SAP's annual system measurement is not a compliance check — it's a commercial extraction tool. Every piece of data you submit gets fed directly to SAP's licence sales team. This guide tells you what SAP actually measures, how the Effective License Position is calculated, where they overcount, and how to challenge a back-licence claim before you write a cheque.
An SAP licence audit is a formal review of how your organisation uses SAP software compared to the licences you have purchased. On the surface, this sounds reasonable. In practice, SAP's audit process is a carefully engineered commercial programme designed to identify revenue opportunities — not simply to verify compliance.
SAP conducts audits through its Global Licence Audit & Compliance (GLAC) team. They are measured on revenue recovered. The audit letter is rarely random: SAP typically triggers a measurement after you have expanded headcount, acquired a company, deployed a new module, or made changes that SAP's monitoring has flagged as suggesting higher consumption than your current licence position covers.
SAP operates two types of formal review. A basic audit uses your own USMM output and licence records to calculate a gap. An enhanced audit involves SAP's specialists going deeper — examining indirect access, system landscape definitions, and historical transaction data. Most enterprises encounter the basic audit first, with the enhanced audit threatened as escalation leverage if you do not settle quickly.
The audit letter will stress contractual obligation and urgency. It will not mention that USMM routinely overcounts named users, that user classifications are routinely challengeable, that the compliance gap is a starting position — not a final number — and that settling within 60 days without independent review almost always results in overpayment.
Understanding the tools SAP uses to measure your licence position is essential to challenging their findings. SAP's measurement ecosystem was designed by SAP engineers to maximise revenue discovery — not to give you an accurate picture of your actual licence obligation.
User System Measurement — the primary tool SAP uses to count named users across your ABAP landscape. USMM identifies every user record that has logged in, then attempts to classify them by activity pattern. The classifications it produces frequently over-assign users to Professional or Limited Professional categories when more restrictive types apply.
Licence Auditing Workbench — consolidates USMM data across multiple SAP systems to produce a single Effective License Position for your entire landscape. LAW is critical in multi-system environments where the same user exists across multiple clients or system copies.
SAP's STAR tool analyses transaction codes executed by each user during the measurement period. It looks for Professional-level transaction usage to justify upgrading a user from a lower category. STAR outputs are frequently used to challenge your own user classification arguments.
SAP continuously collects telemetry from your landscape via Solution Manager and the successor SAP for Me portal. This data informs SAP's commercial team before the formal audit begins — meaning SAP often knows your approximate exposure before you do.
The critical insight is that all of these tools were built by SAP for SAP's benefit. Running USMM without expert guidance and submitting the raw output to SAP is one of the most common — and costly — mistakes enterprises make. You should never submit raw USMM data without first reviewing it for over-classification, inactive users, and landscape scope errors.
Our SAP audit defence team reviews your USMM output before submission, identifies challengeable classifications, and prepares a counter-ELP that protects your position. Enterprises that engage us before submitting data reduce their final settlement by an average of 60%.
Book a Pre-Submission Review →SAP's audit follows a structured playbook. Knowing what to expect at each stage gives you the ability to respond strategically rather than reactively.
SAP notifies you in writing that a licence audit will be conducted, citing your contractual obligation to participate. The letter typically establishes a 30–60 day window for submitting your measurement data and specifies which systems are in scope. This letter triggers your response window — and the clock starts immediately.
You run USMM across your defined system landscape and submit the output to SAP's GLAC team, typically via the SAP for Me portal or a structured data transfer. Before submission, you should classify every user against your contract's user types, remove inactive accounts, and reconcile system copies and non-production systems against your licence agreement.
SAP's GLAC team analyses your submitted data and produces an Effective License Position — a comparison of your measured consumption against your licensed entitlement. This is where SAP's commercial interests are most visible. The draft ELP will almost always show a compliance gap, because USMM over-classifies users and SAP interprets contract ambiguities in its own favour.
You have the right to challenge SAP's ELP findings. This is where the real work happens. A forensic review of SAP's calculations often reveals incorrectly classified users, users included from development or test systems that should be excluded, system copies counted as production instances, and indirect access claims built on questionable legal foundation. Each of these is challengeable — but only if you know how.
Most audits settle commercially. SAP will prefer a licence purchase or a multi-year commitment over litigation. The final settlement figure is determined by the strength of your challenge, your commercial relationship with SAP, and your willingness to negotiate rather than capitulate. Enterprises that engage independent advisors consistently settle for less than those who rely on SAP's account team or their SI partners — who have their own relationship with SAP to protect.
The Effective License Position is the cornerstone document of any SAP audit. It compares your entitled licences (what you've bought) against your measured consumption (what SAP says you're using). A positive number means you have spare licence capacity. A negative number — a compliance gap — means SAP claims you owe them money.
Understanding how the ELP is constructed is essential to challenging it effectively.
USMM classifies users based on the most powerful transaction they have executed. A user who runs one Professional-level transaction per quarter is classified the same as a daily power user. This dramatically overstates the licence requirement and is consistently challengeable.
Users who have not logged in for 12+ months, or who are locked in the system, may still appear in USMM output. These should be excluded from the measurement. SAP's tool does not automatically remove them — you must do this manually before submission.
SAP may attempt to include development systems, sandbox environments, quality assurance landscapes, or systems acquired via M&A activity that are not yet integrated into your licence agreement. All of these should be challenged if not explicitly in scope.
The ELP is SAP's opening offer in a commercial negotiation. Treat it accordingly. Accepting it unchallenged is equivalent to paying the sticker price on a car without negotiating — it simply isn't necessary.
Indirect access — now rebranded by SAP as "Digital Access" — is the single most contentious area of SAP licensing. It arises when a third-party system (a CRM, e-commerce platform, IoT system, or RPA bot) reads or writes data into SAP without a human named user performing that action directly.
SAP introduced the Digital Access model in 2018 with specific Document Types: Orders, Deliveries, Invoices, Material Documents, and Production Orders. Each document created by an indirect system is potentially licensable under this model. At high document volumes, the commercial exposure can be substantial — and SAP's audit teams have become increasingly aggressive in pursuing indirect access claims.
Does the activity in question trigger a specific, chargeable Document Type under SAP's Digital Access model — or does it fall into one of the many excluded categories? SAP's initial claims almost always include activity that is genuinely excluded. Independent analysis of your interface landscape consistently reduces Digital Access claims by 40–70%.
Before engaging with SAP on any indirect access claim, you need a full inventory of every integration, every interface, and every automated process that touches SAP data. Our SAP indirect access advisory service provides this analysis and builds the technical evidence base to challenge SAP's assertions.
Audit defence is not about non-compliance. It is about ensuring that SAP's measurement of your usage is accurate, that their contract interpretation is correct, and that the commercial outcome reflects genuine liability rather than SAP's commercial ambitions. Here is how enterprises fight back effectively.
The single most impactful decision you can make is to engage independent SAP licensing expertise before you run USMM and before you submit a single piece of data to SAP. Everything submitted becomes part of your formal audit record and can be used against you in settlement negotiations.
Before SAP produces their ELP, build your own. A forensic review of your user base, licence entitlements, and system landscape lets you identify where SAP will over-claim and prepare your counter-arguments before the formal discussion begins.
Challenge user classifications systematically. A user assigned Professional solely because they once executed a high-level transaction can often be reclassified to Limited Professional or Employee with evidence of their actual day-to-day role. This alone reduces audit gaps by 30–50% in most landscapes.
Require SAP to provide written justification for each system included in the audit scope. Development instances, QA systems, sandbox environments, and non-production copies should not appear in a named user measurement. Each unchallenged inclusion inflates the gap.
Build an evidence file documenting every user exclusion, every system exclusion, and every reclassification. SAP's GLAC team will require written justification for every adjustment you make to their ELP. Undocumented assertions are dismissed. Evidence-based arguments are accepted.
Your SAP account executive is not on your side during an audit. They are measured on revenue and will often encourage you to settle quickly and "extend the relationship." Negotiate directly with the GLAC team, with independent expertise at your side, not through your account team.
Our SAP audit defence service has resolved over $200M in compliance exposure across dozens of enterprises in the last five years. We work exclusively on the buyer side — no SAP affiliation, no reseller agenda.
Start Your Audit Defence →Every SAP audit ultimately ends in a commercial settlement. SAP will not take you to court over a licence gap unless the amount is exceptionally large and your conduct has been clearly adversarial. Their goal is a commercial outcome: a back-licence purchase, an expansion deal, or a commit-to-cloud migration that generates new revenue.
Understanding this gives you negotiating leverage. SAP needs a settlement too. The question is whether you settle on your terms or on theirs.
Never accept the first ELP as the final number. The initial compliance gap presented in SAP's first ELP is almost always significantly inflated. It is designed to anchor the negotiation at a high point. Counter every finding with documented evidence, and track every concession SAP makes in writing.
Use the audit as a licence optimisation opportunity. During the settlement discussion, you have more commercial leverage than at any other point in your SAP relationship. Use this window to right-size your licence position, reduce your Enterprise Support spend via our SAP support cost reduction service, or negotiate more favourable contract terms for future S/4HANA or RISE with SAP commitments.
Consider the timing of your contract renewal. SAP's willingness to reduce an audit settlement increases significantly when you are approaching a contract renewal. If your Enterprise Agreement or Order Form is due for renewal within 12–18 months, use that timing strategically in settlement discussions.
For guidance on how to structure a commercial settlement that protects your future position, see our SAP contract negotiation service.
Yes — virtually all SAP Master Agreements include an audit rights clause that obligates you to submit to a measurement at SAP's request, typically once per year. However, the clause also specifies what SAP can and cannot request, which systems are in scope, and the process you must follow. Understanding the exact wording of your audit rights clause is the first step in managing the process.
Non-cooperation typically triggers escalation to SAP's legal team and an assumption by SAP of maximum possible non-compliance across your landscape. In practice, no enterprise benefits from refusing to engage — but engaging does not mean accepting SAP's findings unchallenged. You can cooperate fully while rigorously contesting every aspect of SAP's ELP.
From the initial audit letter to final settlement, most SAP audits run between 6 and 18 months. The timeline depends on the complexity of your landscape, the size of the claimed gap, and how aggressively both parties engage in the negotiation. Enterprises with independent advisory support tend to reach settlement faster because they can respond to SAP's findings with documented counter-positions rather than requests for internal clarification.
SAP's contractual right to audit is typically once per year. However, if you settle and then immediately expand your SAP footprint — through an acquisition, a new system deployment, or a headcount increase — SAP may initiate a new measurement cycle. A well-structured settlement agreement should include a "clean period" provision that restricts SAP from initiating a new audit for a defined period following settlement.
System integrators and SAP-authorised resellers should not be your first call during an audit. They have direct commercial relationships with SAP that create conflicts of interest. An SI who sells SAP licences as part of their business model is not incentivised to minimise your SAP spend. Independent advisors with no SAP revenue dependency — like our team — are the only advisors whose interests are fully aligned with yours.
Submitting raw USMM data without expert review. Enterprises routinely submit USMM output that SAP has not seen yet, assuming it reflects their true position. In reality, USMM routinely over-classifies users, includes inactive accounts, and captures system activity from non-production environments. Every line of over-stated consumption you submit becomes the baseline for SAP's compliance gap — and you cannot unsubmit it.
Don't face an SAP audit with only your account team and an SI on your side. Our SAP audit defence experts have resolved over $200M in compliance exposure — exclusively for buyers, never for SAP.