Shelfware & Indirect Access: Hidden Risks in SAP Licensing for CFOs
Why CFOs Must Pay Attention to Hidden SAP Licensing Risks
SAP is a mission-critical system for many enterprises, and the annual expenditure on SAP software often exceeds the tens of millions of euros. Yet, not all of that spending is delivering value.
Two often overlooked issues, shelfware and indirect access, can act as invisible cost drains or liability traps. For a full overview, read our SAP Licensing guide for CFOs and Financial leaders.
These hidden risks in SAP licensing mean a company could be bleeding money on unused licenses or facing unexpected fees without the CFO’s awareness.
For CFOs and finance leaders, it’s essential to shine a light on these blind spots. Shelfware (unused SAP licenses sitting “on the shelf”) quietly incurs support costs year after year with no return.
Indirect access (also known as digital access) refers to situations where non-SAP systems or users interact with SAP data, potentially triggering license requirements that may not be immediately apparent.
Both situations can lead to financial exposure, whether it is ongoing waste or unexpected audit penalties. Simply put, financial leaders need visibility and controls over these hidden aspects of SAP licensing to protect the company’s budget and avoid unpleasant surprises.
By proactively managing shelfware and indirect usage, CFOs can eliminate waste, avert compliance fines, and strengthen their hand in negotiations with SAP.
For a more detailed understand read – SAP Licensing Cost Drivers: What CFOs Must Know About User & Engine Metrics
Shelfware — The Silent Drain on SAP Budgets
What is shelfware?
In the context of SAP, shelfware refers to licenses that a company has purchased but is not using or is underutilized. This could include SAP modules that were bought and never implemented, or more commonly, blocks of named-user licenses that sit idle.
For example, a business might have bought 10,000 Professional User licenses, but only 7,500 employees use SAP regularly. The remaining 2,500 licenses are effectively “shelfware.” The company continues to pay annual support and maintenance fees for those licenses, even though they provide no business value.
Shelfware is a silent budget drain because of SAP’s support fee model.
Typically, SAP charges 20–22% of the software license price per year for maintenance and support. That means even unused licenses incur ongoing costs. If you purchased a license for €1 million and never used it, you’d still pay around €200,000 every year in support fees for that unused software.
Over five years, you might pay more in maintenance than the original license cost – all for something that isn’t contributing to the business.
These fees are often embedded in large IT budget line items, making them hard to spot without careful license audits.
How does shelfware happen? Several common scenarios lead to SAP shelfware:
- Over-forecasting user counts: Companies often purchase more user licenses than needed, expecting growth or to be “on the safe side.” It’s easy to overestimate the number of employees who will need full SAP access. The result is excess licenses sitting idle.
- Mergers & acquisitions: When companies merge, they often inherit duplicate SAP systems or licenses. Two organizations might both have SAP HR modules or overlapping user licenses. Until the systems are consolidated, one set of those licenses could effectively be shelfware.
- Organizational changes: If parts of the business are divested or certain projects are canceled, licenses acquired for those initiatives become unused. For instance, if you license an SAP module (such as CRM or Supply Chain) but later switch to a different solution, the SAP licenses remain under contract and unused.
- Role misalignment: Sometimes, employees are given a more expensive license type than they need. For example, many companies default new users to a Professional User license (a high-tier, high-cost license) even if those individuals only perform basic tasks that a less expensive license (such as an Employee Self-Service or Limited Professional user) would cover. This misclassification means paying for a Ferrari when a bicycle would do — the extra capability is paid for but never utilized.
- Lack of license governance: Without regular monitoring, unused accounts accumulate. Employees leave or change roles, but their SAP user accounts (and licenses) remain active and assigned. If there isn’t a process to reclaim or reallocate those licenses, the unused count grows over time. Additionally, companies may be hesitant to reduce license counts for fear of triggering an audit or because “we’ve always paid for this, better not rock the boat.”
The cost impact of shelfware can be substantial. It’s not uncommon for organizations to discover that 20–30% of their SAP named user licenses are not in active use. For example, one enterprise discovered that approximately 25% of its Professional User licenses were unused, resulting in around €5 million in annual wasted maintenance fees.
That is money being spent each year with zero value gained in return. This type of hidden waste accumulates quickly and directly erodes the IT budget — and, by extension, the company’s bottom line.
Read RISE with SAP vs On-Prem Licensing: OpEx vs CapEx From a CFO Lens..
To illustrate various software scenarios and their financial impact, consider the following examples:
| Scenario | Example | Financial Impact | Mitigation |
|---|---|---|---|
| Over-purchased users | 2,000 Professional licenses unused | ~€5M annual waste | License reclamation (reduce or reallocate excess licenses) |
| M&A overlap | Two merged firms both licensed SAP HR module | ~€3M duplicate cost | System consolidation (eliminate redundant licenses) |
| Role misalignment | Functional staff given full Professional licenses | ~20% license overspend | Reclassification (downgrade to appropriate license level) |
In each of these cases, shelfware is quietly draining funds.
The mitigation tactics (reclaiming licenses, consolidating systems, reclassifying users) are discussed later in this article, but the key point here is awareness. CFOs should view shelfware as a form of financial waste to be eliminated.
Every euro spent on support for an unused license is a euro that could have been invested elsewhere — in innovation, new projects, or simply saved to improve margins.
By identifying shelfware early and taking action, CFOs can prevent this silent budget leak.
Indirect Access — The Hidden Liability
While shelfware represents wasted spend, indirect access represents potential unplanned spend and compliance risk. Indirect access (also referred to by SAP as Digital Access) occurs when people or applications that don’t directly log into SAP still interact with SAP data.
In simpler terms, it’s any access to SAP’s digital core by a third-party application or external user.
Common examples of indirect access include:
- A CRM system like Salesforce or a customer portal that pulls or pushes data from the SAP ERP (for instance, creating sales orders in SAP via an external e-commerce website).
- A business intelligence tool that queries SAP’s database to generate reports for users who aren’t SAP users.
- An employee HR portal or mobile app that displays or updates information from SAP in the background.
- Supply chain or partner systems exchanging orders, invoices, or inventory data with SAP automatically.
From a technical perspective, these interactions often use interfaces, APIs, or intermediate systems to read/write SAP data. From a licensing perspective, however, SAP often considers this indirect use of its software to still require a license. This is where the risk lies: companies may unknowingly be under-licensed for this indirect usage.
Why should CFOs care?
SAP has become increasingly aggressive in recent years in identifying and charging for indirect access. Indirect access has been called SAP’s “licensing time-bomb” for businesses.
During an audit, SAP’s Global License Auditing team will inquire about integrations and may review log files or documents created within the system.
Suppose they find that, for example, a non-SAP front-end system has been generating SAP business documents (such as sales orders, invoices, or human capital management records). In that case, they can claim that those documents or external users represent unlicensed usage of SAP.
The financial exposure from indirect access can be massive. Consider a scenario where a Salesforce-sales automation integration wasn’t properly licensed: SAP might claim every Salesforce user creating an order should have had an SAP license, or they might count every order as a “digital document” that needs to be paid for. It’s not theoretical — real companies have been hit with multi-million euro penalties.
For example, an integration between SAP and a third-party sales platform at one company triggered an audit claim of around €10 million in additional license fees due to indirect access.
In another public case a few years ago, a large multinational was found liable for tens of millions of pounds in fees because their customer portal allowed external users to indirectly use SAP functionality without proper licenses.
No industry is immune: manufacturing, pharmaceuticals, consumer goods, and others have all faced such claims.
SAP’s newer Digital Access licensing model attempts to address this by charging for the outcomes of indirect usage (specifically, counting certain document types like Sales Orders, Invoices, Purchase Orders, etc., generated via indirect access).
Customers can choose to license a quantity of these documents instead of named users for external systems.
However, whether under the old model (named user licenses for any access) or the digital access model, the result is that these indirect connections aren’t free. If not accounted for, they represent a hidden liability that can surface suddenly during an audit.
In short, indirect access poses a hidden risk because it often goes undetected by both IT and finance until an audit or license review brings it to light. CFOs should not assume that if users aren’t logging into SAP directly, there’s no cost. Every external touchpoint to SAP data could carry a license implication.
Audit Penalties and Financial Exposure
SAP license audits are the mechanism by which these hidden issues typically come to light. When SAP initiates an audit (typically annually or as stipulated in the contract), they require the company to run measurement tools and provide usage data.
This is where shelfware and indirect access issues are often uncovered in stark detail, and the findings can result in substantial financial penalties.
From a cost perspective, SAP audits might reveal:
- Excess named users of a certain type: For instance, you licensed 1,000 Professional Users but have 1,200 active users classified as professional-level based on their activity. SAP will ask you to purchase the extra 200 licenses retroactively (often at list price and with back-dated maintenance fees). This can be costly, even if the per-license cost is a few thousand euros, especially with maintenance added in.
- Misclassified users: Perhaps some users performing heavy tasks only have a low-level license. In an audit, SAP could reclassify them as needing a more expensive license type and again require back payment. This tends to penalize under-licensing, whereas shelfware is over-licensing; the latter doesn’t trigger a fine since you’ve technically overpaid, but it means you’ve been wasting money. However, misclassifications show gaps where you weren’t compliant.
- Indirect access usage: If SAP finds you have significant indirect use not covered by your licenses, they will present a bill for those. This may require the purchase of a new type of license (e.g., a package of Digital Access documents or additional named-user licenses for indirect users). The initial bill can be startlingly high.
One important note: SAP audit penalties are usually not “fines” in the legal sense; they are essentially demands that you purchase the necessary licenses to comply. But from a financial perspective, it feels like a fine because it’s an unbudgeted expense that can far exceed your expected spend.
Frequently, the initial audit finding from SAP will calculate a very high compliance gap cost — sometimes much higher than the value of the licenses in question. This occurs because SAP often calculates back-maintenance from the date of the first non-compliant use and charges license list prices.
For example, suppose an audit identified an indirect access scenario dating back three years. In that case, they might not only ask you to purchase the licenses now, but also require you to pay for three years of support on those licenses.
These additional charges can exceed the original license cost, further compounding the financial burden.
However, there is usually room to negotiate and remediate. It’s in both SAP’s and the customer’s interest to maintain the relationship, so companies often engage in discussions to reduce the impact. For instance, an audit initially identified approximately €7 million worth of indirect access fees.
After the company took corrective action (shutting down or properly licensing some integrations) and entered negotiations, they managed to bring the settlement down to about €2 million.
By presenting a plan to remediate and leveraging their future business with SAP, the CFO and IT team were able to substantially reduce the payout.
The lesson for CFOs is twofold: avoid getting in that position in the first place by proactive management, and if it does happen, engage quickly in remediation and negotiation to manage the financial exposure. SAP audits are thorough, but they also serve as a starting point for a conversation.
A CFO armed with data and a clear mitigation strategy can often secure a better outcome than simply cutting a check for the initial claim.
In summary, audit penalties can be a huge unexpected hit to the budget. CFOs should treat SAP compliance as a continuous discipline to prevent dramatic audit surprises.
And if an audit does reveal gaps, it becomes a high-priority financial issue to resolve – one that can often be managed down with the right approach.
CFO Tactics for Mitigating Shelfware & Indirect Access Risk
CFOs don’t need to be licensing experts, but they do need a strategy to mitigate these hidden risks.
Working closely with CIOs, IT asset managers, or external experts, finance leaders can implement several tactics to cut shelfware waste and control indirect access exposure.
Here are key tactics and strategies:
- License reclamation: Make it a routine practice to identify and reclaim unused licenses. For SAP, this may involve removing or deactivating user accounts that are no longer needed, and then working with SAP (or your reseller) to adjust the support contract accordingly. If you’re on a subscription model or a renewable contract, ensure you true-down the license count at renewal to stop paying for users you don’t use. In a perpetual license model, outright termination of maintenance on unused licenses can be negotiated (though SAP may have specific rules for dropping support on a subset of licenses). The goal is to stop paying maintenance for shelfware. Some organizations establish a license recycling program: when one user leaves, their license is reallocated to a new user instead of buying a new license. CFOs should champion this discipline to ensure the company isn’t continually purchasing more licenses while others remain unused.
- Reclassification of users: Ensure that each SAP user is assigned the appropriate license type for their actual usage. This might require periodic internal audits of user activity. For example, if analysis shows that 500 employees only use SAP to enter time sheets or view pay stubs, those users could potentially be on a less expensive Employee Self-Service license instead of a Professional license. Adjusting license types downward for light users (and conversely, ensuring power users have the right license to avoid compliance issues) can yield significant savings. By right-sizing license assignments, companies often reduce the overall cost because they’re not overspending on premium licenses unnecessarily. CFOs can encourage a quarterly or biannual review of SAP user roles versus license allocations as part of financial controls.
- Contract protections on indirect access: When negotiating your SAP agreements (such as during a renewal, an expansion purchase, or a migration to S/4HANA or SAP’s cloud offerings), address the topic of indirect or digital access head-on. CFOs should insist on clarity and limits regarding indirect use. This could take the form of a contract clause that defines exactly what types of third-party interactions are permitted under your current licenses, or a cap on how much you would have to pay in any future audit for digital access. In some cases, companies negotiate a one-time conversion to SAP’s digital access document model with a known number of documents (and a significant discount), essentially pre-paying for indirect usage at a lower rate to avoid open-ended exposure. The key is to avoid open-ended terms — get as much certainty as possible. If SAP is pushing its Digital Access licensing, make sure you understand the pricing model and negotiate volume discounts or caps. Also, document any understandings: for instance, if SAP verbally says, “Oh, that integration is fine, it doesn’t need extra licenses,” have them put that in writing or in the contract.
- Monitoring and Continuous Compliance: Don’t wait for SAP’s official audit to determine your status. CFOs should ensure the company invests in license management tools and processes. SAP provides the LAW (License Administration Workbench) tool to help consolidate user license data across systems. Many companies also utilize third-party Software Asset Management (SAM) tools, which provide more advanced analysis capabilities. Regularly run license usage reports (monthly or quarterly) to spot trends: Are new users being added at a high license tier by default? Are certain modules completely unused? Also, proactively monitor integrations. Maintain an inventory of all systems interfacing with SAP. For each, have IT assess if that integration could be creating documents or accessing data in a way that SAP would consider “digital access.” By tracking this continuously, you can take corrective action (license those scenarios or technically limit the integration’s access) before an official audit. In essence, embed SAP license compliance checks into the IT governance process for any new system or project that touches SAP.
By employing these tactics, CFOs turn what is often an unseen, reactive problem into a managed aspect of the SAP investment. The outcome is not just cost savings, but also predictability.
When you have shelfware and indirect usage under control, you eliminate the wild cards from your IT spending. That means fewer last-minute budget fires to put out, and more leverage when planning and negotiating with SAP for future needs.
Example Scenario — CFO Neutralizes Hidden Risks
Consider a simulated case that illustrates how these issues can play out and be resolved. Company XYZ has an annual SAP spend of €30 million.
The CFO assumed this was the “cost of doing business” with SAP and focused on negotiating discounts on upfront costs.
However, after an internal review (and some prompting by a looming SAP audit), they discovered two major hidden problems:
- Shelfware: Out of 15,000 total SAP named user licenses the company owned, roughly 4,000 (mostly Professional tier) were assigned to users who hadn’t logged in for over a year or to ex-employees. This was a huge software block, costing the company several million euros in annual support fees.
- Indirect access exposure: The company had rolled out a new HR self-service portal a couple of years ago. Employees could update their data and view paychecks via this portal, which, in the back-end, pulled data from SAP HR and even created some records in SAP. Since employees accessed the portal without directly logging into SAP, the project team hadn’t considered SAP licensing for this. The SAP auditors, however, flagged this integration as indirect usage. Based on the number of employees and the types of data accessed, SAP initially claimed the company needed to pay for additional digital access licenses, totalling an estimated €5–€6 million in fees.
Faced with this dual challenge, the CFO led a rapid remediation initiative:
- Reclaiming shelfware: The IT asset management team was tasked with optimizing user licenses. They identified the inactive accounts and, where possible, reallocated those licenses to real active users (instead of purchasing new ones for new hires). More importantly, during discussions with SAP, the CFO successfully negotiated the removal of a large chunk of truly unused licenses from the maintenance agreement. By rightsizing the support contract to actual usage, they reduced the annual SAP maintenance bill by a significant margin.
- Mitigating indirect access charges: The CFO’s team engaged SAP in discussions about the HR portal. They provided SAP with details on the use case and demonstrated their willingness to bring it into compliance with the requirements. They explored switching to SAP’s digital access document model for a fixed count of HR documents. In the end, instead of paying the full €6 million surprise bill, they struck a deal to pay perhaps a smaller, more manageable amount (say €2 million) for additional licensing that covered the portal usage, along with an agreement that SAP would not pursue further historical charges. They also negotiated contract language to clarify the usage rights of this portal for future use.
After these actions, the outcome was dramatic. By eliminating shelfware and mitigating most audit claims, Company XYZ saved an estimated €8 million on SAP costs.
Their effective SAP spend dropped from €30M to €22M for that year, and importantly, they set themselves up to avoid such surprises in the future.
Equally as important as the savings, the CFO now had peace of mind knowing that robust controls were in place. The CFO could report to the board that they had mitigated a significant risk and would maintain SAP costs as efficiently and transparently as possible moving forward.
This scenario illustrates how a CFO, by scrutinizing the details and collaborating with IT on license management, can uncover hidden value and protect the company from unexpected financial risks.
It’s a proactive stance that turns SAP licensing into a source of savings and security, rather than an unpredictable cost center.
CFO Audit-Ready Checklist for SAP Shelfware & Indirect Access
Every CFO or finance leader overseeing an SAP environment should ensure the following steps are part of their regular governance.
Use this checklist as a quick audit-ready reference to keep your SAP licensing optimized and risk-free:
☐ Run regular license usage reports. (Get periodic data on how many licenses are in use vs. purchased.)
☐ Reallocate shelfware before renewals. (Identify unused licenses and try to remove or reuse them before contract renewal or true-up.)
☐ Validate user classifications against roles. (Ensure users have the appropriate license type; adjust any misclassifications before an official audit does it for you.)
☐ Identify all non-SAP integrations touching SAP. (Maintain an inventory of interfaces and check their licensing impact. No integration should fly under the radar.)
☐ Negotiate caps/clarity on indirect access fees. (In contracts, clarify how indirect/digital access is handled and put a cap on potential charges if possible.)
☐ Embed license monitoring into IT-finance governance. (Make SAP license compliance a continuous process, with finance oversight, so it’s not solely an IT concern.)
By ticking off these items regularly, CFOs can confidently stay “audit-ready” — meaning there should be no shocking findings when SAP comes knocking, because you’ve already caught and addressed them.
5 Recommendations for Finance Leaders
Finally, here are five high-level recommendations for CFOs and finance leaders to effectively manage and mitigate hidden SAP licensing costs:
- Treat shelfware as financial waste to eliminate (not just an IT issue). Make unused licenses a finance priority, similar to cutting any other unnecessary expense.
- Audit license assignments quarterly for reclassification opportunities. Frequent internal reviews will catch mislicensed users or dormant accounts before they become costly.
- Insist on contractual clarity around indirect and digital access. Don’t sign agreements with vague terms — explicitly address how indirect use is licensed to avoid gray areas.
- Proactively govern systems integrations to avoid surprise audit findings. Have a policy that any new system or interface connecting to SAP triggers a review of the licensing impact. Prevention is far cheaper than post-audit cure.
- Build SAP license optimization into ongoing financial controls. Incorporate metrics and reports on license utilization into your regular finance IT reviews or dashboards. This ensures continuous alignment between SAP usage and cost.
By following these recommendations, finance leaders can effectively manage SAP licensing challenges. The CFO’s office will not only ensure compliance but also drive cost efficiency in enterprise software usage.
FAQ
What is SAP software, and why is it costly?
SAP shelfware refers to software licenses you’ve paid for but aren’t using. It’s costly because even if the licenses are unused, the company continues to pay annual support/maintenance fees on them (typically ~20% of the license price each year). Essentially, money is spent on “shelf” software that provides no business value. Over time, this adds up to millions of dollars in waste, directly impacting the IT budget without any return on investment.
How does SAP define indirect access (digital access)?
Indirect access refers to using SAP’s systems without directly logging in, typically via a third-party application or interface. For example, if a non-SAP application, such as an e-commerce platform or a CRM system, interacts with SAP data (e.g., creating sales orders, querying inventory), that constitutes indirect access. SAP’s “Digital Access” model formalizes this by charging for the documents (such as orders, invoices, timesheets) created or accessed indirectly. In essence, even if a user or app doesn’t have an SAP login, SAP still requires a license if its data is being used – that’s indirect (digital) access.
Can CFOs negotiate caps on digital access fees?
Yes, and they absolutely should try. When negotiating with SAP, CFOs can seek to include provisions that cap potential costs related to indirect/digital access. For instance, you might negotiate a fixed fee for a certain volume of digital access documents, or include a clause that limits the audit exposure for indirect use. While SAP may not always agree to a strict cap, any clarity or limit you can obtain in writing is better than an open-ended risk. Some companies have successfully included specific language in contracts to address known integrations (e.g., “SAP will not charge additional fees for the Acme Customer Portal connecting to SAP ECC”), giving the CFO assurance that those uses won’t generate extra charges.
What are typical audit penalties for unused or indirect access?
In an SAP audit, “penalties” usually mean you’ll be asked to purchase additional licenses to cover any shortfall, plus back maintenance on those licenses. For unused licenses (shelfware), there isn’t a penalty per se (since unused licenses mean you were over-licensed). However, the audit may reveal misused licenses (e.g., someone using SAP in a way their license doesn’t cover) – in which case the penalty is buying the correct license for them. For indirect access, audit findings can be very expensive, potentially costing millions or tens of millions of euros, depending on the scope. SAP may calculate the number of unlicensed documents created and present a bill accordingly. The “sticker shock” can be huge because they often use list prices and retroactive fees. That said, these initial figures can sometimes be negotiated down. The typical outcome is a settlement where the company agrees to purchase some licenses (perhaps at a discount or in a bundle) to come into compliance. It’s better to never face this: proactive management can avoid incurring any such audit costs at all.
How can finance leaders eliminate hidden SAP costs?
Finance leaders can eliminate hidden SAP costs by instituting strong governance and oversight on licensing. This includes regularly reviewing license utilization (to ferret out shelfware and either eliminate it or repurpose it), ensuring the right license fit for each user, and tracking any new system that touches SAP. Engaging with IT to run internal “mock audits” can identify issues before the real auditors do. On the contract side, negotiating flexibility and clarity helps prevent future surprises (for example, including the right to swap license types or drop unused licenses at renewal). Essentially, treat SAP licenses as a portfolio of assets that need active management – just like you wouldn’t leave financial investments unmonitored, don’t leave software investments on autopilot. With ongoing attention and the tactics discussed (reclamation, reclassification, monitoring, etc.), CFOs can systematically identify and eliminate hidden costs, such as shelfware, and reduce the risk of indirect access fees. The result is a leaner, more predictable SAP cost structure that aligns with actual business usage and needs.
Read about our SAP Advisory Services.
