A European industrial manufacturer received a SAP audit finding centred on indirect-static access — Digital Access document creation tied to two third-party logistics platforms. SAP's initial settlement letter quantified the claim at $4.8M. We reconstructed the document-creation evidence, re-classified what the third parties had actually written into SAP, and closed the audit at $192,000.
The client received a routine SAP engagement notice in March, followed eight weeks later by a measurement output that quantified Digital Access exposure at 8.6 million sales document equivalents over the preceding 18 months. At the published Digital Access list rate, the calculated claim came to $4.8M. The audit team flagged two integration points as the source: a third-party warehouse management system writing inbound delivery documents, and an EDI gateway translating customer order EDI into SAP sales orders.
SAP's settlement proposal offered a 25% "audit conversion discount" — bringing the headline to $3.6M — conditional on conversion to a Digital Access subscription within 90 days. The internal team's first instinct was to negotiate the discount up. That would have been the wrong fight.
In our experience across 340+ SAP engagements, Digital Access measurement outputs almost always overstate. SAP's passive measurement reports every document created, regardless of which system actually instigated the document and regardless of whether the document was later cancelled, reversed, or created in error. In this case, the 8.6 million document count included internal SAP-to-SAP document chains the audit team had not deduplicated, plus a substantial volume of cancelled documents that should never have been in scope.
More importantly, the legal classification of "indirect access" had been mis-applied to one of the third-party systems. The warehouse management platform was reading from SAP, not writing to it — and SAP's own 2018 indirect-access framework explicitly carves out read-only access from Digital Access licensing.
Talk to a former SAP audit lead before the measurement window opens.
We worked with the client's integration team to evidence that the warehouse management system performed only read operations against SAP — pulling open delivery documents to drive picking, not creating new SAP documents. We provided the WMS access logs, the SAP RFC connection definitions, and the integration architecture diagram, and made the case that this integration sat outside Digital Access scope under SAP's 2018 framework. SAP accepted the re-classification in writing.
SAP's measurement output had counted document creation events at multiple stages of the order-to-cash chain — sales order, delivery, invoice — even though these are linked documents arising from the same external request. We applied SAP's own deduplication guidance and reduced the chargeable document count by 41%.
A further 19% of documents in the audit output were either cancelled within the same accounting period or created in error and subsequently reversed. SAP's licensing terms do not require licences for documents that are not net of cancellation; the audit output simply hadn't applied that exclusion. We re-ran the calculation with cancellations removed.
For the EDI gateway, the remaining documents were customer-originated sales orders translated through a middleware layer. We argued that the indirect creator was the customer, not the middleware, and that the existing Named User licensing already accounted for the relevant internal users actioning these orders downstream. SAP partially accepted this, reducing the chargeable EDI document count by 65%.
After the four technical defences, residual Digital Access exposure stood at approximately $390K at list. We then negotiated commercial terms — a per-document price 50% below list in exchange for a three-year Digital Access subscription co-termed with the existing maintenance contract. Final settlement value: $192,000.
SAP Digital Access claims are vulnerable to technical re-measurement in ways that SAP audit teams know about and customers usually do not. The five-line defence sequence above is essentially the playbook our SAP practice runs on every Digital Access audit, calibrated to the specific integration architecture in front of us. The 96% reduction here is on the higher end of what we typically achieve, but a 60–80% reduction is realistic when the customer engages early, before signing anything.
If you have a SAP audit letter on your desk — or you have just received a measurement output you cannot interpret — start with a thirty-minute scoping conversation. The first decision you should not make alone is whether to engage with the measurement output at all.
The Vendor Audit Defence Handbook documents the SAP, Oracle and Microsoft defence playbooks.
Our SAP practice is led by former SAP audit and licensing executives. We can review the measurement output, identify the re-measurement defences, and run the audit response — usually start to finish in under six months.
Weekly compliance intelligence for IT leaders.
