SAP Audit Defence

SAP Audit Prevention: 12-Month Readiness Plan

The SAP audit prevention plan most enterprises wish they had started three years ago. A month-by-month operational guide to building the licence controls, measurement discipline, and documentation that eliminates audit exposure before SAP has reason to raise it.

Category: SAP Audit Defence Read time: 11 min Updated: March 2026

SAP audit prevention is not a single activity — it is a programme. The enterprises with the cleanest SAP licence positions are not the ones that prepare intensively in the six weeks before a measurement deadline; they are the ones that have embedded licence management activities into their operational calendar throughout the year. This 12-month readiness plan translates the strategic framework in the SAP audit prevention guide into month-by-month operational actions.

The plan assumes a measurement window in May (Month 5) — a common optimal window for organisations with calendar fiscal years. Adjust the timeline proportionally if your measurement window falls in a different month. The relative sequencing of activities is what matters: preparation must precede measurement, and review activities must precede preparation.

Key Takeaways

  • A 12-month prevention programme distributes work evenly throughout the year — preventing the measurement-month scramble that produces inflated SLAW reports.
  • The programme has three phases: foundation (months 1–3), preparation (months 4–5), and post-measurement monitoring (months 6–12).
  • User account hygiene is the highest-leverage ongoing activity — monthly locking of inactive accounts prevents measurement inflation accumulating throughout the year.
  • Contract entitlement verification should occur at least twice per year: before measurement and after any commercial transaction with SAP.
  • The programme should be owned by a named individual with cross-functional authority over IT, HR, and procurement activities that affect the licence position.

Months 1–2: Foundation — Establish Baseline and Ownership

Month 1

Baseline Licence Position Assessment

Commission or conduct a baseline assessment of your current licence position. Compare your contracted entitlement against SAP's records, generate a preliminary user count by licence type, and identify the highest-risk areas — typically: users not reviewed in 12+ months, engines activated but not commercially used, and any known indirect access scenarios without DAAP coverage. This baseline becomes the starting point for all subsequent activities.

Month 2

Programme Governance and Ownership

Appoint a named SAP Licence Manager with explicit cross-functional authority. Define the governance model: who approves new user account creations and what licence type classification is applied; what triggers an engine activation review; how third-party integration deployments are assessed for licence impact before go-live. Document these governance rules and communicate them to IT, HR, and procurement teams.

Months 3–4: User Data and System Preparation

Month 3

Comprehensive User Account Review

Conduct a full review of all user accounts across the SAP landscape. Lock all accounts inactive for 90+ days. Review and reclassify user type assignments for accounts classified as Professional solely due to broad authorisation profiles rather than actual business function. Document all changes with timestamps, business justification, and approver name. This is the most impactful single activity in the prevention programme.

Month 4

Engine Activation Review and System Hygiene

Generate a list of all engine and package activations in the production system. For each activation, verify whether it represents active commercial use or a historical technical artefact. Work with SAP BASIS to deactivate engines that are not commercially used where technically feasible. Review landscape configuration to confirm decommissioned systems are removed from the SLAW measurement scope. Verify cross-system deduplication configuration.

📬 SAP Licensing Intelligence

Get Independent SAP Licensing Insights

Expert analysis on SAP audits, contracts, and cost reduction — direct to your inbox. Corporate email required.

Month 5: Measurement Execution and Submission

Month 5

USMM Execution, SLAW Review, and Submission

Execute USMM on all systems in scope during the stable mid-month window — avoiding month-end close activity. Generate the SLAW report and conduct a detailed review: compare against prior year, investigate all unexplained increases, verify engine activations, check deduplication output. Compile the complete submission package (SLAW file, landscape overview, user type methodology note, year-over-year commentary, contract entitlement confirmation). Submit with covering letter. Retain complete copy of submission. For the detailed process, follow the step-by-step measurement guide.

Months 6–8: Post-Measurement Monitoring

Month 6

SAP Response Review and Challenge Preparation

Receive and review SAP's licence position analysis (typically 4–8 weeks after submission). If SAP identifies shortfalls, commission independent review of the shortfall claim before engaging commercially. Identify which items are legitimate shortfalls (requiring commercial resolution) versus classification errors, deduplication failures, or entitlement record discrepancies (requiring challenge). Do not treat SAP's initial shortfall analysis as final.

Month 7–8

Quarterly User Review and Continuous Hygiene

Conduct the mid-year quarterly user review: process all leavers, movers, and joiners since the measurement date. Specifically review contractor and project user populations. Update the user account change log. Begin tracking any new system implementations, integration deployments, or headcount changes that will affect the next measurement cycle — document them now rather than reconstructing the history under audit pressure later.

Months 9–12: Renewal Risk Window and Next-Cycle Planning

Month 9–10

ELA Renewal Risk Assessment

If your ELA renewal falls within the next 12–18 months, this period is highest audit risk. Conduct a renewed licence position assessment — not a full USMM, but an internal check against the submitted SLAW to confirm the position has not deteriorated materially since submission. Identify any new exposure that has emerged (new user populations, new integrations, changes in business scope) and develop a remediation plan before SAP initiates any formal audit or commercial pressure.

Month 11

Next-Year Measurement Planning

Begin planning the next year's measurement programme. Review lessons from the current year: what preparation activities had the most impact, what issues emerged during the SLAW review that could have been avoided with earlier intervention, what documentation gaps the SAP review process exposed. Update governance documentation and confirm the measurement window for the next cycle.

Month 12

Year-End User Audit and Programme Review

Conduct the year-end comprehensive user account audit: lock all accounts inactive since the measurement, review all contractor and temporary user IDs, and confirm that all leavers since the measurement date have been processed. Update the contract entitlement register with any commercial transactions from the past year. Verify SAP's entitlement records match your own. Brief the incoming year's programme plan to relevant stakeholders.

Ongoing Monthly Activities Throughout the Year

In addition to the monthly milestones above, the following activities should occur on a continuous monthly basis throughout the programme cycle:

  • Monthly leaver processing: Lock or delete SAP user accounts for all employees and contractors whose engagement ended in the prior month, within five business days of departure.
  • Monthly new user review: Verify that all user accounts created in the prior month have been assigned the correct licence type based on actual business function rather than default templates.
  • Integration governance check: Review any new third-party system integrations or RPA deployments approved in the prior month and assess their indirect access licence implications before they reach production.
  • Audit correspondence log: Record any informal communications from SAP regarding licence matters, whether from the account team, the licence management team, or the audit team.
Expert Perspective

"The 12-month plan looks substantial on paper, but when executed as a programme with clear ownership, the monthly effort is modest — typically two to four person-hours per month. The return on that investment is measured in the audit settlements it prevents, which routinely run to seven figures for enterprises our size. The ratio is not even close."

Our Services

Independent SAP Licensing Advisory

Audit defence, contract negotiation, licence optimisation — all buyer-side, no SAP affiliation.

Explore All Services → Case Studies

Real Results for Enterprise Buyers

See how we've helped enterprises reduce SAP spend by 30–60% and win audit disputes.

Read Case Studies →

Part of the SAP Audit Prevention Series

Related Guides

More SAP Audit Prevention Resources

SAP Audit Defence

SAP Audit Prevention & Preparation Guide

The strategic framework for SAP audit prevention — what triggers audits, what controls prevent them, and how to build a defensible position.
SAP Audit Defence

SAP System Measurement Guide

The complete measurement framework — USMM, SLAW, strategic timing, and pre-submission preparation for enterprise buyers.
SAP Audit Defence

SAP Audit Preparation Checklist: 50 Steps

The 50-step checklist for comprehensive SAP audit preparation — what to gather, document, and review before the audit clock starts.

Free Consultation

Get Independent SAP Licensing Advice

No SAP affiliation. No reseller commissions. Just forensic SAP licensing expertise working exclusively for enterprise buyers.

Book a Free Consultation →