SAP Audit Pre-Flight Checklist (SAP Licensing Series Part 3/3)

11 March 2013
8 minute read

SAP Audit Pre-Flight Checklist (SAP Licensing Series Part 3/3)

11 March 2013
8 minute read

7P: Pre-flight checks for SAP Licensing Audit

This article has been contributed by Moshe Panzer, CEO of Xpandion.

Part 3: Pre-audit Data Cleansing Classification 

Last call for joining the journey to a successful SAP audit!

We began the journey with the right state of mind (see 8 Tips for a Successful SAP Licensing Audit), continued by creating the setting for producing the first draft of the audit report (see SAP Audits – 6 steps to Prepare Real Use Data) and finally, we are ready to conclude the journey successfully as we please our auditors with an accurate, clear-cut report.

Follow these 11 tips on pre-audit processes, classifications and ongoing monitoring aspects, to meet your auditors well-prepared and highly confident.


Tip 1 – Eliminate duplicate usernames in identical systems: Duplicate usernames tend to turn into a complicated issue in large enterprises. Employees may have more than one username in the same system – one being used for routine activities and one which is dormant. In most cases, duplicate usernames are merely a mistake, resulting from employees changing usernames, yet forgetting to lock their previous ones. This means that an employee is occupying an expensive license for no real reason.

In other cases, employees submit several requests for a new username and the requests are fulfilled repeatedly. Surprisingly, we have witnessed numerous cases as these. Such duplicate usernames should be closed and their license type freed.

To identify duplicate usernames, apply at least one of the following methods:

  • Same username
  • Same email address
  • Same full name

Note: It is highly recommended to apply all three methods successively, and even better, use fuzzy algorithms in order to identify duplicate users (such as with misspelled names).

Our experience shows that neglecting to eliminate duplicate accounts is the most common mistake made throughout pre-audit processes (by 80% of our customers!).

Tip 2 – Consider closing unused accounts: Inactive usernames imply users that have not entered the system in a long time (e.g., for 6 months or a year). Unless there is a specific reason for these usernames to be defined, yet inactive, they should be eliminated and their licenses should be freed (reallocated or cancelled).

Tip 3 – Complete missing data in user master records: Make sure to complete user master data in all relevant SAP systems (at least: full name, department and email address). A clear user record facilitates the identification of duplicate accounts, enabling you to eliminate such accounts and save valuable licenses. Completing the email address is extremely important since email matching is the most reliable method for locating duplicate usernames in large enterprises, and attaching the usernames to employees.


Tip 4 – Understand the concept of Named User: SAP contracts are based on Named Users or account per employee. If an employee leaves and another is hired, the new employee can be counted under the license of the former employee (providing they hold the same license type). This means that on the date of the audit each license should have an employee attached, and the number of Named Users should match the total number of employees that exists in the SAP systems on that same day. If this is not the case, it implies that you have either too many or too few licenses than what you actually need on that day; something which needs to be explained and internally resolved.

Tip 5 – Analyze a sufficient amount of data: Examine three months worth of data at minimum. The more data you analyze, the more accurate your conclusions will be. In most cases the recommended period for analysis is one year.

Note: For the purpose of analyzing a large amount of data, consider using a dedicated software tool that can handle such an extent of data correctly and effectively.

Tip 6 – Never classify users to license types according to their granted authorizations: Although it sounds reasonable that a user with powerful authorization roles is classified as Professional; this is not always the case. Classifying users according to their granted authorizations means you are classifying them based on responsibilities rather than by usage de-facto. Most employees do not use all functions granted to them, in fact average users utilizes only 7% of their granted authorizations! Taking this into account, classifying users by their authorizations is not recommended as it can be inaccurate and result in a waste of resources.

Tip 7 – Do not assume that your license types are finite: Often, organizations will purchase only a minimal amount of license types, whereas SAP sells various license types. If your organization has purchased only a couple of license types, check whether other license types can better fit your needs, offering you a more suitable alternative.

The most common license types are: Professional, Limited Professional, Employee and Employee Self Service, however there are more options for unique types of SAP systems or for licenses purchased under earlier contracts (mySAP ERP 4.6C and earlier).

Ongoing Monitoring

Tip 8 – Always be prepared for an audit: According to SAP customers should be audited on an annual basis, so prepare your organization accordingly. While this is the shortest tip it is also the most fundamental one, as per our experience.

Tip 9 – Consider implementing a long-term policy: Just imagine that your organization has a clear policy on how to classify users, combine them among systems and periodically eliminate the unnecessary ones. Wouldn’t it be so simple to prepare for the audit…?

If you do not have such a policy in place, we urge you to set one now.

Assuming you have a satisfactory policy in place, review it again to make sure it still fits your current business situation. Consider embedding this policy into a software tool, which can continuously track user activity logs and set the most appropriate license type for each user. The right software tool can also apply certain business rules and recommend which usernames can be closed. Using automated software, this process is continuously repeated, thus enabling your organization to constantly hold a ready-for-audit position.

Tip 10 – Always maintain up-to-date documentation: The more clearly defined and documented all decisions regarding SAP licensing are, the easier the audit inspection will be.

Be sure to document the following:

  • Reasons for each specific granted licensing type, per each username
  • Explanation for combining usernames to a single employee
  • Methods being used for classification

Tip 11 – Share the responsibility for SAP licensing: It is highly recommended that each manager reports the licensing-related matters for their direct teams (see our blog: multi-level licensing). Integrating managers directly into the workflow of their direct teams is ultimately easier to control and generally produces the most precise numbers.

According to our observations, when the budget for SAP licensing is managed by a department rather than by a central IT budget, the number of licenses required is quickly and significantly reduced to the exact number of actually needed ones.

And Finally… Remember:

Effective optimization of your SAP licenses on a continuous basis plays a vital role in the outcome of SAP audits. Step-by-step, tip-by-tip, complete the journey to a successful SAP audit and peacefully submit your report feeling secure and confident as to its results.

Moshe Panzer is the founder and CEO of Xpandion Ltd. A renowned SAP expert with recognized industry-credentials, Mr. Panzer has orchestrated over large complex SAP implementations worldwide. Xpandion is the leading provider of ERP Usage Inspection solutions, focusing on the areas of SAP licensing, segregation of duties and security & authorizations. Xpandion was named Cool Vendor in ITAM for 2012 by Gartner Inc. for its ProfileTailor™ LicenseAuditor solution.

Image Credit7P

Can’t find what you’re looking for?