Case Study - SAP Audit Defense / SAP โ€“ Case Studies

Case Study: Michigan Automotive Supplier Challenges Audit Claim by Demonstrating Proper Indirect Usage Licensing

Michigan Automotive Supplier Challenges Audit Claim by Demonstrating Proper Indirect Usage Licensing

Industry: Automotive
State: Michigan
Employees: 22,000

The Challenge

A leading automotive supplier based in Michigan was hit with an unexpected SAP license audit, focused squarely on indirect usage. SAP alleged that several internal systems and third-party platforms accessed SAP data without appropriate licensing and issued a preliminary non-compliance claim totaling millions of dollars.

The claim was based on automated data flows between the companyโ€™s SAP ERP and external applications like manufacturing execution systems (MES), logistics platforms, and customer ordering portals. SAP’s audit team classified these interactions as unlicensed digital access, arguing that each external user or system-triggered action should be counted as an indirect access instance.

The IT leadership disagreed. They believed the architecture complied with SAPโ€™s licensing terms under their existing agreements, which included prior discussions about how digital interfaces would be handled. However, the documentation wasnโ€™t consolidated, and without a strong defense, the claim posed a real financial threat.


The Solution

The company brought Redress Compliance to assess the audit findings and build a fact-based defense.

Actions taken:

  • Interface Mapping and Transaction Review
    Every non-SAP system connected to the ERP environment was mapped. Redress analyzed how data flowed between systems and what transactions were being executed.
  • Usage Categorization
    The team separated automated system actions (e.g., status updates, material postings from machines) from actual human-driven processes. Many transactions SAP flagged as indirect use were part of pre-approved system integrations.
  • Documenting Prior Agreements and Intent
    Historical communications and architectural approvals were gathered to show that SAP had been informed of the interfaces during previous licensing discussions, supporting the claim that these scenarios were already accounted for.
  • Applying Indirect Access Rules Appropriately
    SAPโ€™s methodology had counted entire user populations and transaction sets as indirect usage, even when access was batch-processed, middleware-based, or subject to user-level authentication outside SAP. Redress used SAPโ€™s guidance to demonstrate why this approach was flawed.
  • Engaging SAP With a Formal Rebuttal
    A detailed response was submitted, backed by usage logs, architectural diagrams, and legal license interpretations. Redress also facilitated direct discussions with SAPโ€™s audit and legal teams to review the findings.

The Results

The outcome was decisive:

  • SAP Withdrew the Indirect Access Claim
    The original multi-million-dollar compliance claim was retracted after the company proved its architecture did not violate licensing terms.
  • No Additional Licensing Required
    SAP acknowledged that the supplierโ€™s digital integrations were covered under existing agreements and proper licensing interpretations.
  • Improved Audit Readiness and Documentation
    The company established a formal documentation process for interface reviews, audit logs, and license-use mapping, minimizing future audit risks.

โ€œThis was a wake-up call,โ€ said the Director of Enterprise Applications.
โ€œWe were confident in our design, but without Redressโ€™s help in organizing the evidence and pushing back on SAPโ€™s assumptions, we could have paid millions unnecessarily.โ€

โ€œThis isnโ€™t just about the money we savedโ€”itโ€™s about defending our architecture and protecting how we run our business,โ€ added the CIO.


Why It Worked

Indirect usage claims are complex, and SAPโ€™s audit approach can be aggressive. What made this case successful was data-driven rebuttal, licensing expertise, and historical documentation.

This Michigan automotive supplier didnโ€™t just avoid a large audit settlementโ€”they protected their IT strategy and built a compliance framework that now serves as a model internally.

With the right help, audit claims can be challenged and defeated.

Author
  • Fredrik Filipsson has 20 years of experience in Oracle license management, including nine years working at Oracle and 11 years as a consultant, assisting major global clients with complex Oracle licensing issues. Before his work in Oracle licensing, he gained valuable expertise in IBM, SAP, and Salesforce licensing through his time at IBM. In addition, Fredrik has played a leading role in AI initiatives and is a successful entrepreneur, co-founding Redress Compliance and several other companies.

    View all posts
Redress Compliance