Introduction – Why Run Internal SAP Audits
If your organization uses SAP, an official license audit is not a question of if but when.
These audits are contractually mandated (often annual), and SAP’s audit approach is revenue-driven – being well-prepared is your best defense.
Instead of waiting to be caught off guard by surprise compliance issues, proactive organizations run internal SAP license audits to find and fix problems on their own terms. For an overview, read our ultimate guide to SAP License Compliance Management: Preventing Audits Through Governance.
By conducting your own “pre-audit,” you control the narrative. You can reclassify users, adjust licenses, and clean up data long before SAP comes knocking with a true-up bill.
Every internal SAP audit is essentially a dress rehearsal for the real one — but with you directing the script.
Key benefits of internal SAP audits include:
- Preventing unplanned true-ups: Catch areas of license overuse early and address them proactively, avoiding sudden costs.
- Improving license classification: Regularly review user license assignments so each user has the proper license type, minimizing compliance issues.
- Controlling audit timing: Make license measurement a routine process (e.g., quarterly) rather than a last-minute scramble when SAP announces an audit.
- Confidence in compliance: Knowing your license position in advance lets you face any SAP audit calmly and from a position of strength.
Overview of SAP’s License Measurement Tools
To self-audit effectively, leverage the same tools SAP uses during formal audits. The primary SAP license measurement tools are USMM, LAW, and DAET:
- USMM (User Measurement): USMM is a standard SAP transaction for measuring usage in each system. Running USMM counts all active named users (classifying each by license type) and records key engine metrics (such as documents or employee counts). USMM produces a measurement report for that system.
- LAW (License Administration Workbench): LAW consolidates the outputs from all systems, eliminates duplicate users, and compiles one comprehensive license usage report. Use LAW internally to see your total license consumption, but don’t send it to SAP until you’ve internally reviewed the results.
- DAET (Digital Access Estimation Tool): DAET estimates indirect usage by counting digital documents (e.g., sales orders, invoices) created via external systems. It quantifies your indirect usage so you can gauge if it stays within your licensed allowances.
With these tools in hand, here’s how to conduct an internal audit step by step.
Step-by-Step Internal Audit Process
Step 1 – Preparation
Lay the groundwork for a smooth audit:
- Define the scope: Decide which SAP systems and modules to include (e.g., ERP, CRM, BW) and the period of usage to examine.
- Gather contracts & data: Collect your SAP license entitlements (contract documents showing purchased license counts and metrics) and pull current user lists and usage data from each system.
- Assign the team: Set up an internal audit team, including a Basis administrator to run the tools, a SAM or asset manager to analyze results, and a procurement analyst to check contract implications.
- Prepare systems: Ensure all systems are ready for measurement (USMM program up-to-date, no conflicting configurations).
- Pre-clean user data: Remove or lock inactive user accounts, and make sure every active user has the correct license type assigned in SU01.
Checklist – Preparation:
- User classifications verified: Active users are assigned appropriate license types.
- LAW rules checked: Consolidation rules (for duplicate users) are set consistently across systems.
- Measurement jobs reviewed: No background tasks interfering with measurement.
Being thorough in preparation ensures the data you collect will be accurate.
Step 2 – Run USMM in Each System
Now measure usage in each SAP system with USMM:
- Open USMM & review classifications: In each system, run a transaction
USMM. Before executing, check the “User Classification” list for any obvious misclassifications and adjust those users’ license types in SU01 if needed. - Execute the measurement: Execute the user measurement to count all active users and gather engine metrics for that system.
- Save and review results: When USMM completes, review the results (total users per license type, plus any package/engine metrics). Export the measurement result file for that system and note any anomalies.
Pro Tip: Fix any misclassifications and rerun USMM so LAW has clean data.
Step 3 – Consolidate with LAW
Combine all system results using LAW:
- Import USMM files: Launch LAW and import each system’s USMM output into a new consolidation project.
- Deduplicate and validate: LAW will automatically deduplicate users. Verify the combined totals make sense (no user counted twice, etc.).
- Export consolidated report: Generate the consolidated license audit report. Do not send it to SAP yet.
Internal Audit Rule: Always review the LAW results internally (with asset management and procurement) before submitting anything to SAP. Address any issues first.
How to build your own SAP compliance program, Building an SAP License Compliance Program: Roles, Policies & Internal Controls.
Step 4 – Validate Digital Access (Indirect Use)
Use SAP’s Digital Access Estimation Tool (DAET) to gauge indirect usage by counting digital documents created via external systems. Ensure the document counts are within your licensed allowances. Pay special attention to any third-party interfaces driving those documents, and investigate any unexplained spikes in usage.
Prevention Tip: If you find a surge of documents you can’t explain, address it immediately – otherwise SAP will.
Step 5 – Compare Results to Contract Entitlements
Finally, analyze your compliance position by comparing usage vs. licenses owned:
- User licenses: For each license type, match the total users from LAW against the number of licenses you’ve purchased. (If LAW shows 3,200 Professional users but you own 3,000 licenses, that’s an overuse of 200.)
- Engine metrics: Check each measured engine or package metric (e.g., HR employee count, sales order count) against the allowance in your contract. Flag any area where usage exceeds entitlement.
- Overuse/underuse/misuse: Identify any usage beyond entitlements (overuse), licenses paid for but not fully used (underuse), or users on incorrect license types (misuse). Document a remediation plan for each issue (remove or reassign users, purchase additional licenses, etc.).
This reconciliation tells you exactly where you stand relative to your contract. It’s your opportunity to proactively fix issues – reallocate licenses, negotiate adjustments, or budget for any needed true-ups – before SAP’s auditors do their own review.
Data Cleanup and Optimization Actions
After the analysis, take corrective actions to “clean house” before any official audit:
Cleanup Actions:
- Remove obsolete users: Lock or delete accounts for ex-employees, test users, and duplicates so they no longer count toward license usage.
- Right-size user licenses: Downgrade users who were given a more powerful license than needed to a lower, appropriate license type.
- Fix role mismatches: If a user’s activities are too advanced for their current license, either restrict their access or upgrade their license to the proper level.
- Sync with HR: Ensure departures and role changes are reflected in SAP user lists (no ghost users consuming licenses).
- Tighten integrations: Disable or correct any external interfaces that were generating unexpected transactions or documents in SAP.
- Clean up data: Archive or delete old records that inflate license metrics, so usage counts reflect the current reality.
- Optimize background jobs: Make sure system batch jobs and technical users have proper licensing (consider special technical licenses for service accounts).
- Log changes: Record all cleanup actions (users removed, processes changed, etc.) to document your compliance efforts.
Outcome: You now have an audit-ready SAP environment – clean user data, accurate license assignments, and usage metrics that align with your entitlements.
Documenting and Storing Audit Results
Treat your internal audit findings as formal records. Store all USMM, LAW, and DAET output files in a secure central repository, clearly labeled with system name and date.
Archive any related notes or communications, and maintain previous audit reports to build a historical compliance record.
That way, you have an accurate audit trail if SAP ever questions your usage.
Reporting and Executive Communication
After each internal audit, prepare a summary report for stakeholders.
For example, you might present a table of each license type’s usage versus entitlements, highlighting any deficits or surpluses, and include key indirect usage findings and remediation plans.
| Metric | In Use | Licensed | Status | Action Needed |
|---|---|---|---|---|
| Professional Users | 3,200 | 3,000 | +200 | Reclassify or purchase 200 |
| Digital Access Documents | 2.1 million | 2.0 million | +100k | Investigate source (CRM) |
In the Status column of the table, “+” indicates overuse and “–” indicates underuse. Deliver this kind of report regularly (e.g., quarterly) to keep leadership informed and to support budget and renewal discussions with SAP.
Integrating Internal Audits into Governance
Make these internal license audits a regular part of IT governance. Schedule them periodically (e.g., quarterly) and align with business cycles so they become routine.
Integrate license compliance checks into daily processes like user onboarding and new system rollouts. This ensures you catch new licensing needs or risks as they arise.
Use each audit’s findings to update your license plans and to improve internal processes. Over time, compliance auditing becomes business-as-usual, reducing the risk of SAP audit surprises.
5 Steps to Run Your Internal SAP Audit
- Run USMM in All Systems: Measure license usage in every SAP system.
- Consolidate in LAW: Merge all system results in LAW (deduplicate users) to get a single usage report.
- Analyze Indirect Use: Use DAET to assess indirect usage (digital documents) and ensure it’s accounted for.
- Reconcile vs. Entitlements: Compare your total usage to contract entitlements to pinpoint any gaps or surpluses.
- Clean & Store Data: Correct any issues (reclassify users, remove excess) and archive your audit results.
Read about our SAP Advisory Services.
