SAP is increasingly reviewing your audit results

As we know, the surveys regularly take place in the form of self-disclosures using the survey tools provided by SAP (see SAP's GTC). SAP could also perform remote surveys if the self-disclosure was refused. However, SAP refrains from these re-mote or even on-site surveys in most cases. Instead, it asks its customers to provide additional data.

More data, please!

In these cases, SAP not only sends out the "Measurement Plan" when the audit is requested, but also a document called "Measurement Deliverables for SAP Software License Audit". This explains step by step what the customer has to do and what data he has to provide. This could also be called an Advanced Audit.

This document describes at the beginning by when the customer should deliver the data and where it should be uploaded to SAP. The customer is supposed to update the "Measurement Plan", which I highly recommend, because against this plan is checked afterwards. 

The Advanced Audit includes the old standard (License Audit Workbench Report), in which all Abap-based SAP systems of the production and development environment are to be measured. What is meant is that customers should run the surveying tools provided by SAP (USMM, LAW and LMBI for BO). Since more and more customers are using the Hana database, this must now be measured in accordance with "SAP Hana Database, User's Guide to Measurement".

Some engines are licensed by cores. Previously, the customer should specify these in the Self-Declara-tion form. Today, customers should determine the number of cores according to guidance from SAP (Processor Core Worksheet).

You should take a closer look here because cluster installations on virtual servers sometimes add up to more cores than you thought. All other engines that are not measurable are still specified in the self-declaration form.

Much more than a usage analysis 

With the System Data Extract, things get exciting and really "advanced". In the case of development systems, SAP would like to know, among other things, who assigned the authorization object "S_Develop". This is not about changing code, but about authorizations. In the production environment, SAP goes much further. Here is an excerpt of the requested tables/reports from which customers are to supply data: UST12, USRBF2, AGR_PROF, AGR_TEXTS, AGR_1251, USR11, SM37, WE21.

Put it all together, SAP requires that the customer disclose virtually everything that could be relevant to licensing: Authorizations, usage, interfaces, IDocs, job overview and all repository objects that were not created by SAP.

This goes far beyond a usage analysis and gives the impression that SAP no longer relies on its own measurement tools or that their results are no longer sufficient. This type of query could become the new "normal" or the new standard audit.

Use Advanced Audit!

Until now, my recommendation was to use SAP's classification help before sending the audit results to SAP. Now, however, SAP wants to know more precisely and no longer trusts its customers with user classification, among other things.

Therefore, check all your results before sending them. SAP itself has provided instructions on how to do this with its Advanced Audit. Use it to be prepared for the next SAP audit.