
Industry: Automotive
State: Michigan
Employees: 22,000
The Challenge
A leading automotive supplier based in Michigan was hit with an unexpected SAP license audit, focused squarely on indirect usage. SAP alleged that several internal systems and third-party platforms accessed SAP data without appropriate licensing and issued a preliminary non-compliance claim totaling millions of dollars.
The claim was based on automated data flows between the companyโs SAP ERP and external applications like manufacturing execution systems (MES), logistics platforms, and customer ordering portals. SAP’s audit team classified these interactions as unlicensed digital access, arguing that each external user or system-triggered action should be counted as an indirect access instance.
The IT leadership disagreed. They believed the architecture complied with SAPโs licensing terms under their existing agreements, which included prior discussions about how digital interfaces would be handled. However, the documentation wasnโt consolidated, and without a strong defense, the claim posed a real financial threat.
The Solution
The company brought Redress Compliance to assess the audit findings and build a fact-based defense.
Actions taken:
- Interface Mapping and Transaction Review
Every non-SAP system connected to the ERP environment was mapped. Redress analyzed how data flowed between systems and what transactions were being executed. - Usage Categorization
The team separated automated system actions (e.g., status updates, material postings from machines) from actual human-driven processes. Many transactions SAP flagged as indirect use were part of pre-approved system integrations. - Documenting Prior Agreements and Intent
Historical communications and architectural approvals were gathered to show that SAP had been informed of the interfaces during previous licensing discussions, supporting the claim that these scenarios were already accounted for. - Applying Indirect Access Rules Appropriately
SAPโs methodology had counted entire user populations and transaction sets as indirect usage, even when access was batch-processed, middleware-based, or subject to user-level authentication outside SAP. Redress used SAPโs guidance to demonstrate why this approach was flawed. - Engaging SAP With a Formal Rebuttal
A detailed response was submitted, backed by usage logs, architectural diagrams, and legal license interpretations. Redress also facilitated direct discussions with SAPโs audit and legal teams to review the findings.
The Results
The outcome was decisive:
- SAP Withdrew the Indirect Access Claim
The original multi-million-dollar compliance claim was retracted after the company proved its architecture did not violate licensing terms. - No Additional Licensing Required
SAP acknowledged that the supplierโs digital integrations were covered under existing agreements and proper licensing interpretations. - Improved Audit Readiness and Documentation
The company established a formal documentation process for interface reviews, audit logs, and license-use mapping, minimizing future audit risks.
โThis was a wake-up call,โ said the Director of Enterprise Applications.
โWe were confident in our design, but without Redressโs help in organizing the evidence and pushing back on SAPโs assumptions, we could have paid millions unnecessarily.โ
โThis isnโt just about the money we savedโitโs about defending our architecture and protecting how we run our business,โ added the CIO.
Why It Worked
Indirect usage claims are complex, and SAPโs audit approach can be aggressive. What made this case successful was data-driven rebuttal, licensing expertise, and historical documentation.
This Michigan automotive supplier didnโt just avoid a large audit settlementโthey protected their IT strategy and built a compliance framework that now serves as a model internally.
With the right help, audit claims can be challenged and defeated.