Client Profile
The client is a Swiss-headquartered multinational consumer goods company operating manufacturing, distribution, and commercial operations across more than 50 countries. With a global workforce exceeding 100,000 employees and revenues in excess of CHF 12 billion, the group operates one of the larger SAP landscapes in the consumer goods sector — a multi-tier, multi-template global ERP environment built on a core global template deployed across major markets, supplemented by regional templates in Asia-Pacific, Latin America, and the Middle East.
The group's SAP landscape encompasses manufacturing execution systems (MES), warehouse management systems (WMS), customer portal integrations, distributor management platforms, and a global supply chain integration layer connecting SAP to logistics service providers across the group's distribution network. Many of these integrations had been developed by the group's regional IT teams over a decade of SAP expansion and had never been subject to a formal indirect access assessment.
The Challenge
SAP's global compliance team formally notified the group of a compliance audit in January 2024. The notification identified three areas of alleged non-compliance: indirect access arising from third-party system integrations across the group's manufacturing and distribution operations; user licence type misalignments identified in regional subsidiary audits across six markets; and unreported SAP usage in three entities acquired in 2022 and 2023 that were operating on legacy SAP licences not covered by the group's enterprise agreement.
SAP's preliminary audit report, delivered in March 2024, presented a total exposure estimate of CHF 25 million. The indirect access element — CHF 18.4M of the total — was calculated by applying SAP's standard per-document rates to aggregate document volume data extracted from the group's SAP systems, without any attempt to distinguish between documents created through indirect integrations and documents created by direct SAP users. The user misalignment element — CHF 4.8M — was based on a comparison between contracted licence types and SAP's own usage classification, which the group's regional IT teams believed contained significant errors. The acquired entity element — CHF 1.8M — was the least contested component but was subject to negotiation on the basis of licence restructuring terms.
The scale and geographic complexity of the group's SAP landscape meant that a credible response to the audit required a systematic, jurisdiction-by-jurisdiction analysis of integration architectures, usage patterns, and licence configurations — a programme of work that the group's internal SAP team could not undertake while simultaneously managing normal operations and the group's ongoing S/4HANA migration programme.
The Approach
Redress Compliance mobilised a structured global review programme covering all three elements of SAP's audit exposure. The indirect access analysis proceeded by jurisdiction, prioritising the ten highest-exposure markets identified in SAP's preliminary report — which together accounted for approximately 78% of the total claimed indirect access exposure.
For each high-exposure jurisdiction, Redress Compliance reviewed the specific integration architectures connecting third-party MES, WMS, and distribution management systems to the regional SAP template. The review applied a consistent analytical framework examining three dimensions: whether each integration was creating SAP documents or reading SAP data; whether the document count applied by SAP reflected actual indirect access volumes or included double-counting from direct user activity; and whether any of the third-party platforms operated under their own SAP OEM agreements that covered the relevant integration activity.
The analysis identified that SAP's document count methodology had inflated the indirect access exposure by CHF 11.6M across the ten priority markets. The most significant errors arose in manufacturing environments where SAP's MES integration scripts had been used to batch-upload production confirmation documents — documents that were in fact created by direct SAP users on the shop floor and allocated to the integration interface in SAP's audit extraction. In three markets, third-party WMS platforms operating under OEM agreements with SAP covered the warehouse-to-SAP integration activity entirely.
The user licence misalignment element was addressed through a detailed re-run of SAP's usage classification analysis, applying the correct licence type definitions to actual transaction data. The re-analysis confirmed that SAP's automated classification had systematically over-promoted approximately 1,400 users from Limited Professional to Professional classification due to a single, low-frequency administrative transaction that did not reflect the users' primary usage pattern.
Settlement negotiations were conducted through the DAAP framework, covering the residual genuine indirect access obligation (representing the WMS and distributor portal integrations not covered by OEM arrangements) and incorporating the user misalignment and acquired entity elements into a consolidated settlement structure. The group's S/4HANA migration timeline was incorporated into the settlement, with DAAP digital access document allotments structured to provide licence continuity through the planned migration of each regional SAP template.
The Outcome
The group's total SAP compliance settlement was agreed at CHF 6.2 million — a 75% reduction from SAP's initial exposure estimate of CHF 25 million. The indirect access element settled at CHF 4.1M (versus SAP's claim of CHF 18.4M), reflecting both the methodology errors identified in the audit analysis and the DAAP commercial terms applied to the genuine residual exposure. The user misalignment element settled at CHF 1.4M (versus CHF 4.8M), following the corrected licence classification analysis. The acquired entity element settled at CHF 700K under a restructuring arrangement that brought the acquired entities onto the group's global enterprise agreement.
The settlement established a consolidated, documented licensing position for the group's entire global SAP estate, with a clear digital access entitlement register covering all third-party integrations across the 50+ country scope. The S/4HANA migration programme was de-risked by the settlement's explicit continuity provisions.
Key Takeaways
- SAP global compliance audits routinely contain systematic methodology errors that inflate exposure by 50–80%. SAP's automated extraction scripts conflate direct user activity with indirect access, miss OEM coverage for platform-embedded integrations, and misclassify read-only data access as document creation. A jurisdiction-by-jurisdiction technical review is essential for any multinational facing a global SAP audit.
- Manufacturing and distribution integrations in consumer goods companies are the highest-exposure scenarios — and the most likely to contain overstatements. Production confirmation uploads, WMS interfaces, and logistics integrations are systematically targeted by SAP's compliance team and are also the most likely to contain double-counting errors, OEM coverage, and read-only interaction patterns that reduce the actual obligation.
- DAAP provides the most effective route to global settlement of genuine indirect access exposure. DAAP's combination of historical amnesty and a predictable forward document pricing model provides a platform for comprehensive settlement that is consistently superior to contesting each jurisdiction separately. Entering DAAP with an accurately scoped, independently validated document volume figure is the critical success factor.
- Acquired entities create a specific compliance risk that should be addressed at acquisition. SAP's compliance team systematically targets acquired entities not brought under the acquirer's enterprise agreement. Addressing this as part of post-acquisition IT integration planning avoids the leverage disadvantage of a reactive audit response.
- S/4HANA migration and SAP compliance remediation are most effective when pursued in parallel. Negotiating DAAP settlement structures with explicit migration-period licence continuity provisions avoids the risk of indirect access exposure re-emerging at the point of technical migration and provides a clean licensing baseline for the new architecture.
Swiss or European multinational facing an SAP global compliance audit?
Redress Compliance has worked with major Swiss and European multinationals on SAP global audit responses — combining jurisdiction-by-jurisdiction interface analysis with DAAP commercial negotiation to deliver substantial claim reductions.