You are registered. Your guide is ready. Read the full 2026 edition of the SAP Audit Defence & License Measurement Playbook below.
Prepared by Atonement Licensing · buyer-side advisory · last reviewed June 2026. Figures are list-level context or clearly labelled indicative ranges. The representative estate used below, a 12,000 named-user SAP landscape with material non-SAP integration, is an illustrative benchmark, not a quote.
Executive summary
An SAP audit is not an inventory count, it is a measurement you largely build yourself, and most of the claim is decided before SAP ever sees a number. SAP classifies named users and counts consumption with its USMM measurement program, consolidates the results across systems with SLAW or the License Administration Workbench (LAW), and asks you to submit the output as a self-declaration. Because the declaration depends on how users are classified and how indirect access is treated, the buyers who prepare the measurement themselves consistently declare a smaller, defensible position than those who run the tools cold and hand over the raw result.
On a representative 12,000 named-user estate, an indicative 20 to 40% of users are classified above the type their role requires, Professional where Employee or Self-Service would do, and undocumented digital access through non-SAP systems sits as a latent seven-figure exposure. A measurement run without that preparation reports the over-classification and the exposure at full rate; a measurement run after reconciliation reports what is actually used. Across engagements, the buyers we advise see an average 72% reduction in vendor audit claims, not by disputing the rules but by measuring correctly before the vendor does (firm figure; per-engagement scenarios indicative).
This playbook covers the full SAP audit picture from the buyer side: how USMM, SLAW, and LAW actually work, how to reconcile named-user types, how the digital and indirect access lever operates inside an audit, how to control scope and data, and how to settle a reconciled gap into a renewal or S/4HANA conversion rather than paying it as a cash claim. It is written for licensees, by advisors who represent buyers only and never SAP.
How SAP measures: USMM, SLAW, and LAW
SAP licence measurement runs on SAP's own tooling. The USMM (System Measurement) program executes inside each SAP system, classifying every named user against the licence types in your contract and counting consumption of priced engines and packages. Results from multiple systems are then consolidated, historically through the License Administration Workbench (LAW) and now SLAW, into a single landscape-wide declaration. That declaration is what you submit, and it is the only number SAP evaluates against your entitlement.
The structural point for buyers is that USMM reports the classification it is given. It does not decide that a user assigned Professional only ever runs self-service transactions; it counts them as Professional because that is how they are set up. The measurement therefore inherits every classification error in the estate, which is exactly why the preparation, not the tool, determines the result.
| Stage | What it does | Buyer move |
|---|---|---|
| USMM | Classifies named users and counts engine/package use per system | Reclassify users to the correct type before the run, not after |
| SLAW / LAW | Consolidates results across systems into one declaration | Reconcile duplicates and multi-system users before consolidation |
| Self-declaration | The submitted result SAP evaluates against entitlement | Measure independently first; submit a reviewed position, not raw output |
| Engine/package metrics | Counts consumption of separately-priced components | Verify each priced engine is actually in use and correctly counted |
Action. Run USMM yourself in a controlled measurement well before any audit response is due, and treat the first output as a diagnostic to be corrected, not a result to be submitted.
2Named-user type reconciliation
The largest recurring SAP overpayment, and the largest single audit lever, is named-user over-classification. SAP licence types are priced in a steep hierarchy, Professional well above Limited Professional, Employee, and Self-Service, and users accumulate the higher types through role inheritance, copied templates, and leaver accounts that were never deactivated. In an unreviewed estate an indicative 20 to 40 percent of users sit above the type their actual transaction history supports, and an audit prices every one of them at the assigned rate.
Reconciliation means matching each user's real usage to the cheapest licence type that covers it, deactivating dormant and duplicate accounts, and consolidating users who appear in multiple systems. This is not gaming the rules, it is declaring what is actually used. The bar chart below shows where SAP named-user and consumption exposure concentrates, expressed as indicative reduction ranges against an unreviewed declaration.
The single most common finding we see is a population of Professional users who have never run a single Professional transaction. SAP licence types are assigned, not earned, so role inheritance quietly promotes users into the most expensive bracket. Reclassify to actual usage before you measure, and a large part of the claim disappears before it is ever raised.
Action. Build a usage-to-type reconciliation for every named user, deactivate dormant and duplicate accounts, and lock the classification before USMM runs.
3The digital and indirect access lever inside an audit
Indirect access, now framed by SAP as Digital Access, is where SAP audits most often turn from a routine measurement into a major claim. The exposure arises when non-SAP systems, a CRM, an e-commerce front-end, a bespoke portal, or an integration platform, read or write SAP data without a directly licensed user behind them. The Digital Access model prices this by documents created in SAP, sales orders, invoices, and similar, rather than by user, which means a single high-volume integration can generate a very large number very quickly.
Because the exposure is architectural rather than user-based, it is usually invisible until someone goes looking, and an audit is precisely when SAP goes looking. A buyer who has already mapped every system that touches SAP, quantified the document volumes, and decided how to treat each interface walks into the conversation with the number under control. A buyer who has not is told the number by SAP, calculated SAP's way.
| Source | The exposure | The control |
|---|---|---|
| Third-party front-ends | External apps reading/writing SAP data with no licensed user | Map every interface and decide user-based or document-based treatment |
| Integration platforms | High-volume automated document creation in SAP | Quantify document volumes before SAP does and model both pricing bases |
| Legacy interfaces | Old integrations no one has reviewed for licensing | Inventory and rationalise; retire interfaces that are no longer needed |
| Digital Access valuation | Document counts priced at full rate, back-dated | Negotiate the conversion basis as part of a forward commitment, not a cash claim |
Action. Produce an indirect-access map of every non-SAP system that touches SAP data with its document volumes, and model both user-based and document-based treatment before the audit opens.
In an SAP audit the number is not found, it is built. Whoever measures the estate first, the buyer or the vendor, builds it.
Facing an SAP measurement, an audit letter, or a digital-access claim? Our advisors run the independent measurement and the defence with you, buyer side only.
Vendor Audit DefenceControlling scope and data
An SAP audit is governed long before the numbers are argued, in how scope and data flow are set up. The defensible posture is the same one that controls cost: route the engagement through a single named owner, agree the scope and the data-handling terms in writing, and never hand over raw USMM output before you have measured and reconciled it yourself. The data you release, and the order you release it in, shapes the entire engagement, because once a raw measurement is in SAP's hands it anchors the conversation at the highest number.
This is also where the difference between a friendly system measurement and a formal audit matters less than it appears. Treat every measurement request with the same discipline, because the same data feeds both, and a casually-shared measurement can become the basis of a formal claim. Scope control is not obstruction, it is making sure the declaration that leaves the building is one you have reviewed.
The fastest way to lose an SAP audit is to email the raw USMM and SLAW output the day it is requested. Once SAP holds an unreviewed measurement, every reconciliation you make afterwards looks like a retreat from your own number. Measure, reconcile, and only then declare, on your timetable, through one owner.
Action. Appoint a single audit owner, put scope and data-handling terms in writing before any measurement is shared, and release only reviewed, reconciled figures.
5Settlement into renewal or S/4HANA conversion
A reconciled audit gap is worth more as leverage than as a cheque. SAP would prefer a back-dated cash settlement; the buyer's interest is to fold any genuine gap into a forward commitment, an S/4HANA conversion, a renewal, or a digital-access subscription, where it can be offset against credits and negotiated as part of a larger deal. The audit and the commercial conversation handled as one negotiation almost always produce a better outcome than the audit settled in isolation and the renewal fought separately.
This is particularly true where digital access is involved, because SAP's Digital Access conversion programmes are designed to move customers onto the document-based model, and a buyer can often trade a contested back-dated indirect-access claim for a clean, forward digital-access basis on better terms. The discipline is to never settle the audit as a standalone cash event if a forward commitment is anywhere on the horizon.
Indicative share of named users an unreviewed estate over-classifies, priced at full rate in any claim built on raw measurement output (indicative).
A reconciled gap folded into an S/4HANA conversion or renewal is offset against credits; the same gap paid as a back-dated cash claim is not (indicative).
Action. Where any renewal or S/4HANA move is in view, hold the audit and the commercial discussion together and settle the reconciled gap as a forward credit, not a cash payment.
6The audit response calendar
An SAP audit response has a natural sequence, and running it as a calendar rather than a scramble is most of the defence. The work divides into a govern-and-scope phase on receipt, an independent measurement and reconciliation phase, and a settlement phase, and each must finish before the next begins from strength.
Scope and govern
Route the letter through one owner, agree scope and data handling in writing, and do not run or release USMM output on SAP's timetable. Treat a friendly measurement with the same discipline as a formal audit.
Measure and reconcile
Run your own USMM and SLAW measurement, reconcile named-user types, deactivate dormant accounts, and map and quantify digital access. Build the defensible declaration before any number is shared.
Settle forward
Challenge any claim not tied to actual usage or a specific contract metric, settle only the reconciled gap, and fold it into a renewal or S/4HANA conversion as a credit wherever possible.
Action. Adopt this three-phase calendar as the standing SAP audit response so a measurement request triggers a process, not a panic.
7Recommendation
SAP audits reward preparation and punish improvisation, and the preparation is almost entirely measurement done before the vendor's. The buyers who settle smallest are not the ones who argue hardest, they are the ones who declared a reconciled, defensible position in the first place.
Run USMM and SLAW yourself before any audit response is due, reconcile every named user to the cheapest type their usage supports, map and quantify digital access before SAP does, control scope and data through a single owner, and settle any reconciled gap forward into a renewal or S/4HANA conversion rather than as a back-dated cash claim. The estate that measures itself first declares from strength and defends the audit in weeks; the estate that hands over raw measurement output argues from SAP's number for months. The 72 percent average claim reduction we achieve comes from measuring correctly before the vendor, not from disputing the rules afterward.
Key takeaways
- An SAP audit is a self-declaration built on USMM and SLAW output; preparation, not the tool, decides the result.
- Named-user over-classification, an indicative 20 to 40 percent of users, is the largest single audit lever; reconcile to actual usage before measuring.
- Digital and indirect access is priced by document, not user, and is the most common source of large surprise claims; map and quantify it first.
- Control scope and data through a single owner and never release raw measurement output unreviewed.
- Settle a reconciled gap forward into a renewal or S/4HANA conversion as a credit, not as a back-dated cash claim.
- Run the response as a govern, measure, settle calendar rather than a deadline scramble.
- Our 72 percent average claim reduction comes from measuring correctly before the vendor, not disputing the rules afterward.
Frequently asked questions
How does SAP measure licence usage?
SAP runs the USMM measurement program in each system to classify named users and count engine and package consumption, then consolidates results across systems with SLAW or the License Administration Workbench (LAW). The output is a self-declaration you submit, so the classification you apply before running it largely determines the result.
What is named-user over-classification?
Assigning users a higher, more expensive licence type than their actual role requires, for example Professional where Employee or Self-Service would suffice. An indicative 20 to 40 percent of named users in an unreviewed estate sit above the type their usage supports, and each one is a recurring overpayment that an audit prices at the higher rate.
What is SAP indirect or digital access?
Indirect access is when non-SAP systems or third-party front-ends read or write SAP data without a directly licensed user. SAP's Digital Access model prices this by documents created, sales orders, invoices, and similar. Undocumented digital access is the single largest source of surprise exposure in an SAP audit and should be quantified before, not during, the engagement.
Can we control the scope of an SAP audit?
Yes. Route the engagement through a single owner, agree scope and data handling in writing, and run your own USMM measurement before sharing anything. You decide what data leaves the building and when; handing over raw measurement output unreviewed is how a claim becomes larger than it should be.
Should an SAP audit be settled into a renewal or S/4HANA deal?
Often, yes. A reconciled audit gap has the most value as a credit folded into a forward commitment, an S/4HANA conversion or a renewal, rather than paid as a back-dated cash claim. The leverage is greatest when the audit and the commercial conversation are handled as one negotiation, not two.
Get this playbook applied to your SAP estate. Confidential measurement and audit-posture review, buyer side only.
Book a 30 minute callRelated research: the SAP Indirect & Digital Access Playbook goes deeper on the digital-access lever, the SAP S/4HANA Guide covers the conversion an audit is often settled into, and the SAP RISE Negotiation Playbook covers the subscription commercials where a reconciled gap becomes a forward credit.
Get The Licensing Edge
Negotiation moves, audit signals, and price-book shifts. Monthly. Buyer-side only.