Understanding the SAP License Audit Process

SAP software is a core component of enterprise IT landscapes, but staying compliant with SAP licensing can be complex. All SAP customers are subject to a periodic license audit (at least once annually) and are contractually obligated to cooperate under SAP’s General Terms & Conditions. If an audit reveals unpaid license or SAP Support fees, or usage beyond licensed quantities, customers are required to pay the amounts due priced according to the SAP price list in effect at the time of audit. Where excess use is identified, the customer is also required to execute an additional Order Form to license the additional quantities.

Understanding the SAP license audit process is crucial to avoid surprises and ensure compliance. This article breaks down the audit process, highlighting what organizations should expect.

What Is A SAP License Audit?

An SAP license audit is a review conducted by SAP to verify that an organization’s use of SAP software aligns with its license entitlements. These audits ensure that named users, package (engine) metrics and the system is being appropriately utilized in accordance to the terms of the agreement. While audits are routine, they can be resource-intensive, particularly for organizations with complex SAP landscapes, and may result in high costs where remediation is required through the purchase of additional licenses to address overutilization or unlicensed usage. On the other hand, audits help customers identify over licensing, where licenses are underutilized.

Not all SAP customers are audited each year. SAP selects a limited number of customers through the Global Adoption & Experience Centre of Excellence (CoE). Any customer with an SAP Software License Agreement can be chosen and the selection process is not public.

SAP performs two types of audits; the Standard and Enhanced Audit.

Standard Audit

The Standard Audit also known as the ‘Basic Audit’ is what most SAP customers are subject to annually. The audit typically focuses on four key areas:

Item	Details
1. Named User Measurement	SAP counts all system users and classifies them by their assigned license type (e.g., Professional, Employee, Developer). The purpose is to ensure each user’s level of access corresponds to an appropriate license. The USMM (User System Measurement) counts and classifies users in each system.
2. Package (Engine) Measurement	SAP evaluates the use of licensed SAP functional components (often called “engines”), such as Payroll Processing or Sales Orders. These engines have specific usage metrics defined in the SAP contract, for example, number of documents, orders, or master records. The USMM also measures these packages automatically, depending on the SAP_BASIS release and available measurement functionality.
3. Self-Declaration Products	Some packages cannot be measured automatically, for example, metrics like revenue, spend volume, or plant count. Customers must manually complete and submit a Self-Declaration Form to report usage of these products. The form can be downloaded from SAP for Me and is submitted to SAP via email.
4. System Landscape Review	SAP validates the customer’s entire system landscape, identifying all productive, development, and test systems to ensure complete measurement coverage. The SAP for Me, System & Provisioning Dashboard can be used by customers to review active systems and measurement plans. Once measurements are completed, results from all systems are uploaded and consolidated into a single dataset.

Once measurements are completed, results from all systems are uploaded and consolidated into a single data set.

The LAW / LAW 2.0 (License Administration Workbench) merges user and package data across systems, removes duplicates, and produces the official measurement report for submission to SAP.

Enhanced Audit

The Enhanced Audit, sometimes referred to as the ‘Extended Measurement’ or ‘Enhanced License Verification’ goes beyond the standard annual measurement.

Unlike the Standard Audit, which is largely automated and self-managed by the customer using USMM and LAW, the enhanced audit involves direct engagement between SAP’s Global License Audit and Compliance (GLAC) team and the customer.

This audit type can be triggered when:

There are gaps or anomalies in the standard measurement results such as unusually low user count or missing systems.
SAP detects possible indirect or digital access scenarios. Where third-party integrations, bots, or external systems are using SAP data.
The system landscape has changed significantly, for example, through mergers, migrations, or cloud extensions.

The Enhanced Audit still focuses on the four key areas outlined for the Standard Audit. However, it uses deeper technical analysis, broader system coverage, and manual validation to ensure full transparency of SAP software usage across the customer’s landscape.

Audit Focus Area	Details
1. Named User & Package (Engine) Measurement	SAP requests raw system data extracts to verify user activity, license assignments, and package usage accuracy. This may include cross-checking tables such as USR02, AGR_USERS, and STAD for actual user logins and role assignments.
2. Self-Declaration Products	SAP reviews customer-supplied data for non-automated metrics such as revenue, cost of goods sold (COGs) and plant count to ensure the declared values match actual system data.
3. Indirect / Digital Access Assessment	SAP evaluates integrations and third-party applications that connect to SAP systems to determine whether data access by external systems or users requires additional licensing.
4. System Landscape Review	SAP confirms that all active, productive and connected systems are represented in the measurement scope. Any undeclared systems discovered during the review are added to ensure full coverage.

During the Enhanced Audit SAP may perform onsite visits, use SAP EarlyWatch Alert data, system configuration exports, or even remote system access to complete the review.

Outcomes of an SAP Audit

The Standard (Basic) Audit concludes with SAP generating an official License Measurement Report based on the data submitted by the customer through LAW and any relevant self-declaration forms.

This report summarizes the actual measured usage against purchased license entitlements. It serves as a compliance checkpoint that helps customers and SAP:

Identify under licensed or over licensed areas.
Highlight potential optimization opportunities e.g., reassigning unused licenses.
Maintain transparency and readiness for future audits.

In most cases, the process ends here with no further action required beyond acknowledging the report and, if necessary, discussing adjustments in future true-up cycles.

The Enhanced Audit produces a more comprehensive SAP License Audit Report.

This report includes:

Validated license usage data, confirmed through system logs, database tables, and manual review.
Verification findings on self-declared metrics and indirect access scenarios.
Identification of undeclared or misclassified systems or users.
A clear summary of compliance gaps or unlicensed use, if discovered.

Where non-compliance is verified, the outcome may include:

A true-up requirement, where the customer must purchase additional licenses to regularize use.
Corrective recommendations, such as disabling inactive users, adjusting license types, or consolidating system landscapes.
In some cases, a formal audit close-out letter once all findings are resolved.

The SAP License Audit Process

Audit Step	Details
1. Audit Notification	The audit begins with a formal measurement request. The request includes. Systems and products in scope. Documentation and process guidance. Support contact details. Sent to the SAP license administrator or central IT contact.
2. Preparing for System Measurement	Preparation is critical to ensure measurement accuracy. Key preparatory steps include: Verifying system landscape: Review all systems listed in SAP for Me → System & Provisioning Dashboard to confirm that all relevant clients are in scope. Applying SAP Notes: Implement the latest SAP correction notes to avoid data errors, particularly for engine or package counting. Classifying Users: Ensure user license assignments reflect real usage. This is managed through USMM, or via SAP GUI transactions SU01 (single user maintenance) and SU10 (mass changes). Good preparation reduces the risk of discrepancies that could later trigger an Enhanced Audit or corrective review.
3. Conducting System Measurement	System measurement captures actual SAP usage within each environment. USMM Measurement: the primary measurement program used to count named users and licensed engines. USMM determines license types based on classification rules and system activity. Self-Declaration Form: for products not automatically measurable, customers complete a self-declaration to report usage. Additional Measurements: for some non-NetWeaver products, or standalone products such as SAP BusinessObjects, Sybase, or SAP Cloud Platform a require specialized reports as instructed by SAP. USMM can be executed via the classic SAP GUI or through the web-based USMM interface, depending on the SAP_BASIS release level.
4. Consolidating Results with LAW	The License Administration Workbench (LAW) consolidates all system measurement results into a unified data set. LAW automatically: Prevents duplicate user counting across clients or systems. Aligns license classifications with recorded usage. All active engines and license-relevant metrics are summarized. The web-based LAW 2.0 provides a centralized overview of user assignments, package metrics, and system status, allowing organizations to validate results before submission.
5. Submitting Results to SAP	After consolidation, the measurement results are submitted to SAP through SAP for Me. The submission package typically includes: The consolidated LAW 2.0 measurement file (or individual USMM files if LAW is not used). Completed Self-Declaration Forms via email. Any required reports for non-NetWeaver or third-party components. SAP recommends a single-step transfer through LAW 2.0’s direct upload function to simplify data handling.
6. Data Analysis & Checks	SAP’s License Audit and Measurement Team reviews all submitted data for completeness and accuracy. If anomalies are detected, SAP may request: Re-measurement of specific systems. Correction of user classifications or license assignments. Supplementary reports for engines or products showing irregular results. This stage ensures that all measurements accurately reflect usage and compliance before final evaluation.
7. Evaluation & Audit Closure	After all data validations are complete: SAP evaluates the data and confirms whether the organization is compliant. A formal audit closure notice is issued, detailing the audit status. Where usage exceeds licensed quantities, SAP and the customer may discuss license adjustments or true-up options. The audit then formally closes, providing the customer with a transparent view of their license position and a baseline for future optimization.

Practical Steps for Audit Preparation

Preparation is the most effective way to ensure a smooth SAP audit and avoid unnecessary compliance risks. Organizations should focus on the following key areas:

Review Systems: Verify that all productive systems and clients are correctly listed in SAP for Me, removing any legacy or inactive environments.
Clean Up Users: Remove dormant or duplicate accounts and confirm that license types are correctly assigned to reflect real usage.
Document and Simulate: Keep clear records of user management and product deployment and run internal measurement simulations using USMM and LAW 2.0 to identify risks or surplus licenses before submission.

Conclusion

SAP license audits are a standard part of managing enterprise software, but without the right preparation, they can quickly become complex and costly. By understanding each stage from audit notification to measurement, consolidation, and submission organizations can gain clarity, maintain compliance, and make informed licensing decisions.

At JNC, we help organizations take control of the SAP audit process. Our licensing team simulate SAP audits to identify risks early, support user and license clean-ups, and guide clients through every step of the audit from preparation to negotiation and resolution. Whether you’re anticipating an audit or want to strengthen your SAP license governance, JNC provides the expertise and tools to ensure you’re audit-ready and always in control.

Contact JNC today to discuss how we can help you prepare, protect, and optimize your SAP licensing position.

Kudzai Museve, SAP Licensing Consultant

Kudzai is an SAP Licensing and Compliance Consultant who specializes in helping enterprises navigate the complexities of SAP licensing, audit readiness, and cloud transformation. With a background in law and over three years of experience in IT asset management, she brings a unique perspective that bridges technical insight with commercial strategy. Kudzai advises clients on both on-premise and cloud licensing models, S/4HANA migration cost modelling, and optimization strategies that reduce cost and compliance risk while maximizing long-term value

Connect with me on LinkedIn