Check out the first 2024 Gartner® Voice of the Customer report for SAM!

Resources

What You Need to Know: SAP Indirect Access Risk

Article

Invest in SAP Functionality with Confidence.

During a recent conversation onsite, a client shared their frustration with SAP’s treatment and licensing of indirect access. Along with other services being provided, our engagement with the client was to evaluate and document the risks around SAP indirect access after an audit, negotiation, and an expensive subsequent purchase. The client commented that both in-progress and planned projects are being temporarily suspended due to the uncertainty regarding SAP licensing of indirect access. Answering whether a new 3rd party solution would result in indirect access, is complicated. Calculating the potential costs of indirect access is even more confusing since SAP does not sell ‘indirect access’ specific licenses with an established price. Ultimately, it is difficult for anyone (even SAP themselves) to determine with any confidence or consistency what does and what does not constitute indirect access and its associated costs. This hinders our client’s, and many other licensees’, ability to accomplish strategic goals by using IT-enabled business solutions, simply because they are unable to perform accurate calculations for the cost of a non-SAP solution connected to SAP.

This client is like many other SAP licensees who have SAP solutions at the heart of their business. Over the years these licensees have added many 3rd party applications for a spectrum of different business needs. These connections or integrations have gone unnoticed until recent years. There were always rumors and stories from the marketplace that SAP requires indirect access licensing, but they were only rumors and stories. With the recent case of Diageo, those reports are substantiated that SAP can and will approach their licensees regarding indirect access. Both licensees and SAP’s audit department have taken note of the development. Licensees are reacting like our client discussed above. Uncertainty and doubt are freezing progress for IT-enabled solutions that further the strategic goals of our clients. SAP’s audit department has a renewed boldness and justification for their positions and interpretations of indirect access.

Anglepoint plays an important role for our clients by removing doubt and uncertainty as it relates to SAP indirect access. Our services focus on data collection, understanding the risks, and the remediation of risks with our proven techniques. At the outset of most of our SAP licensing engagements, clients are worried, confused, and full of questions. After our SAP licensing services are provided, clients understand the risks, are empowered to negotiate with SAP, and can use our documentation to continue to deploy IT-enabled solutions with an increased confidence that SAP indirect access will not be a stumbling block to further the strategic goals of the organization.

 

SAP is Actively Pursuing Indirect Access

Many of our clients prior to the publication of the Diageo case, believed that SAP indirect access was something that they could control in the unlikely event that SAP would pursue it. Now, Anglepoint is contacted regularly by new, existing, and previous clients that indirect access has caught the attention of their executives and it is now time to prepare for the seemingly certain audit of SAP indirect access. In a recent publication by Gartner, indirect access is a topic of concern and an issue for companies’ sourcing and vendor management organizations. In the study, it shows that nearly six times more respondents were concerned with indirect access as related to SAP versus the next highest software publisher.

The article continues:
Sourcing and vendor management leaders must recognize and mitigate the very real financial and business risk that SAP’s indirect access concept brings to today’s interconnected business environment.

An annual audit of SAP licenses is commonplace for almost all SAP licensees. During these audits, SAP’s auditors are requesting additional data as a part of these annual audits. At first glance, it is unclear why the auditors are asking for this data. Some licensees simply provide the data in good faith only to be blindsided by a multimillion-dollar audit finding for indirect access. These ‘enhanced’ audits and data requests are becoming more common. This is likely a result of the Diageo case and the lucrative opportunities presented to SAP sales executives if indirect access is evaluated during an audit.

Like many of our client’s senior leadership, we too see the need to prepare now for an audit of indirect access. Collecting the necessary data points and documenting the risks will shift the licensee from a ‘defensive’ position to a more balanced position during an audit or negotiation. Performing these steps have saved some of our clients months of contentious audit discussions and millions in cost avoidance.

What Can Prompt an Audit?

In the Gartner article referenced above, there are three primary reasons for SAP to kick off an audit of a licensee. These reasons are not revelatory as much as disappointing. Many of our clients report that indirect access only was discussed during an audit. Rarely – if ever – have clients reported discussions about indirect access with any of the touch points they have throughout the year with various SAP employees. In fact, in some cases, clients have reported that the integrations of the 3rd party systems which resulted in indirect access have been evaluated and even deployed by SAP services.

– Annual SAP LAW reporting

– Lack of new license demand

– Competitive sales cycles

Though most licensees cannot avoid an annual audit, slowing economies and/or business requirements may push a licensee into one or both remaining primary triggers. Some clients suggest that SAP audited them directly after purchasing a competing software solution during a competitive RFP. The connection and relationship between SAP’s audit department and the sales staff are likely closer than SAP would be willing to admit. The recommendation would not be to stop purchasing non-SAP solutions that are either superior or fit the business needs, but rather to remove the power and uncertainty of a looming audit of indirect access. Licensees can prepare for and understand the risks around SAP indirect access by properly studying the SAP contract, and/or contracting a partner to fill in the knowledge gaps.

 

Bill McDermott’s SAPPHIRE Clarification

During this year’s SAPPHIRE SAP’s CEO, Bill McDermott, addressed the indirect access issue after the Diageo and Anheuser-Busch Inbev (AB Inbev) audits hit the news, both of which were heavily a result of indirect access.

“Today, I announce simplified pricing. The ‘procure to pay’ and ‘order to cash’ scenarios will now be based on orders, which is a measurable business outcome for any business. Static read access in third-party systems is your data, and so SAP will not charge for that.”

Does this change SAP’s position? In some cases, yes. But in most cases, no. The CEO’s comments were intended to clarify a slippery slope that some SAP auditors were employing during discussions around indirect access. In summary, the argument was frequently made that if a large electronic screen populated with SAP data and figures was placed in a facility, that all those who could see the screen required an SAP license. Similar arguments were being made if data was being pulled/pushed out of SAP for ‘static viewing’ of SAP data. Mr. McDermott’s comments properly clarified that argument as incorrect. However, outside of that, what SAP claimed as indirect access before these comments, remains indirect access today unless the proper procure to pay or order to cash engine/product is licensed.

A proper and thorough review of your SAP contracts is a requirement to understand what terms govern the usage of your SAP software, regardless of what Mr. McDermott may have said. An SAP auditor may take into consideration the comments from SAPPHIRE, but the terms of the contract will trump any ‘town-hall’ pep talk from the companies CEO. If a term can be adjusted in the contract to further support the comment from SAPPHIRE, during the next negotiation would be a terrific time to include the updated term.

Strategy for Improving Indirect Access Negotiations

With SAP still working to create products that can be included in un-published official SAP price list, it is still difficult to purchase the proper products to remedy the indirect access audit finding. Sadly, in some cases, SAP sales executive will sell unrelated products to, “make the indirect access go away”. This leaves the door open for future audits to revisit the indirect access issue since no product was purchased to ‘fix’ the indirect access licensing problem. Purchases like these should be avoided.

A more productive scenario is the use of what Gartner labels, “Create leverage to resolve indirect access risk.”The idea is to simply use SAP’s desire to sell certain products for which the sales teams are highly incentivized as leverage to get better terms during the negotiation. For example, S/4HANA, cloud products, analytics, and IoT products are all reportedly ‘incentivized’ sales products. In contrast to the above example where a product is purchased in place of fixing the indirect access, it is recommended that the purchase is accompanied with a heavily discounted purchase of the indirect licenses, or at a minimum with the inclusion of custom terms that more thoroughly define indirect access. In either case, the S/4HANA product (or any of the products above – if desired) can be used as leverage to push SAP into more favorable terms for the licensee by discounting or altering the terms of the contract as it relates to indirect access. This strategy is particularly effective as a result of audit findings, or during quarter ends (with year-end being the most powerful).

Become Aware and Gain an Understanding

Obtaining the proper understanding of the SAP contracts and the specific terms related to SAP indirect access can only be accomplished by completing a thorough review of the SAP contracts. Interpreting these contracts and making clear and decisive plans for measuring, evaluating, and containing indirect access is a must for organizations that want to continue to make the most of SAP integrations to non-SAP systems.

Once the licensee properly understands how the contract is regulating indirect access, licensees will need to collect integration data to establish a list of SAP integrations that can be prioritized. From the list of prioritized systems, licensees will schedule interviews and workshops to gain further understanding of the nature of the integrations and the business can use cases that caused and utilize the integration. Based on this work and analysis, licensees should be able to document and prepare strategies for mitigating the SAP indirect access risk. If the knowledge gap is too great or the resources are not available, Anglepoint can help!

In Conclusion

Indirect access audits are no longer a question of ‘if’, but rather a question of when. Licensees should not wait or have uncertainty to expand the IT-enabled solutions across the environment due to indirect access, so long as a proper understanding of the relevant SAP contractual terms are achieved and strategic action plans are created. This licensing issue is manageable and can be mitigated with the right steps to measure, plan, and mitigate the risks. SAP licensing is a moving target and SAP may release new licenses in the future to address indirect access… directly. Until then, licensees can use current products and timing of the purchase to leverage more favorable terms to define indirect access or a heavily discounted indirect access specific license.

Anglepoint has a well-established process and an experienced team to help with each step of indirect access licensing. Whether your organization is being proactive, preparing for an audit, in the middle of an audit, or have just completed an audit our services and experts can help.