SAP Self-Declaration – How to Avoid Compliance and Cost Risks
SAP’s annual self-declaration requirement is one way the vendor sniffs out non-compliance among enterprise customers. It may seem like a benign true-up exercise, but it’s really a less-obvious form of a software license audit – and a potentially costly one to unsuspecting customers. By proactively validating self-declaration findings internally before providing information to SAP, customers have an opportunity to minimize compliance and cost risk exposure.
As software vendors seek to boost and protect revenues amid economic volatility, enterprise software license audits are on the rise. In some cases, these audits are obvious, formal engagements. But, in other instances, audit activity takes a less recognizable form.
One example is SAP’s annual self-declaration requirement. For products not measured by SAP tools, SAP requires customers to self-declare how much of a certain product/ service they’re using. The timing and scope of self-declaration varies by customer and year. They also don’t apply to a customer’s entire SAP software estate. Rather, SAP specifies a subset of offerings in use by the customer for self-declaration.
A typical self-declaration goes like this: Annually, SAP asks the customer to self-declare usage details around particular products that SAP tools don’t automatically measure. Additionally, the customer utilizes SAP’s USMM scripts, which list the users, license types and chargeable objects. This information is fed into SAP’s License Administration Workbench (LAW) tool, which consolidates the USMM data for reporting to SAP. If SAP sees the client has over-deployed a particular product, they send them an invoice for that overage and require a true-up.
SAP’s requirement for self-declaration helps them avoid the fear and resistance most software vendors encounter when serving an official audit notice to their customers. It’s designed to seem mundane and routine, and it’s largely benefited SAP’s bottom line. Most customers go along with self-declaration without objection and without fully understanding the compliance (and cost) implications. Yet the reality is self-declaration can expose SAP customers to 7- and 8-figure penalty fees disguised as true-up costs.
Without proper analysis and licensing expertise, “out-of-the-box” self-declaration can lead to hefty compliance penalties that can often be avoided. How hefty? A recent example: A 9-figure cost exposure for one SAP enterprise customer.
Vendor-side compliance discovery tools rarely work in the favor of the customer, and that’s certainly true of SAM’s USMM tools, LAW and digital access reports. Managing SAP licenses and subscription data is a complex endeavor. It’s not uncommon for a customer to incorrectly assign user capabilities to roles and mismanage license allocations. This problem is compounded in an SAP estate that’s recently undergone significant change, or one where license optimization hasn’t been performed for some time.
Fortunately, mismanagement doesn’t always require the purchase of new licenses or remediation. Existing licenses can often be reallocated to bring the customer into compliance. This, of course, isn’t factored into the usage data and reports compiled by SAP’s discovery tools. Likewise, SAP rarely interprets product use rights to the benefit of the customer – even when an acceptable alternative interpretation exists.
This is why it’s imperative for customers to perform their own internal analysis before submitting reports to SAP for review. SAP’s self-declaration process is fertile ground for self-incrimination and inaccurate assumptions that can lead to multi-million-dollar compliance penalty fees.
Self-declaration is just one of many moves SAP has taken to build up its software license audit capabilities and resources in recent years (others include changes to its Indirect Access policies and metrics). NPI has seen an uptick in the number of clients being asked to pay material fees as a result of self-declaration. To avoid cost surprises, NPI recommends SAP customers do the following:
After an initial run of USMM scripts and creation of the consolidated LAW, enlist third-party SAP licensing expertise to help you analyze and validate findings. This will allow you to identify and prioritize self-remediation opportunities, and establish your position on product use rights to your advantage. Once you’ve remediated/minimized compliance risk exposure, you can submit accurate findings to SAP that will either fully mitigate or minimize additional licensing fees.