In part 1 of this SAP blog series, we covered SAP’s older indirect use licensing model and some of its shortcomings. To recap, many customers were dissatisfied with SAP’s licensing model, complaining that indirect use was not clearly defined, and that this led to unfair licensing practices and enforcement. Pushed by these complaints, and the visibility around lawsuits involving Diageo and Ab InBev, SAP changed their indirect use licensing model in April of 2018 to the Digital Access Model (DAM).

So what’s new about the Digital Access Model, and did it ameliorate some of the issues with the previous model?

There are two major changes in the DAM. First, the new model focuses on measuring the use of the Digital Core. The new SAP digital core platforms have been updated from SAP ECC to include the SAP HANA in-memory database, SAP S/4HANA and S/4HANA Cloud. SAP also offered a definition of indirect use, grounding the definition in the use of the Digital Core:

“Indirect/Digital Access is when people or things use the Digital Core without directly logging into the system. It occurs when humans, any device or system, indirectly use the Digital Core via non-SAP intermediary software, such as a non-SAP frontend, a custom-solution, or any other third-party application. It also occurs when non-human devices, bots, automated systems, etc. use the Digital Core in any way.” (Source: SAP ERP Pricing for the Digital Age).

By basing indirect use on the Digital Core, customers now have a clearer understanding of the specific instances of indirect use that needs to be licensed. At the same time, SAP remains somewhat vague on how far indirect use extends using all-encompassing phrases such as “in any way” and “any other third-party application.” We’ll cover some potential ramifications of these terms in part 3, but in the meantime, try to grasp Digital Core use in your environment and how your SAM tools can be leveraged to measure such usage.

The second major change that the DAM made was to shift away from user-based licenses, to a document-based model. Instead of licensing the number of users using SAP systems, the DAM calculates licenses based on the number of documents created, regardless of who created them.

The DAM outlines nine (9) system-generated document types that are considered relevant for licensing. The 9 document types are:

  1. Sales Order 2. Invoice 3. Purchase Order 4. Service & Maintenance Document 5. Manufacturing Document 6. Quality Management Document 7. Time Management Document 8. Financial Document 9. Material Document

To count the necessary licenses, SAP multiplies the number of documents by a corresponding multiplier, 1.0 for document types 1 through 7, and 0.2 for types 8 and 9. For example, 10 sales orders would be calculated as:

10 Sales Orders * 1.0 (document multiplier) = 10 licenses,

whereas 10 Financial Documents would be calculated as:

10 Financial Documents * 0.2 (document multiplier) = 2 licenses.

Importantly, license calculations are based on the initial document created, rather than documents read, updated, or deleted.

To give a more concrete example, imagine a customer using a sales management application to store sales, purchase orders, and payment data. Payment data is automatically transferred to the ERP, resulting in the creation of accounting records stored in the SAP system. Since only the financial module is updated through the third-party application, SAP will charge for the total number of accounting documents created in the system and license them based on the “Financial Document” document type.

But let’s alter scenario a bit and imagine that sales orders are registered on a web platform and are ultimately stored in an ERP. In this scenario, the initial sales order generates an invoice order first, and then an accounting entry in SAP. In this scenario, because SAP’s licensing rules specify that only the originally created document is counted, the customer would not get charged for all documents created in SAP (i.e. the sales doc., invoice doc, or financial doc.), but only the original sales order document.

To sum up, the key takeaways are:

  1. Digital Access is based on usage of the Digital Core (S/4HANA).
  2. Digital Access licenses documents, rather than licensing users.

In other words: Digital Access-Digital Core-Document Based

Currently, SAP customers can choose to license their software by named user (the old model) or by the DAM. But how do you know which option is best, and more importantly, less costly for your organization? In part 3, we’ll point out some potential pitfalls of both licensing models to help you make an informed decision about which licensing model is best suited for your organization.

If you want to learn more about how SAP’s licensing models, and how to protect against SAP audits or prepare for an upcoming contract renewal, contact Connor at today.

Note: This is the first of a four-part blog series

Imagine yourself in this scenario: your company runs an online business that sells products and services to thousands of daily customers and tracks all transactions through an on-premise or cloud-based financial/ERP system. All of a sudden, your ERP software vendor comes to audit you and demands true-up license fees for every single one of your customers that have ever made a transaction through the system, on top of your usual user licensing requirements. Wouldn’t you be disgusted by those findings?

Unfortunately, this isn’t exactly a fictional story, and SAP has recently taken the spotlight in the software industry for similar practices related to indirect software usage. Indirect use, which refers to virtual software use by either humans or bots, is a widely known software asset management (SAM) issue, and it has had major consequences for companies licensing SAP products.

If you’re worried about your SAP licensing and want to prepare for a potential SAP audit or right-size for an upcoming contract renewal, then our 4-part Indirect Use Guide will ensure you are ready to make well-informed licensing decisions for your company. In this 4-part SAP audit defense blog series, we’ll walk you through a brief history of SAP’s indirect use licensing methods, the ins and outs their new and improved Digital Access Model (DAM), key considerations before making the switch to DAM, and a guide to completing an SAP license assessment in about 21 days.

Part 1: SAP Indirect Use Licensing – A Brief History

When SAP first started charging customers for indirect use, they required named-user licenses for everyone accessing the SAP system through third-party applications. This meant that sales representatives and business customers who carried out sales and order related activities through a web platform were also required to be licensed for SAP products. The problem with this model was that it was often unclear what was meant by indirect use and how far it extended, as external users could be making updates to SAP database tables through a non-SAP application. Without full transparency and a clear definition of the users that required a license through indirect use, companies had a hard time managing their SAP licensing.

Understandably, many companies were unhappy with this reporting structure, and several companies refusing to pay indirect use licensing fees were brought to court, most notably beverage companies Diageo and AB InBev in 2017. Both companies refused to pay their initial multimillion-dollar license fees related to indirect use, and SAP took legal action on them.

Diageo’s case revolved around their deployment of two systems using SAP’s ERP interface mySAP. The original agreement between SAP and Diageo was signed in early 2004, and the systems in question were deployed around 2011. Ultimately, a high court sided with SAP ruling that Diageo was liable to pay SAP for the additional 54.5 million Euro licensee fees related to indirect use by customers and other sales representatives. For the most part, this case was settled in public and gave a lot of visibility to SAP’s aggressive software audit practices.

However, AB InBev’s $600 million case was settled in private. According to, this came down to the method of enforcement. By enforcing the license agreement through Commercial Arbitration, the court case was able to be handled in private behind closed doors. For this reason, we still do not know how much AB InBev paid SAP to settle the case, although we know that the case was resolved outside of court.

As a result of these lawsuits, and the subsequent backlash from other SAP customers, SAP announced an improved approach for indirect use in late 2017. Organizations could cover any indirect use triggered by the creation of sales and purchase orders in the SAP system by licensing two engines: Sales and Service Order Processing or Purchase Order Processing. In other words, an unlimited number of sales and purchase orders could be created by an unlimited number of users, as long as you licensed the above SAP applications. However, the new model was not helpful or cost-effective to all customers, and many ended up still having to license indirect use by purchasing named-user licenses.

The Switch to Digital Access

Due to these shortcomings, SAP introduced a new licensing model in 2018, known as the Digital Access Model (DAM). While DAM is still a newer licensing model, SAP has been pushing for its customers to make the switch. In part two of this series, we’ll cover how DAM works, and the main changes from the older indirect use licensing model.

Getting Started with Your Audit Defense Strategy

If you want to learn more about how to protect against SAP audits, our compliance and software advisory experts help you successfully prepare for difficult vendor audits and boost the effectiveness of your SAM programs.

To learn more about our SAM and Audit Defense offerings, contact Connor Consulting at today.

In the first and second installments of this series, we looked at some of the technical details you should think about when evaluating and selecting a Software Asset Management (SAM) tool. In this third installment, we’ll cover what insights your SAM tool should be able to provide once it has collected and normalized the SAM discovery information. Said another way, we’ll look at how your SAM tool can take raw deployment data and turn it into actionable intelligence.

To ensure your SAM tool is properly gathering data, you’ll need to start by ensuring your contracts and entitlements are properly accounted for in your SAM tool. Entering the initial set of contracts and entitlements can be a daunting task and is the most challenging aspect to establishing an effective SAM program for many organizations; however, many tool vendors or third party service firms will assist with entering an initial set of entitlements for your top IT vendors. This is a good opportunity to get your SAM staff valuable experience by seeing exactly how your contracts will be translated by the tool.

At a basic level, an effective SAM tool should allow you to make the corresponding connections between your entered contracts and entitlements to your deployed software. For example, your tool should be able to detect licenses that allow unlimited virtual machines (VM) on a piece of hardware, like Windows Datacenter, and notify you that any Windows install tied to that piece of hardware doesn’t need another license whenever you install a new VM. If your licensing is user based, then your tool should be able to understand when a single user has multiple devices and count the license requirement accordingly.

If you’re looking to further level-up your SAM tool, you can use your contract and entitlement data to produce automated license position summaries for various vendors. These reports will really start to drive value, as they can identify where you have potential compliance exposure, true-up needs, or costly shelf-ware.

Beyond these fundamental license position and reconciliation features, it’s worthwhile to look ahead to what kind of cost-savings your SAM tool will enable you to realize. Ideally, your tool will have technical capabilities that will allow you to start planning proactively rather than being in a reactive state. For example, most of the best-in-class SAM technologies support some type of software usage tracking or metering. They’ll record every time a user starts something like Microsoft Project and provide reporting data on who has it installed, who started the software, and how long he/she used it for. The tool should also draw your attention to areas where you have multiple versions of software installed, or even multiple types of software that provide similar capabilities from different vendors, as there could be opportunities for IT vendor consolidation.

Your SAM team could use reports based on this data to send monthly emails to low-usage users, and determine if they really need that software installed. If you’re looking to further optimize the process, you can consider enhancing your SAM tool to automate sending those emails and even automate the process of removing or reclaiming the software from employee devices to support software re-harvesting.

Of course, usage metering isn’t just limited to users starting software on their desktops. You should also consider your server environments and see if your tool can provide any insights there. For example, could your SAM tool monitor a SQL Server over a month and determine that the CPU usage never goes above 5%? This is a good metric to track for identifying server consolidation opportunities in a virtual environment, or maybe even a conversation with the server owner to determine if a particular server even needs to exist. Again, we come back to your SAM tool acting as a source of data, allowing you to be proactive in your environment and optimize your IT spend.

The final key item you want from your tool is a way to help effectively plan for future IT investments. The usage of cloud services, containers, microservices (and every other buzzword you can think of) is expanding and challenging many traditional software licensing models. What does a CPU socket license mean to an “AWS t2.large” instance anyway? Your tool should be able to help evaluate your current on-premise usage and determine what kind of cloud instancing you need, whether in AWS, Azure, or another public cloud environment. However, a 1:1 mapping of on-premise servers or VMs to cloud instances will almost certainly result in overspend on cloud resources. Instead, see if your SAM tool can help analyze Actual Resource Consumption (ARC)—the actual CPU, memory, and storage usage of your environment—and compare that to what each cloud instance can provide through your selected supplier. Instating proper cloud cost management and governance will, without a doubt, help reduce waste in the cloud.

An advanced tool could also provide you with insights on your application dependencies. This means tracing through the applications your organization uses to see how they are connected and find opportunities to optimize your architecture. For example, you could find servers that are ostensibly part of an application, but never actually receive any connections or do any work! It’s easy to add servers to an environment, but having information at your fingertips to identify where they can be taken out or consolidated is invaluable.

While many of the high-end tools on the market can do some of these calculations automatically, it’s important to remember that without staff dedicated to learning, understanding, and using the tool, you won’t realize the value that you should. Whatever capabilities a tool has, there’s still no “silver bullet” or an easy button that you can press to put your SAM program on auto-pilot. The human factor remains critical for a well-functioning and optimizing SAM team.

If your company is currently assessing or evaluating a SAM tool, considering a SAM technology upgrade, or has questions about what questions to ask a SAM solution vendor as part of your selection process, reach out to Connor Consulting at today.


Software Asset Management (SAM) and Cloud Cost Management (CCM) continue to fall into key priorities for IT organizations across industries. With the proliferation of the cloud, SaaS vendors, as well as on-premises software vendors, the need to have better insight into software or service consumption and organizational value is paramount. A well designed and mature SAM program greatly reduces inaccurate licensing of software, uncovers overspend, and improves overall system and data security. According to Market Research Future (MRFR), the global SAM Market is expected to reach approximately USD 2.45 Billion by 2023, growing at a ~14.18% CAGR over the forecast period 2018-2023.

At Connor, we have been investing significant resources to provide top-notch advisory services that provide both an auditor’s lens, along with a practitioner’s point of view of effective license management and optimization. With unparalleled experience from thought leaders who have set up and led SAM departments for Fortune 100 companies, Connor helps mitigate IT supplier risks and realize material cost savings, both on-premise and in the cloud.

However, we acknowledge that providing expert services is not always enough to help the world’s top companies manage software and calibrate cloud usage.. In order to provide the best possible solutions to our customers, we have partnered with leading technology vendors to provide a holistic approach to SAM and CCM, including Flexera, Movere, Snow Software, Xensam and Zylo.

“We at Connor are fully committed to helping companies design, implement and manage highly efficient and impactful Software Asset Management programs,” said Rich Reyes, Executive Vice President of Connor’s Software Advisory Practice. “Our partnerships with today’s leading solution providers ensure our seasoned consultants are equipped with the best-of-breed tools to help enterprises tame IT spend, limit security and compliance risks, and increase ROI on technology investments.”

These alliances will provide our customers with unparalleled vendor licensing expertise and actionable data for better decision making and IT cost optimization.


About Connor

Connor is a leading independent audit and software advisory firm that specializes in contract and supply chain management, compliance, and license & cloud optimization.  Connor is a strategic advisor to industry leaders such as ARM, HDMI, Dolby, and many others.

If you would like to learn more about our services and how we can help you with your compliance or software asset management program, please contact us to explore the benefits for your organization:


+1 (415) 578-5002 or fill out an inquiry at

We are pleased to announce that CIO Applications has named Connor a Top 10 Software Asset Management Consulting Services Company in 2019. CIO Applications is leading the way in helping enterprises to adopt the best in technology and related services.

With the cloud rapidly changing the landscape of technology services and solutions, the requirements to deploy a modern IT stack is paramount to maintain competitive advantages, enhance cybersecurity, and adapt to evolving technology trends. As organizations migrate to the cloud and eschew legacy, monolithic technologies for cloud-based, best-of-breed technologies, they must instate effective programs to manage software assets throughout their lifecycle, in order to mitigate supplier risks and avoid unnecessary spend from these common IT events.

As a recognized Top 10 professional services company, Connor has established itself as a valuable ally to its clients implementing or looking to enhance their SAM and/or IT optimization programs.

To learn more about our philosophy and approach to servicing our customers, check out this interview featuring Rich Reyes, EVP of Software Advisory Services and Viresh Chana, Founder and CEO.

If you would like to learn more about how Connor can assist you with your SAM and ITAM needs, please visit our website.

We also have some great educational resources if you are just embarking on your SAM initiatives and would like some expert guidance pitfalls to look for and best practices to follow. Watch this on-demand webinar to learn more!

Software as a Service (SaaS) has quickly become the largest category of XaaS spend1.  In fact, Gartner estimates that the SaaS segment of the cloud will reach $85.1 Billion dollars in 2019. By design, SaaS providers have made their solutions easy to procure, setup, configure, and enable across your enterprise, both in IT and across the business.  In some cases, an employee can create a new user account simply by authorizing payment through a credit card and activating the cloud application through the internet.

The Hidden Challenges of SaaS

Despite its convenience and benefits, SaaS has caused new problems for IT departments.  The days of fully controlled, centralized IT governance are behind us, as businesses prioritize agility and speed to market in order to stay relevant and compete with industry leaders who have gone digital.  As a result, there is an increase in “Shadow IT,” where SaaS implementation frequently bypasses IT or CIO offices, increasing security risk.  While Information Security teams can manage SaaS access from company networks through cloud brokering and single sign-on solutions, they don’t have much insight into users logging into SaaS applications/data from other locations or the public internet.  This increases data and information risks, and can impact GDPR compliance if the information is being transmitted to foreign locations.

In addition, traditional SAM programs aren’t able to keep up with these growing SaaS footprints, and IT is often being challenged with managing unpredictable cloud spend.  Unfortunately, IT shops generally do not have a “single source of truth” for tracking SaaS applications running across their companies.  While Cloud Cost Management (CCM) sounds fantastic in theory, many SAM programs continue to struggle with on-premise software compliance woes (e.g., vendor audits, true-ups, etc.) and don’t have the time, resources, or “know how” to tame their SaaS consumption and spend.  Many organizations also handle SaaS renewals reactively and cannot identify vendor or product redundancies across cloud-based applications to generate IT cost savings.

Taking SAM to the Next Level

So how do you evolve your SAM function to handle the perils of SaaS, establishing proactive CCM and cloud governance?

It all starts with uncovering what you don’t know, turning over every SaaS stone across your corporate landscape.  SAM teams must identify each SaaS application in use, who is accessing the cloud solution, and the time/frequency of usage.  Once you can inventory your SaaS applications and produce a regular report of this key information, you’ll drive smarter decision making across the organization.  You can then evangelize and share this data with cross-functional teams, which can help rationalize SaaS vendors, users and/or features.  These insights will be actionable and will enable more effective CCM, ensuring tighter alignment between your CIO and company leaders.

Leveraging Cutting Edge Technology for SaaS Management

Pairing Zylo’s innovative platform (click here to learn more) with our SaaS supplier and software licensing expertise, Connor Consulting is able deliver real-time cloud insights and provide you with a reliable and secure system of record for your SaaS-based applications, transforming your SAM program from a cost center to a value center by instating proactive CCM and cloud governance.

Contact us at for a free assessment today, and learn how to get a grip on your SaaS spend.


About The Author

Rich Reyes is an Executive Vice President for the Global Software Advisory practice at Connor Consulting.  He brings 20 years of thought leadership around software licensing & compliance, technology asset management, and IT sourcing.  Rich has performed hundreds of software audits on behalf of major vendors, and he’s established and led an ITAM/SAM department for a Fortune 100 retailer.  He continues to advise companies on practical ways to mitigate IT supplier risks, reduce vendor total cost of ownership (TCO) and optimize software licensing environments.  Rich holds CISSP and CISA certifications and is a frequent speaker at industry events.

The on-premise approach to Information Technology (IT) and Software Asset Management (SAM) is continually being disrupted with ongoing digital transformation, IoT, and all things AI.  Traditional IT operating modes which rely on in-house applications and systems are being phased out in favor of multi-mode IT – a combination of on-premise assets and those hosted in the cloud.  Gone are the days of solely acquiring software and hardware from third parties, building data centers, and maintaining them through periodic asset refreshes; in their place, we will continue to see the emergence of public, private, and/or hybrid cloud environments.

As a result, companies have begun to discuss whether a switch to the cloud is necessary to gain ground on cross-industry giants like Amazon, and to stay relevant in a market which leaves behind companies that fail to innovate or go digital.  However, companies have to be wary of increased IT OPEX spend during migration to the cloud, and look out for retiring older equipment and software too early, as it may result in material impairments or write-offs.

The Solution Bias Dilemma

IT suppliers and vendors recognize these paradigm shifts as well, and are becoming increasingly opportunistic, often using cloud migration as a commercial lever to push their newer, and often more expensive, products and technologies.  For example, in what’s known as solution bias, IT vendors upsell their own cloud technologies during migration without giving much consideration to current usage or future needs.  At the same time, these vendors are adapting their license agreements and software counting rules for their own benefit, making it more cost-effective for customers to use their own cloud solutions.

In addition, IT suppliers are revisiting old unfavorable enterprise agreements which granted unlimited product usage, as they were written without the cloud in mind.  In the process, they are capitalizing on any contractual landmines or “gotchas,” such as site or hardware restrictions, to uncover one-time and ongoing license fees.

Currently, licensees who have already migrated to the cloud are often getting a “free pass” from vendors and auditors during a traditional software review.  Due to evolving supplier license models, rules, product metrics, as well as unpredictable customer behavior and patterns, IT suppliers have been excluding XaaS environments from the scope of their license assessments.  SAM tool agents and audits scripts are also not yet commonly installed in the public cloud, so there isn’t an easy or effective way to discover software deployments.  However, XaaS environments will likely soon become a standard part of inspections, unless customers acquire software licenses as a service (e.g., SQL through Azure) through a public cloud supplier.

Proper SAM and Cloud Governance is Critical

With all that being said, companies should not wait on the sidelines and observe how vendors or auditors begin to address software licensing in the cloud.  Without proper SAM, cloud governance and controls in place, the risk of software deployment proliferating is incredibly high due to the agile and scalable design of cloud environments.  Even companies with mature SAM disciplines are at risk, as they are not accounting for the layer of complexity that the public cloud adds to the SAM world.

In order to address these changes, companies must proactively inspect and uncover potential cloud licensing risks in vendor agreements before major migrations occur to help avoid significant license premiums and preserve their leverage over vendors.  Companies should re-evaluate, challenge, and enhance their “people, process, and technology” framework that was standard for on-premise SAM to account for the perils of cloud licensing.  Even when the supplier does not raise any issues, it’s leading practice to determine and assess potential licensing risks before launching into the cloud.  Once software licensing risks are identified, IT Executives can decide whether to assume them or develop a strategy to mitigate their negative impacts, potentially saving their companies millions of dollars and protecting technology innovation funds.

Next Steps to Modernize Your SAM Program for Cloud

Have your IT vendor contracts been evaluated for migration risks or does your CIO prefer to take a “leap of faith” into the cloud?!  To learn more about how you can best prepare for software licensing “gotchas” in the cloud, contact Connor Consulting at today.

In the meantime, check out this on-demand webinar to learn more about how Connor Consulting – in partnership with leading SAM technology vendors like Xensam – can help you take your SAM efforts to the next level.


About The Author

Rich Reyes is an Executive Vice President for the Global Software Advisory practice at Connor Consulting.  He brings 20 years of thought leadership around software licensing & compliance, technology asset management, and IT sourcing.  Rich has performed hundreds of software audits on behalf of major vendors, and he’s established and led an ITAM/SAM department for a Fortune 100 retailer.  He continues to advise companies on practical ways to mitigate IT supplier risks, reduce vendor total cost of ownership (TCO) and optimize software licensing environments.  Rich holds CISSP and CISA certifications and is a frequent speaker at industry events.

In our first entry, we talked about some of the technical limitations of Software Asset Management tools in the software and data discovery of data of your environment.  Once you’ve tackled that issue and determined that you have complete and accurate data from your environment, you need to actually DO something with it!

On an average Windows desktop or laptop, opening up the “Programs & Features” panel could easily show fifty or a hundred installed pieces of software.  I counted 87 on my laptop just now, and that’s everything from Microsoft Word to Slack to the Windows Calculator app.  Now consider that in your environment, you probably have multiple versions of applications so your data set could have lines like:

  • Microsoft Word 2013
  • Microsoft Office ProPlus 2016
  • word.exe

Multiply that by a few different versions and a few thousand desktops and laptops and you can start to envision the giant mess and piles of data you’ll be dealing with.

The Importance of Software Asset Management

This is where Software Asset Management (SAM) tools start to demonstrate real value as they use a process called data mapping to comb through your records and provide useful summaries.  Some tools call this application recognition, but it’s all the same idea: taking the various software signatures identified in your discovery process and mapping them back to a singular software product, as well as deduplicating the data.  Most tools that have a feature like this should also have some way to update their data mappings regularly and reliably, so new vendor products or releases are accounted for by the mapping function.  This should be one of your critical requirements in sourcing a SAM tool.  Software is constantly changing and evolving, and if your tool isn’t keeping up, then you won’t be able to make smart decisions about your purchasing and mitigate license compliance risks with a high degree of confidence.  SAM teams should test the veracity of tool mapping data on a regular basis to determine if any updates need to be made.

As you evaluate SAM tools, you should try and test out the data mappings on your real data or production installs.  Have the vendor create a demo environment where you can load some of your live data and ensure that your critical applications are properly captured, evaluated, and reported.  In our example above, we’d want our tool to be smart enough to recognize that “word.exe” and Microsoft Word are the same thing, and we only need to see it (and count it) once.  But going even further, I really want the tool to know that Microsoft Office ProPlus is a bundle that contains Word so counting it separately would end up costing me extra money in support fees.  Product bundling is an essential requirement for a SAM tool and a challenging feature for vendors to consistently get right, since software products evolve at a very rapid pace and product bundles or inclusions often change.  In addition, there could be limited use non-OEM licenses offered in a vendor product (e.g., IBM DB2 offered through SAP R3); however, when used as a standalone product or in support of another application, it would trigger a separate or additional licensing requirement.

You should also consider how easy and important it is to make your own modifications to the data mapping library when your SAM tool falls short.  You might have some obscure software titles that the SAM vendor hasn’t seen before, or perhaps internal software that needs to be tracked and reported.  Additionally, you should make sure the tool warns or notifies you when there are software installations that it can’t recognize, so you can trigger your SAM process to map and tally the unknown product going forward.

The Devil is in the Details

I’ll give you a specific example from a prior engagement that emphasizes “the devil is in the details” premise. I had a customer who had created a custom installer for a certain piece of vendor software and deployed it out to their users.  This is a normal function and allows them to do things like set some custom configurations and make sure every authorized user could access company resources.  But in the process, they renamed the software to something that was unrecognizable to their SAM tool.  Because it wasn’t recognized or tracked, it was able to spread throughout the company without IT and the SAM team knowing that they had consumed all their licenses and then some, leading to significant non-compliance findings.  Under a vendor audit situation, they would have been on the hook for all of those licenses and liable for paying millions of dollars in software audit fees.

So now we’ve talked about how to make sure you get all the data we need or ensuring completeness and accuracy of your SAM tool, and of course, how to turn that discovery data into useful information through proper data mapping and analysis techniques.  In our next installment, we’ll discuss what tools should do to turn software deployment data into proper licensing data, aligning to product metrics in vendor agreements.


If you would like to learn more about Connor Consulting and how we can help with Software Asset Management, please contact us today for an initial briefing or complimentary assessment.


About the Author

Russell Lewis is a SAM professional with over 12 years of experience consulting with companies looking to improve their SAM processes and with software vendor compliance programs.

As we embark on the year 2019, the proliferation of new technologies and systems within the enterprise is only growing. This includes both updating existing legacy systems as well as adopting new cloud technologies. With this growth in tech stack complexity, do you have a clear picture or understanding of your overall IT application environment and software spending practices? Many organizations will develop a Software Asset Management (SAM) program or bring in a Managed SAM Service (MSS) provider, but the number of organizations that are practicing effective SAM is staggeringly low. Questions that we often ask customers to get a better idea of the effectiveness of their SAM efforts include:

  • Is your MSS driving effective vendor compliance or the expected cost savings?
  • Do you have a reactive or proactive MSS?
  • Does your partner actively drive changes, challenge your decisions, and make you aware of opportunities for cost savings, license optimization and potential termination of maintenance/vendor agreements that don’t deliver value?
  • Have you invested in a program and MSS partner, but are having to regularly manage the vendor to deliver on your SAM expectations?

Evaluating a Managed SAM Service (MSS)

Further complicating things are the various flavors of MSS programs offered by vendors:

  • Basic, Standard or Enterprise; OR
  • Bronze, Silver or Gold.

In some instances, they are proactive and address the top challenges and risks of SAM; however, in most cases, the managed providers are reactive in nature and simply respond to and support inbound vendor audits.  The Enterprise or Gold offering is intended to be a full-service solution, but typically leaves customers feeling like they haven’t received full value from their SAM investment.

There isn’t a “silver bullet” for SAM, but there are certain considerations you should be aware of prior to selecting a tool and partnering with an MSS provider.  Understanding your SAM program requirements and what you expect your MSS vendor to deliver is essential; ensuring these inputs make their way into your MSS agreement is a must to avoid misalignment throughout your term.

From our point of view, these benefits should be part of your MSS today and tomorrow (at a minimum):

  • Import and ongoing management of relevant vendor contract terms and license entitlements
  • Compliance or Effective License Position (ELP) reporting on a regular basis (e.g., quarterly)
  • Software license optimization
  • Software and maintenance cost reduction
  • Cloud migration software license readiness

Keys to a Successful MSS 

People and Roles

One of the biggest blockers of effective Software Asset Management is when an organization lacks the relevant people, program governance or expertise to manage the essential function. With the right resources in place (full-time and consultants where needed), you should have the proper thought leadership and staff in place to achieve SAM goals and objectives.  Starting with the RACI model, questions you should ask are as follows:

  • Responsible – Who is responsible? Who is the decision-maker?
  • Accountable – Who is accountable for a process or project?
  • Consulted – Are there any consultants involved? What’s the role of the consultant? What are the KPIs of the consultant?
  • Informed – Who will use the information for the benefit of the organization?

The Processes

The second element to a successful SAM program is to ensure you have a solid handle on your procurement process across software, hardware and IT services. Some questions to ask yourself are:

  • Is technology procurement centralized or decentralized?
  • How are product lifecycles maintained, managed and decommissioned? How do you make software upgrade or product migration decisions?
  • Is your Information Security team consulted or made part of software sourcing decisions?
  • Are the SAM processes documented and instated across the company?
  • Is it clear who is responsible, accountable, consulted and the beneficiaries of SAM data?
  • How do you accommodate new product requests, deployments and support of IT assets?
  • How is the IT budget impacted by software acquisitions and vendor true-ups?
  • Is it a central IT budget or are the costs allocated to certain business units/departments (e.g., showbacks or chargebacks)? What is the process for internal invoicing if not centralized?
  • When someone wants to add “free” software or requires a new license from an existing vendor, what processes are in place to handle the request?

More importantly, it’s critical for management to buy-into the value and importance of a SAM program and its initiatives. Once you have funding secured and IT executive sponsorship, you can start to design, engineer, and implement the appropriate processes to ensure effective software asset lifecycle management.

Finding the Right SAM Tool

Last but certainly not least, performing proper due diligence and selecting the appropriate SAM tool is essential to your program success. A SAM tool’s main function is to provide DATA! And complete and reliable data often leads to better decisions for your enterprise. But exactly what DATA are we talking about?! To enable accurate decision-making regarding software licensing & strategy, the following data elements are essential for collection and reporting by your SAM utility:

  • Hardware – Laptops, Physical Servers, Virtual Servers, as well as details of Processors, Cores, Sockets, Clock speed, RAM, warranty and storage etc.
  • Software – Vendors, Applications, Suites, Bundles, Versions, Editions, Features
  • Users – Quantities, Access Rights, External Users, Indirect Access
  • Cloud – Web Applications, SaaS Providers
  • Virtualization – Virtualizations rules for Disk Processor Enclosure (DPE), Distributed Resource Scheduler (DRS), Anti-Affinity, High Availability (HA)
  • Usage – Total Usage (How much have the applications been opened?), Active Usage (How long have the applications been actively used)
  • PUR – Product Use Rights (License Metrics)
  • Security – EOL, Antivirus, PUA and Malware detection.


It’s Table Stakes: You need the right tool, right partner and right processes

To reach your intended SAM destination, you need to have an effective pilot (people and process) and a reliable plane (technology). If you have one without the other, you’ll never get off the ground and complete your SAM mission as both are critical and highly dependent on the other. If you have the best plane in the world, but no pilot or thought leader to provide controls and governance, you won’t get anywhere.

Conversely, if you have the best pilot in the world but no plane, liftoff is not possible. Also, it is extremely important to assess where you are (current state) and determine where you want to go (future requirements) to ensure a smooth SAM journey. In order to do so, you’ll need to make sure you have the right plane (tool) and the right pilot (people/consultant) in place and engaged to help you reach your SAM goals, while consistently aligning to business objectives.

Xensam + Connor Consulting = Better Outcomes

To elevate your SAM function further, a mature SAM program will enable better decisions, empower better control, simplify, and expedite essential technology changes, making IT management more agile.

Managed SAM Service in 2019 is more than just the traditional model of People, Process and Technology; it’s further maturating the program to help IT and business leaders make better-informed decisions. It should be a proactive type of SAM that drives tough questions internally like whether maintenance or support is still needed for a given application, and how to provide the business with useful and relevant data to make smarter or quicker decisions. With all the data gathered and analyzed by the SAM function, this information needs to be shared and made available more regularly to leaders across the company.

SAM should deliver software compliance, cost savings, and license optimization; however, it should also help spark difficult questions around usage and the value of IT investments. Challenge internal buyers and software vendors on software purchases being evaluated/proposed or shoved down your throat at quarter or year-end! Stop paying for what you are not using or what you don’t need and pay less for more up to date applications.

For example:

  • Are you paying support and maintenance fees for an application that will soon be displaced?
  • For Microsoft, do you still purchase/pay for Office365 or Office Professional Plus because of Outlook, Exchange, Word, and PowerPoint? Is it time to reconsider your purchasing strategy?
  • Are you being kept hostage by a particular vendor because you have no other options?
  • What are you really getting for your support and maintenance spend each contract term?

In addition, IT executive support for the SAM program and its initiatives is a must, and the SAM team should strive to self-fund its existence through “low hanging fruit” or IT vendor optimization opportunities, leading to a more significant and valued role across the organization. Ensuring SAM is deemed a strategic asset and federated across more parts of the organization for technology decision making will ensure long term IT operational efficiency, cost management, and organizational alignment.

The unified offering of Xensam and Connor Consulting can holistically meet your SAM needs. Xensam provides you with an effective solution to propel you down the right path on your SAM journey, delivering more accurate and reliable software discovery data and proactively defining license compliance activity. With a practical and tailored professional services approach, Connor Consulting will help ensure the necessary people, processes and program governance are in place to be able to quickly act upon the rich information and reporting that Xensam provides, resulting in significant IT cost reductions, software audit risk mitigation, and an overall better experience for SAM users and beneficiaries across the enterprise.

Are SAP audits completely transparent and easy to follow?! The short answer is no, simply because SAP’s licensing models are as complex as their products. After organizations spend years to implement SAP products, they believe they’re done, until they receive an audit notification letter from SAP in order to uncover any intentional or inadvertent software sprawl within the organization. Much like other software vendor audits, their goal is to recover lost revenues.

Usually, each software vendor has its own auditing methodology and SAP makes no exception. Compound these unique auditing methodologies that are difficult to follow with highly complex IT environments, and it’s no wonder many customers tend to miss key information when they acquire SAP software and end up using more licenses than they originally paid for. This combination of miscommunication between SAP and their customers, lack of knowledge on how software licensing works, along with the inherent complexities of their IT environments and SAP contracts, drastically increases the odds of software over-deployments or failing an audit.

At Connor Consulting, we have extensive experience in Software Advisory and SAP Auditing with seasoned leaders who have conducted hundreds of license assessments and have established effective software asset management (SAM) programs for Fortune 500 companies. Based on our deep knowledge and a proven track record, we’ve compiled a list of leading practices you need in your toolkit to pass an SAP License Audit.

1. Keep track of all the things you agreed in writing with SAP

This goes without saying, but in comparison to other IT supplier agreements, SAP contracts can be very complex, and the extensive use of legal jargon makes them difficult to understand and translate for software tracking purposes; however, you need to be in control of your license purchases at all times and keep a record of any custom licensing models or metrics.

Make sure to keep track of all contracts and order forms. You can create an SAP vendor risk matrix, where you inventory your active licensing agreements, detailing key dates, products, metrics and highlighting any high-risk contract provisions (e.g., audit and/or M&A clause). In case you miss any, don’t hesitate to contact SAP and request your copy. It’s always better to be prepared, otherwise, you will regret it when SAP issues the proverbial audit letter to your CIO. Also, never rely on SAP or its audit agent to provide you with the correct license entitlements during a review. It’s imperative that you always double-check those figures to minimize any potential non-compliance and/or the need for future software purchases.

2. Make sure you are always able to collect the metrics agreed with SAP

There’s a wide range of industries and business functions that SAP products cover. So naturally, there’s also a great variation of the metrics used to measure consumption. Hence, to understand your license consumption, you need to be aware of your specific metrics that aren’t always spelled out clearly in purchase documents or software contracts.

To achieve that, one common method is to perform a license verification by running the transaction codes “USMM” and “SLAW.” These are the measurement tools offered by SAP, native to the applications; however, in most cases, this information will not be enough. There might be metrics customized for your business that cannot be measured automatically or systematically. For example, “annual sales revenue” or the “number of local stores in your distribution chain,” or the “number of beds” can be a license metric if you are a hotel chain.

Getting all of this data for an audit can be very time-consuming and may involve multiple departments within your organization. As such, you might want to have a repeatable process for collecting this information periodically or as part of your regular software asset management operations. Remember, SAP will have you fill in a self-declaration form for all of your licensed metrics, and your responses are expected to be both timely and accurate. If there are holes or figures that raise “red flags,” it could warrant further audit inquiries and prove to be very costly for your organization.

3. Never delete an inactive user from the system

SAP, through the usage data you are required to send during an audit, will also see a report of all the users that have been deleted from the system. Of course, user accounts deleted prior to the audit will be a contentious point for SAP due to the way they license their software in customer agreements. SAP employs a “named user” licensing model, which means you cannot have multiple persons using the same account.

There are different types of “named user” licenses. From the Professional User, which is the most expensive license, to Employee or Employee Self-Service, which are the most basic and relatively inexpensive license types.

Based on your contract terms, it’s your SAP administrator’s responsibility to assign the correct license type to the people in your organization. Furthermore, you always need to control the number of users, their license types and their roles so that it stays within contractual limits. When SAP performs an audit, they investigate all users created in the system and their assigned license type. It doesn’t matter whether they are active or not. As a result, you might end up paying additional license fees even for users that are no longer your employees. Ongoing tracking and maintenance of SAP user accounts are essential SAM related tasks that can help reduce licensing fees and optimize your SAP user environment.

The best approach here is to not delete inactive users, but instead, lock their user ID, set an end date and remove their assigned roles. As an extra measure of caution or audit risk mitigation, you can also move all locked user accounts to a user group created for “Expired” or “Terminated” users.

4. Beware of huge indirect access charges

Indirect usage of your SAP software requires additional licensing and you may not even be aware of it. Indirect access happens when third-party applications connect to SAP ERP and extract or modify information in the database. SAP will investigate those and will charge a lot of money for improper licensing.

The issue with keeping track internally of your indirect usage is that it’s a time-consuming process and you need to understand SAP’s indirect access rules before performing any sort of internal mock audit. In addition, you run the risk of double-counting users who already have an SAP license assigned for the direct usage.

Your best option is to use the available inventory tools. They are not free, but they will save you precious time and minimize the amount of data errors. If you’re looking for unpaid tools, recently SAP has released a tool that aims to support customers in analyzing their indirect usage. Unfortunately, as per SAP’s release notes, it’s still under development and doesn’t offer many useful features for customers now.

Much more useful than SAP’s utilities are third-party inventory tools. They work by searching for any type of documents exchanged by external applications with the SAP system (e.g. sales documents, purchase documents, material documents, etc.). Additionally, SAP access via any other technical interface such as “RFC,” “BAPI,” or “Idocs” will be determined. The results will indicate whether there is any risk for indirect access, as well as any license gap between SAP usage and contractual entitlements.

5. Make sure you correctly uninstall SAP software

Improper uninstallation of software leaves traces that can be misinterpreted by SAP. As such, if there are any historical installation traces identified on your production or development systems, SAP might consider the product still in use and will assess a fee for those licenses. On a regular basis, make sure that you perform system maintenance as part of your normal SAM operations to keep your SAP environment clean.

An effective way to do that is to periodically simulate an audit to detect false positives or remnants of prior installs and plan on how to deal with them. As mentioned above, you can generate your software usage report by using SAP transaction codes like “USMM” and “SLAW” or run certified inventory tools. Based on the usage report, you will be able to identify those metric IDs that are no longer relevant, and which might indicate an old installation of the engine.

However, the best thing you can do is to have a process on how to correctly uninstall your software. All the steps for a correct uninstallation can be found on SAP’s support portal and can be accessed with your customer credentials.

SAP audits are among the most nerve-wracking and frustrating vendor audits because of the complexity of their licensing models, their large product portfolio, customized software metrics, and the list can go on; however, if you follow these five (5) best practices, you will have a better chance to successfully pass an SAP audit and may even have an opportunity to optimize your licensing environment.

If you’re interested in learning more about SAP audit defense leading practices and how your company would perform during an SAP audit, contact us to schedule a free high-level SAP license assessment today.