An SAP audit is a self-measurement that scores every user at their highest authorization. Our former SAP audit managers run the measurement first, correct it, and submit a figure that reflects your contract, not SAP's broadest reading of it.
SAP audit claims against enterprise customers average $3.1M on first assertion, and structured defense reduces the settled figure by 55 to 78 percent. An SAP audit is a self-measurement: SAP requires you to run the USMM transaction in each system, consolidate the results through LAW or SLAW, and submit the output. The measurement scripts score every user at their highest authorization and flag every engine that shows activity, so the raw result almost always overstates your true obligation.
The defense happens before the data leaves your building. Our former SAP audit managers know exactly how USMM classifies users, how LAW consolidates duplicates across clients, and which engine counters trigger on incidental activity. We run the measurement in a controlled cycle, correct misclassifications, and remove false positives so the submitted figure reflects your contract, not SAP's broadest reading of it.
We manage the full cycle from the first audit notification through final settlement, including the indirect and digital access questions that now drive the largest single findings. See our USMM, SLAW and LAW guide and the vendor audit defense service.
SAP audit findings concentrate in a small number of categories. Knowing where the value sits lets the defense focus measurement effort where it matters.
| Finding category | Why it triggers | Typical defense outcome |
|---|---|---|
| Over-classified named users | USMM scores users at highest authorization, not actual use | 30 to 50 percent of Professional users reclassified |
| Indirect / digital access | Third-party systems read or write SAP data | Reframed under document model or licensed interface |
| Unused priced engines | A counter shows incidental activity | Engine removed or measurement corrected |
| Duplicate users across clients | LAW fails to consolidate the same person | Records merged before submission |
Timing lever: The single most expensive mistake in an SAP audit is submitting the raw USMM output to meet a deadline. Once SAP holds the unadjusted figure, every correction becomes a concession you must argue for. Run the measurement internally first, correct it, then submit. Our defense engagements begin within 72 hours of the audit notice. For the full sequence see the SAP audit defense guide.
Indirect and digital access is now the highest-variance line in any SAP audit. SAP can value the same integration under legacy named-user rules or the newer document-based digital access model, and the two methods can differ by millions. Choosing the framing is a negotiation, not a measurement.
A retail group received an SAP audit notice tied to a renewal. The initial self-measurement, run by the internal Basis team to meet SAP's deadline, produced a claim of $7.4M driven by 6,300 Professional users and a digital access finding on the e-commerce platform.
We were retained before the figure was submitted. A controlled USMM re-run reclassified 2,900 users to Limited Professional and Self-Service, consolidated 800 duplicate accounts through SLAW, and reframed the e-commerce integration under the document-based digital access model rather than named-user rules. The corrected submission removed the duplicate and over-classification findings entirely.
The settled position closed at $1.6M, a 78 percent reduction against the initial claim, with the audit clause renegotiated to cap future measurement frequency at once per year.
The first week of an SAP audit sets the ceiling on the eventual claim, so the early actions matter more than anything that follows. Do not run the USMM measurement to meet the stated deadline and submit the raw output. Acknowledge the notice, confirm the scope and the contractual audit clause, and ask for the measurement window in writing. SAP audit timelines are more flexible than the first letter implies.
In parallel, freeze any system changes that would alter the user master or engine activity, and pull the current contract so the measurement is read against your actual entitlements rather than SAP's standard interpretation. We then run the USMM cycle internally, in a controlled environment, and correct the classification and consolidation errors before any figure is shared.
The single largest variable remains indirect and digital access, which can be valued under named-user rules or the document model with results that differ by millions. Framing that question is a negotiation, not a measurement, and it belongs in the defense from day one. See the measurement guide and our SAP advisory service for how the corrected position carries into the renewal that usually follows an audit.
SAP audits are self-measurements. SAP requires you to run the USMM transaction in each system, consolidate results through the License Administration Workbench (LAW) or its successor SLAW, and submit the output. Because the measurement scores users at their highest authorization and flags any active engine, the raw result usually overstates your true contractual obligation.
As soon as the audit notice arrives and always before any measurement data is submitted to SAP. Once SAP holds the unadjusted USMM figure, every correction becomes a concession you must argue for. Engaging in the first few days lets the defense run a controlled internal measurement and correct it first.
Two categories dominate: over-classified named users, where read-only or occasional users carry full Professional licenses, and indirect or digital access, where third-party systems read or write SAP data. Indirect access is the highest-variance line because the same integration can be valued under named-user rules or the document-based digital access model.
Yes, though the advantage is lower than acting pre-submission. We review the submitted USMM and LAW output, identify reclassification and consolidation errors, and reframe indirect access where the contract allows. Settlement negotiations regularly recover a large share of an over-stated claim even after submission.
Yes. Settlement is the moment to renegotiate the audit clause, cap measurement frequency, clarify indirect access terms, and convert findings into an optimization roadmap so the next measurement starts from a clean, buyer-controlled baseline.
Weekly SAP licensing intelligence: USMM measurement traps, indirect access rulings, audit trends, and settlement tactics. Trusted by 3,000+ IT leaders.
If you have received an SAP audit notice, engage before any USMM data leaves your building. We run the controlled measurement and manage settlement to a minimum-cost close.