Has your organization received notice of your annual SAP audit?
Read on to help prepare you and your organisation for your upcoming software license audit.
If you’re already well prepared, you should allow two weeks to collate the relevant data SAP requires, if you’re not so prepared, you’re going to need that 30 day period to get everything in check. We’ve previously covered the complexity of SAP compliance and have offered some guidelines for the regular review of the audit and compliance provision. Our objective is to help you as a SAM Manager, to keep on top of your SAP licenses and be prepared for an audit.
Why am I being audited by SAP?
As with all vendors, the main goal of any audit is to ensure compliance, however, this process is now seen as a way of generating additional revenues by vendors. It used to be that software auditing was driven by organisations such as the Business Software Alliance (BSA), a vendor-funded organization. But, it’s more likely now that you will receive notice from the vendor directly. Whilst SAP can perform their audits remotely, it is best to be prepared for an on-site visit.
What do I need to provide for a SAP audit?
This will vary depending on the bundle that you originally purchased from SAP. You’ll need to provide significant entitlement validation to prove your organization is licensed to use SAP, whether that’s from the 1980s legacy, mysap.com, Business Suite or SAP Application – the entitlement documentation required has changed throughout SAP’s progression. SAM Managers should take advantage of the documentation that SAP provide with every new deal or contract in order to ensure you are meeting the terms of the new license entitlement.
Preparing Data for a SAP Audit
While SAP does provide instructions for creating a report for your audit, they do not provide a classification to enable you allocate users to the correct license type. For instance, Dormant and Misclassified users could be included in your report, if they have not been manually removed or reassigned. Any license that remains unclassified will be classed as ‘Professional’, – a rather costly default. We strongly recommend that when you gather your organization’s data for the audit that you have cross checked the number of usernames with the actual number of users.
For those you who have preconfigured users such as SAP*, DDIC and EARLYWATCH, it is worth bearing mind that these users are automatically included in any license review. We have seen recommendations that these be grouped by license type and then ignored by organizations. On the other hand, falsely ignoring users such as those used for remote connection; or those without an assigned license type, means the final report is going to show inaccuracies.
Should an employee leave, you will need to reassign the available license, it is imperative that you make sure the license type is correct for the new user rights. Similarly, the number of named users should match the number of employees listed in the SAP system.
Having multiple usernames for the same user can cause problems when compiling a SAP audit report. We recommend that you use a rule to group usernames via email, which should help you match users. You can do this with automated software, or simply by applying some logic, such as matching email addresses; matching full name; or matching similar names (like Joe Blogs vs JoeBloggs).
Remember that the more information or user data you can collate, the more accurate your report is likely to be. The recommended period for analysis is every 12 months, which can be a daunting task, and so again, automated software may ease the pressure here.
Documentation needed to cover a SAP evaluation
- SAP Systems Measurement Guide
- SAP Measurement Plan
- LAW (License Administration Workbench) tool
- Contract entitlements
- Current maintenance invoices & payments
- User and package metric definitions
Never fear a SAP Audit again
Organization and optimization are key components to the SAM process. Creating a clear policy or process for classifying users and matching them across different systems will mean that when it is time to do the audit, the SAM Resource isn’t spending their time identifying unnecessary users. Keeping detailed accounts of why every license type has been reconciled against the usage; and to which user (including multiple usernames) will help you speed up the audit process, and save you time and money.