact your bottom line.
- Traditional Audits
Historically, SAP audits were traditional in nature where SAP, like other software vendors, would leverage the terms of your license agreement to audit your use of their software. The company would leverage tools like the LAW report and client-completed deliverables to determine whether you are leveraging user and engine licenses beyond your entitlements. While many companies were not excited to hear they were being audited by SAP, they understood SAP’s interest in ensuring they were receiving fair payment for the use of their software.
- Indirect / Digital Access
A few years back, SAP began making claims that they had the right to go beyond the scope of many customer’s traditional understandings of audits. They leveraged publicly available information, casual conversations with customers, and requests for information to make claims that they were not receiving fair payment for Indirect Use of SAP software. Customers reacted with their arms crossed when SAP positioned Indirect Access findings in the millions of dollars and the trust most customers had for one of their most strategic partners was quickly eroded.
In 2017, SAP took erosion of customer trust seriously and Bill McDermott addressed it head-on during his SAPPHIRE keynote talking about the empathy SAP has for its customers and released a whitepaper to provide visibility into Indirect Access. Shortly after these efforts failed to hit the mark, SAP released a new document-based model for the digital age which provided visibility into how it intended to make Indirect Access more predictable for customers and re-establish the trust that was once lost. Since that time, all is quiet on the Indirect Access front from SAP and many customers are unsure of what is happening in the market.
- Audits Are Still Happening
Many SAP customers are surprised to hear from our experience that SAP audits are still happening under the terms of their license agreements. More specifically, customers are still receiving audit notifications like clockwork. For example, if you negotiated the potential to be audited on an annual basis, don’t be surprised if you get one — on an annual basis. Alternatively, if you negotiated an audit deferral, don’t be surprised if you get a notification — a month or two after your deferral expires.
When customers aren’t receiving audit notifications like clockwork, they may be caught by surprise receiving a notification after making strategic investments in SAP software and re-affirming commitments to SAP for their long-term roadmap. Some of our recent customers have received audit notifications shortly after going live on S/4HANA — Not exactly what they may have thought Bill McDermott had in mind when he talked about empathy in 2017.
- Proactive Indirect Access Resolution
Beyond traditional audits, some SAP customers are still scarred by their own personal Indirect Access war stories or from reading about widely publicized cases against SAP customers like Diageo. Based on this scarring, many customers are choosing to accept SAP’s Indirect Access business practice and take Indirect Access resolution head-on. However, they are also choosing to be proactive and control their own destiny to some extent, including timing and leverage, to ensure not overpaying for Indirect Access peace-of-mind.
What to Do Now?
1. Get Educated
The first step is to get educated on SAP audits and Indirect Access by learning about SAP’s business practices and your company’s current audit position. For knowledge of SAP’s business practices, talk to peers in the industry, read unbiased blogs like ours, and in the right situations, solicit information from SAP. For your company’s current audit position, review your SAP agreement for your risks and undertake a self-assessment to determine your level of audit exposure, both traditional and Indirect Access-related.
Once you are educated on SAP’s business practices and your company’s audit exposure, leverage your insights to inform a strategy with SAP. Weave your desire to close out any audit risk into a strategic investment like a migration to S/4HANA. While I wouldn’t recommend making audit exposure front and center, I would make it appear like an afterthought toward the end of the negotiation where it will be viewed by SAP as a clean-up item required by you so the finalization of the deal is not disrupted.
Last but not least, leverage your understanding of SAP’s business practices and your company’s current audit exposure to negotiate. Too often, we see customers prepared to take SAP’s first position on audit exposure. If this is not an accurate depiction of your audit exposure, don’t settle. Leverage your knowledge of your company’s audit exposure as a counteroffer.
In a recent negotiation with SAP, a customer was interested in putting Indirect Access behind them as part of a migration to S/4HANA but SAP aggressively positioned the requirement to license over 3X more than the customer’s internal assessment uncovered. With the correct timing, positioning and messaging, SAP was amenable to reducing their position in alignment with the customer’s actual requirements.
As SAP continues to re-establish the trust it previously eroded, an opportunity exists for customers to negotiate their next SAP audit or Indirect Access resolution from an offensive position. Prior to kicking things off, we recommend you take the time to get educated and develop their strategy in order to avoid unnecessary overpayment.