Lessons learned from an enhanced SAP audit.
SAP enhanced audits can be challenging, stressful, and very time consuming. Recently, we helped a client successfully navigate an enhanced audit and we want to share what was learned and gained from that experience.
By viewing this webinar you will learn:
- The difference between basic and enhanced audits
- How to recognize an enhanced audit & what might trigger one
- The timeline, data requests, and results of a real-life enhanced audit
- Our key takeaways & improvements we’ll make in the future
- And more
MEET THE PRESENTER
Jeramy leads Anglepoint’s SAP delivery team, supporting a global range of dedicated SAP projects.
Jeramy has an extensive background in SAP licensing and audit procedures and has consulted some of the world’s largest and most valuable brands on SAP license optimization, SAP audits, and SAP license negotiation. He enjoys helping clients protect their contractual rights and improve their overall SAP licensing position.
All right, it’s official. We’re recording. Hello everyone. It’s nice to be with you all, at least virtually. In the future, hopefully we can do some more of these sort of events in person. I know that some of the different organizations are becoming more friendly to in-person events and things like that, so we hope to see you soon at one of those conferences in the near future.
Today’s topic is around SAP enhanced audits. But before we dive in, I just wanted to give a quick introduction of myself. Those of you who are not familiar with me, I’m looking at the attendees list and there’s quite a few of you that I have either met in person or I know. Pleased to see you guys here.
For those who don’t know me. So I started my career at SAP as actually as a sales executive and. My job as a sales executive was working on audits. Quickly I transitioned to the audit team, so I worked for the license audit and compliance team. It was called GLAS at the time. I worked for a subset of that group called the Office of License Compliance.
I did that for four or five years and decided to join KPMG and help KPMG build a service around SAP and help bolster their software asset management department there. That was a great experience working on the other side of the fence, helping customers with audits. From there I joined Anglepoint.
I’ve been here since. And same sort of role. I’m leading the team and helping customers efficiently and. Properly use their SAP licenses and it’s been a great ride. It’s been a lot of fun and I enjoy talking about it a lot. So just to echo what Greg had said as well, if you do have questions or if you want to need to go a little bit more into depth into a particular topic, we are going to leave time at the end for that.
But also feel free to put it in the Q&A in the Zoom chat bar. Or there’s an Q&A section as well. So feel free to do either of those. And as we go, we’re monitoring those. So if we see something pop up, we’ll try to address it. If time permits. So SAP enhanced audits, let’s get into it.
Here we go for the agenda today what we’re going to walk through is we just want to make sure everybody’s on the same page. SAP Audit 101. We just want to make sure some basic things are understood and then we’ll start moving into the case study that we will go over quickly. And then the lessons that we learned.
Like I said, we’re going to try and leave some time at the end for Q&A, so if you do have questions, we’ll give you plenty of time at the end. So SAP Audit 101. So why are SAP licenses audited? So the easy answer is that SAP has a contractual right to do so in your SAP contract, you’re going to find a verification clause, and that verification clause basically tells the end user that the vendor can come in.
SAP can come in at least once a year, and they can measure your licenses and make sure that you are not overusing their software. As you can see from the screenshot that we have here, that verification clause has changed immensely from when I first started in 2010. You can see that they’ve added a lot more verbiage and it really is of your best interest to understand what your verification clause says. A lot of times in our very first meetings with our clients when we start helping them with SAP, is we encourage them to read and understand their own contracts. And this is one of the terms that we want to point you to.
Almost from the very beginning of our engagement is read the verification clause and make sure that you understand what SAP has the right to come in and do. As you can see, SAP has added, language in here about fees and how much back maintenance and, they’ve definitely added to it to help protect their own licenses.
It makes sense. They’re trying to protect the investments that they’ve made. But that’s why SAP can perform an audit, and this is what they’re exercising when you get an audit letter in the mail or in the emails. So now what does SAP collect in a basic audit?
Basic SAP Audits
So we are talking today about enhanced audits, and we’ll definitely get to that on what they collect. But just the run of the mill audit that SAP would collect. What data do they gather in those sort of engagements? So there’s a certain level obscure of obscurity that SAP relies on when they’re requesting audit data, right?
They say, hey, go ahead and pull all these reports and send them to us. And they, a lot of our customers don’t necessarily care what’s in it. They’re just relying on the vendors saying, Yeah. Okay. They told me to run this. I’m just going to send it over. So we thought that it would be important to, to, first of all, let’s set the basic audit straight.
This is the data that’s collected, and this is the data that is not collected. We also are going to talk about, should you share this with SAP, so the USMM. The USMM contains user specific data. Log on data, first name, last name, email creation date. Components, what sort of software is installed on a particular system.
It also has engine data, so that file should not be shared with SAP. It should always go into the LAW file beforehand. So if SAP requests the USMM file from you they should have a very good reason as to why. And again, the reason is you can see what data it, it has, right? Has first names, last names, emails, those sort of data points.
It’s not typical to share that with an outside party, so you don’t want to do that. The LAW tool, that is a consolidation. Think of it as a funnel, right? You take all these USMM files, you dump it in, and it spits out a report that’s consolidated. Should you share that file with SAP? The answer is yes.
That is what you should be sharing with SAP. That file has been redacted from some of that detailed information around First names, last names, emails. All that has been removed from that file. And when you send it to s a p, it gives them just numbers. It tells them, the total amount of professional users or something like that.
We do recommend that you share that. SAP typically will request that you send it via online, which is fine if that’s what is most convenient for you. But we do recommend that you send it via email. And the reason is because when we pull the file out, we can look at the file and we can see exactly what’s being sent to SAP.
Every data point, when we send it via the online tool, it’s, we don’t see exactly what’s being sent to SAP. There’s some, backend data points that, that can be shared via that method. So, we always recommend send it via email. If it’s convenient enough for the team, the LMBI, that’s the business objects tool.
That’s a summary list of user counts and what accesses they have. It basically matches up, what, which licenses you own with what is being used for business objects. Should you share that with SAP? Yes. But only after you go through it. Make sure that you go through that file, and you make sure that the users that are found there are properly cleaned up and they’re properly licensed and you’re not going to get hit.
Some of our customers look at that and say the LMBI we’re licensed via CPUs or cores, so you know, it doesn’t even matter what’s on this list. Let’s just send it to SAP. And then they’re surprised when SAP comes back and says, hey, you got to license these users. So just. Make sure you go through it first before you send it to make sure you understand what’s in that file.
Self-declared products, that’s basically anything else, right? The HA reports, there’s, tons of products that do not come through on the USMM or the Business Objects tool. Those are going to be separate in an Excel, I mean in a PDF fillable format usually. And you should definitely share that with SAP.
Same sort of thing. Don’t fill it out unless you understand what’s in it and what you’re filling out. Usually it’s pretty simple though. The metric is revenue, and it asks you for revenue. Make sure you know what revenue you’re putting in there. We always defer back to the contract. So if you’re not sure which revenue to put in, whether it’s business unit or the total company’s revenue, go back to the contract.
When did you purchase that product? Look at it, make sure that you understand it. So what is not sent SAP? User access data. Just, let me repeat that. User access data is not sent to SAP via the basic audit, right? So if a user has a professional license and they’re only doing the work for themselves in an HR tool or something like that, SAP would have no idea.
That user is over licensed as a professional. So no access data is sent to SAP movement of users from one license to another. So if you change a user from professional to employee, a minute before you send it to SAP, SAP will not see that. It doesn’t keep track of which licenses. A user used to have concrete evidence of indirect usage.
It will give them indicators. Like multiple logons and some other indicators around indirect access, but there is no concrete evidence of indirect access in the use reports that are listed to the left. It doesn’t have transaction data either for users. So let’s say that again. You have an employee license assigned to a user, and they’re doing a lot more than that.
They’re doing, some sort of finance reports and, they can edit them, they can What change them, they can do all sorts of things. That would show up on the transaction profile, but SAP doesn’t collect that, so they wouldn’t see that user needs a higher license specific user data.
Again, so long as you don’t share the USMM file, it doesn’t have first name, last name, email, it doesn’t have any of that. It’s just aggregated, consolidated numbers. So hopefully we didn’t spend too much time on this, but I just want to make sure that it’s understood. This is what’s collected in basic audit.
SAP Enhanced Audits vs. SAP Basic Audits
Basic audits versus enhanced audits. So basic, those are the tools that we already talked about. That’s what’s collected once you get into an enhanced audit. All of these other bullets that are listed here, these little bubbles, those are the other types of reports that SAP will request. So, in 2018, SAP released this PDF publicly, and they described what a basic audit is and what an enhanced audit is.
So usually there’s a clear statement of scope. Onsite audits begin with a kickoff meeting during which the auto scope is communicated. So, you should know pretty quickly, okay, this is an enhanced audit. This is different than what I usually get. The basic audit notifications are usually automated emails that you get.
Enhanced audits, somebody’s going to reach out to you, they’re going to, you’re going to have a much more in-depth conversation with sap and that should happen in advance with the customer. Just want to point that out. Are you in an enhanced audit? Again, I’ve already gone over this, but basically, the data request is not from the typical individual that you usually receive your audit request from.
So most are from a shared service center, either in India or Ireland, et cetera. If it’s from somebody else in Germany or whoever it’s more than likely you’re being targeted for an enhanced audit. The data requests are beyond what’s normal. And then requesting interviews or large sets of data any of that will indicate that you are an enhanced audit.
So hopefully that makes it clear. If you have any of these items, you’re probably in an enhanced audit.
What triggers an SAP enhanced audit?
What might trigger an enhanced audit? So customers may be like, what? What happened? Why am I being targeted, thing. There’s a couple reasons. SAP I think maintains that they’re random, that they just pick out of a hat sort of thing and say, this is, these are the customers that we’re going to do an enhanced audit on.
However, in my experience and what a lot of our customers are reporting these are some potential reasons for why SAP has selected your organization for an enhanced audit. First one being SAP lost a competitive bid for a competing software, right? So, they’re trying to sell you CRM and you put an RFP out and you collect demos and quotes from other CRM providers and SAP loses and you end up going with Salesforce or somebody else.
That can sometimes contribute to SAP having concerns over their licenses and whether you’re using indirect access or digital access or something like that. Again, they would sometimes kick off an enhanced audit because of that fact, right? We’ve had some customers report enhanced audits being kicked off just after a competitive bid is lost.
SAP, a recent decline in SAP purchases or perceived decline in SAP purchases despite your growth in your organization. So your company’s growing. It’s going gangbuster, stocks are up. Everything’s going great. Your employee count is growing. Yet in SAP’s mind you have not purchased enough. Again, that could indicate to SAP okay, something’s going on there. Not using our licenses correctly, or something like that.
Concerning results from a basic audit I would say that this might be the most common one where a basic audit comes through and it is just a mess, or, it’s showing thousands of licenses that are being deleted just beforehand or, there’s some sort of funky result in that basic audit and SAP says, hey, we need to take a closer look.
So they’ll kick off an enhanced audit and they’ll take a more in-depth look at what is causing their concerns from that basic audit. Like I said, I think that would probably be the most common reason for why SAP would kick off an enhanced audit. Poor relationships with account management teams.
So not having a good relationship with the account management. They’re not able to sell into the account. They’re, it’s contentious. They don’t understand how you’re using the licenses, things like that. Again, SAP maintains the sales and audit are completely separate, which, that is we can believe that to some extent, but we also know that there, there is a relationship there that if the sales executive team is in the middle of a $5 million deal the auditors are not going to come and say, hey, we need to audit you right now.
So they definitely coordinate to some extent. How much that is, is up to the imagination, but having a and this is consistent as well, typically an enhanced audit when it’s really, a difficult situation. The organization does not have good relationship with their account management team.
Public statements. So this is what happened famous case from years past that they made public statements about non-SAP solutions. That showed SAP, that they’re using their software incorrectly or indicating indirect access, that can kick off an enhanced audit for sure.
And then customers request to reduce, remove maintenance, or terminate a large portion of their license products. So again, SAP would look at that and say, how is that even possible? Your organization’s growing? Like, why do you want to terminate? What’s going on? There’s no way that’s possible. Let’s do an enhanced audit to see if there’s something more here that maybe the customer’s misunderstanding how to use their licenses.
So again, SAP maintains enhanced audits are random. There’s no relationship between sales and auditors. In our experience and what we’ve collected from our customers, these are some of the reasons that enhanced audits are kicked off. Take it for what it’s worth. All right. Let me just do a quick time check here.
All right. I think we’re doing good. I don’t see any questions, so keep on moving. All right, so that is SAP Audit 101. Hopefully we’re all on the same page now. So when we start talking about some of these data points and what occurred, we’re all on the same page. So let’s dive into the customer details for this case study.
Of course, some of this has been obscured or, adjusted to maintain the anonymous nature of this case study, right? We don’t want everybody to know who we’re talking about. Some of these details have been changed, but some are relatively accurate so that you can get an idea of the size and depth and experience of this customer, this particular customer.
So large food manufacturer a customer from early on for SAP. A time customer in any. In any measure of that term, 300 or 30 million plus lifetime spend with SAP. So over the years, they’ve spent a lot of money investing in the SAP software. Their main, their maintenance was around that 7 million mark and super complex agreement.
Lots and lots of agreements, so terminations, exchanges, purchases, resets, so resets being that. Their org, their environment was so complex from a licensing perspective that they came to the table with SAP many times over the years and said, let’s just remove everything and start over from this contract on this is what we own.
So they did that several times. So a very complex organization and these are some of their details. So the audit timeline, we thought that it would be important to go over the timeline just so you could get an idea of how long this may take in order to complete an enhanced audit. So the audit started, the enhanced portion of the audit started sometime in January of 2020.
It actually started before that with a basic audit where SAP was, saying, hey look, we’re going to start this. We need to get this going. And for whatever reason it was delayed and didn’t officially start until sometime in, in early 2020. So when that enhanced audit started, they gave the team the original due date of February, 2020. So they gave him a month. And of course, once you start looking at the date of requests that we’ll go over you’ll appreciate that. That is somewhat absurd. There’s no way to collect all this data, review it and send it to SAP within a one-month time period.
So again, that audit started in early 2020. They engaged us, they engaged Anglepoint in March and thereafter COVID hit and then we were dealt, the crazy events that occurred during that year with people being out of the office and just slow. Displaced from their workspaces and they couldn’t get the information they needed for a period of time.
But ultimately, we were able to muddle through that and get all the data back to SAP. You can see some of the milestones that we were working towards. So we had data collection we did business process interviews, data validation review, and then the final audit report was finally provided in November of that year.
After that final report was finalized, then SAP and this organization negotiated and were able to finally settle on a contract and agree with SAP, hey, look, this is what we owe you. And move on from there. So as you can see, it took about a year, and I think that despite Covid, I think we did it as quickly as possible.
I think that if you receive an enhanced audit notification from SAP and the due date is unreasonable, was in this case, one of your first steps should be to go back and say, Hey, look, we’re going to need at least, 8, 9, 10 months to collect all this data and get it back to you.
And the reason we will go over here shortly, but you’ve got to expand the timeline to give you enough time so that you’re not inundated with reports and files and data points that you don’t have time to review, and therefore you’re just sending it over the fence and hoping SAP doesn’t misinterpret something.
These are the data requests. So this is what SAP requested. They requested literally millions of rows of data, millions of rows. And as you go through on this middle section here, you can see there’s different tables and transactions that they requested access to. And some of these files are enormous, AGR 1251 AGR users, AGR, AGR, texts.
These files are enormous and they wanted it for every single production system. And again, talking about this particular client, they had a very complex, very large organization with systems all over the world. So collecting all of that and. Putting it all together and sending it to SAP was quite challenging.
Table of contents. This is the table of contents from the enhanced audit. So this is, these are the things that SAP wanted to collect, right? So they wanted the measurement plan to get updated. They wanted the LAW report. Business objects report HANA processor workflows, our worksheets.
Self-declaration forms, system, data extracts. They wanted a lot of information. Now, with the onsite auditor’s portion of it, because it was covid, we were able to say, eh, that’s not going to work. You can’t send anybody. And they, and frankly they didn’t. SAP recognized that as well. I don’t think they wanted to send anyone either.
So we didn’t do the onsite portion of it. But that, that does occur. SAP wants to send people onsite to do onsite sort of verification work in the middle. Like I said, these are different tables and transactions, so the transaction codes that they want you to have access to during their business process interviews and their, verification process.
They will have you open up some of these transactions and review the data that’s pulled for each of these. Different areas. So I, granted not all of them are tables, but the tables that were there were millions of rows. And then if you take into consideration the amount of data that’s behind a lot of these transactions, we’re talking about millions and millions of rows of data on the right.
You can see this is an example of the self-declaration portion. It’s relatively simple. It’s got the IDs, it’s got the engines the names of the engines, the metric, and then basically is it in use or not. And then if it is in use, then you declare how much or what the quantity is. Have to be careful with this sort of stuff.
What we ran into is that whether the product was in use or not, the revenue amount was over the licensed amount. And there is room from SAP to argue whether the product’s in use or not. You have to have it licensed appropriately because you own the product. So therefore, if the revenue metric is over what you’re licensed, you have to purchase more. So have to be careful with that. It’s a negotiating point. It’s something that, you have to figure out, why is it not in use? And maybe you can negotiate some sort of grace period or terminate the product because you’re not going to use it in the future or something like that.
This is some of the details or the descriptions that they give about, what they need and why they need it. As you can see, some of them are relatively accurate that they’ll tell you what they’re looking for but it doesn’t say so for some of these transactions, it doesn’t say what you’ll be looking at.
So click here, then click here. And this is the data point that we’re looking for. This is the road, this is the column, this is what we’re looking for. It doesn’t give that sort of detail. Gives a high level, this is why we want you to have access to this particular transaction code.
All right? That is the data request. So this is what data was given. So back to what we. Covered very briefly in the very first couple slides with the basic audit, is we don’t share data from s from our SAP systems without, clarifying exactly what’s in it and verifying this is what s SAP ask for, and this is all they get thing.
So as you can see on this example, this is the file that they requested on the left. So they said, hey, give us 1251. We clarified from SAP what columns did you need from HR 1251? Because as you can see, there’s a bunch of columns and there’s lots of data found and each of these columns, and ultimately they came back and said we only need HR name and you name, which is the SAP username.
So we redacted the rest of the data and we sent them exactly what they asked for, just those two fields. And this was the process for every single data point. And now you can understand better why we need so much time. This is just one file in one system. They requested lots of files from every single production system, and we had to do this from, for each and every single one of them.
We needed the time. We needed to be able to go through and review the data, make sure we redacted all of the appropriate portions of it, and then only supplied what SAP requested, the request clarification process. So again, SAP would request it. They would say this is what we need, and so on and so forth.
We would then basically, again, we don’t just throw it to them and say, Hey, here you go. Take whatever you need. We wanted to request clarification, like, why do you need the data? What fields are needed? Which license does this relate to? And the reason that we went that path is it felt like SAP auditors were suggesting that they, they had access to every data point within the environment, that if they wanted it, they could get it. And the example that we gave to them at the time, and that we used internally is that if SAP requested so for example, let’s say a special recipe or the codes to a safe or something like that, right?
They requested it. We could see very clearly when they requested that sort of data that they don’t need that for a license, so therefore they don’t have any right to access that data point. That is what we were trying to drive home here is that. Tell us what license that data point is supporting, and when you do, then we will provide the data for it.
But if they couldn’t give us appropriate, an appropriate answer to say, this is the data point that we need and this is the license that it’s, that we’re trying to audit, then we pushed back really hard and we said this isn’t, a fishing exercise, right? This is you. We have licensed products. You want to audit those products?
Tell us what data points you need to audit those products and which data point you need and then we’ll give it to you. So that was our basic process. We then drove to closure. So once we agreed, SAP got all their data, they got back to us with an audit report. We basically stopped communication with auditors and we moved directly to the account management team and we just said, okay, we’ve got a report from SAP Audit and these are the reasons that we think it’s wrong.
These are some of the items that we want to address. And we, from then on, we only worked with the SAP account management team. And in our view, that’s how you drive to closure. You want to start working with the commercial team as quickly as possible. And if there’s errors in the audit report, work it out with the commercial team and, drive that audit all the way to some sort of resolution so you can move on.
Recommendations for SAP enhanced audits
So here’s some recommendations. Draft a correct audit report. So take that audit report if it’s wrong. Draft a new one to say this is what we believe is accurate. And then word with the commercial team, analyze it with the commercial team. Close the door on SAP. As I already mentioned, let money create the motivation.
So disclose to SAP your intent to do a deal. Hey, look, if there’s stuff here, we’re willing to pay for it. We want to do that. So let’s move and then use timing to your advantage. Push SAP. To close that deal at the end of the year or at the end of a quarter, that typically will result in better commercial terms, the results.
So ultimately, SAP came back and again SAP’s MO audit MO is that they start high and then they work down to a reasonable resolution. When you look at the original report, From the SAP auditors, in our opinion, that’s not reasonable. They were charging for 10,000 plus indirect access licenses which that alone was, 35 plus million.
And then they were also charging for back maintenance for products. Again, somewhat arbitrarily. Like they, they only charge for a few years. And it’s why only three? Why not seven? Why not 10 years of back maintenance? If you’re claiming that we’ve been using it all these years.
So that was somewhat arbitrary. And then ultimately what we were able to do is we revised all of that and SAP agreed to around an 8 million total. Those 10,000 users, we were able to argue away with digital access.
And we got those users much lower. And this is now our starting point. So we moved from SAP’s audit finding to, okay, this is now our starting point. This is where we want to drive to a commercial resolution. And ultimately our understanding is that the organization was able to negotiate with SAP for a final purchase price around that 5 million mark.
So again, if you look at that original report of, 37 plus million all the way down to 5 million, it’s a great success story. But the customer was relatively happy not to go through the process of the engagement, but or the enhanced audit. But the result was satisfactory in my opinion.
I think that they walked away feeling like they got products that they needed, and SAP I believe, felt like they were able to confirm and do their audit work and we’re much more comfortable with, why or we’re much more comfortable with the licenses and how they’re being used at that organization.
So I think that 85% reduction is a fantastic goal. Just keeping in mind that SAP’s MO is to start high, unreasonably high in my opinion, and then work down. Having any reduction at all over the negotiating period is a great success. All right, so lessons learned, we’ve got another 10 minutes that should be plenty to get through this.
So improvements for next time. So hindsight is always 20/20, right? We always look back and say, oh shoot, we could have done this better or that better. So these are some of the items that we think that could have contributed to an even better outcome for this particular customer. And what we recommend to our customers moving forward is engage a trusted partner.
Earlier in the process, ideally prior to the start. So have somebody engaged that can help you during these enhanced audits before, the due date passes or something like that, right? As you can see from the timeline from earlier, SAP was already upset because the February deadline was skipped over.
They engaged us a month later, so we were already behind the eight ball oh man, we’re already working with an upset auditor sort of thing. So get that partner in place as early as possible. Now, I am biased that a trusted partner. Should say Anglepoint, that’s just me.
But there’s some folks out there, some organizations that can provide this sort of support. But of course, Anglepoint can, right? This is what we do for a living. So that’s the first thing. Engage somebody early if the business is willing and able to spend the budget, engage SAP prior to the start of an audit.
So if the business is willing, you have the budget and you intend on spending that money, engage the commercial team beforehand. If you think an enhanced audit, it’s on its way. Or if you think that things are going to get hairy, go ahead and engage the commercial team and put something on the books. Hey, look let’s get some products on a paper and let’s start negotiating a price and see if we can make a deal.
A lot of times that will, again I repeated SAP maintains the audit and sales are completely separate that. That could be true to some extent, but in my experience, if there’s a big sales opportunity, auditors don’t come in guns blazing trying to, audit licenses the sales executives will be able to do their job.
Remember back maintenance it’s always a possibility. Back maintenance and list prices are all always possible. It is punitive, right? SAP. And the history of SAP has very few times purchased or let customers purchase anything on this price. And I, very few in the, again, 12 years I’ve been doing this, I’ve very rarely met a customer who has bought back maintenance where SAP forced them into it, and they actually did it.
They will use it as a leverage point, but almost always it’s negotiated out, but that is part of the risk, right? You want to make sure that you’re calculating that appropriately to understand what the maximum potential expenditure would be. Back maintenance and list price, stay steadfast, and which products are compliance issues and therefore need licensing.
So a lot of times customers end up purchasing stuff that don’t have anything to do with the compliance issue. It’s almost there’s some sort of inappropriate extortion, right? Hey, we found all this audit stuff. Buy this other product and then we’ll make this go away, thing.
Which that’s just not right. If there’s a compliance issue and we are out on a particular product, we need to be purchasing a product that will. Fix the compliance issue. Part of the reason for that is next year if the auditors come back, we don’t want to be in the same position. We don’t want to have another compliance issue with the same product because we didn’t buy a product that solved this issue in the first place.
In this case we didn’t run into that, but in other cases that we’ve seen, just make sure that you’re steadfast. If this is a compliance issue, I need to buy a product for that compliance issue. And if you want me to buy another product, that’s fine, the price needs to be adjusted, not the products that are in play despite a customer having solid arguments for not purchasing the products.
Sometimes they end up buying the products anyway, just to get through the finish line. So that is the case in this one where we still had significant concerns around what products were being purchased and what SAP commercial team was still recommending despite that they were done negotiating.
They just wanted to get a deal in the books. They wanted the auditors and the compliance to go away, and so they ended up just purchasing a bunch of products at the compliance issue level, despite having really good evidence to suggest that was not the correct level, but, I think that if you had more time, if you did that first one earlier, that first step, engage a trust partner earlier, I think that gives you more time on the commercial end where you can negotiate and get things as far down as possible so that you don’t have to end up purchasing products just to get through the finish line.
So in, in a perfect world, all of these would be done, but I think that. If you can pick off one or two of these in your enhanced audit or in a basic audit for that matter, it would help your organization immensely in making sure that you’re comfortable with the audit results. You feel confident that you can negotiate with SAP auditors and make sure that they’re only doing what they’re supposed to, and ultimately, hopefully, the outcome, the result is a better outcome than what your team could do just on their own.
So surprises during the audit. We’ve already talked about the seemingly limitless ability to request data, right? SAP could say, give us everything we want, everything. And if they didn’t give us an explanation, they still said too bad you have to give it to us. So just make sure that you have legal counsel.
From your side that would be willing to back you up and say, hey, look, you don’t have a right to this data. Show us why you do, and we’ll give it to you. And if you do have that, then you’ll be in a better position to maintain that position. Say, hey, we are not going to give you this data during this engagement.
We did have legal counsel for the client that, that basically said if we went to o to court, we would win. We would say, show us where in the contract it says that you can have this data. It’s not there, therefore we don’t have to give it to you. But the time and the money defends such a position, it’s just not worth it.
We ended up. In some cases accepting a less than optimal description from SAP about why they needed the data. Definitely we retract, redacted any API information, but we ended up providing that data to SAP sales using list price and back mean this is a starting point.
In our opinion, that’s not a starting point. SAP, like I said, I, in all these years, I’ve never seen a customer purchase anything list price with a bunch of back maintenance. That’s not the starting point. The starting point is now we’ve negotiated it to where this is a reasonable place to start.
Now let’s talk about the products. Let’s talk about discounts. Let’s see what we can do to get this through the finish line. How much data did SAP another surprise that we had was they collected an immense amount of data. We’ve already gone over that, but they didn’t seemingly do anything with it. So a lot of the data that was provided, we, we never got a report back to say, this is why these users needed these licenses or anything like that.
Which is interesting. We feel like some of it is smoke and mirrors that, that they were collecting an immense amount of data when they only needed a few data points to get to indirect access licenses in order to confuse and not be particularly upfront about, this is what their ultimate goal was, so just take it for what it’s worth.
But that was a surprise. It seemed like SAP collected an immense amount of data and didn’t do anything with it. At least from our perspective, we didn’t see them make any claims around licenses or anything based on the data that we ultimately provided to them. So with that, we have gone 45 minutes.
And we’ve made it through the presentation. So the next 15 minutes are up to you and we are ready to go through any questions that you have. This is my face, I know that I haven’t been sharing, but If you don’t have any questions, thank you very much for joining. Hopefully this presentation was very helpful.
We do have an eBook that we’ve developed around the USMM and what data is found in the USMM. Correct me if I’m wrong, Greg, but I think that for those of you who attended we will be sending out that eBook after this presentation along with the recording of the presentation. That eBook is valuable in our opinion, right?
That’s why we put it together. But it’s a fantastic place to go to understand better where the USMM falls with respect to your licenses and how you can collect data from that report and make better decisions about your licenses. So with that, I’m going to be quiet and. Open it up for questions and again if you don’t have any and you’re going to drop, thank you very much for your attendance.