Why SAP Audit Penalties Matter
Imagine one small SAP licensing mistake costing more than an entire year of your SAP support contract. This is the reality many organizations face after an SAP audit. SAP’s audit penalties are engineered to maximize revenue recovery for SAP, not to be fair to the customer.
Even a minor license shortfall – like a few users on the wrong license type or an unlicensed interface – can spiral into a multi-million euro liability. SAP treats software compliance as a commercial opportunity.
Their Global License Auditing and Compliance (GLAC) team often finds something chargeable in almost every audit. For CIOs and CFOs, this means an audit isn’t just a technical check – it’s a serious financial risk.
The takeaway is clear: proactive compliance management is crucial because waiting for SAP to find gaps can cost you dearly. For an overview, read our overview guide, SAP Licensing Risks & Penalties: What’s at Stake in Non-Compliance.
SAP audits matter because non-compliance fees hit hard and fast. One day you’re under budget, and the next, you’re looking at an unexpected bill for unplanned licenses and back support fees.
These audits are a revenue stream for SAP, often timed and structured to catch customers off guard. To protect your organization’s finances, it’s vital to understand how these penalties are calculated and why even a “small” finding can explode into a major cost.
In the sections below, we break down SAP’s penalty formula, common audit scenarios, and strategies to minimize the damage.
How SAP Audit Penalties Are Structured
SAP follows a fairly predictable formula when calculating audit penalties for license shortfalls. At a high level, the penalty is the sum of the missing license fees at list price plus backdated maintenance fees on those licenses. In other words:
Penalty = (List Price of Missing Licenses) + (Back Maintenance Fees)
Let’s break down what that means. If an audit finds you have unlicensed users or usage, SAP will charge you for those licenses at 100% list price – the full price SAP publishes, with no discounts. On top of that, SAP typically adds maintenance fees (support costs) retroactively for the period you were using those licenses without rights.
SAP’s standard maintenance rate is about 22% of the license price per year.
They usually calculate back maintenance for the past two years by default, but it can extend to three or four years (or more) if the unlicensed use has been ongoing for a longer period and you don’t push back.
Example Calculation: Suppose an audit reveals a shortfall of 100 Professional User licenses that you hadn’t purchased.
- Missing Professional Licenses: 100 users × €3,200 (list price each) = €320,000
- Back Maintenance (22% for 2 years): 22% of €320,000 × 2 = €140,800
- Total Audit Penalty: €320,000 + €140,800 = €460,800
In this example, what might have been a €320K license gap balloons to nearly €461K after adding two years of back maintenance. A few key points make SAP’s penalty structure so punitive:
- List Price, No Discounts: SAP audits charge the full list price for licenses. Any discounts you negotiated originally (say you usually pay 50% of the list price) do not apply to compliance purchases. You pay top dollar as a “penalty” for not complying.
- Retroactive Maintenance: SAP assumes you’ve been benefiting from those unlicensed products and should have been paying support on them. The default is two years of back maintenance at your contract rate (often ~22% per year), but if the usage started earlier, SAP may demand more than two years unless you have proof otherwise.
- No Separate Fines: Notably, SAP doesn’t levy “fines” in the legal sense. The cost of buying the licenses at list price (plus maintenance) is effectively the penalty. There’s no additional fee on top – but from the customer perspective, this is punishment enough, since you’re paying far more than you would have if you’d bought correctly upfront.
Checklist – Calculating Your Exposure:
- Identify All Shortfalls: Gather a complete list of any underlicensed users or engines (packages/modules) from the audit findings.
- Use SAP’s Price List: For each shortfall item, find the official list price per license or unit from SAP’s price catalog.
- Calculate Missing License Cost: Multiply the shortfall quantity by the list price (no discount).
- Add Back Maintenance: Apply your annual support rate (e.g. 22%) on that cost for 2 years (or the period SAP claims usage).
- Total the Penalty: Sum the license cost and back maintenance for a rough idea of SAP’s starting penalty figure.
By understanding this formula, you can see why even a small number of unlicensed users can translate into a huge bill. Next, we’ll look at scenarios that commonly trigger such penalties.
Common Penalty Scenarios in SAP Audits
Not all compliance gaps are the same. SAP audits tend to uncover a few common scenarios that lead to big penalties.
Here are five typical audit findings and how SAP calculates the damage in each case:
- Named User Underlicensing: This happens when users are assigned a lower-cost license type than their actual activity requires. For example, say 200 employees were given the “Employee Self-Service” user license, but the audit determines they should be “Professional” users (the most expensive type). SAP will reclassify those 200 users at the Professional license list price (around €3,200 each, in this scenario). That means a shortfall of 200 Professional licenses, and the penalty will include the full cost for those 200 licenses plus two years of maintenance. In practice, misclassifying a few hundred users can lead to a charge in the high six or seven figures. It’s a costly mistake many companies don’t realize they’ve made until the audit report arrives.
- Unlicensed Engine Use: SAP “engines” or packages (like SAP Payroll, SAP Business Warehouse, etc.) are licensed based on specific metrics (such as employee count, transactions, or revenue). A common scenario is a company using an SAP engine without having the proper license for the metric used. For instance, your HR department might be using the SAP Payroll processing engine for 1,000 employees without a license for that engine. In an audit, SAP will charge you the full list price of the engine license for that metric (which could be hundreds of thousands of euros, depending on the metric and tier) and then add back maintenance (22% per year) for the years of unlicensed usage (often 2–3 years). A case like this can easily surpass a million euros in penalties if not anticipated.
- Indirect Access (Digital Access) Violations: Indirect access – when non-SAP systems or external users indirectly use SAP data – is one of the most financially dangerous audit findings. For example, imagine you have a web portal or a Salesforce system that pulls or pushes data into SAP. SAP may claim that these interactions require additional “indirect use” licenses (now often addressed via Digital Access documents licensing). An audit might count all documents or transactions created by these external systems and present a bill for “digital access” licenses at list price, plus back maintenance. This scenario often leads to the highest penalties because indirect usage can involve large volumes of documents or users that weren’t accounted for. We’ve seen cases where SAP identified an external portal and suddenly demanded license fees for thousands of indirect users or millions of document transactions. Without preparation, this can be a multi-million euro surprise.
- Subsidiary or Affiliate Usage Beyond Contract Scope: SAP contracts are usually specific about which legal entities (e.g., the named customer and its affiliates) are allowed to use the software. A common oversight is when a subsidiary or affiliated company uses SAP systems under the parent company’s licenses without being officially included in the contract. In an audit, SAP can flag this as “unauthorized use.” The remedy? The subsidiary must effectively get its own licenses. SAP will charge for all the software usage by that subsidiary at list price, as if they were a separate customer, plus maintenance. This could mean buying a whole set of licenses for the affiliate retroactively. The penalty scenario here is particularly frustrating for customers because it often catches companies by surprise. You might have thought your enterprise agreement covered all your divisions, but a technicality in the contract language leaves some entities out, leading to a hefty charge.
- Missing Cloud Subscription or Expired User Access: With SAP’s cloud offerings (like SuccessFactors, Ariba, S/4HANA Cloud, etc.), licensing works on a subscription model (usually a named user or usage metric paid annually or monthly). A typical audit finding is that a company allowed users to access a cloud service after their subscriptions expired or exceeded the number of subscriptions purchased. For example, you might have had 500 cloud user subscriptions but continued to let 550 active users use the service for several months – effectively 50 users were unlicensed for that period. SAP will retroactively bill for those excess 50 users for the months they were active, usually at the full subscription list rate. If a cloud subscription lapsed entirely and the system was still used, SAP could charge for the coverage gap. This scenario results in a penalty invoice covering the “missing” subscription fees over time. While these fees are usually not as large as some on-premise license violations, they can still be significant and are often unexpected.
Each of these scenarios shows how easy it is to fall out of compliance and how SAP capitalizes on it. The key lesson is that any unlicensed usage – whether by users, engines, indirect use, additional affiliates, or cloud services – will be valued at the highest possible rate, including added support costs.
In the next sections, we’ll dive deeper into the role of back maintenance and other factors that amplify these costs.
Read about hidden costs, Under-Licensing vs Over-Licensing Risks: The Hidden Costs of Getting SAP Licensing Wrong.
How Back Maintenance Is Applied
One of the most eye-opening parts of an SAP audit penalty is the back maintenance.
This is the charge for support fees that SAP adds retroactively for the period you used the software without a license. Back maintenance often doubles or even triples the amount you have to pay, turning what might seem like a manageable license cost into a budget-breaking expense.
How Back Maintenance Works: SAP’s logic is that if you were using their software, you should have been paying the annual maintenance on it all along (for support, updates, etc.).
So if the audit finds unlicensed use, SAP will backdate the maintenance charges to the start of that usage. By default, SAP typically goes back two years, since many contracts allow audits and adjustments for the last two years of use.
However, if the unlicensed usage clearly started earlier (and you don’t contest it), SAP can push this further – we’ve seen cases with three or even 4 years of back maintenance added.
In extreme cases, SAP might assert that the usage reverted to the initial deployment of the system if you can’t prove otherwise.
Example: Let’s say the audit finds you owe €500,000 in license fees for various shortfalls. On top of that, SAP will calculate maintenance at 22% per year. For two years of back maintenance, that’s 44% of €500,000, which is €220,000.
Now the total you owe becomes €720,000 (license plus maintenance). If they insisted on three years, it would be 66% of €500,000 (€330,000) in maintenance, bringing the total to €830,000. You can see how back maintenance alone can add hundreds of thousands of euros.
In many situations, the back maintenance portion adds roughly 40–50% to the total exposure (assuming two years). If SAP manages to enforce for four years, the maintenance portion is about 88% of the license cost – nearly doubling the penalty.
This is why in SAP audits, the maintenance back-charges are often what shock executives the most, sometimes even more than the license cost itself.
SAP’s back maintenance policy is a big reason a small license gap can cost millions. It’s essentially a time multiplier on the penalty. It also feels punitive: you’re paying for support retroactively on software you didn’t even legally own at the time.
And remember, after settling the audit, you’ll typically start paying maintenance on those newly acquired licenses as well, adding to long-term costs.
Mitigation Tip: The best way to reduce back maintenance charges is to prove the shortest possible usage period for the unlicensed item. If SAP assumes the shortfall existed for two years, but you have logs or records showing it only started 6 months ago, provide that evidence.
We’ve seen SAP reduce or waive maintenance when customers have solid data on when usage began. Always document user provisioning dates, system go-live dates, and changes in usage. This kind of evidence can limit how far back SAP can reasonably claim support fees.
How SAP Uses Audit Findings Commercially
It’s important to understand that SAP doesn’t treat audits purely as compliance enforcement; they use them as a commercial lever. Audit findings conveniently open doors for SAP to push new sales, whether that’s additional licenses, cloud subscriptions, or even entirely new platforms.
In many cases, SAP will present you with options that tie the audit resolution to future spending. Here’s how SAP often leverages audit results for its commercial advantage:
- “Credits” for Moving to Cloud: SAP might offer to waive or reduce the penalty if you agree to make a strategic purchase, such as migrating to RISE with SAP or S/4HANA Cloud. For example, they may say, “Instead of paying €1M in audit fees, apply it as credit toward a RISE subscription.” This can be tempting, but remember it’s a sales tactic: SAP is essentially using the audit bill as leverage to push you into a new contract. You’ll still be paying that money, but toward the new product, and locking into SAP’s cloud.
- Bundling Penalties into Renewals: Another tactic is to include the cost of the audit shortfall within a larger renewal or purchase deal. SAP sales might propose a big license expansion or an Enterprise Agreement renewal where they “hide” the compliance fees. For instance, they might say if you purchase some additional software worth €5M, they will consider the €500K audit findings “settled.” In reality, you’re spending that €500K as part of the new deal – it’s not a free pass, just rolled into a bigger sale. This can mask the true cost of the audit in your budgeting.
- Pressure to Adopt Digital Access Licenses: If indirect usage is found, SAP will frequently push you to adopt their Digital Access licensing model (which charges by document). They might offer a deal where buying a certain number of Digital Access documents now will settle all past indirect use issues. While this can sometimes be a reasonable solution, it’s also SAP’s way of getting you on a licensing model that could lead to more consumption-based charges later. They capitalize on the fear of an enormous indirect access bill to sell you a preemptive bundle of licenses.
- No True “Waiver,” Just Deals: It’s worth noting that SAP rarely waives audit fees out of goodwill. If they offer relief, it’s typically conditional on some commercial benefit to SAP (like the above scenarios). Audits are a tool to upsell and secure future revenue. SAP’s audit and sales teams often work hand-in-hand once a big compliance issue is identified.
Given these tactics, how should you respond? Keep compliance separate from new purchases. Don’t let SAP force you into a rushed decision, such as a migration, just because of audit pressure. Evaluate any offer on its own merits. It may sometimes make sense to tie a settlement to a new deal, but only if that new deal was already in your plans and is beneficial to your organization.
Negotiation Strategy: Treat the audit resolution as a distinct negotiation:
- Independently Quantify the Findings: Do your own calculations (as we outlined earlier) to understand what you truly owe at list price. This lets you know how big the gap is in pure numbers, separate from any SAP “offer.”
- Negotiate the Compliance Cost Alone: You can often negotiate down the compliance purchase itself – for example, pushing for some discount or a waiver of part of the back maintenance, especially if the findings are large. SAP might not advertise it, but for strategic customers, they sometimes reduce the ask if pushed.
- Don’t Sign on Immediately: If SAP proposes a big new purchase (like moving to S/4HANA) to solve the audit, you are not obligated to accept on the spot. These deals can be complex – involve your procurement and legal teams to ensure you’re not over-committing just to solve a short-term issue.
- Get It in Writing: If you do strike an agreement to settle the audit (whether via a straight purchase or a larger deal), make sure the settlement is documented clearly. The agreement or contract addendum should state that the purchase or action covers all identified compliance issues and that the audit is resolved fully. You don’t want surprise “leftover” claims later because something wasn’t explicitly included.
In sum, be aware that SAP will use the stick of audit penalties to dangle a carrot of some new investment. Stay strategic: you want to close the compliance issues with minimal cost and ensure any money you do spend aligns with your IT strategy, not just SAP’s sales quota.
Why List Price Makes Penalties So Severe
A particularly painful aspect of SAP audit penalties is the use of the full list price in calculating license costs.
Enterprise software buyers are used to negotiating heavy discounts on SAP licenses – it’s not uncommon to have 30%, 50%, even 70% discounts off SAP’s price list when making a large purchase.
However, all those negotiated savings go out the window in an audit. SAP will value every missing license at the official list price, period. This has a dramatic effect on the cost:
If your organization typically had, say, a 50% discount in past SAP deals, paying list price means you’re now paying double what you would have under a normal purchase.
If you enjoyed a 60% discount, the list price is 2.5× more expensive than your usual cost (because paying 100% vs 40% is 2.5 times as much). In other words, non-compliance essentially forfeits all your negotiated savings and then some.
To illustrate, let’s compare two scenarios for the same need – one where you plan and purchase licenses, and one where you get caught in an audit:
| Scenario | License Cost (Users/Engines) | Back Maintenance (2 years) | Total Cost |
|---|---|---|---|
| Planned Purchase (Proactive) | ~€210,000 (with 30% discount) | €0 | €210,000 |
| Audit True-Up (Reactive) | ~€300,000 (full list price) | ~€132,000 (22% × 2 years) | €432,000 |
In this simplified example, planning and buying properly would have cost €210K, whereas the audit-driven purchase costs €432K – over double the expense for the same licenses. This gap is entirely due to the list price and back maintenance being applied.
Another factor: SAP calculates maintenance on the inflated list price, too. Annual support is a percentage of the license value, but the company uses the list value in the audit context. So not only did you pay more for the license, but you’re also paying more for maintenance than you would have if you’d bought the licenses with a discount.
And remember, once you’ve paid the audit penalties and acquired those licenses, you will also pay the ongoing 22% per year on the full price in the future. Over a few years, that extra maintenance can exceed what the licenses would have originally cost at your discounted rate.
Customer Risk: Without an internal compliance program, all the hard-won discounts and savings you negotiated with SAP can be wiped out. Many CIOs have been shocked to see years of procurement efforts negated by a single audit.
From a budgeting perspective, an audit finding can turn a planned €0 spend into an unplanned multi-million euro outlay, undermining ROI calculations and project funds. It’s a harsh reminder that license compliance is directly tied to financial outcomes.
Checklist – Be Prepared on Pricing:
- Know Your Discount Benchmarks: Keep records of the typical discount levels your company gets from SAP. This helps quantify how much more an audit would cost versus a planned purchase.
- Track SAP List Prices: Maintain the latest SAP price list for your license types (SAP usually publishes or provides price lists to customers). This way, you can verify that the list prices SAP uses in an audit calculation are correct and up-to-date.
- Estimate “What-If” Costs: Periodically calculate a hypothetical penalty using list prices for any known compliance gaps. This exercise can be eye-opening and build the business case for fixing issues proactively.
- Highlight the Maintenance “Tail”: Remember that any new licenses you buy (audit or not) will carry annual maintenance in the future. If you’re showing management the cost of an audit risk, include, say, 3-5 years of ongoing maintenance in the projection to illustrate the long-term impact.
By understanding the list price effect, you can better appreciate why SAP audit penalties become so large – and why investing in compliance and proper licensing now can save a fortune later.
How to Minimize or Dispute SAP Penalties
If you receive an SAP audit report with compliance findings, don’t assume you have to accept the penalties at face value. You have room for negotiation and defense strategies to minimize the damage.
Here are the steps to take when facing a hefty audit claim:
1. Review the Audit Report Meticulously: The first action is to go through SAP’s findings line by line. Audit reports can contain errors or overstatements. For example, SAP’s tools might have double-counted a user, misclassified an engine metric, or assumed all “inactive” users need licenses. Identify any discrepancies or items that don’t match your own understanding of your environment.
2. Challenge Assumptions on Usage and Timing: SAP often assumes the worst-case scenario for how long and how extensively unlicensed usage occurred. If the report assumes a certain component was in use for three years, but you know (and can prove) it was only actively used in the last year, prepare to challenge that. Gather logs, timestamps, user creation dates, system implementation dates – any evidence that can narrow the period of non-compliance. The shorter the usage period, the less back maintenance you should owe.
3. Reclassification and Data Cleanup: For user license findings, see if SAP counted users as a higher license type incorrectly. You might be able to reclassify some users to lower tiers if their actual usage is light. Provide SAP with documentation of user roles or transaction histories to argue that not all users flagged by them truly need the expensive license. If some users were inactive or duplicates, highlight that and remove them from the compliance count.
4. Request Recalculation Based on Actuals: Once you have your evidence, go back to SAP and request a recalculation of the license shortfall. Provide the data that supports your case – e.g., “These 50 users were inactive, here’s proof, please remove them from the count,” or “The XYZ interface went live in 2024, not 2022, so only 1 year of use occurred, please adjust back maintenance to 1 year.” SAP may not agree to everything, but they will often adjust the findings if you present solid, factual evidence.
5. Negotiate the Terms: Even after corrections, you might still owe something. This is where negotiation comes in. Engage your procurement and legal teams.
You can negotiate on:
- Back Maintenance: Ask for a waiver or reduction. It’s not guaranteed, but SAP has been known to waive back maintenance if you commit to quickly purchasing the needed licenses.
- License Quantity or Type: Perhaps you can purchase a different mix of licenses than exactly what they claim, especially if you plan to reduce usage. For instance, if they say you need 100 Professional users but you’ll offboard 20 of those users, you might negotiate to buy 80 now and agree on a timeline for the rest if needed.
- Payment and Timing: If the penalty is large, negotiate payment terms or the timing. Sometimes, aligning the purchase with your fiscal year or breaking it into stages can be discussed.
- Future Relief: Ensure that by settling, you won’t be immediately hit with another audit or additional “true-up” next quarter. It’s fair to ask for some assurance or a gap before the next audit, given you’re resolving the current one.
6. Escalate if Necessary: If the SAP audit team or salesperson is inflexible, don’t hesitate to involve higher levels. Sometimes escalating to SAP senior management or citing the potential involvement of legal counsel can bring a more conciliatory tone. You want to make sure SAP knows you’re not a passive victim – you’re willing to defend your position.
Example Outcome: As a result of a strong challenge, many companies have significantly cut down their audit bills. For instance, a telecommunications company faced an initial €2.4 million compliance claim largely due to indirect access.
After a thorough internal analysis, they proved that the integrations in question had only been live for one year (not three as SAP assumed) and that some transactions were double-counted. By presenting detailed evidence, they convinced SAP to recalculate the exposure.
In the end, the company settled for around €900,000 – a substantial reduction from the first figure. This example shows that due diligence and pushback can pay off.
Checklist – Responding to an SAP Audit Claim:
- Verify every user and metric in SAP’s report against your own records.
- Document the start dates of usage for each shortfall (to limit back maintenance).
- Identify any errors (duplicate users, misclassified licenses, inactive accounts).
- Prepare a summary of discrepancies and a revised calculation of your exposure.
- Enter negotiations with a clear target (what you believe is fair) and fallback options.
- In any settlement, ensure it’s clearly stated that it covers all identified compliance issues.
By taking a proactive, data-driven approach to dispute SAP’s findings, you can often transform a daunting penalty into a manageable true-up. It’s about replacing SAP’s assumptions with your facts.
Preventing Penalties – Building Audit-Readiness
The best way to deal with SAP audit penalties is to avoid them in the first place. Building a culture of license compliance and audit-readiness in your organization can save millions and countless headaches.
Here are key practices to implement so you’re not caught off-guard:
Run Internal License Audits Regularly: Don’t wait for SAP’s official audit notice. At least twice a year, run SAP’s measurement tools (like USMM and LAW) internally to see your license usage. Treat it like a fire drill – find out if you have more users assigned than licenses purchased or if any package metrics are over the entitlement.
By conducting an internal audit, you can detect issues early and either correct them (e.g., clean up users, proactively buy additional licenses) or prepare a justification before SAP comes in.
Maintain Clear User Classification Policies: Establish a governance process for how SAP user licenses are assigned. This means defining criteria for who gets a Professional license vs. a Limited Professional vs. an Employee Self-Service, etc., and ensuring the SAP security or basis team follows these criteria when creating accounts.
Regularly review user roles and activities – if someone’s job changes, update their license type accordingly. Avoid blanket licensing (e.g., giving everyone Professional by default or, conversely, giving everyone a cheap license and hoping it fits). Proper classification prevents large under- or over-licensing situations.
Reconcile License Entitlements vs. Usage Monthly: Keep an up-to-date inventory of what SAP licenses you own (your entitlements) and compare it to actual usage data from the systems. If you see trends like user counts creeping above what you purchased, or a spike in transactions that might affect engine licenses, address it immediately.
A monthly or quarterly check-in can catch gradual changes – like a growing number of employees using SAP, or a new integration coming online – before they become big compliance gaps.
Track Integrations and Indirect Access Points: Make a list of all non-SAP systems that connect to SAP or use SAP data. This includes things like third-party reporting tools, e-commerce sites, CRM systems (Salesforce), supplier portals, etc.
For each, understand how they interact: Do they create any documents in SAP? Do they pull data in a way that might constitute use? Having this catalog and monitoring it means indirect usage claims won’t catch you by surprise. If you add a new integration, evaluate if it triggers any SAP licensing requirements (SAP’s Digital Access guidelines can help determine that).
Document Everything: Good record-keeping can be your best defense. Maintain logs of user additions/removals, license assignments, and system go-live dates for engines and integrations. Keep copies of SAP license contracts and any special terms or amendments (like if you negotiated an exception or a specific definition in your license metrics).
In an audit, being able to quickly pull out documentation that, for example, “this subsystem went live on Jan 2024” or “user X was deactivated in 2023” can stop SAP from overcharging you on timeline assumptions.
Audit-Readiness Checklist:
- Conduct internal SAP license audits every 6 months.
- Quarterly license compliance review meeting (involving IT asset management, SAP basis admin, and procurement).
- Maintain a central license repository (a document or tool listing all SAP licenses owned, including type and quantity).
- For each SAP system, keep an up-to-date LAW consolidation to know total user counts and package consumption.
- User management controls: Ensure every new SAP user is assigned the correct license type from the start, and any role changes trigger a review of their license.
- Integration registry: List all external applications interfacing with SAP, and review their usage for indirect access implications twice a year.
- Provide awareness training to SAP project teams: before deploying a new module or integration, they should check licensing impact.
- Simulate an audit response drill: Imagine SAP audited you tomorrow – gather the data and see if you could respond confidently without findings. This can highlight weak spots to fix proactively.
By institutionalizing these practices, you transform audits from a scary unknown into a controlled process. Instead of scrambling when SAP’s audit letter arrives, you’ll already have a good grasp of your compliance position. The goal is to discover and fix compliance issues internally on your own terms – rather than paying a premium when SAP discovers them on theirs.
5 Facts About SAP Audit Penalties Every Customer Should Know
- SAP charges full list price for any license shortfall – no matter what discount you got in the past, non-compliance means you pay 100% of the price in an audit.
- Backdated maintenance fees typically add an extra 40–50% on top of the license costs in an audit finding (and can be higher if SAP argues usage for more than two years).
- SAP can backdate usage up to four years (or even to initial deployment) if you don’t challenge it, which significantly increases the penalty. It’s on you to prove when the unlicensed use actually started.
- Indirect access findings (unlicensed third-party use of SAP data) are often the most expensive penalties, sometimes dwarfing traditional user license gaps, so keep an eye on integrations.
- Most SAP audit penalties are negotiable and can be reduced. With the right data, internal cleanup, and negotiation strategy, customers frequently slash the initial audit claim by 50% or more before settling.
