The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

SAP Audits – 6 Steps to Prepare Real Use Data

Eliminating duplicate accounts and dormant usernames can save 4%-7% from the total number of user accounts!

Eliminating duplicate accounts and dormant usernames can save 4%-7% from the total number of user accounts!

This article has been contributed by Moshe Panzer, CEO of Xpandion.

Part 2 of 3: Preparing Real Use Data

Commencing on the journey to a successful SAP audit begins with the right state of mind;
see 8 Tips for a Successful SAP Licensing Audit (Part 1 of 3). Continue the journey by following the next six steps to create the right environment for producing the first draft of your audit report.

1 – Never assume

If you think that following SAP’s detailed instructions on how to produce an audit report is sufficient, then think again. SAP indeed describes how to create the report, however classifying users to the right licensing type – which is after all the essence of licensing costs – is not addressed in the email from SAP.

Generating the licensing report only according to SAP’s guide produces an output of your current licenses, however, there is much more to consider. For example, your licensing output includes misclassified and dormant accounts, which will all be counted as valid licenses. Moreover, unclassified accounts will be counted as expensive ‘Professional’ license types if not eliminated.

To produce an optimal report, you need to first gather the actual data and then combine and classify usernames. Once this is done, you are ready to optimize the results (to be discussed in detail in the next article).

2 – Ignore certain users

Several users and activities, such as SAP*, DDIC and EARLYWATCH, are preconfigured by SAP and should be ignored. In many SAP systems approximately twenty users, or more from this type, are created. This means that if you do not pay attention, you are taking into account twenty avoidable users! Consider classifying these preconfigured users as license type ‘Test’ to avoid counting them unnecessarily (for detailed SAP instructions, see SAP note 1402837).

In addition, try to identify instances where users tried to perform certain activities, yet did not succeed. In certain cases, the SAP log will indicate these attempts as actual usage of the system, whereas with the right software you can easily distinguish real consumption versus an attempt only. Knowing this enables you to correctly classify users to license types by analyzing their activity. Be aware of flaws along the process, for example if you count according to dialog steps, the T-Code SESSION_MANAGER (the first screen after login) is calculated unnecessarily, increasing the consummation of each user.

3 – Gather all the data

Gathering all the data literally means all the data. You should not ignore certain users and/or license types. Xpandion experts have witnessed many audits where during the process of collecting data, various user types, like ‘Communication’ and ‘System’, were falsely ignored. Usually, such license types are used for remote connection and they should not be disregarded. Furthermore, in many cases users with empty license types are mistakenly overlooked in the final report.
Follow this simple rule: if a user is registered in SAP, consider this valid unless you have good reason not to (also, make sure your reason is well documented in your contract).

4 – Select method for combining usernames

Unless your contract specifies otherwise, the SAP licensing model permits employees to hold several usernames within the organizational SAP systems, hence the importance of combining varying usernames and linking them to the specific employee. For example, combine ‘JOHNS’ in the ERP system and ‘JOHNSM’ in the CRM system – linking both usernames to the employee John Smith from the finance department.

Combining usernames manually from different SAP systems is a complicated and tedious task, which inevitably leaves a huge margin of error. Best manage this process via automated software. Remember that choosing the right method for the process of tracking and combining usernames can impact your budget significantly. The following are the most recommended options:

  • Combine usernames according to their emails; this is only relevant if all email addresses are maintained.
  • Combine usernames based on identical usernames across all systems; take into account that this does not hold true in certain systems.

5 – Use fuzzy logic to match users

To avoid errors when connecting usernames, consider using advanced methods. For example, combining usernames by email addresses, applying a secondary method for remaining unclassified usernames (full name), and then by yet another (username), and finally use some fuzzy algorithms as well (connect John Smith to JohnSmith).

6 – Validate your results

Review your results of the gathered raw data to make sure you achieve optimized results. Specifically, review the outcome with your network manager, who knows the network architecture, and can determine if duplicate users are actually the same person, or if employees with different usernames are really the same user (this often occurs when an organization assigns additional users to comply with regulations).

Note: Eliminating duplicate accounts and dormant usernames can save 4%-7% from the total number of user accounts!


Now that you have optimized your raw data results, you are ready to generate the report. Stay tuned for the next set of tips on how to optimize your SAP licenses and finally, submit your audit report successfully.

About Moshe Panzer

Moshe Panzer is the founder and CEO of Xpandion Ltd. A renowned SAP expert with recognized industry-credentials, Mr. Panzer has orchestrated over large complex SAP implementations worldwide. Xpandion is the leading provider of ERP Usage Inspection solutions, focusing on the areas of SAP licensing, segregation of duties and security & authorizations. Xpandion was named Cool Vendor in ITAM for 2012 by Gartner Inc.

One Comment

  1. Sam says:

    Some of the simple steps which can be taken for reducing the license cost is the following
    1. Locking users for inactivity on a regular basis
    2. Making sure users are classified across all the system by proper license type
    3. Having the the same first and last name in all the systems
    4. Turning on the parameter so users cannot have multiple logons

    SAP Audit |SAP Controls| SAP Security Audit | SAP Compliance

Leave a Comment