Key Initial Steps for Successfully Reacting to SAP Audit Notifications

Even as companies begin to recover from the COVID pandemic, SAP continues to aggressively pursue audits of their customers in an effort to not only obtain additional revenue, but also incent customers to move to S/4HANA generally and transition to RISE specifically.

When companies do not proactively manage potential compliance exposures in their SAP environment, the receipt of an SAP audit notification can leave them paralyzed and uncertain as it relates to the cost or options to address compliance.

The following are some high-level recommendations to alleviate pressure, understand your baseline, and take a more proactive approach to responding to an SAP audit:

1.  Request More Time

Upon receiving a notification from SAP’s audit team, many companies feel compelled to commence the process of immediately providing SAP with the information they are requesting. In our experience, SAP has been receptive to reasonable requests for more time as well as obtaining further clarity as to the scope of SAP’s proposed audit.

However, more time should not be used as a delay tactic in hopes that SAP will go away (because they won’t).  Additional time should be used as an opportunity for your company to conduct a baseline assessment of your SAP relationship and come up with an informed strategy where everyone is aligned on how to respond to the SAP audit.

2.  Conduct a Baseline Assessment

A baseline assessment of your relationship will allow you to understand all aspects of your relationship with SAP, both good and bad.  A comprehensive baseline assessment includes an evaluation of your:

  • Relationship – Determine any pre-existing political capital that may be leveraged, in-flight sales opportunities or recent losses, current performance issues as well as understanding which SAP executives are (or are not) advocating for your organization within SAP.
  • Compliance – Understand potential compliance exposures attributable to traditional SAP audits (users and engines) and Indirect Access or Digital Access. Many customers still do not know how the Digital Access license model is measured and how associated costs are quantified.  It’s not a question of if, but when, all SAP customers must address this matter.  For a side-by-side comparison of the Indirect Access and Digital Access models and a deep dive into the key challenges of each, download our white paper, SAP Software Licensing – Indirect / Digital Access and its Threat to Your Business.
  • Agreement – Review commercial terms in your on-premise and cloud agreements allowing you to understand if there is flexibility to reduce or offset any potential compliance exposures.
  • Optimization – Identify shelfware that may be either traded or terminated via commercial terms to offset any potential compliance exposures or related maintenance.
  • Demand – Determine if, based on your technology roadmap, there are planned purchases which may be leveraged in the context of an audit.

3. Develop Your SAP Audit Strategy

The results of your baseline assessment should go beyond informing your budget of a potential compliance exposure. The baseline assessment should allow you to develop your strategy from an informed perspective such that you can now take an offensive posture with SAP to set the edge on the tone of the audit.  When you make decisions for your strategy, you should be able to do so from your deeper understanding of where the relationship stands and where it is advantageous for your company.

Make no mistake, SAP engages in audits not to create a contractual dispute and negotiation, but to trigger a financial transaction.  One of SAP’s well-known strategies is to use the threat of an audit to push customers into a certain direction and influence not only technology decisions, but the timing and size of technology purchases.  Therefore, having a clear line of sight into the elements of your relationship from an assessment perspective is crucial to execute a proactive strategy with SAP.

In our experience, alleviating pressure, understanding the baseline, and taking the audit head on through an informed strategy are keys to successfully reacting to an SAP audit notification and the audits that follow.  This is even more important now that SAP has and will continue to take an aggressive stance to not only drive customers to S/4, but also to move them from their perpetual, on-premise license model to RISE.

Comment below, find my other UpperEdge blogs and follow UpperEdge on Twitter and LinkedIn.  Learn more about our SAP Compliance and Audit Advisory Services.

What to Read Next: