Indirect usage of SAP software: how to avoid and save costs
The question of Indirect Usage of SAP software was a controversial topic lately, after the UK court ruled that Diageo Great Britain Ltd. is required to pay additional license and support fees for Indirect Usage because they integrated the SAP systems with software from Salesforce, using SAP PI integrator software.
Given this news, many organizations started to pay more attention to their compliance position, trying to find out if there is any chance to be exposed to the same risk. Buying software and paying for maintenance is already expensive for many companies, so why not find a way to avoid or, even better, save costs?
Based on market capitalization, SAP is the world’s third largest independent software manufacturer and serves customers across the globe. Chances are that you already use SAP software, directly or indirectly, and it is understandable that you would like to have more insight into your compliance position.
Where should you start looking for cost saving opportunities?
According to Gartner “Substantial cost cutting opportunities exist in monitoring usage of purchased applications. Depending upon the level of maturity, enterprises that implement software usage capabilities will achieve savings of 5% to 25% in the first year.”
Hence, let’s say you’re the SAM manager of an organization that uses SAP software both directly and indirectly. Based on SAP licensing documentation, SAP offers its software only in the form of perpetual licenses or subscriptions.
Regardless the type of license you have, when you purchased these licenses, they came with agreements that you might or might not have completely understood.
Organizations are often faced with agreements containing multiple license metrics and vague terms. To optimize SAP licenses, companies need a transparent agreement and entitlement overview as well as a solution that provides almost real-time visibility of actual SAP license usage.
To identify cost saving opportunities, there are some specific areas you should pay attention to. The first thing you would want to do is understanding the usage pattern of the users in the system, to avoid spending money which could be better used for other purposes.
It also helps to identify the software and its active/non-active users. There are many cases when a license for a former employee is still active, even though not in use. For SAP that doesn’t matter, they count it as a license for which you need to pay support fee. You, as the SAM manager, need to first identify what is used and what is not and then validate this with your organization for the final actual and future usage. Your findings should reflect the reality or, if not, should align to it.
Now that you know who is using the software, you can allocate licenses based on activity and upgrade, downgrade, reclassify or recategorize existing SAP licenses across SAP systems to also address ad-hoc license requirements.
Considering that SAP looks at what you have registered in your system, you’ll need to update the system so that it will reflect the correct number of users and usage.
After you followed all these steps, you may benefit from a decrease in licensing and maintenance costs.
But that is not all. Remember Indirect Usage? To be sure you will not get concerned about Indirect Usage of SAP software, it’s useful to have an architectural picture of all SAP systems sites, including the interfaces to other systems. Third Party usage can be a major concern, if it’s not done right.
Listed below are the most common cases of Indirect Usage:
Customers use eCommerce platforms to place sales orders
Partners and suppliers access inventory and run reports
Field officers use mobile applications and devices to get new notifications
Sales representatives access and input customer-related data and run CRM reports remotely from a non-SAP interface – this could easily be via a mobile device
Remote engineers access inventory and place orders via a self-service application
Third-party logistics suppliers/ contract manufacturers consume data from SAP
Applications that use and share SAP’s data for product life-cycle management purposes
Use of Salesforce to view customer master data that resides in SAP ERP
Customers create new types of users
Let’s take for example a business that uses handheld devices in their warehouse and accesses SAP ERP to get data on materials. They might be exposed to risks from Indirect Usage, mostly because they are not aware that the database which the employees access is from SAP.
The majority of existing SAP customers estimate that they are “possibly” to “very probably” exposed to financial risk in relation to SAP indirect use claims. This is one of the key findings of a survey conducted amongst SAP customers and members of the German-speaking SAP user group in 2016.
To identify Indirect Usage risk, as well as cost saving opportunities, it is recommended to investigate reviewing the following areas:
Interfaces connected to the system: you need to identify how many interfaces your organizations has. An SAP survey revealed that most respondents had more than 5 interfaces to non-SAP applications, while some organizations had more than 50.
Data flow: after you identified the interfaces, you should categorize them, as well as the data flowing across them. What should this include? The way the data flow goes could be one-way or bi-directional. When business logic is applied, raw customer data can be treated differently by vendors than the data produced by the system.
Users and roles: you have to identify all the users within your organization and their roles. As some user’s license type depends on the roles performed, it is important that a user’s role is determined not by the actions he is authorized to perform, but rather by those he is actually performing, based on real usage data. This is more likely to result in a more optimal license position.
Overlaps: you need to identify the overlaps between users with direct and those with indirect access. It can happen that an indirect user also accesses the system directly for other purposes. If this situation occurs, a single license, SAP Named User for example, can cover the user’s activities through many/all interfaces.
Taking a proactive approach to understand indirect access exposure enables organizations to engage with a vendor on their terms and optimize the outcome.
Not only the existing licenses might lead to compliance issues, but also new ones that you need to acquire. When purchasing new licenses, due to new requirements or organizational expansion, a review of the metrics and metric definitions is desired, as SAP is known for providing many different license metrics.
Take ownership over Self-Declaration
Most of the metrics some organizations currently have are not covered by the standard SAP USMM/LAW measurement functionality. SAP provides no standard usage determination methodology or tools for some metrics, thus they will ask their customers to declare the usage of these products. Disregarding that often the metrics definition is clear, the challenge is to find the right sources to get the right value.
Self-Declaration is often created based on what different people in the organization will provide, without truly understanding the metric definition. Customers often have multiple sources to retrieve the same information, however, the key is to fully understand what sources need to be assigned to create the self-declaration.
SAP, as most auditors, do not intensively check self-declarations on its accuracy and will not challenge what you self-declare. There can be situations when you are declaring the wrong thing and this is obviously not in your favor. Therefore, it is worth to understand the exact sources you need to use, to check the most unclear license metric that you declare and to involve all people who are in the self-declaration process.
Direct cost saving can be realized by having a thorough look at these processes, methodologies and the people who can submit declarations on behalf of your organization.
To put it in a few words, there is always the possibility to face compliance issues when it comes to SAP software as, besides the Indirect Usage question, there is also the increasing number of cloud computing services adopted by companies.
For many applications that move to the cloud and require access to the database from the SAP system, it will be necessary to connect to SAP indirectly and therefore the budgets to cover this will need to be increased.
However, what is important now is to be informed and prepared for a licensing audit. Information, especially verified and valid, can only help you make smarter decisions when it comes to SAP licensing.
This article was published on 22-03-2017