Following our series of articles on SAP Audits and Disputes, let’s find out from the SAP Licence and Contracts experts how they are finding the situation and helping organisations in the SAP customer base.
Kim Chalmers, MD of Azurious, is the subject matter expert on SAP Contracts and Governance. David Lloyd, MD of Grey Monarch, specialises in SAP Licence metrics. Between them they have 80 years of experience – so who better to ask about the risky matter of SAP Audits and Disputes and how to avoid the pitfalls?
Have you got evidence from your customer base that audits are becoming more of a concern?
David: Yes, most definitely. This change has come from two main areas; the most obvious being the press coverage and Worldwide SAP user group sessions about Indirect Access and some of the eye-watering figures around non-compliance in this area. But also, we are seeing far more extended audits in place of self-submissions resulting in a much more detailed audit from SAP often leading to non-compliance claims.
Kim: Seven out of ten of our customers have experienced non-compliance issues following their annual audit. This is a significant increase over recent years because the audits are becoming more detailed and onerous. They are now also consuming massive amounts of time and effort due to the complexity which is making them more difficult to defend.
What are the key components which make the SAP Audit a challenge for the customer?
David: Firstly, there is a disconnect between the technical and commercial aspects of an SAP licence audit.
SAP customers too often think of the annual SAP licence audit as a Technical Activity that is left to the SAP Basis or SAP security team to action - there is often no final commercial or contractual scrutiny of the results, and that required scrutiny is not typically within the skillset of the technical teams. Secondly, SAP licence audits are massively time consuming often meaning that SAP customers rarely allow enough time to complete the audit, and definitely not enough time to check or mitigate any potential exposures or anomalies.
Kim: The SAP Audit is an annual and evolving event. Many organisations do not have clear stakeholder ownership and view it as a technical exercise. In addition, those responsible for preparing the audit easily forget what to do and how to collect the data. Both of these factors lead to enormous amounts of time and effort being wasted. An audit response is not an automated process and often involves different people each year. Rarely is there anyone who has knowledge of everything that needs to be done, how best to do it and finally to correctly validate all the data before submission to SAP.
One of our recent clients received a demand from SAP for $3.4 million, made up of several claimed non-compliant elements. Using our expertise, we whittled these down by research and development of sound business arguments to a settlement fee of $360,000, saving over $3 million and over $500,000 a year in Maintenance.
When is the best time to prepare for an audit?
David: I would say no later than 8 weeks prior to the audit is the optimum time. For licence optimisation, we would typically pull in the previous 90 days worth of real user activity data, analyse it, work with the customer to understand any SAP licensing constraints and finally optimise the licence classification. All being well this still leaves the customer a month before the audit deadline for any other follow-up or further preparation.
Kim: It is best to monitor all key Licence Metrics regularly and to make corrections on an on-going basis. In large, complex landscapes between 3 to 6 months to gather all the information, make corrections and validate prior to submission. It’s never too soon, and a proactive approach to the SAP Audit will always reach the best outcome, avoiding any serious unbudgeted financial burden.
What are the typical mistakes you find that customers make when managing an audit?
David: In a nutshell, they are (a) not knowing in any proper detail how people and systems are accessing and using their SAP core (b) not properly understanding their bill of materials or usage rights and how that usage maps on to it (c) assigning the wrong people to perform the audit and (d) not leaving themselves enough time to gain a full understanding of their audit position in order to potentially mitigate any potential compliance issues.
Kim: Believing that everything is OK, so complacency. No one having a true understanding of the Contract Terms and Conditions and Licence Metrics and how to apply them.
Submitting results to SAP without validating them, usually because they don’t know how to!
How do you help customers avoid the pitfalls of an audit to prevent it becoming a dispute?
David: The biggest pitfall for an SAP customer is not truly understanding their actual usage of SAP and how that compares to their Usage Rights. We can help by firstly automating the collection of data each month and analysing the actual usage of every type of access into the SAP digital core systematically, whether that be a human (named user), an SAP application/engine, or a third-party system (Indirect/Digital Access). We compare this access and usage to their Bill of Materials to provide a detailed insight into where they currently stand from a compliance perspective.
On top of this we will work with the customer to model any Licensing conditions and propose optimisations to their licence distribution to maximise the value of their inventory. We do this by mapping employees to all their user accounts, re-classifying user licences according to their actual usage, identifying dormant accounts, and duplicate accounts etc. This will mitigate, and often eradicate, any potential non-compliance issues.
Kim: We have the expertise and knowledge to forensically examine every SAP Agreement and create a fully validated baseline against which to measure use. We then ensure that all relevant measurements are carried out correctly. If we uncover issues we provide advice on how to remediate them and mitigate or eliminate any risks of non-compliance. Even where financial exposure remains, we have the skill, knowledge and experience to help you minimise it through negotiation support.
Here are our top tips for getting more out of your audit:
A proactive approach to your SAP Audit will save time and money for your organisation and enable you to budget for any financial exposure.
Your organisation needs to recognise the importance of a SAP Audit being both a commercial and a technical process
A management stakeholder and clear technical responsibility year on year will ensure an improved company ownership
Professional help backed up by years of expertise, will minimise your wasted time, resources and financial risk for your next SAP Audit
For more information and advice about your current SAP licence and contract situation please get in touch for a no-obligation initial discussion.
Featured in this article are the views of Kim Chalmers, CEO of Azurious and David Lloyd, Managing Director of Grey Monarch.