Over recent months, SAP has launched a new "SAP Premium Engagement" programme, transforming the way audits are conducted.
Many organisations are now receiving notifications about upcoming SAP audits under this new Premium Engagement framework while in the middle of crucial projects. These new audits appear to be enhanced audits that operate differently from previous approaches.
Enhanced audits involve multiple detailed requests for a long list of authorisations, deeper data extractions, all performed by SAP auditors, on-site, directly accessing your systems. To understand the new Premium Engagement, you would first need to understand the previous enhanced services.
While SAP has the right to ensure compliance with their software usage, end-users will also need transparency regarding the data extraction process, how it's being obtained and how all that data is combined and analysed to ensure licence compliance. This transparency is required to allow you to replicate all the steps needed to verify any compliance findings, as well as use the same procedures and analysis to ensure future compliance.
With the introduction of SAP's new audit process, you might be wondering:
SAP's communication around these new processes appears limited. While the company has specified that extractions will be performed by SAP professionals, there are reports about organisations receiving minimal information concerning:
Despite this, there are several practical steps and strategies you can take to make sure you‘re well-placed for the audit:
Within these requirements, you can decline to provide any additional extracts that are covered by the standard USMM outputs, unless the USMM indicates a need for further information. For example:
When dealing with requests outside such standard measurements, you might find it helpful to discuss the specific purpose with your SAP representative. This collaborative approach helps ensure that additional data requests are properly scoped and directly relevant to specific compliance considerations identified through initial measurements. It offers SAP the opportunity to explain why the extra data is required.
It’s also important to be aware that SAP has recently introduced two new measurements as part of their audit requests:
This measurement counts developer users over 12 months, helping to classify users accurately
This is a new request, currently in a pilot phase, and aims to measure database usage
Our review indicates that the SAP HANA DB data outputs currently do not provide meaningful insights to verify compliance
To structure your expectations around these changes, it’s also worth noting that none of the customers we have supported were:
The introduction of SAP Premium Engagement represents a significant shift in audit methodology that organisations are still adapting to. As with any evolving process, there are opportunities to improve communication and transparency, particularly regarding data requirements and verification procedures. We look forward to seeing how SAP develops this programme in partnership with its customers, creating a balance between robust compliance verification and practical implementation.
Are you about to undertake an SAP Premium Engagement audit and don't know what to do? Reach out to your SoftwareOne representative and schedule a call. Our SAP experts can help you understand the implications of these new audit processes and develop appropriate strategies for managing them effectively.
SoftwareOne has solved many of the SAP challenges you may face. Tell us about your business challenge, and we’ll get right back to you.
SoftwareOne has solved many of the SAP challenges you may face. Tell us about your business challenge, and we’ll get right back to you.
